ISO/IEC 27701:2019 Security techniques — Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management — Requirements and guidelines
At the latest since the publication of the EU General Data Protection Regulation (GDPR), to be applied since 25 May 2018, data protection has moved more into the focus of many organisations. They are now asking themselves how their efforts to act in conformity with the GDPR can also be demonstrated "externally".
In August 2019, ISO/IEC 27701:2019 was published as a new standard for privacy information management according to its title. It is exclusively an extension of the established ISO/IEC 27001:2013 as a certification standard and ISO/IEC 27002:2013 as a guidance standard to include aspects of privacy information management. ISO/IEC 27701:2019 builds directly on these two aforementioned standards and supplements them.
If certification according to ISO/IEC 27701:2019 is considered, then conformity with the requirements of ISO/IEC 27001:2013 must be ensured first. Only on this basis, the supplementary requirements of ISO/IEC 27701:2019 can be fulfilled.
Basically, then we speak of the guarantee of "information security and privacy information protection". Annex D of ISO/IEC 27701:2019 contains an explicit mapping of measures to the requirements of the GDPR.
Indeed, certification according to ISO/IEC 27701:2019 is NOT an accredited certification of processes and products according to Chapter 43 GDPR. Currently there is no GDPR-compliant privacy information management certification available.
However, certification according to ISO/IEC 27701:2019 by DeuZert® (in addition to certification according to ISO/IEC 27001:2013) offers the advantage of making it easier to prove that privacy information is handled in compliance with GDPR.
The implementation of the supplementary requirements from ISO/IEC 27701:2019 can usually be handled by ISO/IEC 27001:2013 certified organizations with little effort.
The ISO/IEC 27701:2019 certificate issued by DeuZert® Deutsche Zertifizierung in Bildung und Wirtschaft GmbH is a confidence-building instrument for demonstrating pragmatic and effective privacy information management.
DeuZert® can offer favorable financial conditions despite the use of experienced auditors, also with international reputation.
The procedure of the DeuZert® certification provides:
- Offer based on a standardized questionnaire
- Mandating the certification
- Formal application for certification
- Optional pre-audit
- Planning the certification audit
- Stage 1 audit as a priority documentation check for certification ability
- Stage 2 audit with final audit report
- Decision on certification in the DeuZert® Certification Committee
- Certificate issue for three years
- two calendar-year surveillance audits from the following year
- Re-certification audit with an extension of the certificate for another three years [on request]
Please, contact our customer service for further information as well as to request an offer.
Current status: 20/06/2022