Here’s What That Means For You
Sycle recently announced that we’ve achieved ISO/IEC 27701 certification. But what does that mean for us as an organization—and for you as our customer?
At Sycle, your privacy is our top priority. To demonstrate that our systems and controls have been designed appropriately to keep you in control of your data, we sought out an independent assessment from an accredited auditing firm, BARR Certifications.
In this blog post, we’ll explain what it means to achieve ISO/IEC 27701 certification and why we chose to undergo this rigorous compliance audit.
What is ISO/IEC 27701?
First released in August 2019, ISO/IEC 27701 is an internationally accepted compliance standard that serves as an extension of ISO/IEC 27001 for organizations that process personally identifiable information (PII).
Considered the gold standard in information security, ISO/IEC 27001 mandates numerous controls for the establishment, operation, monitoring, maintenance, and continual improvement of an information security management system (ISMS).
ISO/IEC 27701, on the other hand, focuses on data privacy and outlines requirements for establishing, implementing, maintaining, and continually improving an organization’s privacy information management system (PIMS).
Achieving ISO/IEC 27701 certification demonstrates that an organization’s PIMS is designed and implemented according to industry standards and best practices for managing data privacy and protecting PII.
Because privacy relies on strong security practices, ISO/IEC 27701 certification cannot be achieved without a valid ISO/IEC 27001 certification.
How does the certification process work?
Pursuing ISO/IEC 27701 certification is a multi-step process that for many organizations begins with a readiness assessment.
The next step is an initial certification audit, which is completed in two stages:
- During Stage 1, an auditor evaluates the policies and procedures that the organization has put in place for establishing and maintaining its PIMS and determines whether those controls have been designed effectively.
- During Stage 2, auditors take a close look at how those controls are implemented in practice, ensuring they adhere to the standards for data privacy outlined by ISO and the International Electrotechnical Commission (IEC).
Certifications are valid for three years. During that time, organizations are required to undergo annual surveillance audits to ensure continued compliance.
Why did we pursue ISO/IEC 27701 certification?
Achieving ISO/IEC 27701 certification marks a huge milestone for Sycle and our efforts to meet the highest standards of security and privacy for our customers and stakeholders.
In addition, the certification keeps us in a strong position to maintain compliance with privacy regulations such as the General Data Protection Regulation (GDPR).
Where can I go for more information?
Our auditor has published a comprehensive resource explaining what an ISO/IEC 27701 certification entails and how it differs from ISO/IEC 27001.
Current and prospective customers interested in a copy of Sycle’s ISO/IEC 27701 certification report may contact privacy@sycle.net.
