ISO 27701 Certification

What is ISO 27701?

ISO/IEC 27701 extends ISO 27001 to privacy — a Privacy Information Management System (PIMS) covering controllers and processors and mapping to GDPR-style obligations.

As your certification body, Anavah assesses independently; we do not provide the implementation consultancy for systems we certify.

Who needs it?

  • You process personal data as a controller or processor
  • You face privacy due diligence and DPAs
  • You already hold or are pursuing ISO 27001
  • You need to evidence privacy accountability

Business benefits

Evidence privacy accountability

Show governed handling of personal data.

Strengthen GDPR / DPDP alignment

Map controls to privacy obligations.

Reassure enterprise & regulators

Independent proof, not self-declaration.

Build on existing ISO 27001

One integrated management system.

Reduce privacy-review friction

Answer DPAs with a recognised mark.

Recognised privacy certification

Accepted across regions.

Is this you?

  • You hold or are pursuing ISO 27001 (prerequisite)
  • You process personal data
  • You face privacy and DPA scrutiny

Indicative timeline

1

Scoping

1–2 weeks, depending on scope.

2

Stage 1

Readiness & documentation review.

3

Stage 2

Certification audit.

4

Decision & certificate

Independent decision; certificate issued.

5

Surveillance

Annual, across a 3-year cycle.

Duration depends on scope and readiness — indicative only, never guaranteed.

Certification process

1

Application & Scoping

Define scope, confirm eligibility.

2

Stage 1

Documentation & readiness review.

3

Stage 2

Evidence-based certification audit.

4

Certification Decision

Independent reviewer decides.

5

Surveillance & Recertification

3-year cycle with annual surveillance.

Frequently asked questions

Do we need ISO 27001 first?
Yes. ISO 27701 is an extension of ISO 27001, so an ISMS is the required base. We offer combined 27001 + 27701 assessment.
Does 27701 make us GDPR compliant?
It provides a strong, auditable privacy management system that maps to GDPR-style obligations, but certification is not a legal determination of compliance.
Can you help build our PIMS?
No — we assess only. Independence is what makes the certificate credible.

Request a proposal

Tell us about your scope. We reply within one business day.

We reply within one business day. By submitting you agree to our Privacy Policy.

Related

ISO 27001 Certification

The required base standard.

Explore →

ISO 42001 Certification

AI management system certification.

Explore →

Impartiality Statement

How our independence is governed.

Explore →