Extend your ISMS into a certifiable Privacy Information Management System.
ISO 27701 layers privacy onto an existing ISO 27001 ISMS with PII controller and processor extensions — the international benchmark for demonstrating GDPR-aligned privacy governance to regulators, buyers and DPAs.
PII inventory, lawful basis mapping, data flows, cross-border transfers.
Consent management, DPIAs, transparency, data subject rights.
DPA obligations, sub-processor governance, breach notification chains.
Extended SoA, extended risk register, joint internal audit.
Yes — 27701 is an extension, not a standalone standard. Certification bodies audit them jointly.
A senior consultant will respond within one business day with a scoping questionnaire and proposal outline.