SGS HK presented the first Privacy Information Management System ISO IEC 27701 2019 Certificate

Being the first SGS-certified FinTech and cryptocurrency company to have ISO/IEC 27701 in the market, Crypto.com’s Chief Information Security Officer, Jason Lau said: “ Data privacy is important in the product development lifecycle, obtaining this certification demonstrates the company's commitment to continuously improving its global privacy program and building trust and confidence to customers.” He also shared the thoughts and feelings of obtaining ISO/IEC 27701.

Q: What is your initiative of obtaining ISO/IEC 27701 certificate?

A: “Building trust with your employees and customer base is critical in this day and age. Data is the new world currency, and it's a strategic objective for our company to put security and privacy as the core foundation of our organization. Having spent over 20 years in the security and data privacy industry, I can see first-hand how information security management systems play a key role in any organizations overall security and privacy strategy. As this certification just came out late 2019, it was perfect timing as the standard provides good guidance for an organization who are on their journey to address the many regulations around the world like Europe’s General Data Protection Regulation (GDPR).”

Q: What is the importance for a Fintech company to having ISO/IEC 27701?

Being the first SGS-certified FinTech and cryptocurrency company in the world to have ISO/IEC 27701 is a milestone as it shows our commitment to constantly improving our global privacy program. FinTech companies often use new high tech methods from onboarding customers, KYC process through to using big data to find new and enhanced ways of doing business. Data Privacy considerations are therefore important throughout the organizations product development life-cycle by having a ‘Privacy by Design; Privacy by Default’ mentality helps to drive a data-protection culture.”

Q: The reason of choosing SGS?

SGS has a long history of audits, testing and certifications services with close to 2,600 offices and laboratories around the world. SGS has proven skills and expertise and their team of information security auditors gave us the confidence that we would be assessed according to International best standards, as the Hong Kong team was closely paired with their UK counterparts. I look forward to ongoing audit assessments with SGS in the future.”

About ISO/IEC 27701

ISO/IEC 27701 as an extension of management standards for ISO/IEC 27001 and ISO/IEC 27002, the goal is to enhance the existing Information Security Management System (ISMS) through new requirements to establish, implement, maintain and continuously improve the Privacy Information Management System (PIMS), which outlines the framework applicable to personally identifiable information (PII) controllers and PII processors to reduce personal privacy risks.

With the continuous development of information technology, the community's concern for privacy security is increasing, many countries and regions have set up a series of personal information protection laws and regulations, such as the GDPR in European Union (EU), California Consumer Privacy Act (CCPA), Personal Data Protection Act 2012 (PDPA) in Singapore and the Personal Data (Privacy) Ordinance in Hong Kong. Companies and organizations need a comprehensive system to ensure the privacy security of customers and stakeholders when handling personal information and data.