ISO 27701 Privacy Information Management System-NOA Testing & Certification Group

ISO 27701 Privacy Information Management System

Build a privacy information security umbrella and build a privacy information security firewall

In the era of the Internet and big data, the development of many businesses is inseparable from the processing of personal privacy information, and the issue of privacy protection has become a major focus of attention in the current society. On August 20, 2021, the 30th meeting of the Standing Committee of the Thirteenth National People's Congress voted to pass the "Personal Information Protection Law of the People's Republic of China", which will be officially implemented on November 1, 2021.

This means that the protection of personally identifiable information (PII) is not only a social consensus, it has become a legal requirement, and organizations face multiple responsibilities from customers, end users, investors and government regulation. How organizations should manage personally identifiable information (PII) or personal data, and how to ensure privacy compliance, have become new issues and challenges for organizations to address.

ISO/IEC 27701 is an international management system standard developed based on this requirement. It is an extension of ISO 27001 (Information Security Management System) and ISO 27002 (Guidelines for Information Security Control Practices) in privacy information management. Provide guidance to organizations on protecting personal privacy information. With the release of the EU’s GDPR and more similar privacy data protection laws and regulations, the need for compliance with privacy requirements is increasing globally. Almost every organization handles personally identifiable information (PII). In addition, the amount and type of PII handled is also increasing, and the number of organizations working together to handle PII is also increasing. Privacy protection in the context of PII processing is a societal need and a major topic of special laws and regulations around the world.

The ISO 27701 privacy information management system enables organizations to continuously improve their data protection practices. It is also a further deepening of the information security management system in terms of personal information protection. Operational and compliance risks.

Service Content

On August 6, 2019, the International Organization for Standardization ISO and the International Electrotechnical Commission IEC officially released the ISO/IEC 27701 privacy information management system standard. This marks that information security, privacy and personal information protection have reached a consistent standard in the compliance display of international laws and regulations.

ISO/IEC 27701, as an extension of ISO/IEC 27001 and ISO/IEC 27002 in management, aims to enhance the existing information security management system with new requirements in order to establish, implement, maintain and continuously improve the privacy information management system , the standard outlines a framework for personally identifiable information (PII) controllers and PIl processors for privacy control management to reduce various risks to personal privacy.

ISO/IEC 27701 applies to organizations of all types and sizes, including public and private companies, government entities, and not-for-profit organizations. By implementing the ISO/IEC 27701 standard, organizations can bring stronger trust to their regulators, partners, customers and employees, etc., and win more opportunities for the organization.

Related Standards

○ "ISO/IEC 27701 Security Technology ISO/IEC27001 and ISO/IEC27002 Extended Requirements and Guidelines for Privacy Information Management"

○ "ISO/IEC 27001 Information Technology Security Technology Information Security Management System Requirements"

○ "ISO/IEC 27002 Information Technology Security Technical Information Security Control Practice Guidelines"

○ "ISO/IEC 27000 Information Technology Security Technology Information Security Management System General Principles and Vocabulary"

○ "ISO/IEC 29100 Information Technology Security Technology Privacy Framework"

○ "GB/T 35273 Information Security Technology Personal Information Security Specification"

Value Gain

○ Clarify the privacy protection requirements for PII controllers and processors, and assist organizations in identifying and analyzing privacy risks;

○ Clarify the privacy protection management compliance objectives, reduce the organization's compliance burden and reduce the organization's compliance risks;

○ Ensuring the interests of the organization’s senior management, organization owners, and key stakeholders to meet privacy protection requirements;

○ Communicate the value of privacy compliance to the organization's customers or partners, so that the organization can achieve long-term and lasting personal privacy security compliance development;

○ Based on the unified framework of international standards, the cost of compliance communication can be reduced and the credibility of the organization can be communicated to the public;

○ Enables the organization to convey a stronger sense of trust to its governing organizations, partners, customers and employees, and to gain a large number of opportunities.

Service Process

Q&A

How long does the system need to run before applying for certification?

Before applying for certification, the system must have been running for at least 3 months.

After obtaining the certificate, how to query the authenticity and validity of the certificate?

The authenticity and validity of the certificate can be queried by logging into NOA website （www.noagroup.com and selecting "certificate / report query" in the "resource center", or by logging into the national certification and accreditation information public service platform（http://cx.cnca.cn）Query.

After obtaining the certificate, how long is the certificate valid? Is it necessary to review every year?

After obtaining the certificate, the validity period of the certificate is 3 years, and at least one on-site audit is required every year to keep the certificate valid.

What to do after the expiration of the certificate?

Before the expiration of the certificate, we will arrange the customer service specialist to contact you actively to assist you in handling matters related to your re certification application.

Our Advantage

Authoritative qualification

NOA has been approved by Certification and Accreditation Administration of the People’s Republic of China（CNCA）(CNCA-R-2002-051), and has obtained qualification of China Inspection Body and Laboratory Mandatory Approval (CMA),and has passed the multiple approvals of China National Accreditation Service for Conformity Assessment (CNAS), International Accreditation Service (IAS), United Kingdom Accreditation Service (UKAS), Joint Accreditation System of Australia and New Zealand (JAS-ANZ). NOA has been approved by State Administration for Market Regulation of China, and has been recognized as inspection and testing institution of China's special equipment, as well as the qualification of China's national equipment supervision and engineering supervision. NOA-DCI is the notified body of the CE directive of the European Commission. NOA has been recognized by the International Electrotechnical Commission (IECQ) by obtaining Electronic Component Quality Assessment System. It is also a national inspection and assessment notified body of import and export commodity in China.NOA is a high-tech enterprise in Shanghai.

Improve Performance, Realize Asset Value Appreciation, and Service Throughout the Entire Value Chain

From pre-design to post-operation, NOA has the ability to guarantee the whole life cycle of the business. NOA, as an independent third-party inspection company, has a large number of domestic and international standards and specifications proficient in design, welding, non-destructive testing, painting, packaging and other fields The experienced team of professional engineers and inspection experts, with more than ten years of experience in the domestic market, is familiar with all aspects of the domestic industrial equipment supply chain, and can provide you with technical support services for the full life cycle of technical services in a timely manner, combining various products. Inspection, certification, testing, consulting, and auditing services can provide you with one-stop all-round comprehensive services.

Quality, Efficiency and Service

NOA has formed a mature and solid operation system in the development of more than 20 years. We let technical experts who are familiar with market regulations and testing standards and have professional industry experience to carry out inspection, evaluation and design review work. While meeting the requirements of domestic and international standards, we ensure that customers can obtain satisfactory service results in the first time with accurate time-sensitive management methods, and ensure that customers can seize the opportunity in the market competition.

Service Area

NOA inspection services currently cover Europe, Australia, Russia, some Middle East regions and most regions in China. NOA can ensure the consistency and continuity of customer service in different regions, and eliminate the impact of unfamiliar environments on customer quality. The guarantees and the impact of project implementation enable customers to participate in different markets across the country or around the world with flawless quality.

Submit your request

NOA expert team to provide you with high-quality solutions

Advisory Message

Relevant Recommendation

Related Download

LOGO-ISO 27701

下载