ISO/IEC 27701

Focus on information privacy and how to handle the processing of personal information.

Close-up of a hard drive

ISO/IEC 27701 – Privacy Information

ISO/IEC 27701 is a Privacy Information Management System (PIMS), outlining requirements and providing guidance for establishing, implementing, maintaining, and continually improving a privacy information management system.

This new standard is a privacy extension to the renowned ISO/IEC 27001 information security management system, forming the foundation for information security. ISO/IEC 27701 builds further on that foundation to provide a comprehensive set of controls for security and the protection of personal information. As an extension, ISO/IEC 27701 must be implemented alongside an existing ISO/IEC 27001 system or in conjunction with a new ISO/IEC 27001 system.

Get in touch ISO/IEC 27701

Why should I choose ISO/IEC 27701 certification?

The standard focuses on ‘privacy information management’ and how companies deal with the processing of personal information. For example, you do not want other people or businesses to use your personal information without your permission; this means limiting access to your personal information and keeping it confidential. Having confidence in a business is crucial, and a company that applies a PIMS will gain a good reputation for information security.

ISO/IEC 27701 sets the standard of responsibility for businesses to protect Personally Identifiable Information (PII). The processing of personal information is covered by various legal and regulatory requirements globally. ISO/IEC 27701 can go some way towards demonstrating compliance with privacy regulations worldwide, including the General Data Protection Regulation (EU) 2016/679 (GDPR).

What are the benefits to ISO/IEC 27701?

Almost every business holds PII (personally identifiable information) therefore, any company that processes personal information could benefit from an ISO/IEC 27701 Privacy Information Management System, as it’s designed to help companies protect and regulate the personal information they hold. Additional benefits of an effective ISO/IEC 27701 are vast and can be unique to your specific business, but could include:

  • Builds trust in managing personal information
  • Provides transparency between stakeholders
  • Facilitates effective business agreements
  • Clarifies roles and responsibilities
  • Supports compliance with privacy regulations including GDPR
  • Improves staff competence and establishes processes to avoid breaches
  • Can be implemented simultaneously with ISO/IEC 27001

Additional controls are required over and above those listed in the ISO/IEC 27001 standard, specifically concerning clause 4 context of the organisation and clause 6 planning. There are also additional requirements over and above those listed in Annex A of ISO/IEC 27001 (taken from ISO/IEC 27002) and cover every clause except A17 Information Security Aspects of business continuity management.

Dependent on whether the company is a data controller or data processor would determine the number of additional controls required over and above the requirements detailed in ISO/IEC 27701.

Steps to getting ISO/IEC 27701 certified

Working towards ISO/IEC 27701 certification with IMSM is a trouble-free, step-by-step approach.

  1. Initial consultation
    We help you outline your goals, focusing on what your business wants to achieve and how it defines success, particularly in relation to your client’s requirements. You and your ISO consultants will agree on reasonable outcomes and delivery dates.
  2. Producing your organisation’s ISO/IEC 27701 manual system documentation
    Next, the IMSM consultant will audit your existing procedures and help you document the new systems that will help deliver success – both existing and how you will improve these. The manual system documentation sets out how your business should operate going forward so that it can deliver ISO/IEC 27701.
    You will be able to view the manual system documentation, along with most other relevant documentation, on our client portal IMSMLoop. It offers a comprehensive insight into the progress of your ISO implementation, along with copies of the relevant audit reports, certifications, and any necessary corrective actions. The portal serves as a central hub for tracking your ISO journey.
  3. Training you to adopt the ISO/IEC 27701 framework
    While the manual is a vital document moving forward, it is even more important that it gets put to practical use. We work with the senior management team to ensure the framework is embedded throughout your organisation. We can also develop and deliver tailored training for staff to ensure that the understanding and implementation of ISO/IEC 27701 is watertight. This will create consistency across your organisation, transforming your business from day one so it is optimised for efficiency, continual improvement, and greater profitability.
  4. Submission to a third-party external auditor
    Before you can be awarded the ISO/IEC 27701 certification, your organisation applies to the third-party certifying body that you have selected to conduct your audit. This audit objectively determines whether your business conforms to ISO/IEC 27701, and the relevant accompanying documentation is accessible through our client portal, IMSMLoop.

As we have provided excellent support and guidance to your business every step of the way, you can rest assured that your ISO/IEC 27701 certification will be successful.

Get in touch ISO/IEC 27701


Simple: We make it simple. Since 1994, we’ve been helping businesses achieve ISO certification and have over 150 experts worldwide. With 15,000+ clients trusting us to implement their ISOs, we have proven to be experts capable of handling the logistical heavy lifting, saving your company precious time. With a transparent fixed fee, flexible approach, and real-time access to updates, documentation, and an array of other features through IMSMLoop, we work with your organisation to make ISO/IEC 27701 implementation as straightforward and beneficial as possible.

We strive to do this with our:

– World-class gap analysis
– Experienced and diverse ISO consultants
– Regular updates, provided through IMSMLoop
– Flexible terms and contract
– Fixed fee
– Full implementation

How can ISO specialists help your business?

Getting started with ISO/IEC 27701 certification might seem daunting; this is often the reason why businesses enlist the help of an ISO consultant. For thirty years, we’ve supported and guided organisations like yours through certification. Our experienced consultants take the lead on auditing your business, helping you use the results to enhance your quality management system. If necessary, there is also plenty of room for training.

ISO/IEC 27701 Blogs

Take a look at our most recent blogs relating to ISO/IEC 27701

What is ISO/IEC 27701, and do I need a privacy extension?  icon

What is ISO/IEC 27701, and do I need a privacy extension?

As the digital world transforms before our eyes, so are the ways companies are operating and conducting business.

Read more

Contact Us

For a free quotation or remote presentation by an ISO specialist, contact us today.

IMSM Ltd Head Office
The Gig House
Oxford Street
SN16 9AX

Tel: +44 1793 296704

Contact Us

For a free Quotation or On-Site presentation by an ISO Specialist, contact us today!

IMSM Ltd Head Office The Gig House
Oxford Street
SN16 9AX

Tel: 01666 826 065