Assures Customers and Other Stakeholders CCC is Executing All Relevant Information Security Protocols
Danvers, MA – January 16, 2019 – Copyright Clearance Center, Inc. (CCC), a leader in advancing copyright, accelerating knowledge, and powering innovation, has achieved certification to the ISO 27001 Information Security Management System (ISMS) from DNV GL, a global quality assurance and risk management company.
ISO 27001 is an internationally acknowledged management system standard for information security. Created and administered by the International Organization for Standardization, ISO 27001 provides a framework for establishing implementing, operating, monitoring, reviewing, maintaining, and improving an organization’s information security management system.
A rigorous and thorough audit of a company’s information security management systems and controls must be conducted by third party auditors in order for certification to be granted. CCC received certification with “No Non-Conformities,” the highest standard.
“As CCC works with some of the biggest companies in the world, we view compliance with security and privacy standards as a strategic asset,” said Babis Marmanis, Executive Vice President and CTO, CCC. “This certification reflects our organization’s long-term commitment to safeguarding our digital assets and protecting our users through rigorous security and privacy compliance initiatives.”
Adherence to ISO 27001 principles enables CCC to protect the important data it handles, by providing secure systems for:
• Confidentiality, ensuring that information is accessible only to those authorized to have access.
• Integrity, safeguarding the accuracy and completeness of information and processing methods.
• Availability, making sure that authorized users have access to information and associated assets when required.
CCC also completed its SOC 2 (Type 2) audits with “No Exceptions” (the highest standard), for the second year in a row. CCC qualified in the initial group of applicants for the EU/US Privacy Shield and for recertification and has obtained Swiss/US Privacy certification. CCC online privacy notices are reviewed and certified annually by TRUSTe/TRUSARC.
Some of the technological and organizational activities which CCC has implemented as part of its audited compliance programs include:
• Subject Access Request processes and procedures
• Risk Assessments
• Updates to Contractor agreements, requiring data security and privacy compliance
• Data security and privacy training for all employees
• Company-wide data security and privacy policies
• Incorporation of privacy by design principles in product development
• Data inventories and mapping
• Data breach response procedures
• Establishment of a data governance system
• Impact Assessments
To learn more about how CCC protects data, visit:
• GDPR FAQs
• Privacy Notices
• Data Collection Practices Page