Mont-Saint-Guibert, 8 December
We are proud to be among the first Belgian companies to receive the ISO 27701 verification and announce the renewal of our ISO 27001 certificate.
“As a pure-play cyber security and privacy service provider, it is important to us to demonstrate our continuous commitment to safeguarding data and the privacy of our employees, customers and partners. As specialists in both cyber security and privacy, it was a natural decision to be amongst the first players in Belgium to get the double certification/verification.” explains David Vanderoost, CEO of Approach.
For more than 20 years, we have accompanied companies and organisations in their cyber security and privacy challenges. As of now, we are capable of supporting our clients to achieve the same objective of double certification/verification in an efficient and integrated manner.
“So this new verification combined with our field experience, reinforces our position as a leading expert in cyber security and privacy” concludes David.
What is ISO 27701?
An extension of the ISO/IEC 27001 standard, it specifies PIMS (Privacy Information Management System)-related requirements and provides guidance for data controllers and data processors holding responsibility and accountability for personal data processing.
The goal is to enhance the existing Information Security Management System (ISMS) with additional requirements in order to implement and continually improve a Privacy Information Management System (PIMS).
How to get started with your ISO27701 certification?
Our Data Protection Manager and CISO shares some tips.
Depending on whether you already have an Information Security Management System (ISMS) and an ISO 27001 certification, you can either choose to implement both standards at the same time or start with your Information Security Management System and then go for the ISO27701 extension.
In our case, as we were renewing our ISO 27001 certification, it made sense to begin the process for the ISO 27701 at the same time as the renewal. But for businesses who are not yet certified ISO 27001, it will depend on the resources and objectives that you are trying to achieve. It might be too complicated or time consuming to go for both at once.
The most important part is to define a plan of action best suited to your specific situation.
The new standard enhances the ISO 27001 by ensuring GDPR compliance. To obtain it you first need to:
- Implement an ISMS and get ISO 27001 certified;
- Establish a Privacy Information Management System (PIMS);
- Ensure you meet all requirements outlined in the ISO 27701 standard;
- And finally, be audited by an accredited certification body to confirm you are conforming to all requirements.
Only then, if you receive a positive result, will you be awarded the ISO 27701 verification attest.
So if you are interested in the certification and want to avoid pitfalls, accelerate the process and implement an efficient ISMS and PIMS, our team can support you with the preparation and implementation of all processes needed to achieve both certification and verification.