ISO/IEC 27701

Security techniques Certification

Demonstrate your commitment to proactively manage and protect personal information inline with legal requirements.

Building on ISO/IEC 27001, ISO/IEC 27701 covers management of risks related to Personally Identifiable Information (PII) and aids compliance with GDPR regulations.

build resilience and make sure you are equipped to continue operating

ISO/IEC 27701 is a data privacy extension to ISO/IEC 27001. This newly published information security standard provides guidance for organizations looking to put in place systems to support compliance with GDPR and other data privacy requirements. ISO/IEC 27701, also abbreviated as PIMS (Privacy Information Management System) outlines a framework for Personally Identifiable Information (PII) Controllers and PII Processors to manage data privacy. Privacy information management systems are sometimes referred to as personal information management systems.

This reduces risk to the privacy rights of individuals and to the organization by enhancing an existing Information Security Management System.
This standard is a great way of demonstrating to customers, external stakeholders and internal stakeholders that effective systems are in place to support compliance to GDPR and other related privacy legislation.
Organizations looking to get certified to ISO/IEC 27701 in order to comply with GDPR will either need to have an existing ISO/IEC 27001 certification or implement ISO/IEC 27001 and ISO/IEC 27701 together as a single implementation audit. ISO/IEC 27701 is a natural expansion to the requirements and guidance set out in ISO/IEC 27001.
The ISO 27001 standard provides a framework for an Information Security Management Systems (ISMS) that enables the continued confidentiality, integrity and availability of information as well as legal compliance. More than 60,000 organizations worldwide have certified to date to ISO/IEC 27001, proving certification to be an essential part of protecting your most vital assets.

The significant overlap in system and technical requirements between a privacy information management system and an information security system presents a compelling case to adopt ISO/IEC 27001 and ISO/IEC 27701. This is supported by the international recognition of an ISO standard.

Benefits of becoming certified

The standard takes a comprehensive approach to privacy information management and permits organizations to meet personal information protection requirements.

ISO/IEC 27701 will help:

  • Clarify the roles and responsibilities within your organization.
  • Build trust in your company’s ability to manage personal information, both for customers and employees.
  • Support compliance with GDPR and other applicable privacy regulations.
  • Facilitate agreements with business partners where the processing of PII is mutually relevant.


Certification to ISO/IEC 27701 enables you to take your Information Security Management System (ISMS) to the next level. An extension of ISO/IEC 27001, and its sister guidance standard ISO/IEC 27002, ISO/IEC 27701 sets additional guidelines for how personally identifiable information (PII) should be managed and processed. Applicable to any organization that controls or processes personal data and has an ISO/IEC 27001 ISMS, an ISO/IEC 27701 PIMS enables businesses of all sizes and sectors to take a comprehensive, risk-based approach to data protection.

Global recognition as a reputable supplier

Certification is recognized internationally and accepted throughout industry supply chains, setting industry benchmarks for sourcing suppliers.

Win more business

Procurement specifications often require certification as a condition to supply, so certification and verification opens doors

Business resilience

Avoid downtime and financial losses with effective management of risk, emergency preparedness and contingency planning.

Legal Compliance

Understand how statutory and regulatory requirements impact your organization and its customers.

What is ISO/IEC 27701?

ISO/IEC 27701 is a privacy extension to ISO/IEC 27001 Information Security Management and ISO/IEC 27002 Security Controls. An international management system standard, it provides guidance on the protection of privacy, including how organizations should manage personal information, and assists in demonstrating compliance with privacy regulations around the world.