We’re extremely proud to announce that dotdigital has been awarded ISO 27701 certification; demonstrating our ongoing commitment to privacy and trust.
So, what is ISO 27701?
The International Organization for Standardization (ISO) is an independent organization that sets global standards in areas such as security, safety, and quality. As the name suggests, its goal is to define standards for best practices that can be implemented, irrespective of an organization’s size, type, or location.
ISO 27701 is the international standard-setting out best practice for a Privacy Information Management System (PIMS). It’s an extension to the ISO 27001 standard, which dotdigital became certified to in Summer 2020. It’s designed to help organizations build, maintain, and continually improve their privacy program in line with international best practices. Being certified against the standard demonstrates that a company meets the requirements and has put in place a comprehensive system to manage data privacy.
What does being certified to ISO 27701 mean?
It means that dotdigital has built a PIMS that complies with the ISO 27701 standard, and that all components of the system have been independently audited by a UKAS accredited certification body – Alcumus ISOQAR.
To maintain certification, dotdigital must now commit to ongoing internal auditing; ensuring the management system continues to meet the requirements and drive improvement. In addition to this, external audits will take place annually. The certificate will expire in Summer 2023, at which point full re-certification audits will need to be conducted by a UKAS accredited Certification Body.
What does this mean for dotdigital customers?
We recognize our role as custodians of our clients’ data. dotdigital’s privacy program has developed over many years to foster a culture of trust, transparency, and responsibility.
We’ve published information on our privacy program in our Trust Centre for some time. We continue to be proactive in updating our clients on the ever-changing privacy landscape globally, not just in outlining our commitments in our DPA, but offering detailed, practical guidance to our clients in the UK & Europe, the US, Singapore, and Australia.
Achieving ISO 27701 accredited certification was the next step and reflects dotdigital’s ongoing commitment to ensure the privacy and security of personal data. It demonstrates that we understand how important personal data is, the risks associated with it, and how critical it is that it is protected.
What’s more, certification provides evidence that the methods we have put in place to identify and mitigate privacy risks comply with an internationally recognized standard, and that they have been independently verified. We continue to invest in our privacy program as a business and we recognize our huge part to play in securing our customers’ most valuable of assets: their data.