ISO 27701 Certification
Processes and communication increasingly take place in digital form, which makes information security so important. Many organisations therefore consider a good management system to be essential in this area.
ISO 27001 provides an excellent basis for this and allows you to demonstrate that your valuable information is suitably protected.
However, recently a new standard was published as an extension to ISO 27001, namely ISO 27701. This standard not only protects your own information, but also shows that you protect the privacy of others.
TUV India / TÜV NORD has been accredited as a certification body for ISO 27701, which means that we can officially certify to both ISO 27001 and ISO 27701.
The roles defined in ISO 27701 are Controller (organization responsible for PII – personally identifiable information) and Processor (responsible for PII processing on behalf of another organization). These roles are defined in Article 4 of the GDPR and in ISO 29100:
CONTROLLER
"The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.”
The controller collects personal data and determines the purposes for which they will be used and the means of the processing. More than one organization can act as PII controller for the same processing, and these are then generally referred to as Joint Controllers. In this case, agreements on data exchange is necessary.
Benefits of the PII Controller role
PROCESSOR
"A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller".
The Processor processes personal data for the PII Controller, and only works according to the controller’s instructions.
Benefits of the PII Processor role
Benefits of ISO 27701 certification