Jamf is ISO 27701 certified - but what does that mean?

What is ISO 27701?

The International Organization for Standardization’s (ISO) 27701 certificate is an extension of the ISO 27001 information security standard that sets a worldwide framework for addressing privacy and data security. Although only a single digit separates the two certifications, they vary greatly in terms of what they mean for compliance — both yours and ours.

The main goal of ISO 27701 certification is to simplify the management of complicated and overlapping privacy laws, providing a solid foundation for GDPR compliance. The privacy certification enhances Jamf’s existing ISO 27001 security certification with a set of additional requirements and controls for handling personally identifiable information(PII) and provides guidance for safeguarding privacy. The framework introduces requirements and security techniques for establishing a Privacy Information Management System (PIMS), a system that helps give individuals more control over their personal data online.

The certification is important for organizations that act as PII controllers or processors, setting the framework and requirements for privacy controls and best practices. Comprised of an Information Security Management System(ISMS) and Privacy Information Management System (PIMS), its scope supports the fundamental operations critical to the administration, management and infrastructure of Jamf Now, Jamf Pro, Jamf School and Jamf Protect solutions, designing it in such a way as to strictly safeguard privacy data.

Important to note: The certificate relates to the Information Security Management System and not to products or services. While the current scope of this certification doesn’t cover all of Jamf’s locations and products, we continuously work to ensure all people, processes and tools are covered under our Information Security Management System (“ISMS”) while we are in the process of expanding our scope to include all Jamf Cloud Services.

What does it mean for Jamf to be ISO 27701 certified?

To help achieve consistent, effective and sustainable information security, Jamf is committed to managing, maintaining and continually improving an ISMS in conformance with the widely adopted ISO 27001 security standard.

While Jamf operates an Information Security Management System (ISMS) that conforms to the requirements of ISO 27001 security standard, becoming ISO 27701 certified means that Jamf has also built a PIMS following the ISO privacy framework, that complies with the ISO 27701 privacy standard and that all components of the system have been independently audited by a certification body.

Jamf has applied a Privacy by Design approach to our internal processes, including product design and development, vendor selection and management and within our Hosted Services. Our commitment to this approach helps us to proactively identify, evaluate and implement full lifecycle protection over personal data collection.

As the data processor, Jamf has implemented robust technical and organizational security measures to not only protect personal data but also to assist our customers in meeting their compliance obligations and ensuring that we are handling and securing customer PII according to industry best practices.

When it comes to the securing and governing of customer personal data, Jamf introduced Data Processing Agreements with customers that serve as guarantees that adequate technical and organizational measures are in place to protect this data. Specifically, a Data Processing Agreement may be necessary for Jamf-hosted customers (as data controllers) that are subject to the GDPR. To learn more about our customer’s use and access to Jamf’s Hosted Services, refer to our Hosted Services Availability Commitment.

An important step towards Global Privacy Compliance

With the rapid evolution of information technology, the volume of data processed is continually increasing, pushing many countries or regions to set up a series of personal information protection laws and regulations.

Achieving ISO 27701 not only helps us protect the integrity of information and systems but also extends our existing data security practices to achieve complete coverage of data security and privacy management and support compliance with global privacy legislation. This ensures that Jamf follows industry best practices when it comes to securing and governing customer personal data.

ISO 27701 is the only certifiable privacy standard that covers requirements for compliance with the European Union’s General Data Protection Regulation (GDPR), a set of rules related to the protection and privacy of the personal data of individuals that organizations must comply with. However, GDPR does not provide guidance on the implementation of privacy and security measures. This is where ISO 27701 fills the gap and sets a framework to address privacy and data security by outlining our obligations to document and demonstrate compliance regarding the processing of personal information.

Moreover, this framework for the management of data privacy ensures Jamf’s commitment to complying with global industry security and data protection standards. Additionally, Jamf is dedicated to conforming with other privacy requirements, such as Brazil’s General Data Protection Law (LGPD), California’s California Consumer Privacy Act (CCPA), and the Canadian Consumer Privacy Protection Act (CCPA).

What does all this mean?

Jamf’s ISO 27701 certification assures the highest standards of responsibility and transparency in the processing of personal information moving us closer to achieving our vision of delivering a platform that is “enterprise secure, consumer simple and privacy protected.”

Access our certificates and additional information about our security and privacy controls by visiting Jamf | Security Portal or reaching out to our team at info@jamf.com.

For more information on our privacy practices and policies please see the Privacy Page within the Jamf’s Trust Center.

Refer to our Hosted Services Availability Commitment to learn more about our customer’s use and access to Jamf’s Hosted Services.