First organization in Hong Kong certified to privacy information management standard

BSI launches global certification scheme to help organizations futureproof their privacy information management


20 November 2019

BSI, the business improvement company has today launched a global certification scheme to help organizations establish, implement and maintain a Privacy Information Management System (PIMS). The first organization in Hong Kong to achieve this certification is Ribose.


Organizations are facing a dual-challenge - to collect and process an increasing volume of data, whilst ensuring compliance to the new and growing list of privacy regulation and new legislation being developed across the globe. This new scheme, is based on BS ISO/IEC 27701:2019 Security techniques — Extension to ISO/IEC 27001. The standard, which published in August, provides organizations with guidance on the operational controls to support the response to new privacy requirements such as the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and Brazil Lei Geral de Proteção de Dados (LGPD). The standard is an extension to an ISO IEC 27001 Information Security Management System (ISMS).


To achieve certification to the standard, organizations undergo an independent assessment including a rigorous on-site audit covering all the requirements of BS ISO/IEC 27701.  An organization complying with the requirements of the standard will generate documentary evidence of how it handles the processing of Personally Identifiable Information (PII). Such evidence can be used to facilitate agreements with business partners where the processing of PII is mutually relevant. In order to achieve certification, organizations must be certified to ISO/IEC 27001.


Ronald Tse, Founder and CEO at Ribose said:

“Ribose is strongly committed to protecting our users’ privacy and the personal information they handle. We highly commend BSI for launching a comprehensive global certification scheme based on BS ISO/IEC 27701 aligning with global privacy best practices. Privacy legislations such as GDPR, CCPA and LGPD have become a business necessity, and compliance to them are crucial for our customers in both private and government sectors who operate under stringent requirements and regulations.”


 “This certification serves as a significant milestone in our continuing journey to protect Accenture information. We have always believed that information security and data privacy are core elements of Accenture’s DNA,” said Andrew Vautier, Chief Information Security Officer, Accenture. “As one of the first organizations – and the largest global organization – to achieve this certification, Accenture continues to demonstrate its commitment and vigilance to upholding GDPR, as well as other global privacy requirements. We believe this achievement recognizes our robust company-wide information security and data privacy network, driven by our work to strengthen our security posture and create a culture that puts security first.”


Ahmad Alkhatib, Assurance Business Development Director at BSI commented:

 “In order to remain resilient, organizations must protect the personal data that they gather, store, access and use. This is becoming increasingly challenging given the growing volume of data that organizations have to manage and the new data privacy legislation that is increasing around the globe.


“By achieving certification to this new standard, organizations can demonstrate that they are taking a proactive approach to data protection, helping to build trust and transparency with their stakeholders. We’re delighted to present certification to Ribose as part of our global early adopters programme, which is a huge achievement.”


Organizations were presented with their certificates at the BSI drinks reception as part of the IAPP Data Protection Congress 2019 in Brussels.


Further details about the scheme can be found here


- ENDS –


Notes to Editors:

About BSI

BSI is the business improvement company that enables organizations to turn standards of best practice into habits of excellence. For over a century BSI has championed what good looks like and driven best practice in organizations around the world. Working with 84,000 clients across 193 countries, it is a truly international business with skills and experience across a number of sectors including aerospace, automotive, built environment, food, and healthcare. Through its expertise in Standards Development and Knowledge Solutions, Assurance, Regulatory Services and Professional Services, BSI improves business performance to help clients grow sustainably, manage risk and ultimately be more resilient.


To learn more, please visit:


Media enquiries:

Ming Tang


Tel: +852 3149 3324