Copyright Clearance Center, Inc. (CCC), a leader in advancing copyright, accelerating knowledge, and powering innovation, has achieved certification to the ISO 27001 Information Security Management System (ISMS) from DNV GL, a global quality assurance and risk management company.
ISO 27001 is an internationally acknowledged management system standard for information security. Created and administered by the International Organization for Standardization, ISO 27001 provides a framework for establishing implementing, operating, monitoring, reviewing, maintaining, and improving an organization’s information security management system.
A rigorous and thorough audit of a company’s information security management systems and controls must be conducted by third party auditors in order for certification to be granted. CCC received certification with “No Non-Conformities,” the highest standard.
Adherence to ISO 27001 principles enables CCC to protect the important data it handles, by providing secure systems for:
Confidentiality, ensuring that information is accessible only to those authorized to have access.
Integrity, safeguarding the accuracy and completeness of information and processing methods.
Availability, making sure that authorized users have access to information and associated assets when required.
CCC also completed its SOC 2 (Type 2) audits with “No Exceptions” (the highest standard), for the second year in a row. CCC qualified in the initial group of applicants for the EU/US Privacy Shield and for recertification and has obtained Swiss/US Privacy certification. CCC online privacy notices are reviewed and certified annually by TRUSTe/TRUSARC.
Some of the technological and organizational activities which CCC has implemented as part of its audited compliance programs include:
Subject Access Request processes and procedures
Risk Assessments
Updates to Contractor agreements, requiring data security and privacy compliance
Data security and privacy training for all employees
Company-wide data security and privacy policies
Incorporation of privacy by design principles in product development
Data inventories and mapping
Data breach response procedures
Establishment of a data governance system
Impact Assessments
To learn more about how CCC protects data, visit: