Security, described in ISO standards or reference frameworks versus privacy, established by Laws, court and law makers.

Security and privacy: two different concepts that are all too often wrongly misconfused. It suffices to observe any non-human living beings to see how deep-seated security is and how they react to any perceived threat: antlers, camouflage, shells, carapaces, spines, poison, … This evolutionary effort evidences their intrinsic need for security. But where is these living beings’ sense for privacy? Exactly, nowhere. We human beings, however, are aware of our needs in both fields. Recent events, moreover, act as a constant nudge. New legislation like GDPR or Spanish personal-data protection law (LOPD) or constant security breaches and incidents (phishing, ransomware,…) or the Covid19 pandemic all bring out people’s need to safeguard their information security and privacy.

GMV, as an expert in both fields, mulled over this problem searching for a holistic solution that might be applicable for the abovementioned requirements. Accordingly, GMV Soluciones Globales Internet decided in 2019 to implement a Privacy Information Management System based on ISO 27701:2019 standard.

ISO 27701 is an extension of the reference standard for information security management, ISO 27001, enlarging its scope to cater for the protection of PII (Personally Identifiable Information) required to companies. ISO 27701 thus brings in about 40 additional protection measures that must be implemented as well as the ISO 27001 requirements and the 114 security measures of ISO 27002. They all combine to ensure proper protection and management of any organization’s information. These new privacy management requirements can all be tracked into GPDR legal requirements. They include, for example, risk analysis, proper privacy protection measures, setting up communication channels with other organizations, etc. The overarching aim is to guarantee proper protection of PII.

GMV sees this ISO 27701 implementation as another initiative that backs up its strategy of delivering high added-value services. Business lines such as cybersecurity, consultancy, development pentesting, SOC and CERT services, big data, artificial intelligence, eHealth platforms, digitization and automation of industry, they all are included in the scope of ISO 27001 certification, as well as ISO 27701. Clients, partners, suppliers, employers and other entities and collaborators can therefore be confident that their data is duly protected according with their particular needs and the best practices in security and privacy. For any project, for any type of data.

The implementation of this Privacy Information Management System was endorsed by AENOR (Spanish prestigious certification body), who certified GMV’s compliance to ISO 27701. This certification process was conducted throughout 2020 and factored in the size of the organization, its business lines, the different categories of personal data treated and the fact that GMV and AENOR have both been trailblazers in certification of this management system, as Spanish first ever audit of certification under this ISO standard.

Finally GMV obtained the ISO 27701 certification, the first ever issued in Spain. It is available at the company’s website: www.gmv.com.

Security and privacy embedded into our daily activities, new innovative ideas, new efficient processes and procedures, proven expertise, forward-lookingness, client centeredness. Our day-to-day routine.

 Author: Mariano J. Benito