LastPass Achieves ISO 27701 Certification for Privacy Information Management

LastPass, a provider of password and identity management, announced it achieved ISO 27701 certification for privacy information management.

Secured in May 2024, this certification makes LastPass one of the first password managers to attain this standard, further cementing its leadership in the field of data privacy and security. The announcement follows the company's earlier achievement of ISO 27001 in 2022, which shows its commitment to information security management.

The ISO 27701 certification now confirms that LastPass has established a robust privacy program that aligns with international best practices for managing privacy risks and safeguarding personal data.

The certification process involved an external audit that verified LastPass’s technology, privacy team, and data handling practices met the stringent requirements of the ISO 27701 standard. The achievement adds to LastPass’s array of security and privacy certifications which include FIDO2 Server Certification, SOC 2 and SOC 3, and BSI C5.

LastPass’s Trust Center offers comprehensive details on the company's security measures, certifications, and policies, ensuring users have access to the latest information on the company’s data protection efforts.

“This certification demonstrates LastPass’s strong commitment to transparency around the measures we take to protect our users and their data – ahead of any other password manager,” said Mario Platt, Chief Information Security Officer, at LastPass. “Privacy threats are ever-evolving, as are the regulations designed to protect against them. Being able to present our users with independently audited management systems for privacy helps us exceed their expectations and reaffirm their trust in LastPass.”