29. Sep 2020

Proven privacy and information security management system

ISO/IEC 27701 Certification for the Data Protection Management System is available!

The pandemic has shown us the great opportunities of secure and compliant digitization. It opens new markets and customer segments. We can offer new products/services and customer experiences. Thus, it strengthens efficiency and a unique market position. With increased connectivity, virtualization (such as smart working, etc.), digitization of production (Industry 4.0), products and services (such as smart home, smart car, etc.) and big data, the demand for data protection and information security - the confidentiality, availability and integrity of data and services - are rising. Information security and data protection are essential for an ethical, resilient, digital and sustainable economy. However, at the same time, the risks are increasing. By the end of 2020, cybercrime is expected to cause €5.5 trillion more damage than drug commerce.

The ISO/IEC 27701 certification for a proven privacy and information security management system is available. It promotes a sustainable, efficient and effective implementation. The certification makes security and data protection awareness clearly visible and strengthens the trust of stakeholders.

Information Security and Data Protection – a Success factor

Technology and data offer many opportunities. They must be reliable and effectively protected. Data protection and information security are success factors of an accountable company management. Nevertheless, in 2019, security incidents for online and cloud services increased by 91.5% compared to 2018. Espionage/sabotage attacks increased threefold. 66% more data breaches were reported to European supervisory authorities. Fines of more than €410 million were issued. In this spring lockdown period there were more reports of data breaches, sophisticated phishing mails, unwanted encryption, complex cyber-attacks, etc. It affected organizations of all sizes and in all industries, as well as essential services (such as hospitals, telecommunication, social security and many more). Is your company well prepared and protected?

Reliable services, the protection of the company's knowledge and the data of the data subjects, as well as compliance with contractual and legal obligations (such as data protection, cybersecurity, etc.) have an essential impact on customer trust and image. The call for appropriate certifications is becoming even louder. It is therefore all the more pleasant that ISO/IEC 27701 certification for a proven data protection and information security management system is available!

ISO/IEC 27701 –  the Data Protection Management System with Added value

The EU General Data Protection Regulation 2016/679 (GDPR) requires that appropriate technical and organizational measures are implemented by taking into account the risks in a demonstrable, effective and sustainable manner using state-of-the-art technology to protect personal data and to comply with these regulations (including the rights of the data subjects).

ISO/IEC 27701 is structured according to the common directive for management systems. It thus offers optimum support for a sustainable and efficient integration of data protection into an effective management system. It extends ISO/IEC 27001 for information security management to include additional technical and organizational measures (controls) and legal requirements. Although it is an internationally recognized standard, all requirements of the EU Regulation 2016/679 are taken into account as well.

Data Protection and Information Security: two souls in one heart

While data protection refers purely to the protection of personal data, information security takes into account all relevant assets of an organization. The protection of an organization’s assets, e.g. when using video surveillance, can pose a risk for the recorded data subject without suitable measures. ISO/IEC 27701 promotes the necessary integration of information security and data protection. Together they offer added value for the organization.

Integration of Data Protection into a Management System

An effectively lived management system supports data protection especially through the systemic and strategic approach. In addition, the optimal integration of information security and data protection into all processes and decisions also strengthens the sustainable implementation.

  • Integration into context, policy and management:

    By integrating information security and data protection into the policy, objectives and strategies, information security and data protection become an added value for the organization. A secure and legally compliant digitization opens new markets and customer segments, increases efficiency and reduces costs. Thus, data protection takes a strategic role: away from being only a cost factor to accomplishing legal obligations and becoming a driver for sustained customer trust and success.

    Information security and data protection are becoming an integral part of the corporate culture through an active ownership and example set by management as well as by incorporating data protection and information security into all their decisions.

  • Integration into the Processes (Planning and Operation):

    First of all, assets/values (e.g. product information/recipes, research data, confidential/sensitive data or special data categories) with the technologies used and implemented security measures are registered (extended records of processing activities). From this, possible risks, optimizations and emergency plans for security events are determined according to ISO 31000 (risk management). The security measures (controls) provide valuable support. Existing emergency plans of other management systems (e.g. environment, hygiene) and especially Business Continuity Management (ISO 22301) offer many synergies. Integrated into suitable processes, necessary measures are implemented efficiently and effectively. This uses synergies, saves costs and reduces risks. Thus, information security and data protection are taken into account at an early stage in every digitization, innovation and procurement process. Do your relevant suppliers provide an appropriate level of security and data protection effectively, verifiably and sustainably?

  • Integration into the Resource management (Support):

    Systematic document management promotes traceability and proof of accountability. Appropriate resources, clearly assigned responsibilities and state-of-the-art competences support information security and data protection. Human error is the most common cause of security incidents. Therefore, continuous awareness as well as sufficient knowledge and competence of the collaborators and partners at all levels of the entire value chain are essential. Training and personal certification facilitate understanding and demonstration.

  • Integration into the continual Improvement (Evaluation and Improvement):

    The General Data Protection Regulation also calls for a process of regularly testing, assessing and evaluating the effectiveness of the technical and organizational measures in order to ensure security (Art. 32,1d). The integration of information security and data protection into the evaluation (with monitoring, status reports, audits, etc.) and the continual improvement of the management system strengthens an effective and sustainable implementation.

Use Synergies, save Costs, promote Efficiency and Effectiveness

ISO/IEC 27701 supports the integration of information security and data protection into a management system worldwide. Use synergies, save costs and increase efficiency and effectiveness!

  • Promote the demonstrable implementation of the data protection regulations and security requirements,
  • Protect the knowledge of the organization,
  • Support reliable performance, corporate success and reputation.
  • Certification according to ISO/IEC 27701 builds on ISO/IEC 27001. It facilitates the demonstration of an appropriate level of security and data protection worldwide, reduces the need for multiple audits and makes the commitment visible to external parties.
  • Trust is strengthened.

You want to know more? Contact us here for more information.

Author

Portraitfoto Dr. Margareth Stoll

Dr.techn. Margareth Stoll has a proven experience of many years in digitization, information security, cybersecurity, data protection, integrated management systems and others. She is an appointed auditor for information security ISO/IEC 27001, ISO/IEC 27701, ISO/IEC 27018, Cybersecurity Directive NIS-G, Business Continuity ISO 22301, IT Service Management ISO 20000-1, Quality Management ISO 9001 and author of numerous publications.

E-Mail

CIS Logo

News & Events

The basis for long-term success!

15. Jun 2021

The shifting role of certifications

Confirmation by third parties

Learn more
14. Jun 2021

Quality 2030 – Where is the journey heading?

Whitepaper series

Learn more
08. Jun 2021

ÖNORM D 4900 series supersedes ONR 49000 series

Innovations and interesting facts

Learn more
27. May 2021

New auditing – a continual improvement process

04. May 2021

3 central contradictions in the concept of quality

Contradictory developments and a shift in values

Learn more
27. Apr 2021

5 tips for modern leadership during and after the crisis

It’s all about leadership

Learn more
13. Apr 2021

Stand out with quality

Differentiate yourself from competitors

Learn more
30. Mar 2021

Avoidance of hazards arising from combinations of Personal Protective Equipment

Occupational Health & Safety

Learn more
25. Mar 2021

3 years of ISO 45001:2018

A success story

Learn more
24. Mar 2021

New regulation: IFS Split Assessments

Food Safety update

Learn more
19. Feb 2021

Emergency – Emergency preparedness and response – Emergency response capability → protects human lives!

Preparation in theory and practice is essential!

Learn more
09. Feb 2021

New EU database for pollutants: Experts expect positive effects on the Circular Economy

Tips on Circular Economy

Learn more
+43 732 34 23 22