ISO/IEC 27001 standard is designed to function as a framework for an organization’s information security management system (ISMS) and currently one of the fastest growing information security standards in the world, with the number of certifications growing each year. In this digital era, more companies see the importance of certifying to ISMS standards as it covers all policies and processes relevant to how data is controlled and used, enables organisations to take into account their legal and regulatory requirements. The benefits of conforming to the ISMS system outweigh the cost of facing high fine and penalty and most importantly allowing the organisation to gain recognition and credibility as a supplier within the competitive industry.
The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) drew up a new reference standard in August 2019: ISO/IEC 27701:2019 for privacy information management. The new standard is intended to address the urgent need for companies to meet their privacy regulatory obligations and the need for an increasingly clear and shared regulatory framework.
Following the introduction and implementation of the PDPA and the Data Protection Trustmark (IMDA), there has been a real quantum leap in the field of privacy due to the express introduction in the sector's legislative system of the key principle of accountability (“The Accountability Obligation”). Following this obligation, the PDPA requires the organisations (data controllers) to adopt policies and implement appropriate measures to ensure and show evidence that the processing of personal data complies with the requirements of the regulations. Considering the magnitude and severity of the requirements imposed by the legislation on the organisation and duty holders, it can be stated that ISO/IEC 27701:2019 is an important standard to improve your business and to demonstrate accountability to the privacy legislation in force
