ISO27701:2019 is a data privacy extension of ISO27001 and ISO27002. Where ISO27018 is an additional control set to ISO 27001, ISO27701 sets guidelines for how personally identifiable information (PII) should be managed and processed by creating a Privacy Information Management System (PIMS).
ISO27701 directly relates to requirements found in data protection regulations, like GDPR and CCPA and is the go-to standard for implementing a Privacy Information Management System.
The standard supports a continual improvement of the system to ensure confidentiality protection and address vulnerabilities.
A Privacy Information Management System (PIMS) is a set of policies and privacy controls that set out how an organization collects, stores, processes and generally handles PII.
Like with GDPR, within ISO27701 and the PIMS, there are strict controls concerning the collection of PII, the protection of PII, and the rights of data subjects regarding accessing their PII.
The controls utilized within the PIMS are structured based on whether a company is a data processor or a data controller. As both a processor and controller, Cronofy has implemented all the controls.
When you use Cronofy, you’re sharing potentially sensitive information with us. It’s our responsibility to make sure that we protect that data, and we take that responsibility very seriously. That’s why information security will always be a first-class concern for us.
Whenever we’re building or developing any aspect of our service, Security is a key consideration. We understand that our customers care deeply about the security of data, and it’s something we feel equally strongly about.
We want our customers to know that they can trust us to process and handle their calendar and event data – always securely and to the highest standards.
In order to attain this certification, Cronofy’s compliance was audited and validated by an independent audit company, A-LIGN. Throughout the audit, Cronofy demonstrated a comprehensive and thorough approach to mitigating information security risks and the secure management of data.
As part of running an effective information security program, and privacy information management system, Cronofy is committed to continual improvement in line with ISO27001 and ISO27701. Cronofy will be assessed every three years, with audits in between those. This certification helps Cronofy ensure that we are operating, and maintaining our ISMS, our PIMS and are protecting our customers’ data, in line with the standard.
We make sure you keep control of your calendar and that it's private to you and those you'd like to share your availability with. Security is at the core of what we do and we have the best practices to ensure that privacy is never compromised.