N.Rich Is ISO 27001:2013 And 27701:2019 Certified

Protecting the personal data of our customers and end-users is our ongoing responsibility and top priority. N.Rich is now ISO 27001:2013 and 27701:2019 certified - see what it means to you as our customer.


What is ISO 27001?

ISO/IEC 27001 is the world's best-known standard for information security management systems (ISMS). It defines requirements an ISMS must meet.

Conformity with ISO/IEC 27001 means that an organization or business has put in place a system to manage risks related to the security of data owned or handled by the company, and that this system respects all the best practices and principles enshrined in this International Standard.

ISO 27001 is designed to ensure the selection of adequate and proportionate security controls that help protect information in line with increasingly rigid regulatory requirements such as the GDPR (General Data Protection Regulation) and NIS (Network and Information Systems) Regulations.

Therefore, N.Rich intends to demonstrate that it is committed and able to manage information securely and safely.

View the certificate

Focus of ISO 27001

There are 114 ISO 27001 controls that cover multiple areas of an organisation, and these controls are segmented into 14 different categories (domains). The 14 control domains of ISO 27001 controls are:

- Information Security Policies
- Organisation of Information Security
- Human Resources Security
- Asset Management
- Access Control
- Cryptography
- Physical and Environmental Security
-Operational Security
- Communications Security
-Systems Acquisition, Development and Maintenance
- Supplier Relationships
- Information Security Incident Management
- Information Security aspects of Business Continuity Management
- Compliance

Implementing the security framework pursuant to ISO 27001 will now benefit N.Rich to:

Reduce vulnerability to the growing threat of cyber-attacks
Respond to evolving security risks
Provide a centrally managed framework that secures all information in one place
Ensure that assets such as customer or end user data and information entrusted by third parties remain undamaged, confidential, and available as needed
Prepare people, processes and technology throughout the entire organization to face technology-based risks and other threats
Secure information in all forms, including paper-based, cloud-based and digital data

What about ISO 27701?

ISO/IEC 27701:2019 is a data privacy extension to ISO 27001. This newly published information security standard provides guidance for organizations looking to put in place systems to support compliance with GDPR and other data privacy requirements.

This reduces risk to the privacy rights of individuals and to the organisation by enhancing an existing Information Security Management System.

Through this standard, N.Rich provides assurance to end-users, customers, external stakeholders and internal stakeholders that effective systems are in place to support compliance to GDPR and other related privacy legislation.

View the certificate

Focus of ISO 27701

There are a total of 86 ISO 27701 controls, which are applicable to both capacities that an organisation may fulfill, i.e. controller or processor. These controls mainly focus on:

- Resourcing and establishment of roles
- Internal and external communication
- Anticipated guidance
- Control and guidance
- Continuous improvement of the PIMS (Privacy Information Management System)
- Objectives of the PIMS
- Competency profiles of individuals assigned to privacy roles
- Awareness of the PIMS policy and how personnel contribute to the establishment and improvement of the system
- PIMS Risk Treatment
- PIMS Risk Assessment
- PIMS Performance and analysis of PIMS effectiveness including, (1) Internal Audit and (2) Management Review
- PIMS Continous improvement considerations

Benefits of ISO 27701:

Builds trust both within and outside the organisation in relation to the handling of personal data
Facilitates effective business agreements
Supports compliance with various privacy regulations
Clarifies roles and responsibilities within the organisation
Reduces complexity by integrating with the leading information security standard ISO 27001

N.Rich will now be audited regularly by an external examiner to maintain the required data security discipline. As a consequence, N.Rich will remain focused on its continuous compliance with the ISO 27001 and 27701 standards as the protection of personal data remains our responsibility and priority!

Markus Ståhlberg

CEO and co-founder, N.Rich

Rest assured that your data is safe with us!

Get in touch for more information about N.Rich