Skip to main content Skip to footer

Strengthening privacy in the iManage Cloud with ISO27701

Martin Ward

Over recent years iManage has continued to build and improve on our security and privacy programs to further protect and secure our customers and their data in the iManage Cloud.

In a continued quest to ensure we provide the most secure environment possible for all our customers, we have added ISO27701 to our iManage Cloud scope and will shortly formally announce our certification.

This comes as organisations are now taking a closer look at their privacy programmes and those of their suppliers as there’s been major enhancements to privacy regulations across the globe, including GDPR and CCPA, as well as evolving developments in certification and ways to demonstrate regulatory compliance.

iManage has established and enhanced various security best practices ahead of many other cloud vendors with regards to these and other regulations to ensure our customers can look to us as they improve their overall security and privacy measures across their organizations.

Join me to discuss some of the challenges and lessons learned in getting certified in the ISO/IEC 27701 standard in this webinar with our external auditors Schellman and Company.

We had been closely following development of the ISO/IEC 27701 standard and in particular the significant overlap with GDPR in terms of things like lawful basis for processing, consent and transparency and identified certification as another way to further validate our privacy program in particular as it relates to our Cloud customers.

We started planning for ISO27701 inclusion right after its publication date in August last year. Based on the initial assessment we felt we were in good shape to get ahead of many other cloud vendors and added it to our spring 2020 audit program.

This came following a broad range of enhanced security certification and compliance activities iManage completed, including expanding the scope of our Service Organisation Control (SOC) 2 Type 2 reports to include all five Trust Service Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy.

We also added the requirements of ISO 27018 to our ISO27001 ISMS and successful certified to this code of practise. ISO 27018 deals with the protection of Personally Identifiable Information (PII) in public clouds acting as PII processors.

Adding ISO/IEC 27701 for the iManage Cloud builds trusts and transparency with our customers and partners and demonstrates commitment to principles in how we manage personal information. As a cloud vendor, this is paramount to the security and privacy we provide for customers and their data. It also helps support compliance with privacy regulations, clarifies roles and responsibilities, and reduces complexity by integrating with the leading information security standard ISO/IEC 27001.

About the author

Martin Ward

Martin is Director, Governance, Risk & Compliance - Cloud Services at iManage. Prior to joining the company, he was the Senior Manager - Cyber Security - Advisory at Ernst & Young.