Skip main navigation
You are at: Home>Certification>Information Technologies (ICT) Certification>Information Security ISO 27001
Information Security and Privacy: ISO 27001 and ISO 27701
Information Security Management ISO 27001

Information Security and Privacy: ISO 27001 and ISO 27701

Information Security and Privacy: ISO 27001 and ISO 27701
AENOR Mark of Information Security UNE-ISO/IEC 27001

​​​​​​​​​​​​​​​​​​​​​​​​​​​The key to security and privacy for your information systems

Information is one of an organisation's most important assets. The protection of its security and privacy is a fundamental task to ensure the correct development of the business, transmitting trust to its stakeholders, customers and users.

The greater the value of the information, the greater the risks associated with its loss, deterioration, improper or malicious use as a result of an incident or breach of security and/or privacy.

Information Security Management System - ISO 27001

Information Security Management Systems (ISMS) are the most effective means to minimise risks, as they ensure that business processes and/or IT services, assets and associated risks are identified and assessed, taking into account the impact on the organisation and also its continuous improvement, and that the most effective controls and procedures are adopted that are consistent with the business strategy.

Effective management of information security guarantees:

  • confidentiality, ensuring that only those who are authorised can access the information,
  • integrity, ensuring that the information and its processing methods are accurate and complete, and
  • availability, ensuring that authorised users have access to the information and to related assets when they need it.

AENOR's Information Security Management System certification, in accordance with ISO/IEC 27001:2022, contributes to promoting data protection activities in organisations, improving image and generating trust with respect to third parties.

Moreover, the interest of both public and private organisations in this certification and our experience in it since 2005, has ranked us among the world's top ten for the number of ISMS certificates, and made AENOR the leader for this certification.

AENOR has been accredited to certify the new version of ISO/IEC 27001:2022. Spain is the third European country by certified centres, with 3,483; with AENOR being the main certifier.

Information Privacy Management Services - ISO 27701

The new Privacy Information Management System (PIMS) certification according to the international standard ISO/IEC 27701, as an extension of the ISO/IEC 27001 Information Security certification, is part of AENOR's Cybersecurity and Privacy model, forming part of the Confidence Platform "Protect Data Security and Privacy."

It is aimed at any public or private organisation, specifically those that work with personal data, are concerned about the management of data privacy and security, and particularly if they employ a Data Protection Officer (DPO).

The ISO/IEC 27701 certification, considering the principle of proactive responsibility, is a tool that helps organisations to comply with the principles and obligations imposed by the law on Data Protection and Privacy, such as the European Data Protection Regulations (GDPR) and the Organic Law Of Data Protection and Guarantee of Digital Rights (LOPDGDD).  

Prior to ISO 27701 certification, organisations must have implemented and certified ISO 27001.

Advantages of obtaining AENOR's Information Security and Privacy certification

  • Integrates information security and privacy risk management, applying continuous improvement and oriented to business objectives.
  • Aligns management systems with the law/regulations on data protection in the corresponding country. For example, in Europa-GDPR and Spain-LOPDGDD.
  • It strengthens the principle of proactive accountability in the organisation, as it can demonstrate that it has a certification that helps compliance with data protection legislation.
  • It implements effective mechanisms and controls for reporting incidents/breaches of security/privacy.
  • Possible moderation of the financial penalty for a data protection breach

    It contributes to implementing privacy by design and default in data processing.

             Demonstrates transparency and efficiency to customers and shareholders when managing personal data processing

AENOR is a pioneer in Certification of Privacy Information Management Systems

AENOR is an accredited entity for ISO 27001 and the National Security Framework (ENS-RD 3/2010) 

In addition to being an extension for ISO 27001, both references can be integrated with:

  • ISO 20000-1 - ICT Service Management Systems.
  • National Security Scheme (ENS – RD 3/2010).
  • ISO 22301 - Business Continuity Management.
  • ISO 27017/ISO 27018 - Cloud Security and Privacy.

The organisation obtains:

  • The AENOR Certificate for Information Security Management Systems (ISO 27001)
  • A license to use the AENOR Information Security mark
  • The AENOR Certificate for Privacy Information Management Systems (ISO 27701)
  • A license to use the AENOR Information Privacy mark
  • The IQNet Certificate (only for ISO 27001), passport for international access to its certification. With it, its AENOR certificate will be recognised by leading certification entities all over the world.
  • A licence to use the IQNet mark (only for ISO 27001).
AENOR Mark of Information Security UNE-ISO/IEC 27001

AENOR Information Security Mark UNE-ISO/IEC 2​7001​ 


AENOR Information Privacy mark ISO/IEC 27701


IQNet Mark

Pioneers in ISO 27001 and ENS accredited certification, we have extensive experience in large and small organisations from all sectors. Customers, such as TELEFONICA, VODAFONE, FNMT, INCIBE, THE GENERAL COUNCIL OF SPANISH LAWYERS, EY, PwC, BURO DE CRÉDITO (Mexico), INDECOPI (Peru), CASA DE LA MONEDA (CHILE), etc.

Learn about all the training available on ISO standard 27001

Training Courses