IAF Regions' news

Accreditation to Support Businesses through COVID-19

Aparna Dhawan


The COVID-19 pandemic has presented thousands of businesses around the world with unprecedented challenges to keep their business afloat and their employees safe. One such challenge has been the flow of information, both within individual organisations but also along their supply chains.

Various standards are available to aid businesses in protecting the security and privacy of their information, and in improving their business reliance and continuity planning. Accredited certification to these standards has helped maintain both customer and supply chain confidence.

Information security through ISO/IEC 27001

An ever-growing number of businesses have replaced their face-to-face work systems with digital remote communication applications, but how can we be confident that they meet the necessary levels of security?

According to Reuters, the number of daily users of the online meeting tool Zoom ballooned from 10 million in December 2019 to 200 million in March 2020. As users of meeting software share documents and links that may be confidential or accessed on business systems, it is important that we have systems in place that protect our information.

ISO/IEC 27001, a risk-based information security standard, provides assurance to business leaders, employees, customers and suppliers that information is managed appropriately and securely.

This standard will benefit a business as it:

  • Identifies key risks within the organization
  • Reduces information loss
  • Establishes appropriate controls
  • Provides confidence that information is protected  
  • Protects organisational reputation

Accreditation extended to include ISO/IEC 27701 to support information security

ISO has launched ISO/IEC 27701 Security Techniques as an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management systems.

This standard is applicable to a range of organisations that operate with Personally Identifiable Information (PII) controllers and/or PII processors processing PII within an information security management system. The standard includes a set of privacy-specific requirements, controls and control objectives.

Organisations that have implemented ISO 27001 will be able to adopt ISO 27701 to extend their security credentials to cover privacy management – including their processing of personal data/PII, which will enable them to demonstrate to customers and external and internal stakeholders that reasonable measures have been taken to comply with data protection laws such as GDPR.

In India, the National Accreditation Board for Certification Bodies (NABCB) has accredited M/S Bureau Veritas India Pvt. Ltd., Mumbai to ISO/IEC 27701:2019, making it the first accredited Certification Body for this standard.

As privacy concerns and requirements continue to grow in prominence, the addition of ISO 27701 to ISO 27001 certifications will become increasingly important to organizations. The benefit of ISO 27701 is that it streamlines compliance obligations for ISO 27001 and GDPR.

Accreditation of business continuity management systems (BCMS)

ISO 22301, the standard for business continuity management systems, ensures that the organization is fully prepared to comply with internal legal and regulatory requirements, as well as those of its clients, to face unexpected situations.

It applies to all types and sizes of companies, supporting them in generating an operating framework that allows them to identify current and future business threats, minimise the impact of incidents, maintain critical functions at adverse times and demonstrate security to their clients and suppliers.

More than five Accreditation Bodies have BCMS programmes in the Asia Pacific region, with others expected to launch programmes in the future.

Categories: IAF Regions' news