Is your organization addressing the increasing importance of information privacy and the rising tide of data privacy laws across the U.S. and around the world? Do you have a strategy for addressing compliance with these new laws?
ISO 27701 is the first true international certification for privacy compliance, built on ISO 27001, the recognized international gold standard for information security management.
When leveraged properly, ISO 27701 can serve to build, assess, and certify your privacy compliance program against virtually any privacy regulation, including GDPR, CCPA, HIPAA and many others.
As the first full-service CPA firm in the U.S. to receive ANAB accreditation as an ISO 27701 certifying body, Aprio stands ready to help your organization address your privacy compliance challenges.
The ability to demonstrate compliance with privacy and security standards is key to growing your business. Numerous Aprio clients have shared that working with our team has improved the operational integrity of their business. Here are a few reasons why clients partner with Aprio:
ISO 27701 is the first true international certification for privacy compliance. Building on ISO 27001’s acceptance as the international gold standard for information security management systems (ISMS), ISO 27701’s goal is to extend the existing ISMS standards with additional requirements to establish, implement, maintain, and continually improve a privacy information management system (PIMS).
When used in conjunction with ISO 27001 to address information security, the standard provides a comprehensive framework for privacy regulations addressing the specific needs of both PII Controllers and PII Processors.
ISO 27701 greatly reduces the complexity of managing privacy risk, achieving both compliance and certification for the growing list of domestic and international information data privacy laws that includes:
GDPR – EU General Data Protection Regulation;
CCPA – California Consumer Protection Act
HIPAA – Healthcare Insurance Portability and Accountability Act
PIPEDA – Canada’s Personal Information Protection and Electronic Documents Act
PIPA Alberta – Alberta’s Personal Information Protection Act
PIPA BC – British Columbia’s Personal Information Protection Act
QPA – Quebec Privacy Act
FADP – Switzerland’s Federal Act on Data Protectio
FLPPDHPP – Mexico’s Federal Law on the Protection of Personal Data Held by Private Partie
PDPA – Singapore’s Personal Data Protection Ac
PDPO – Hong Kong’s Personal Data (Privacy) Ordinanc
APAC – Asia Pacific Data Protection and Cybersecurity regulation
ISO 27701 compliance is specifically relevant to any organization that collects, processes, transmits or stores Personally Identifiable Information (PII). This is particularly relevant to industries including digital healthcare, fintech, data analytics, professional services, marketing organizations and insurance providers.
Organizations that have existing or are planning to obtain ISO 27001 certification should consider adding on 27701 to address privacy risk management.
Clients with multiple privacy compliance reporting requirements appreciate our pragmatic approach that unifies the collection and cataloging of control evidence to simplify reporting and avoid audit fatigue. Aprio can help you make effective sustainable information risk management and reporting easier to achieve.