ISO 27701 Compliance and Certification

Aprio Information Assurance Certification logos

Is your organization addressing the increasing importance of information privacy and the rising tide of data privacy laws across the U.S. and around the world? Do you have a strategy for addressing compliance with these new laws?

ISO 27701 is the first true international certification for privacy compliance, built on ISO 27001, the recognized international gold standard for information security management.

When leveraged properly, ISO 27701 can serve to build, assess, and certify your privacy compliance program against virtually any privacy regulation, including GDPR, CCPA, HIPAA and many others.

As the first full-service CPA firm in the U.S. to receive ANAB accreditation as an ISO 27701 certifying body, Aprio stands ready to help your organization address your privacy compliance challenges.

Why clients choose Aprio for ISO 27701 Certification

#1

Aprio is the first full-service CPA firm in the nation to achieve ANAB accreditation as an ISO 27701 Certifying Body

#1

Aprio is the first full-service CPA firm in the Southeast to be accredited as an ISO 27001 Certifying Body

96%

Aprio’s Information Assurance team has a 96% client renewal rate

6.5 years

Aprio Information Assurance team’s average client relationship

The ability to demonstrate compliance with privacy and security standards is key to growing your business. Numerous Aprio clients have shared that working with our team has improved the operational integrity of their business. Here are a few reasons why clients partner with Aprio:

  • Efficient, effective and easier – Our clients appreciate our pragmatism and efficient ISO certification process. Aprio makes effective and sustainable information risk management and reporting easier to achieve.
  • ISO 27001/SOC 2 harmonization – Aprio has proven capabilities for harmonizing ISO 27001/27701 with SOC 2 reporting to provide global assurance acceptance and even greater efficiencies in testing, monitoring and compliance.
  • Focus on risk management – Aprio’s focus on information risk management enables clients to pivot from the “check-the-box” ISO 27001 Certification, audit and compliance, to real business risk management, security awareness and organizational adoption.
  • We are practitioners, not salesmen – At Aprio, who you talk to during your decision process will be the professional that manages and executes your engagement. This is how we deliver quality, customer satisfaction and peace of mind the job is done right!
  • Quality reports that stand up to scrutiny – We aren’t a reporting and certification factory. Our reports and certifications represent our client’s risk management programs and will stand up to the scrutiny of prospective clients, auditors and regulators.

What is ISO 27701?

ISO 27701 is the first true international certification for privacy compliance. Building on ISO 27001’s acceptance as the international gold standard for information security management systems (ISMS), ISO 27701’s goal is to extend the existing ISMS standards with additional requirements to establish, implement, maintain, and continually improve a privacy information management system (PIMS).

When used in conjunction with ISO 27001 to address information security, the standard provides a comprehensive framework for privacy regulations addressing the specific needs of both PII Controllers and PII Processors.

ISO 27701 greatly reduces the complexity of managing privacy risk, achieving both compliance and certification for the growing list of domestic and international information data privacy laws that includes:

GDPR – EU General Data Protection Regulation;

CCPA – California Consumer Protection Act

HIPAA – Healthcare Insurance Portability and Accountability Act

PIPEDA – Canada’s Personal Information Protection and Electronic Documents Act

PIPA Alberta – Alberta’s Personal Information Protection Act

PIPA BC – British Columbia’s Personal Information Protection Act

QPA – Quebec Privacy Act

FADP – Switzerland’s Federal Act on Data Protectio

FLPPDHPP – Mexico’s Federal Law on the Protection of Personal Data Held by Private Partie

PDPA – Singapore’s Personal Data Protection Ac

PDPO – Hong Kong’s Personal Data (Privacy) Ordinanc

APAC – Asia Pacific Data Protection and Cybersecurity regulation

Who should consider adding ISO 27701 to an ISO 27001 certification?

ISO 27701 compliance is specifically relevant to any organization that collects, processes, transmits or stores Personally Identifiable Information (PII). This is particularly relevant to industries including digital healthcare, fintech, data analytics, professional services, marketing organizations and insurance providers.

Organizations that have existing or are planning to obtain ISO 27001 certification should consider adding on 27701 to address privacy risk management.

Add ISO 27701 to your ISO 27001 Certification with Apri

Clients with multiple privacy compliance reporting requirements appreciate our pragmatic approach that unifies the collection and cataloging of control evidence to simplify reporting and avoid audit fatigue. Aprio can help you make effective sustainable information risk management and reporting easier to achieve.

To learn how Aprio can help you extend your ISO 27001 certification to include ISO 27701, contact Dan Schroeder or Brett Williams.

X