ISO 27701

Privacy Information Management System (PIMS)

The privacy extension to ISO 27001. Demonstrate GDPR compliance through a certifiable privacy management system.

What is ISO 27701?

ISO 27701 is a privacy extension to ISO 27001 that provides requirements and guidance for establishing a Privacy Information Management System (PIMS). It maps directly to GDPR requirements.

The standard extends ISO 27001 and ISO 27002 with privacy-specific controls for both data controllers and processors. It provides a framework for managing personal data throughout its lifecycle.

Certification demonstrates to regulators, customers, and partners that you have robust privacy practices aligned with international standards.

Who needs it

Organizations processing EU personal data
Data controllers and processors under GDPR
Organizations with ISO 27001 seeking privacy extension
Cloud service providers
Healthcare and HR data processors
Any organization handling significant personal data

Key requirements

ISO 27701 adds privacy-specific controls to ISO 27001, covering the full personal data lifecycle and regulatory requirements.

Privacy policies and procedures

PII inventory and data mapping

Legal basis documentation

Data subject rights management

Privacy by design

Consent management

Third-party and processor management

Cross-border transfer mechanisms

Privacy impact assessments

Breach notification procedures

Records of processing

Privacy training and awareness

How Kynosure helps

Extend your ISMS with comprehensive privacy documentation and GDPR alignment.

PYXIS — Multi-Framework Assessment

Pyxis scores your PIMS maturity alongside ISO 27001 security and five more frameworks in a single guided run. Sector-profiled, severity-ranked gaps, methodology-backed PDF.

Assess your privacy posture

Run the unified assessment and score PIMS alongside ISO 27001 security and GDPR obligations — shared privacy controls scored once.

Start your assessment Explore Pyxis