ISO/IEC 27701 and ISO/IEC 27001 is an international standards on how to manage information security. ISO/IEC 27701 is a privacy extension to ISO/IEC 27001 with additional requirements in order to establish, implement, maintain, and continually improve a Privacy Information Management System (PIMS). For SnackVideo, that proves that it is handling personal data with worldwide standards recognized in the industry.
Calvin Liu, head of SnackVideo Compliance, Communication Experience, and Partnership says: This certification reflects SnackVideo’s social responsibility and commitment to user information security, marking that SnackVideo has reached the international advanced level.
The ISO/IEC 27701 and ISO/IEC 27001 detail requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). It’s primary aim is to help organizations safeguard and protect their assets.
The independent third-party auditor performed a series of careful checks to confirm that SnackVideo’s controls, global security, and risk operations met the highest standards. These were done to evaluate how the platform protects its development, infrastructure, operations, and services, ISO 27001 requires that management:
- Systematically monitor the organisation’s information security risks, taking account of the weaknesses, threats, and their effects;
- Design and implement a well-organised and comprehensive chamber of information security controls and/or other forms of risk treatment (such as ways to avoid and transfer risk) to address those risks that are deemed unacceptable; and
- Adopt an overarching management process to ensure that the information security controls continue to meet the organisation’s information security needs on a daily basis.
Zhang Hua, head of Kuaishou Information Security says, “Achieving the ISO 27701 and 27001 certification is another step in our comprehensive security journey. SnackVideo will continue to increase investment in the field of information security, strengthen privacy security protection, continuously improve itself with technological and management innovation, deepen the construction of an information security compliance system, and provide users with more secure and credible services.”