Launch of Programme for Privacy Information Management System Certification

Launch of New Accreditation Programme for Privacy Information Management System (PIMS) Certification under Management Systems Certification Body Scheme

The Singapore Accreditation Council (SAC) is pleased to launch the accreditation programme for Privacy Information Management System (PIMS) Certification based on ISO/IEC 27701:2019, with effect from 02 August 2023. The certification standard used will be ISO/IEC 27701 Security techniques – Extension to ISO/IEC 27001 and ISO/IEC 27002 for Privacy Information Management — Requirements and Guidelines. The ISO/IEC 27701 specifies the requirements for establishing, implementing, maintaining and continually improving a privacy-specific information security management system which aims to protect personal data. This effort aligns with the national plans to drive Smart Nation Initiative and enhance cybersecurity infrastructure in Singapore.

The aim of this accreditation programme is to ensure that the certification bodies (CBs) are competent to carry out ISO/IEC 27701 audits. ISO/IEC 27701 certification can help businesses manage privacy risks for personally-identifiable data with confidence. PIMS certification will be offered under the SAC’s accreditation scheme for management system certification and as an extension to the existing accreditation programme on Information Systems Management Systems (ISMS) certification based on ISO/IEC 27001. SAC-accredited ISMS CBs can apply to this programme as an extension to PIMS certification.

Beside ISO/IEC 17021-1:2015, SAC will also adopt ISO/IEC TS 27006-2:2021 Requirements for bodies providing audit and certification of information security management systems - Part 2: Privacy information management system, as the accreditation standard.

There will be no supplementary accreditation criteria (i.e. no SAC CT Document) since the criteria on auditor competency, audit duration and requirements for certificate are clearly stipulated in the standards.

Application for accreditation is now open through the SAC accreditation portal, SACiNet