Announcing Devolutions’ New ISO 27701 Certification: Enhancing Data Privacy and Trust

We are excited to announce that on June 4, 2024, Devolutions achieved ISO/IEC 27701:2019 certification.

This certification represents another key milestone in our longstanding commitment to data privacy and security. It complements our existing ISO/IEC 27001:2022 and SOC2 Type II certifications, and demonstrates our ongoing dedication to protecting the personal data of our customers and partners, as well as aligning with global privacy management standards.

Our ISO/IEC 27701:2019 certificate document is publicly available in our Trust Center.

About the ISO/IEC 27701 Standard

ISO 27701 provides a framework for establishing, implementing, and maintaining a Privacy Information Management System (PIMS) for managing personally identifiable information (PII) as both data controller and data processor. It extends the requirements of the ISO 27001 standard, which focuses on information security management systems (ISMS), by adding specific requirements and controls for privacy management. These include:

• PII Management: Establishing policies, procedures and controls for managing PII within the organization, including its collection, processing, retention, and disposal.
• Data Subject Rights: Implementing processes to manage data subject requests, such as access, rectification, and erasure of their PII.
• Privacy Impact Assessments (PIAs): Conducting PIAs to evaluate the impact of processing activities on the privacy of individuals.
• Privacy by Design and by Default: Implementing privacy by design and by default principles in our software development processes.
• Third-Party Management: Ensuring that third parties processing our PII have adequate privacy controls in place.
• Incident Management: Establishing specific procedures for managing privacy breaches and other incidents involving PII, including notification and remediation actions.
• Training and Awareness: Providing regular privacy training to our employees and raising awareness about privacy and data protection within the organization.
• Monitoring and Reviewing: Continuously monitoring and reviewing the effectiveness of our PIMS and making improvements as necessary.
• Legal and Regulatory Requirements: Identifying and complying with relevant data protection laws and regulations.
• Transparency and Communication: Ensuring transparency in PII processing activities and effectively communicating privacy policies to our stakeholders.

Going forward, Devolutions’ Privacy Information Management System will be monitored and audited every year to validate continuous compliance with the ISO 27701 standard.

Impact on Our Customers and Partners

Achieving ISO 27701 certification offers significant benefits to our customers and partners, and ensures that personal data is managed with the highest standards of security and privacy. It streamlines our compliance efforts and validates that effective systems are in place that support our alignment with various privacy regulations, such as GDPR, CCPA, PIPEDA, and Quebec’s Law 25. By adhering to ISO 27701 standards, we strengthen our ability to protect our customers’ PII and mitigate privacy risks at every stage of its processing.

From the Desk of Guillaume Beaupré, our VP of Legal Affairs and Privacy

I am incredibly proud of the work our team has done to earn ISO 27701 certification. This journey has strengthened our data security and privacy processes for the benefit of our customers, employees, partners, and other stakeholders.

Above all, this certification further deepens privacy as a core and integral part of our organizational culture. I would like to thank our CEO, David Hervieux, for his early belief in this project, and in its added value for our organization. His leadership and support throughout this entire process was, and remains, both inspiring and invaluable.

In an era where data privacy is increasingly critical in the eyes of regulators, businesses, and individuals alike, this certification enables us to maintain and cultivate the trust that our customers and users have placed in us, and in our products, for many years.

It is with pride that I personally attest we will continue dedicating all efforts to uphold these high standards, and strive for excellence in our privacy management practices!