With the new ISO / IEC 27701 standard Kiwa helps organizations to set up, implement, maintain and improve a Privacy Information Management System (PIMS). With the Kiwa certificate they can demonstrate that they uphold a corresponding standard of handling privacy-sensitive information in a careful manner and in compliance with the General Data Protection Regulation (GDPR).
The newly developed standard is an extension of the already existing standards for information security (ISO 27001 and ISO 27002). Organizations that already work with an Information Security Management System can upgrade this to comply with the new standard by drawing up and implement various guidelines and procedures. This is a continuous cycle, in which changes that have an impact on the PIMS are correctly processed, implemented and monitored in the meantime. This keeps the PIMS up-to-date, which is important to continue to meet the requirements for certification. The certificate is applicable to a variety of organizations of all sizes, including private companies, government agencies and non-profit organizations.
Ronald Westerveen, Manager of the Expert Center for Cyber Security at Kiwa, an NPM Capital portfolio company: “Certification based on ISO / IEC 27701 is of added value to any organization that wants or must demonstrate that it handles privacy-sensitive information in a responsible manner. Especially if this information can be traced back to an individual. Certification may also be required in case of a tender or quotation process. We support organizations in this and provide training in which the standard is explained in detail. During a GAP analysis, we can also identify the steps that organizations must take to be certified.”
For the validation of the certification scheme, Kiwa has contacted organizations that want to participate in pilot audits.