We take pride in maintaining trusted accredited status for our ISO/IEC 27701 Privacy Information Management System (PIMS) certification service. Building on the framework of ISO/IEC 27001, this privacy extension is designed for privacy information management, providing guidance on the protection of privacy, including how personal data is processed and controlled.
ISO (the International Organization for Standardization) develops and publishes international standards that promote quality, safety, and efficiency across various products, services, and systems. ISO certifications are globally recognized as marks of excellence and compliance, critical for organizations aiming to enhance trust, streamline operations, and access global markets.
We review your company’s information security policies and meet with your leadership team to define the scope of the Stage 2 Audit.
We conduct a detailed inspection of your controls to determine whether sufficient evidence exists to provide recommendation for certification.
Our ISO Certification Body provides the certification decision for your PIMS.
You will receive a full report and, when appropriate, your PIMS certification seals.
Together we establish a reinspection plan for 2 years of surveillance audits and a recertification audit on the 3rd year to inspect your PIMS for continuous improvement towards ISO 27701 excellence.
As an ISO certification body, Decrypt Compliance allows clients use of our certification marks and logos subject to the following rules:
Achieve ISO 27701 certification with our comprehensive process, safeguarding information assets and demonstrating commitment to security.
Our certification decision authority conducts a comprehensive review of the entire audit record, including any corrective action plans, to verify conformance with ISO standards. Only upon satisfying all requirements is certification granted.
If the review finds audit issues or unresolved non-conformities, certification is refused until the client organization demonstrates full conformance. Exceeding remediation timeframes requires re-auditing.
Continued certification over the 3-year cycle requires successfully undergoing annual surveillance audits in years 2 and 3, plus recertification audits before expiration. Failure to meet these audit obligations or resolve identified non-conformities can prompt suspension.
Grounds for suspension include failure to resolve major non-conformities within allotted timelines, breaching agreements with Decrypt Compliance, or refusal to conduct required audits.
Suspended certifications are restored if an independent review verifies resolution of all outstanding issues, with confirmation by off-site or on-site assessment.
Decrypt Compliance can withdraw certification due to factors like failure to conduct audits, misrepresentation by the client, unresolved corrective actions, failed appeals of major non-conformities, or client request. Clients may request withdrawal of certification for any reason.
Additional certification scope requires formally submitting supporting documentation of eligibility to Decrypt Compliance. Our subsequent on-site audit determines if compliance covers the expanded scope. Additional contract terms may be applicable.
We may dictate scope reduction if an organization’s certification scope is no longer completely valid or applicable. However, reducing scope solely to preclude non-conformities is unacceptable.
Organizations across various sectors pursue ISO certification to demonstrate compliance with international regulatory standards, manage risks, and enhance operational effectiveness. Industries particularly impacted include technology, manufacturing, and service providers who want to establish credibility with customers and stakeholders globally.
Share your needs and timeline, and we’ll reach out shortly.