Definition

ISO 27701

ISO 27701 is the extension of ISO 27001 establishing requirements for a privacy information management system (PIMS).

ISO/IEC 27701:2019 specifies requirements and guidance for establishing a PIMS as an extension of ISO 27001 and ISO 27002. It applies to both PII controllers and processors and provides an auditable framework for complying with privacy regulations such as GDPR.

Key aspects

Extension of ISO 27001

It is not a standalone standard: it requires an ISO 27001 ISMS as the base upon which privacy controls are added.

PII roles

Distinguishes between PII controllers (who determine the purpose of processing) and processors (who process data on behalf of the controller).

Regulatory mapping

Includes annexes with GDPR mapping, facilitating demonstration of compliance to data protection regulators.

Frequently asked questions

No. ISO 27701 is an extension that requires a certified or conformant ISO 27001 ISMS as a prerequisite.

No. It provides an auditable management framework facilitating compliance demonstration, but legal GDPR conformity requires specific legal assessment.

Comparison

Ready to act on these findings?

Need an assessment in this area?

Request diagnosis→View research→

Loading content…

ISO 27701

Key aspects

Extension of ISO 27001

PII roles

Regulatory mapping

Frequently asked questions

ISO 27001 vs ISO 42001: key differences between information security and AI management

ISO 9001 vs ISO 27001: quality management vs information security

How to implement ISO 27001 in your organization

How to prepare for an ISO audit

Shadow AI: artificial intelligence use without formal governance

Personal data breach: exposure assessment and privacy controls

Ready to act on these findings?

ISO 27701

Key aspects

Extension of ISO 27001

PII roles

Regulatory mapping

Frequently asked questions

ISO 27001 vs ISO 42001: key differences between information security and AI management

ISO 9001 vs ISO 27001: quality management vs information security

How to implement ISO 27001 in your organization

How to prepare for an ISO audit

Shadow AI: artificial intelligence use without formal governance

Personal data breach: exposure assessment and privacy controls

Ready to act on these findings?

ISO 27701

Key aspects

Extension of ISO 27001

PII roles

Regulatory mapping

Frequently asked questions

Related content

ISO 27001 vs ISO 42001: key differences between information security and AI management

ISO 9001 vs ISO 27001: quality management vs information security

How to implement ISO 27001 in your organization

How to prepare for an ISO audit

Shadow AI: artificial intelligence use without formal governance

Personal data breach: exposure assessment and privacy controls

Ready to act on these findings?

ISO 27701

Key aspects

Extension of ISO 27001

PII roles

Regulatory mapping

Frequently asked questions

Related content

ISO 27001 vs ISO 42001: key differences between information security and AI management

ISO 9001 vs ISO 27001: quality management vs information security

How to implement ISO 27001 in your organization

How to prepare for an ISO audit

Shadow AI: artificial intelligence use without formal governance

Personal data breach: exposure assessment and privacy controls

Ready to act on these findings?