ISO/IEC 27701:2019
ISO 27701:2019 certification pertains to the Privacy Information Management System (PIMS) of Resilinc’s in-house data, customer and supplier data collection, storage, IT management, IT infrastructure management, and sharing processes. Specifically, the company operates a Privacy Information Management System which complies with the requirements for ISO 27701:2019 for the following scope: Privacy Information Management System applies to core functions of Customer Success and Supplier Success limited in the capacity of a Processor of PII data relating to customers and suppliers available on the Resilinc portal hosted on Cloud.
It is essential for Resilinc customers and suppliers that participate in the company’s global supply chain risk management network to have complete confidence in the processes by which their personal and operational data is used and shared.
About ISO 27701:2019 Certification
ISO 27701:2019 is the internationally recognized extension to ISO 27001 for managing privacy. It provides a framework for organizations to establish, implement, maintain, and improve their Privacy Information Management System (PIMS). Registration to ISO 27701 provides objective proof that a business has implemented an effective privacy management system, ensuring compliance with privacy regulations and demonstrating commitment to protecting personal information. An external, impartial expert called a registrar or Certification Body (CB) conducts an on-site audit to determine whether a company is in conformance with the standard. For any query related to certification, please drop an email to [email protected].
Criteria to Achieve ISO 27701:2019 PIMS Certification:
- The organization has a clear understanding of its privacy objectives.
- The organization must integrate a Privacy Information Management System into its Information Security Management System.
- All staff must be aware of their roles and responsibilities in handling personal data to achieve ISO 27701 Certification.
- A documented Privacy Information Management System is required, together with the policies and procedures mandated by ISO 27701.
- The organization should assess and address risks associated with personal data processing and ensure privacy requirements are consistently met and improved.
- The organization must establish controls for managing personal data, including lawful processing, data subject rights, and data protection by design and default.
- The organization must adopt effective methods to measure, analyze, and improve its privacy management processes.
- Top-level management of the organization must demonstrate leadership by establishing privacy policies, objectives, and continuous monitoring of privacy practices.
Key Benefit Categories of ISO 27701:2019 PIMS Implementation:
- Enhanced compliance with global privacy regulations (e.g., GDPR, CCPA)
- Strengthened trust with customers and stakeholders
- Framework for managing and mitigating privacy risks
- Integration with existing Information Security processes
- Improved governance over personal data
- Reduced risk of data breaches and privacy violations
- Clear roles and responsibilities for privacy management
- Document control and structured process improvement
Benefits of PIMS Implementation to Resilinc and External Stakeholders
ISO Objectives for Which Resilinc has Complied with for This Certification:
- Privacy Information Security
- Leadership
- Involvement of people
- Process and systematic approach
- Timely audits every year
- Ensuring gaining confidence in customer and supplier relationships
Resilinc Process Changes Implemented to Achieve ISO 27701 Certification:
- Provides senior management with an efficient Privacy Information management process.
- Sets out areas of responsibility across the organization.
- Communicates a positive message and confidence about Privacy Information Management to staff and customers/suppliers.
- Identifies and encourages more efficient Privacy Information Management processes.
- Highlights deficiencies in Privacy Information Management.
- Provides continuous assessment and improvement in Privacy Information Management.
- Affords enhanced marketing opportunities.
- Ensure Privacy Information Security of all data and supplier information shared with Resilinc.
- Negligible or zero data privacy leakage complaints.
- Independent audit demonstrates commitment to Privacy Information Management.
- Ensured development and deployment of PIMS policy and relevant processes.
- Ensured that all standard processes have SOPs.
- Ensured that process flow diagrams are available for each of the standard processes.
- Established that standard forms and templates are available on a shared repository.
- Developed standard PIMS training plans and ensured that assessment records are available and maintained for each team.
- All new joiners also undergo this training when they join.
- Implemented effectiveness monitoring based on assessment results and made remediation testing available when needed.
- Implemented processes to ensure that all changes to SOPs (amendments/updates) are communicated to all team members.
- Established a mandatory requirement that all changes to standard documents are subject to ‘Document Change Request’ for both control purposes and to ensure that the most current/updated version is being used.
- All policies and processes will be reviewed on a periodic basis to ensure relevance and offer possibilities of improvement in Privacy Information Management.