dotdigital achieves ISO 27701 certification
Omnichannel marketing solution provider dotdigital has announced that it has been awarded ISO 27701 certification.
The International Organisation for Standardisation (ISO) found that dotdigital has built a Privacy Information Management System (PIMS) that complies with the ISO 27701 standard — and that all components of the system have been independently audited by a UKAS accredited certification body.
To maintain certification, dotdigital says it will commit to ongoing internal auditing, ensuring the management system continues to meet the requirements and drive improvement, in addition to annual external audits. The certificate will expire in 2023, at which point full re-certification audits will need to be conducted by a UKAS accredited certification body.
ISO is an independent organisation that sets global standards in security, safety, and quality. As the name suggests, its goal is to define standards for best practices that can be implemented, irrespective of an organisation's size, type, or location.
ISO 27701 is the international standard, setting best practices for a PIMS. It's an extension to the ISO 27001 standard, to which dotdigital became certified in 2020. It's designed to help organisations build, maintain, and continually improve their privacy program in line with international best practices. Being certified against the standard demonstrates that a company meets the requirements and has put in place a comprehensive system to manage data privacy.
dotdigital says the certification highlights the company's commitment to safeguarding its customers' data.
In a post on its website, the company said: "We recognise our role as custodians of our client's data. dotdigital's privacy program has developed over many years to foster a culture of trust, transparency, and responsibility.
"We've published information on our privacy program in our Trust Centre for some time. We continue to be proactive in updating our clients on the ever-changing privacy landscape globally, not just in outlining our commitments in our DPA, but offering detailed, practical guidance to our clients in the UK - Europe, the US, Singapore, and Australia.
The company says that achieving ISO 27701 accredited certification was the 'next step' and reflects its drive to ensure the privacy and security of personal data.
"What's more, certification provides evidence that the methods we have put in place to identify and mitigate privacy risks comply with an internationally recognised standard, and that they have been independently verified," the company said on its blog.
"We continue to invest in our privacy program as a business and we recognise our huge part to play in securing our customers' most valuable of assets: their data.