Privacy Minders can help your organisation prepare for obtaining the certification ISO/IEC 27001:2013 (ISO 27001), which is the international standard that describes best practice for an information security management system (ISMS).
Achieving accredited certification to ISO 27001 demonstrates that your organisation is following information security best practice, and provides an independent, expert verification that information security is managed in line with international best practice and business objectives.
ISO 27001 requires organisations to take a holistic approach to data security, developing clear, comprehensive policies and procedures based on considerations of organisational scope (including the nature and amount of data processed) that must be maintained through reviews and audits.
It is widely accepted that there is common ground between ISO 27001 and the GDPR in the following 6 critical areas:
- Security
- Breach notification
- Vendor management
- Record-keeping
- Privacy by design
- Data subject rights
Consequently, by obtaining the ISO 27001 certification, your organisation moves a step closer to GDPR compliance in security terms.