ISO 27701
ISO 27701 extends an existing ISO 27001 ISMS with the privacy controls required to demonstrate a mature Privacy Information Management System. It is the most rigorous privacy certification available.
01 — Overview
ISO 27701 adds 49 controller-specific and 31 processor-specific privacy controls on top of the ISO 27001 Annex A control set. It maps directly to GDPR Articles, making it the strongest available certification signal for regulators and enterprise privacy teams.
02 — Engagement
Identify where you act as controller vs processor across each processing activity.
Extend the ISMS scope, risk methodology, and control library to cover PII processing.
Map PIMS controls to GDPR Articles to enable regulator-facing evidence.
Support Stage 1 and Stage 2 audits by an accredited certification body.
03 — Deliverables
04 — Timeline
Four to seven months when ISO 27001 certification is already in place.
Ready to begin?
A partner-led readiness call is complimentary. We'll scope your engagement inside forty-five minutes.
Schedule the call →05 — FAQ
No. ISO 27701 is an extension standard — the certification is issued jointly with or on top of ISO 27001.