Choose another country to see content specific to your location

//Select Country

ISO/IEC 27701 Certification Mark

Certified Privacy Information Management System

Certification:ts-iso-iec-27701

Management system certification / Voluntary assessment

Basis of certification:

TUV SUD South Asia Pvt. Ltd.-NABCB Accreditation

Standard owner: 

ISO - International Organization for Standardization

WHAT THE ISO/IEC 27701 STANDARD DEFINEs

  • ISO/IEC 27001 specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the context of the organization.
  • This standard specifies PIMS-related requirements and provides guidance for PII (Personally Idenfiable Information) controllers and PII processors holding responsibility and accountability for PII processing.
  • The customer has submitted to voluntary assessment (audit) according to defined criteria (certification standard).
  • A certificate and/or the authorization to use a certification mark are only issued if the assessment (audit) does not reveal any major nonconformities with the requirements of the relevant standard.
  • Certificates and/or certification marks are valid for a restricted period of time. Interested parties can check the validity of individual certificates in the certificate database.
  • To maintain certificate validity, the certificate holder must complete and successfully pass annual surveillance assessments (audits).
  • Certificate of ISO/IEC 27701 shall be always considered valid in conjunction with ISO/IEC 27001 certificate validity.

HOW ASSESSMENT/AUDIT Is PERFORMED

Independent and qualified experts (auditors) apply the following auditing techniques:

  • Document review: 
    - Review the system documentation prepared by the client. 
    - Evaluates the organization location, number of sites and site-specific conditions. 
    - To review client’s status & understanding regarding requirements of standard. 
    - To collect, evaluate & verify the information regarding scope, management review, processes and interactions, objectives of the organization, related statutory and regulatory aspects, internal audits, performance data and risk associated. 
    - To review the allocation of resources for conformation assessment / audit and agree with the client on the details of the audit. 
    - To ensure appropriate planning by gaining sufficient understanding of the client’s management system and site operations in the context of possible significant aspects. 
    - This audit shall identify concerns that could affect the subsequent conformation assessment / audit.
  • On-site audit:
    - System effectiveness with respect to documentation
    - Criticality & Number of deviations 
    - Complaints handling mechanism 
    - Management commitment 
    - Complete failure of an element of the standard 
    - Effect of deviations observed on the control effectiveness

BEYOND THE SCOPE OF CERTIFICATION ACCORDING TO THE ISO/IEC 27701 STANDARD

  • Applies to all management-system certifications: This certification does not constitute product certification. Certification thus does not provide any direct statements on the quality of a product or service of the certified customer.
  • Certification according to ISO/IEC 27701 does not mean that the company manufactures products or provides services of higher quality.
  • Certification according to ISO/IEC 27701 does not mean that a company's privacy information security controls/ information / data cannot be lost, cannot be unlawfully altered or can be accessed at the right time, even though these are key objectives of the pirvacy information management system.
  • A certification does not confirm that the technical and organizational measures taken by the company for protecting privacy information are functioning without errors.

News

Content Tiles Headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

Download

Webinar

Content Tile Headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

Learn more

E-ssentials

Content Tile Headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

Learn more

Case Study

Content Tile Headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

Learn more

Next Steps

Select Your Location

Global

Americas

Asia

Europe

Middle East and Africa