Information is one of an organisation's most important assets. The protection of its security and privacy is a fundamental task to ensure the correct development of the business, transmitting trust to its stakeholders, customers and users.
The greater the value of the information, the greater the risks associated with its loss, deterioration, improper or malicious use as a result of an incident or breach of security and/or privacy.
Information Security Management System - ISO 27001
Information Security Management Systems (ISMS) are the most effective means to minimise risks, as they ensure that business processes and/or IT services, assets and associated risks are identified and assessed, taking into account the impact on the organisation and also its continuous improvement, and that the most effective controls and procedures are adopted that are consistent with the business strategy.
Effective management of information security guarantees:
AENOR's Information Security Management System certification, in accordance with ISO/IEC 27001:2022, contributes to promoting data protection activities in organisations, improving image and generating trust with respect to third parties.
Moreover, the interest of both public and private organisations in this certification and our experience in it since 2005, has ranked us among the world's top ten for the number of ISMS certificates, and made AENOR the leader for this certification.
AENOR has been accredited to certify the new version of ISO/IEC 27001:2022. Spain is the third European country by certified centres, with 3,483; with AENOR being the main certifier.
Information Privacy Management Services - ISO 27701
The new Privacy Information Management System (PIMS) certification according to the international standard ISO/IEC 27701, as an extension of the ISO/IEC 27001 Information Security certification, is part of AENOR's Cybersecurity and Privacy model, forming part of the Confidence Platform "Protect Data Security and Privacy."
It is aimed at any public or private organisation, specifically those that work with personal data, are concerned about the management of data privacy and security, and particularly if they employ a Data Protection Officer (DPO).
The ISO/IEC 27701 certification, considering the principle of proactive responsibility, is a tool that helps organisations to comply with the principles and obligations imposed by the law on Data Protection and Privacy, such as the European Data Protection Regulations (GDPR) and the Organic Law Of Data Protection and Guarantee of Digital Rights (LOPDGDD).
Prior to ISO 27701 certification, organisations must have implemented and certified ISO 27001.
Demonstrates transparency and efficiency to customers and shareholders when managing personal data processing
AENOR is a pioneer in Certification of Privacy Information Management Systems
AENOR is an accredited entity for ISO 27001 and the National Security Framework (ENS-RD 3/2010)
Among others:
In addition to being an extension for ISO 27001, both references can be integrated with:
The organisation obtains:
AENOR Information Security Mark UNE-ISO/IEC 27001
AENOR Information Privacy mark ISO/IEC 27701
IQNet Mark RECOGNIZED CERTIFICATION
Pioneers in ISO 27001 and ENS accredited certification, we have extensive experience in large and small organisations from all sectors. Customers, such as TELEFONICA, VODAFONE, FNMT, INCIBE, THE GENERAL COUNCIL OF SPANISH LAWYERS, EY, PwC, BURO DE CRÉDITO (Mexico), INDECOPI (Peru), CASA DE LA MONEDA (CHILE), etc.
Learn about all the training available on ISO standard 27001
More information
Portugal