BIG NEWS! ISO 277001:2025 has now been published.
The standard can now stand-alone as a PIMS without a requirement to also implement ISO 27001, although that has benefits. Contact us for more Information.
What is ISO 27701?
ISO 27701 is an international standard that sets out the requirements for a privacy information management system (PIMS).
It can implemented as a alone Management System (PIMS) or integrated with ISO 27001, the international standard for information security, by providing additional privacy controls and clause requirements within your ISMS framework.
The standard also lists applicable controls for both PII Controllers and PII Processors. Organisations can be both a controller and a processor of PII.
ISO 27701 can be certified by several ISO certification bodies, we can provide guidance on the best option for you..
What are the Benefits of ISO 27701?
Since the General Data Protection Regulations and the revised Data Protection Act 2018, focus on protecting the privacy of personal identifiable information (PII) has increased dramatically, with potential fines higher than ever. ISO 27701:2025 has Annex D Mapping ISO 27701 to the General Data Protection Regulation.
Companies that store or process PII need to demonstrate compliance with privacy laws wherever they operate and this international standard can be used to apply additional controls within your established ISMS framework to establish a PIMS.
Other benefits of ISO 27701 include:
- Assisting with your GDPR, Data Protection Act, CCPA and other privacy compliance,
- Assisting with compliance to other Privacy Legislation around the World,
- Building trust with the data subjects whose information you handle,
- Managing risks of controlling and processing PII,
- Establishing formal processes and procedures for handling data processing impact assessments (DPAI), data subject access requests (DSAR), data breaches and more.
- Publicly demonstrate your commitment to privacy protection through independent certification.
ISO 27701 Annex A Controls
There are 78 PIMS controls, many of which map to similar controls in ISO 27001, ISO/IEC 29100,
ISO/IEC 27018 and ISO/IEC 29151.
| PII Controllers | Number of Controls |
| Conditions for collection and processing | 8 |
| Obligations to PII principals | 10 |
| Privacy by design and privacy by default | 9 |
| PII sharing, transfer and disclosure | 4 |
| PII Processors | |
| Conditions for collection and processing | 6 |
| Obligations to PII principals | 1 |
| Privacy by design and privacy by default | 3 |
| PII sharing, transfer and disclosure | 8 |
| PII controllers and PII processors | |
| Security considerations for PII controllers and processors | 29 |
ISO 27701 Testimonials
“Having had ISO 27001 for several years the process was easily recognisable and with the help of Assent and their excellent consultancy, gaining ISO 27701 was relatively painless.”
Rob Hood
IT & ISO Manager
“We are immensely proud to have received these ISO certifications. This accomplishment reflects our ongoing commitment to maintaining compliance with the highest industry standards and our dedication to continuous improvement.”
Marcus Davies
CEO
Our ISO 27701 Consultants can Help
Our ISO 27701 consultants are experienced in information security management and GDPR compliance. We can help you establish a PIMS to include all the privacy controls of ISO 27701, and embed the requirements within your business processes.
Not Sure Where to Start?
A Gap Analysis will review your existing arrangements against ISO 27701 and produce a report which can be used to drive a project plan to fully meet the requirements.
Contact us for more information.
Other Extensions for ISO 27001
There are several other extensions to the ISO 27001 standard including:
