ISO standards may be prerequisite for PPM certification

Article Banner

The National Privacy Commission (NPC) of the Philippines conducted its second virtual public consultation on 22 March 2023 on a draft circular on the prerequisites for the Philippine Privacy Mark (PPM) Certification Program.

The draft circular sets out specifically the prerequisites for the certification of personal information controllers (PICs) and personal information processors (PIPs), and would also apply to all certification bodies (CBs) that would seek accreditation under the PPM.

Based on the draft, the circular once issued would require PICs or PIPs to be certified with the ISO/IEC 27001 - information security management system (ISMS) and ISO/IEC 27701 - privacy information management system (PIMS) before applying for PPM certification.

The same requirement would apply to CBs prior to applying for accreditation under the PPM.

Get our free Data Protection Impact Assessment (DPIA) Cheat SheetLog in as a DPEX Network member (sign-up is free) to download.

Watch the video on how ISO certifications differ from other certifications here.

Increase trust and confidence

Originally launched in November 2021 as the Philippine Privacy Trust Mark or PPTM, the certification aims to increase trust and confidence in businesses and public offices by offering the highest level of assurance on data privacy compliance and secure cross-border data transfers.

It is a voluntary program and is only applicable to organisations’ management systems.

Former NPC commissioner Raymund Liboro said the certification was opportune as the Philippines would “fully embrace digitalisation for our economic recovery” after the Covid-19 pandemic, and that it would “strengthen the foundation of trust” for online activities.

For consumers, he said that the certification would enable them to make informed choices and have greater control over the personal data collected from them, and help them identify [certified] organisations that they can trust with their personal information.

PPM-certified PICs and PIPs are required to establish, implement and continually improve their management systems, and demonstrate operational compliance with the Data Privacy Act of the Philippines.

The NPC will be releasing additional guidelines in the near future pertaining to the certification scheme for PICs, PIPs and CBs.

To find out how to meet the ISO prerequisites of the Philippine Privacy Mark (PPM) in the Philippines, please schedule a 20-minute strategy call or contact to get your queries answered.

View our Philippines DPA infographic here.

Achieving ISO 27001 and 27701 certification

When it comes to ISO, an organisation should be able to demonstrate the mandatory documents and records required by the ISO 27001/27701 standard.

“Usually, auditing and certifying bodies will require you to show these mandatory documents and records over several cycles, to prove that you are

Already a member?  
Unlock these benefits

Get access to news, enforcement cases, events, and actionable tips and guides


Get regular email updates and offers


Job opportunities, mentorship and career guidance


Exclusive access to Data Protection community - ask questions, network and share knowledge with peers and experts via WhatsApp and Linkedin

Related Articles