SO, WHAT DOES THIS MEAN FOR YOU?
In short, keep doing what you’re doing with confidence that you are protected. CMC Networks values the safety and security of all our customers’ information as well as the information systems that support them.
We strive to maintain the highest levels of integrity, availability, and confidentiality within our organization. In recent times, there has been greater focus placed on the rights of our customers in relation to data privacy, CMC Networks has embraced “Privacy by Design and Default” and implemented a Privacy Information Management System as defined by the ISO 27701:2019 standard. This certification provides much-needed assurance to our customers that we, as an organization, have implemented technical and organizational measures to protect the personal information that we collect and process that these controls are aligned with a global standard.
WHAT IS ISO AND WHY THE DUAL CERTIFICATION?
ISO 27001 is one of the most widely recognized and internationally accepted information security standards. It’s one of the few standards that uses a top-down, risk-based approach to evaluation. It identifies the design, implementation, monitoring, and continual improvement of an Information Security Management System. The ISMS is focused on providing the guidelines to build information security systems that are resilient, highly available, and ensure confidentiality of information.
ISO 27701 focuses on the various elements such as design, implementation, monitoring, and continual improvement, of the Privacy Information Management System (PIMS). The PIMS is focused on providing guidelines to collect and process Personal Identifiable Information (PII) in a manner that is aligned with data protection legislation as well as global data privacy best practices. From a legislation perspective, ISO has aligned with the General Data Protection Regulation (EU) and uses it as the basis for the controls it seeks to have implemented within the PIMS.
Combining ISO 27701 with ISO 27001 certification, realizing that PII is a subset of the information held within an organization, ISO has adopted the PIMS as an extension of an existing ISMS. To be able to certify an organization as compliant with 27701, the organization must have an existing 27001 certification. The PIMS then adds additional requirements and controls to the ISMS that are related specifically to an organization in the context of being a Controller and/or Processor.
PR Archives: Latest, By Company, By Date