Robotic process automation (RPA), which mimics human activity and automates mundane tasks, is all the rage. But privacy and governance concerns persist. Recognizing these challenges, Kryon recently became the first RPA vendor to earn ISO 27701 certification.
“This framework is essential for any RPA company doing business in Europe, due to GDPR, or any other region with similar data privacy regulations,” Kryon CTO Shay Antebi told VentureBeat. He believes ISO 27701 could become the first widely adopted data privacy standard for RPA vendors. The ISO certification applies to real-time process discovery, as well as bot design, deployment, and management.
RPA applications, called bots, are often programmed to access sensitive systems and information as part of process automation projects. An attacker can exploit access to these bots to steal data or gain unauthorized access to systems and applications in a cyberattack.
RPA and process mining vendors have addressed several standards and best practices to ensure privacy. While ISO 27001 is an older certification for information security management systems (ISMS), ISO 27701 is an extension standard that builds upon and enhances that with a framework for privacy information management systems (PIMS) to secure and manage personally identifiable information.
Updating the certification
Kryon had already achieved ISMS certification back in 2019, so catching up with the new extension was a matter of building on this earlier work. Organizations looking to get certified to ISO 27701 will either need to have an existing ISO 27001 certification or implement ISO 27001 and ISO 27701 together as a single implementation audit.
Enterprises need to maintain vigilance around industry-specific regulation, particularly in health care and finance, two of the largest markets for RPA.
Enterprises using ISO-certified tools like Kryon’s will still need to ensure that their existing systems and applications that interact with RPA tools are compliant. RPA platforms often integrate with other applications on the back end to complete a process. For example, Kryon created a software bot for a health care organization in Israel that automates setting up appointments for patients to receive the two-shot COVID vaccine. That front-end bot, which chats with the patient, also interacts with the organization’s patient record system behind the scenes to complete the process. These applications need to be secured, as well.
“This is a great example of when an upfront investment is absolutely necessary to protect yourself from potentially huge losses,” Antebi said.
Meeting security certifications requires not only an investment of time and resources but also the right technology, processes, and framework. Security sometimes comes as an afterthought in the software development lifecycle. But it needs to be considered first for RPA to scale. “If the goal is widespread adoption of RPA in the enterprise, then the industry needs to deliver solutions with enterprise-grade security,” Antebi said.
Kryon has been investing in solutions to push the envelope of privacy and governance further, such as a way to mask sensitive information in documents and on systems screens without losing the necessary context. Antebi said, “We are always looking for more ways to add value for our customers — offering the best security available is one way to do that.”
VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
- up-to-date information on the subjects of interest to you
- our newsletters
- gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
- networking features, and more