Press Release

Coalfire® ISO Awarded one of the World's First ISO 27701 Accreditation Decisions Among Certification Bodies

March 19, 2020

New Standard Bridges the Gap Between Privacy and Information Security Management 

 

WESTMINSTER, CO – March 19, 2020 – Coalfire ISO, the conformity assessment body arm of Coalfire, announced today that it has become one of the world’s first certification bodies to receive accreditation for the auditing and certification of an organization’s Privacy Information Management System (PIMS) per the ISO/IEC 27701:2019 standard (“ISO 27701”). This accreditation was reviewed and decided by the ANSI National Accreditation Board (ANAB) based in the United States. Coalfire ISO was part of the first decision group containing two management system certification bodies that were awarded this accreditation by ANAB.

Last September, Coalfire ISO launchedits ISO 27701 readiness assessment and certification audit services to help organizations transition from Information Security Management System (ISMS) focuses based on ISO/IEC 27001:2013 (“ISO 27001”) and embed those same principles of confidentiality, integrity, and availability with the now pervasive requirements for the protection of personally identifiable information (PII) made popular by the European Union General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Certification by Coalfire ISO to ISO 27001 is a co-requisite prior to the issuance of an ISO 27701 certification award.

The accreditation rule for certification bodies of management systems was released by ANAB on February 27, 2020, and Coalfire ISO applied based on this rule to the accreditation body for review within 24 hours of its release. Coalfire ISO currently maintains accreditation with both the ANAB and the United Kingdom Accreditation Service (UKAS), which represents just two of the more than 50 accreditation bodies worldwide. Both oversight bodies possess global assurance networks and involvement with regulators, such as local data protection supervisory authorities, as well as membership with the International Accreditation Forum (IAF).

“Risk management practices must evolve to respond to the expansion of data collection throughout the course of ordinary business activities. Leading organizations should seek opportunities to build trust with data subjects and challenge the perspective that compliance is a cost rather than a differentiator for the business,” said David Forman, managing principal, ISO Assurance at Coalfire. “Our organization has followed the developments of ISO 27701, its acceptance by supervisory authorities, and the creation of supporting accreditation programs since its draft release as ISO 27552. Working with ANAB, we are pleased to have played a role in this landmark alignment for the benefit of not only thousands of multinational organizations but also for the protection of millions of consumers.”

Released last August, ISO 27701 is the first international standard with a mechanism that permits organizations to undergo an independent review of their privacy programs against prescribed requirements for the protection of PII. Within one month of the publication of ISO 27701, Coalfire ISO awarded the world’s first unaccredited certificate to OneTrustfollowing a positive conclusion to its initial certification audit. Through this new accreditation, Coalfire ISO will be able to transition existing ISO 27701 certified organizations to an accredited scheme and audit all future applicants with these approved processes.

“ISO 27701 bridges the gap between assurance programs and the developing requirements for data privacy,” said Forman. “This standard provides a framework for integrating the traditionally separated information security and privacy functions within an organization and serves as an inflection point for benchmarking data processing activities.”

Today, organizations are using the tenets prescribed by the ISO 27701 standard to demonstrate conformity to a multitude of privacy laws and regulations that largely lack assurance programs beyond self-attested statements or contractual clauses. Likewise, a spotlight on organizational governance programs is growing as data breaches become more publicized, and a pervasive reliance on “as-a-service” technologies increases scrutiny on how these organizations handle data, their intent when collecting data, and the rights of data subjects to consent to these practices.

About Coalfire ISO
As the certification arm of Coalfire, Coalfire ISO provides audit and certification services to public and private sector organizations worldwide, adhering to the applicable requirements of both ISO/IEC 17021-1:2015 and ISO/IEC 27006:2015. Coalfire ISO is an accredited certification body of management systems registered with both the ANSI National Accreditation Board (ANAB) and the United Kingdom Accreditation Service (UKAS). CoalfireISO.com

###

For media inquiries:
Mike Gallo
(212) 239-8594
luminacoalfire@lumninapr.com