CIRQ (the Certification Institute for Research Quality), an International Standards Organization (ISO) audit and certification body that is a subsidiary of the Insights Association, has announced that it can now audit and certify companies to the ISO 27701 Standard.
Released in August 2019, following the EU’s enactment of the General Data Protection Regulation (GDPR), ISO 27701 provides an international approach to privacy protection as a component of information security. ISO 27701 is an extension of ISO 27001, which means that companies intending to implement ISO 27701 certification must be certified to ISO 27001, or complete certifications to both standards simultaneously.
“Organizations no longer need to wait for pending details from the EU on GDPR Certification as ISO 27701 demonstrates to consumers and other stakeholders that mechanisms are in place to keep data safe in compliance to GDPR and other privacy laws,” explained Juliana Wood, Managing Director of CIRQ.
ISO 27701, a PIMS (Privacy Information Management System) standard, provides detailed operational checklists that can be adapted to a variety of regulations, including GDPR. Companies document their policies, procedures, and protocols in line with these checklists, with records then audited by internal and CIRQ auditors. The standard also outlines a framework for Personally Identifiable Information (PII) Controllers and PII Processors to manage data privacy.
ANAB, the ANSI National Accreditation Board, accredited CIRQ to complete ISO 27701 audits and certifications. CIRQ is the only such U.S.-based provider specializing in the market research and data analytics industry.
“Complying with GDPR requirements and a wide array of U.S. data privacy laws and regulations can be a daunting task,” Wood noted. “Implementation of ISO 27001 and 27701 can reduce the risk of privacy regulation infractions while also illustrating to clients a keen attention to detail and dedication to data protection.”