Compliance & Certification

ISO/IEC 27701 Privacy Information Management

Extend your ISMS into a certifiable Privacy Information Management System.

Overview

ISO 27701 layers privacy onto an existing ISO 27001 ISMS with PII controller and processor extensions — the international benchmark for demonstrating GDPR-aligned privacy governance to regulators, buyers and DPAs.

Outcomes

What you get

  • Certifiable PIMS extension of your ISO 27001 ISMS
  • Controller and processor obligations mapped end-to-end
  • Article-by-article GDPR crosswalk
  • Privacy KPIs and DSAR operational playbook
Scope

Engagement scope

01

PIMS scope

PII inventory, lawful basis mapping, data flows, cross-border transfers.

02

Controller extensions

Consent management, DPIAs, transparency, data subject rights.

03

Processor extensions

DPA obligations, sub-processor governance, breach notification chains.

04

Integration with ISMS

Extended SoA, extended risk register, joint internal audit.

Deliverables

What ships

PIMS documentation setPII processing register (Art. 30)DPIA templates and completed DPIAs27701 certificate
Timeline

How it unfolds

Scoping
Week 1–2
Controller/processor role determination, PII inventory.
Implementation
Week 3–10
Extend policies, controls, DPIA cadence, DSAR workflow.
Certification
Week 11–14
Combined 27001+27701 audit.
FAQ

Frequently asked

Do we need 27001 first?+

Yes — 27701 is an extension, not a standalone standard. Certification bodies audit them jointly.

Ready to scope your ISO 27701 (PIMS) program?

A senior consultant will respond within one business day with a scoping questionnaire and proposal outline.