Topic: Privacy Information Management System based on ISO/IEC 27701:2019
Summary:
Data Privacy has been a sensitive issue for a few decades. While those who have been providing services to US and Europe are familiar with Data Protection Act, 1998, HIPAA, GLB and similar Acts, the others are still waiting for the local Government to pass a similar Act. There are many privacy regulations that we have to comply with. For organizations that serve multiple geographies, compliance with Privacy Laws is always a ‘moving target’.
Let us look it from another angle. If we prepare all our documents and records and invite an external auditor to audit and ‘certify’ that we are complying with all the relevant Privacy Acts, for example, GDPR, is it possible to get a ‘GDPR’ certificate? At the moment, NO. We can only get an ‘Attestation Report’ about GDPR or any other Privacy compliance and not a ‘certificate’.
What is the way out?
In this webinar we will provide an overview of GDPR and explain how a Privacy Information Management System(PIMS) based on ISO/IEC 27701:2019 can provide a way forward.
Certification of Management Systems, i.e., certifying a ‘process’ is based on ‘requirement’ standards such as ISO/IEC 27701:2019 and is based on accreditation schemes using ISO/IEC 17021:2015. ANAB, USA and NABCB, India have launched a ‘process’ certification for conformance with requirements of PIMS ISO/IEC 27701:2019.
‘Product’ certification schemes are based on ISO/IEC 17065:2012. UK Accreditation Service(UKAS) and Information Commissioner’s Office (ICO.UK) have jointly started a scheme for Certification of GDPR using the ‘product’ accreditation standard. In this webinar you will get introduced to new initiatives coming up for GDPR and PIMS certification.
Speaker: Mr Sudarshan Mandyam Narasi