This post was also written by Darragh McMahon
At McAfee, we adhere to a set of core values and principles – We Put the Customer at The Core, We Achieve Excellence with Speed and Agility, We Play to Win or We Don’t Play, We Practice Inclusive Candor and Transparency.
And reaching the ISO 27701 enshrines all of these values.
For those who are not familiar with it, the ISO 27701 is the industry leading certification for information security & privacy management. Achieving the ISO 27701 certification demonstrates that McAfee is able to protect personal data, thanks to a multidisciplinary effort coupled with cross-functional expertise. Because yes, We Play to Win or We Don’t Play.
Over the past years, and all around the world, lawmakers and regulators have been and continue to introduce new laws governing the processing of personal data (such as those adopted in Australia, Brazil, Singapore and Canada) -the GDPR and the CCPA are only few of these. This changing legal environment raises challenges for all businesses, but especially those that must comply globally with regulations in multiple jurisdictions. Compliance to requirements and controls of ISO 27701 is relevant to support the fulfillment of obligations to articles 5 to 49 (except 43) of the GDPR. The application of the ISO 27701 standard can also be used for supporting compliance with other data privacy laws. Because yes, We Practice Inclusive Candor and Transparency.
The ISO 27701 Standard has been published in August 2019, and all companies, whether vendors or customers, should look into it. At the time of certification by McAfee’s assessment firm, McAfee is one of the very first companies to achieve the certification within the cyber-security industry. Because yes, not only do We Achieve Excellence with Speed and Agility, but We also Put the Customer at the Core.
Key requirements include, but are not limited to:
- Fundamental Data Protection Principles: purpose of the data processing, legal basis for the data processing, obtaining individuals’ consent and mechanisms to modify or withdraw that consent, records of data processing activities, and privacy impact assessments;
- Individuals’ Data Protection Rights: notice, access, correction, erasure, and automated decisions;
- Privacy by Design and by Default: data minimization, de-identification and deletion, and data retention;
- Data processing agreements, data transfers and data sharing;
- Determination of the role of the organization as a data controller and/or data processor;
- Unified management of IT risks for the organization of privacy risks for data subjects;
- Appointment of a person responsible for the protection of privacy (DPO or equivalent);
- Staff awareness; data classification; protection of removable media; user access management and data encryption; backups and event logging; conditions for the transfer of personal data; Incident management; and
- Compliance with legal and regulatory requirements, etc.
McAfee’s ISO 27701 certificate, along with its other certificates, is publicly available at trust.mcafee.com/privacy-compliance
 Schellman, December 2020