ISO 27701: Data protection certification for more corporate resilience
The well-known security standard ISO/IEC 27001 for information security management systems (ISMS) has recently been extended to include aspects of data protection management with the new standard ISO/IEC 27701. Among other things, this extension supports companies in handling personal data and helps to demonstrate compliance with global data protection regulations.
The new standard is called "ISO/IEC 27701:2019-08 "Information technology - Security procedures - Extension to ISO/IEC 27001 and ISO/IEC 27002 for data protection management - Requirements and guidance". Accordingly, it represents an extension of ISO 27001 and ISO 27002 to include aspects of data protection.
ISO 27701 defines requirements for an information security management system (ISMS) of companies as well as public or non-profit organizations. The ISMS is the core of the certification and takes on the task of establishing processes and guidelines in the company with which information is managed and protected. With ISO 27701, information security also includes personal data. The ISMS is responsible for regulating information security, taking data protection into account, but also for controlling and documenting it. Security risks can thus be identified, eliminated or reduced.
What are the advantages of certification?
With the use of certification, sensitive data can be reliably protected against loss and misuse and liability risks can be minimized. Because with a certified ISMS, security risks can be quickly identified. With ISO 27701, all processes that serve the processing and handling of personal data in particular are also optimized.
Additional effect: The company promotes trust and image in the direction of customers, partners and service providers through certification. Ulrich Heun, Managing Director of CARMAO GmbH, explains: "Some business relationships are only made possible by a certificate. Furthermore, a sensitization of the employees in the field of information security and data protection takes place at the same time. All these factors support business resilience and make an organization more robust."
Corporate resilience or organisational resilience strengthens the ability of a company or organisation to systematically prepare for current and future negative influences and to adapt to them in such a way that damage is avoided and future viability is maintained. This resilience is achieved through the skilful interaction of various management systems.