January 28 is Data Privacy Day, also known as Data Protection Day in Europe. The aim of the event is to raise awareness and to promote best practices in cyber security.
This year, Data Privacy Day comes a few days after the publication of ISO/IEC 27007, Information technology – Security techniques – Guidelines for information security management systems auditing. It is part of the ISO/IEC 27000 family of standards that together provide a trusted framework for managing information risks effectively.
The newly updated standard provides extensive guidance on auditing the requirements in ISO/IEC 27001, as well as on the competence of information security management systems (ISMS) auditors.
It is the job of an ISMS to protect the confidentiality, integrity and availability of data — the so-called CIA triad. An ISMS includes legal, physical and technical controls designed to protect assets from threats and vulnerabilities.
Taken together, the ISO/IEC 27000 family of standards provide organizations with a toolkit to cope with a continuously evolving cyber threat landscape. Attack vectors are multiplying as threat actors gain access to ever more sophisticated technology.
In the current environment, organizations not only face risks to their operations, but are also more exposed than ever before to the threats of litigation and reputational damage. Sweeping regulatory change is further increasing the pressure on organizations to protect personal data.
ISO/IEC 27701 is an extension to ISO/IEC 27001 that not only specifies the requirements for a privacy information management system, but also takes into the regulatory environment in which organizations operate. For example, ISO/IEC 27701 maps its provisions against the European Union’s General Data Protection Regulation (GDPR).
Standards provide even more value when they are combined with testing and certification. The IEC Conformity Assessment Systems are a framework of common rules and methodologies that ensure consistent results from anywhere in the world.
Last year, the certification bodies of IECQ, the IEC Quality Assessment System for Electronic Components, began to cover the assessment and certification to ISO/IEC 27001 for the first time. This was at the request of industry.
Although certification to ISO/IEC 27001 has existed since the standard was published in 2013, there was no harmonization among the many certification bodies that have been offering their own individual certificates and applying their own individual interpretations of ISO/IEC 27001.
Over time, this has resulted in different approaches and differences in what is accepted by the various certification bodies. Industry felt that IECQ was able to provide a benchmark approach.
IECQ is a worldwide approval and certification system that covers the supply, assembly, associated materials and processes of a large variety of electronic components used in millions of devices and systems. It provides manufacturers with independent verification that the requirements in IEC International Standards and other specifications were met by suppliers.
Find out more
The joint technical committee set up by IEC and ISO, JTC 1, develops the ISO/IEC 27000 family of standards. Read more here
Read more about IECQ here