By: Gry Evita Sivertsen,
Head of Information Security, boost.ai
In June 2022, boost.ai was one of the first companies in Norway to be granted the ISO27701 certification by DNV. Here’s what that means and why it’s important.
The objective of the ISO27701 certification is to improve the existing information security management system (ISMS) aligned with ISO27001 with additional requirements for establishing, implementing, maintaining and continuously improving a privacy information management system (PIMS).
Evidence of solid privacy controls is important in order to earn confirmation and validation that you as a company are taking the right measures to ensure proper handling of personal information.
With the granted stamp of approval from DNV, a well respected company that is trusted globally, boost.ai now has clear evidence of why customers can trust us as a vendor to manage their data in a secure and privacy minded way.
You cannot have privacy without security. Security is the technical measures we implement to protect personal information.
When we are creating technology, we have a responsibility to secure the behavior of it. At boost.ai we provide virtual agents that can understand, communicate and respond to individuals.
When an individual is using conversational AI to communicate, the challenge is that the individual could write or ask for pretty much anything. Not everyone will think about the fact that they are communicating with conversational AI, they will trust the service and potentially provide sensitive information.
So we need to implement measures that can protect any types of data collected because we can not predict what data the individual will provide.
In the boost.ai platform, solid functionality to minimize both security and privacy risks has been implemented. These functionalities are flexible, meaning that the customers can tailor these to fit their needs.
At boost.ai, we care about the privacy of the individuals using the service. Therefore we have implemented solid functionality to minimize both security and privacy risks in the solution. These functionalities are flexible, meaning that the customers can tailor these to fit their needs. Boost.ai will continuously work to further assess and improve these.
Learn more about boost.ai security controls and framework at https://www.boost.ai/company/security
In addition to securing the personal information processed in the solution, the PIMS is about implementing proper policies, processes, procedures and technical and organizational measures throughout the company to ensure that personal information is protected at all times. The ISO27701 standard has dedicated privacy controls for when the company is acting as data controller and data processor.
At boost.ai we focus on creating and maintaining a strong security and privacy culture. When implementing the ISO27701 standard, instead of doing a standard GDPR training we decided to create a privacy awareness training program with the purpose of raising the privacy awareness throughout the company. It is one thing to understand what GDPR is, but if you really understand the importance of privacy controls and the reason for the controls being there you also increase the likelihood of your employees complying to such controls. We often forget that there is a deeper meaning behind all this work. Because privacy goes beyond avoiding those huge fines and hurting our reputation. That’s important too, of course, but privacy is much more than that. Privacy is a universal human right.