Skip to main content

Víntegris is Certified with ISO 27701

Víntegris has obtained ISO 27701 certification as part of its policy of continuous improvement. This standard extends the ISO 27001 and 27002 standards on security techniques for managing privacy protection. It aims to guarantee the highest quality and security of the information processed to provide its services.

What does ISO 27701 require?

The Certification in ISO 27701 requires the entity to be certified in ISO 27001, a standard in information security management that, together with ISO 27002, implies the prior existence of an information security management system in the organisation. Information based on risk management and continuous improvement of the system.

ISO 27701 extends the requirements of ISO 27001, considering the protection of personal data and establishing requirements for the organisation, both in its role as controller of this information and as a data processor. 

What does the implementation and obtaining of ISO 27701 certification entail?

Starting from the previous existence of a security management system (ISO 27001-ISO 27002), the organisation must review its existing regulations, procedures and security measures, incorporating into them the concept or dimension of privacy, guaranteeing the adoption of the necessary measures to ensure the maintenance of this in the processing of information so that the risks are considered not only from the point of view of security but also of privacy in the processing of the information handled by the organisation.

At Víntegris, the information security management system becomes the organisation’s integrated security and privacy management system.

Certification to ISO 27701 has not only meant for Víntegris a review of the requirements established in ISO 27001-27002 to incorporate the dimension of privacy, but has also entailed compliance with additional requirements for data controllers, guaranteeing compliance with the measures required by the standard in the collection and processing of data, such as: 

  • Contemplating aspects such as the existence of a record of the treatments carried out, 
  • The definition of the purpose of the treatments carried out, the legal basis of the treatment, 
  • Requirements for obtaining consent, analysis of the impact on privacy involved in the processing of information, 
  • Contractual regulation of the relationship with those in charge of processing (processors), 
  • A procedure for addressing rights,
  • Compliance with principles such as “privacy by design.” and by default”, quality of the data guaranteeing its updating and limitation in the processing carried out, 
  • Deletion of the data when its processing ends, 
  • The requirements for international data transfers, etc.

Likewise, certification in this standard means guaranteeing compliance with the requirements established for correct performance as a processor when providing our services to clients, which entails our performance as the processor.

Obtaining this certification in ISO 27701 adds to the previous certifications in ISO 27001 and in the National Security Scheme in the HIGH category in our objective of providing our clients with our services with the greatest guarantees in the security and privacy of information. Complying with recognised standards in these matters that are independently certified.

For Víntegris, it is also a guarantee of compliance with current regulations on data protection, as the requirements demanded by ISO 27701 are aligned with the requirements established in the European Data Protection Regulation (Regulation (EU) 2016/679).

Artículo de Pilar García, Víntegris Compliance Specialist.

Discover how Víntegris can improve and secure your business processes!

Leave a Reply