ISO 27701

ISO 27701 — a certifiable Privacy Information Management System.

ISO 27701 extends an existing ISO 27001 ISMS with the privacy controls required to demonstrate a mature Privacy Information Management System. It is the most rigorous privacy certification available.

01 — Overview

ISO 27701 adds 49 controller-specific and 31 processor-specific privacy controls on top of the ISO 27001 Annex A control set. It maps directly to GDPR Articles, making it the strongest available certification signal for regulators and enterprise privacy teams.

02 — Engagement

Our approach.

  1. I

    Role determination

    Identify where you act as controller vs processor across each processing activity.

  2. II

    PIMS extension

    Extend the ISMS scope, risk methodology, and control library to cover PII processing.

  3. III

    GDPR mapping

    Map PIMS controls to GDPR Articles to enable regulator-facing evidence.

  4. IV

    Certification audit

    Support Stage 1 and Stage 2 audits by an accredited certification body.

03 — Deliverables

What you receive.

  • PII inventory and processing activity register
  • Extended ISMS scope and risk methodology
  • PIMS control library aligned to ISO 27701 Annex A/B
  • GDPR-to-ISO 27701 control mapping
  • Certification body coordination through Stage 2

04 — Timeline

Expected duration.

Four to seven months when ISO 27001 certification is already in place.

Ready to begin?

A partner-led readiness call is complimentary. We'll scope your engagement inside forty-five minutes.

Schedule the call →

05 — FAQ

Common questions.

Can we certify to ISO 27701 without ISO 27001?+

No. ISO 27701 is an extension standard — the certification is issued jointly with or on top of ISO 27001.