Copyright Clearance Center Receives ISO 27001 Information Security Management System Certification

Jan 17, 2019

Copyright Clearance Center, Inc. (CCC), a leader in advancing copyright, accelerating knowledge, and powering innovation, has achieved certification to the ISO 27001 Information Security Management System (ISMS) from DNV GL, a global quality assurance and risk management company.

ISO 27001 is an internationally acknowledged management system standard for information security. Created and administered by the International Organization for Standardization, ISO 27001 provides a framework for establishing implementing, operating, monitoring, reviewing, maintaining, and improving an organization’s information security management system.

A rigorous and thorough audit of a company’s information security management systems and controls must be conducted by third party auditors in order for certification to be granted. CCC received certification with “No Non-Conformities,” the highest standard.

Adherence to ISO 27001 principles enables CCC to protect the important data it handles, by providing secure systems for:

  • Confidentiality, ensuring that information is accessible only to those authorized to have access.

  • Integrity, safeguarding the accuracy and completeness of information and processing methods.

  • Availability, making sure that authorized users have access to information and associated assets when required.

CCC also completed its SOC 2 (Type 2) audits with “No Exceptions” (the highest standard), for the second year in a row. CCC qualified in the initial group of applicants for the EU/US Privacy Shield and for recertification and has obtained Swiss/US Privacy certification. CCC online privacy notices are reviewed and certified annually by TRUSTe/TRUSARC.

Some of the technological and organizational activities which CCC has implemented as part of its audited compliance programs include:

  • Subject Access Request processes and procedures

  • Risk Assessments

  • Updates to Contractor agreements, requiring data security and privacy compliance

  • Data security and privacy training for all employees

  • Company-wide data security and privacy policies

  • Incorporation of privacy by design principles in product development

  • Data inventories and mapping

  • Data breach response procedures

  • Establishment of a data governance system

  • Impact Assessments

To learn more about how CCC protects data, visit:

Related Articles

GeoEdge first to market with real-time ad security and quality solution for mediation SDKs, as a part of the company's mission to block sexually-offensive and/or malicious ads to ensure good user experience and high retention rates for app developers and publishers.
Work collaboration software company, Smartsheet, has acquired Slope, which manages the creative production process for marketers and others.