ISO certificate
ISO/IEC 27701 Certification (Privacy Information Management)
A practical guide to privacy governance, processing accountability, and audit evidence — typically implemented as an extension to ISO 27001.
What ISO/IEC 27701 is (in operational terms)
ISO/IEC 27701 is a privacy information management system (PIMS) that extends ISO/IEC 27001. It helps organizations demonstrate privacy governance and accountability for personal data processing. Audits focus on privacy roles, processing transparency, third-party controls, and evidence that requests/incidents are handled consistently.
Typical scope choices that affect the audit
- Which products/services and personal data processing activities are in scope.
- Controller vs processor role(s) and how responsibilities are split.
- Third parties/subprocessors and cross-border data flows.
- Customer/regulatory obligations (contracts, notices, response times).
Key ISO/IEC 27701 expectations
- Privacy governance: roles, policies, and documented accountability.
- Processing records: what you process, why, retention, and lawful basis mapping (where applicable).
- Data subject requests: procedures, evidence of handling, and timelines.
- Supplier controls: contracts, due diligence, and monitoring.
- Incident response: privacy breach handling aligned with security incident process.
Related certificates
ISO/IEC 27701 is commonly implemented together with ISO/IEC 27001.
Next step
Want a clear path to certification?
Send your scope and target date and we’ll reply with an implementation path and quotation.