29. Sep 2020

Proven privacy and information security management system

ISO/IEC 27701 Certification for the Data Protection Management System is available!

The pandemic has shown us the great opportunities of secure and compliant digitization. It opens new markets and customer segments. We can offer new products/services and customer experiences. Thus, it strengthens efficiency and a unique market position. With increased connectivity, virtualization (such as smart working, etc.), digitization of production (Industry 4.0), products and services (such as smart home, smart car, etc.) and big data, the demand for data protection and information security - the confidentiality, availability and integrity of data and services - are rising. Information security and data protection are essential for an ethical, resilient, digital and sustainable economy. However, at the same time, the risks are increasing. By the end of 2020, cybercrime is expected to cause €5.5 trillion more damage than drug commerce.

The ISO/IEC 27701 certification for a proven privacy and information security management system is available. It promotes a sustainable, efficient and effective implementation. The certification makes security and data protection awareness clearly visible and strengthens the trust of stakeholders.

Information Security and Data Protection – a Success factor

Technology and data offer many opportunities. They must be reliable and effectively protected. Data protection and information security are success factors of an accountable company management. Nevertheless, in 2019, security incidents for online and cloud services increased by 91.5% compared to 2018. Espionage/sabotage attacks increased threefold. 66% more data breaches were reported to European supervisory authorities. Fines of more than €410 million were issued. In this spring lockdown period there were more reports of data breaches, sophisticated phishing mails, unwanted encryption, complex cyber-attacks, etc. It affected organizations of all sizes and in all industries, as well as essential services (such as hospitals, telecommunication, social security and many more). Is your company well prepared and protected?

Reliable services, the protection of the company's knowledge and the data of the data subjects, as well as compliance with contractual and legal obligations (such as data protection, cybersecurity, etc.) have an essential impact on customer trust and image. The call for appropriate certifications is becoming even louder. It is therefore all the more pleasant that ISO/IEC 27701 certification for a proven data protection and information security management system is available!

ISO/IEC 27701 –  the Data Protection Management System with Added value

The EU General Data Protection Regulation 2016/679 (GDPR) requires that appropriate technical and organizational measures are implemented by taking into account the risks in a demonstrable, effective and sustainable manner using state-of-the-art technology to protect personal data and to comply with these regulations (including the rights of the data subjects).

ISO/IEC 27701 is structured according to the common directive for management systems. It thus offers optimum support for a sustainable and efficient integration of data protection into an effective management system. It extends ISO/IEC 27001 for information security management to include additional technical and organizational measures (controls) and legal requirements. Although it is an internationally recognized standard, all requirements of the EU Regulation 2016/679 are taken into account as well.

Data Protection and Information Security: two souls in one heart

While data protection refers purely to the protection of personal data, information security takes into account all relevant assets of an organization. The protection of an organization’s assets, e.g. when using video surveillance, can pose a risk for the recorded data subject without suitable measures. ISO/IEC 27701 promotes the necessary integration of information security and data protection. Together they offer added value for the organization.

Integration of Data Protection into a Management System

An effectively lived management system supports data protection especially through the systemic and strategic approach. In addition, the optimal integration of information security and data protection into all processes and decisions also strengthens the sustainable implementation.

  • Integration into context, policy and management:

    By integrating information security and data protection into the policy, objectives and strategies, information security and data protection become an added value for the organization. A secure and legally compliant digitization opens new markets and customer segments, increases efficiency and reduces costs. Thus, data protection takes a strategic role: away from being only a cost factor to accomplishing legal obligations and becoming a driver for sustained customer trust and success.

    Information security and data protection are becoming an integral part of the corporate culture through an active ownership and example set by management as well as by incorporating data protection and information security into all their decisions.

  • Integration into the Processes (Planning and Operation):

    First of all, assets/values (e.g. product information/recipes, research data, confidential/sensitive data or special data categories) with the technologies used and implemented security measures are registered (extended records of processing activities). From this, possible risks, optimizations and emergency plans for security events are determined according to ISO 31000 (risk management). The security measures (controls) provide valuable support. Existing emergency plans of other management systems (e.g. environment, hygiene) and especially Business Continuity Management (ISO 22301) offer many synergies. Integrated into suitable processes, necessary measures are implemented efficiently and effectively. This uses synergies, saves costs and reduces risks. Thus, information security and data protection are taken into account at an early stage in every digitization, innovation and procurement process. Do your relevant suppliers provide an appropriate level of security and data protection effectively, verifiably and sustainably?

  • Integration into the Resource management (Support):

    Systematic document management promotes traceability and proof of accountability. Appropriate resources, clearly assigned responsibilities and state-of-the-art competences support information security and data protection. Human error is the most common cause of security incidents. Therefore, continuous awareness as well as sufficient knowledge and competence of the collaborators and partners at all levels of the entire value chain are essential. Training and personal certification facilitate understanding and demonstration.

  • Integration into the continual Improvement (Evaluation and Improvement):

    The General Data Protection Regulation also calls for a process of regularly testing, assessing and evaluating the effectiveness of the technical and organizational measures in order to ensure security (Art. 32,1d). The integration of information security and data protection into the evaluation (with monitoring, status reports, audits, etc.) and the continual improvement of the management system strengthens an effective and sustainable implementation.

Use Synergies, save Costs, promote Efficiency and Effectiveness

ISO/IEC 27701 supports the integration of information security and data protection into a management system worldwide. Use synergies, save costs and increase efficiency and effectiveness!

  • Promote the demonstrable implementation of the data protection regulations and security requirements,
  • Protect the knowledge of the organization,
  • Support reliable performance, corporate success and reputation.
  • Certification according to ISO/IEC 27701 builds on ISO/IEC 27001. It facilitates the demonstration of an appropriate level of security and data protection worldwide, reduces the need for multiple audits and makes the commitment visible to external parties.
  • Trust is strengthened.

You want to know more? Contact us here for more information.

Author

Portraitfoto Dr. Margareth Stoll

Dr.techn. Margareth Stoll has a proven experience of many years in digitization, information security, cybersecurity, data protection, integrated management systems and others. She is an appointed auditor for information security ISO/IEC 27001, ISO/IEC 27701, ISO/IEC 27018, Cybersecurity Directive NIS-G, Business Continuity ISO 22301, IT Service Management ISO 20000-1, Quality Management ISO 9001 and author of numerous publications.

E-Mail

CIS Logo

News & Events

The basis for long-term success!

19. Oct 2020

The right training makes the difference

Train for your success

Learn more
15. Oct 2020

VCK Quality Day 2020

International & digital conference

Learn more
14. Oct 2020

IFS FOOD VERSION 7 is published!

What is new, what can we expect?

Learn more
09. Oct 2020

Digitalization – Quality in the age of Industry 4.0

Quality 4.0

Learn more
08. Oct 2020

Agility in the VUCA world

The order of the day

Learn more
07. Oct 2020

Purpose – Creating a meaning for your business

Central element of the organizational policy

Learn more
06. Oct 2020

Chain reaction Blockchain: safety first

Better safe than sorry

Learn more
05. Oct 2020

The new IFS Food Doctrine heralds radical changes

Update IFS FOOD V6.1

Learn more
18. Sep 2020

Protect your organization from damage

Avoiding business disruption

Learn more
20. Aug 2020

These 8 quality trends will affect Austria’s companies in the next 10 years

Study shows how the concept of quality will change

Learn more
10. Aug 2020

ISO 9001 User Survey 2020

Formal "systematic review" of standard ISO 9001:2015

Learn more
13. May 2020

System certification in the time of Corona

Short overview of adjusted frameworks for audits during Corona.

Learn more
+43 732 34 23 22