ISO 27701 Certification — independent assessment of your Privacy Information Management System (PIMS)
Extend your ISMS to privacy. Prove to regulators, customers and partners that personal data is governed to the international PIMS standard.
What is ISO 27701?
ISO/IEC 27701 extends ISO 27001 to privacy — a Privacy Information Management System (PIMS) covering controllers and processors and mapping to GDPR-style obligations.
Who needs it?
- You process personal data as a controller or processor
- You face privacy due diligence and DPAs
- You already hold or are pursuing ISO 27001
- You need to evidence privacy accountability
Business benefits
Evidence privacy accountability
Show governed handling of personal data.
Strengthen GDPR / DPDP alignment
Map controls to privacy obligations.
Reassure enterprise & regulators
Independent proof, not self-declaration.
Build on existing ISO 27001
One integrated management system.
Reduce privacy-review friction
Answer DPAs with a recognised mark.
Recognised privacy certification
Accepted across regions.
Is this you?
- You hold or are pursuing ISO 27001 (prerequisite)
- You process personal data
- You face privacy and DPA scrutiny
Indicative timeline
Scoping
1–2 weeks, depending on scope.
Stage 1
Readiness & documentation review.
Stage 2
Certification audit.
Decision & certificate
Independent decision; certificate issued.
Surveillance
Annual, across a 3-year cycle.
Duration depends on scope and readiness — indicative only, never guaranteed.
Certification process
Application & Scoping
Define scope, confirm eligibility.
Stage 1
Documentation & readiness review.
Stage 2
Evidence-based certification audit.
Certification Decision
Independent reviewer decides.
Surveillance & Recertification
3-year cycle with annual surveillance.
Frequently asked questions
Do we need ISO 27001 first?
Does 27701 make us GDPR compliant?
Can you help build our PIMS?
Request a proposal
Tell us about your scope. We reply within one business day.
Ready to begin ISO 27701 certification?
Request a proposal or book a 15-minute scoping call.