ISO 27701

ISO 27701 Personal Data Privacy Certification

Comply with personal data privacy laws

Comply with personal data privacy laws

A Harmonized Approach to Data Privacy

ISO 27701 is a Privacy Information Management System (PIMS) standard that helps organizations comply with personal data privacy laws around the world. In recent years, new data protection laws have been introduced in multiple countries that establish requirements for securing and processing Personally Identifiable Information (PII). However, it is not always clear how organizations should comply with these laws. The standard was introduced in 2019 and provides actionable guidance to help organizations conform to these regulations.

ISO/IEC 27701:2019 is an extension of ISO/IEC 27001, the information security management system (ISMS) standard. Where ISO/IEC 27001 sets a standard for secure IT governance in the broadest sense, ISO/IEC 27701 focuses specifically on protecting personal data.

ISO/IEC 27701 is the first standard of its type and applies to public and private companies, government entities, and not-for-profit organizations. It supports compliance with the EU’s GDPR and applies to personal data privacy governance laws in all other countries.

Read our ISO 27701 Case Study 

Our ISO 27701 certification process

TÜV SÜD has developed an efficient five-step process:

  1. Readiness Review
    We help you understand the standard’s objectives and informational requirements for the audit.
  2. Audit On-Site
    Our experts conduct audits of your PII protection activities, assessing how you store and process customer information.
  3. Non-Conformance Resolution
    After the audit, your organization implements measures to correct any non-conformances that the audit identified.
  4. Issuance of Audit Report and Certificate
    TÜV SÜD issues your ISO 27701 certificate, which you can use to demonstrate your compliance.
  5. Annual Surveillance
    To maintain the certificate, we conduct annual surveillance to ensure ISO data management standards continue to be met.

Benefits of ISO 27701 Personal Data Privacy Certification:

  • Compliance with all relevant data protection laws and clarification of the roles and responsibilities of PII controllers and processors.
  • Gain a competitive edge – certification demonstrates strong IT governance and increases stakeholder trust in your privacy and data protection practices
  • Achieve world-class standards – a rigorous risk and compliance driven approach meets the requirements of global data governance laws.
  • Improve transparency – measure and report data privacy improvements using detailed security and privacy controls.
  • Minimize PII related risk by keeping track of evolving privacy threats and the regulatory landscape.
  • Support business relationships with your customers and suppliers by demonstrating you meet PII protection standards worldwide.

Your Trusted Partner

 ISO 27701 Personal Data Privacy Certification & Auditing ServicesTÜV SÜD’s experienced ISMS teams possess the accreditation and expertise to conduct ISO/IEC 27001 and ISO/IEC 27701 audits across industries. Through our worldwide network of IT governance professionals, we can provide information security certification services no matter where you are. We have an in-depth understanding of the standard and have extensive experience helping organizations implement this kind of IT governance regulation.

Furthermore, TÜV SÜD’s experts actively participate in international standardization committees, and we have a complete understanding of the latest PII regulatory developments around the world. And because we are vendor agnostic, our third-party audits are both impartial and independent, meaning your organization gains valuable insights from an unbiased expert.


  • What is the difference between ISO 27001 and 27701?

    ISO 27001 designed a framework for Information Security Management Systems (ISMS) to provide confidentiality. ISO 27701 is an extension of the ISO/IEC 27001 standard, and it provides the requirements for General Data Protection Regulation (GDPR). ISO 27701 focuses on privacy and defines a framework for Privacy Information Management System (PIMS). It manages privacy with processors and controllers for personally identifiable information.

  • Is ISO 27701 certifiable? Can an organization get certified for ISO 27701?

    Yes, ISO 27701 can be achieved by any organization regardless of its size or sector or ownership. Government, private, non-profit sectors can get ISO 27701 certified. It serves as a valuable framework for organizations to comply with privacy legislation.

  • Can an organization get certified for ISO 27701 without being certified to ISO 27001?
    No, ISO/IEC 27001 is a pre-requisite for ISO 27701 as it serves as an extension of the ISO 27001 standard.
  • How many controls are there in ISO 27701?

    The 114 security controls of ISO 27701 are part of Annex A of ISO 27001. ISO 27701 also defines guidelines to implement these controls. They include mapping to:

    • ISO 29100 (Information technology – Security techniques – Privacy framework);
    • ISO 29151 (Information technology – Security techniques – Code of practice for personally identifiable information protection); and
    • ISO 27018 (Information technology – Security techniques – Code of practice to protect personally identifiable information (PII) in public clouds acting as PII processors).
  • What is the ISO standard focus on privacy?

    The ISO 27701 standard focuses on the protection of Personally Identifiable Information (PII). The PIMS definition allows organizations to comply with privacy regulations around the world.


ISO 27701 Report

ISO 27701 – Extension of ISO 27001 With Emphasis on Privacy

Learn how ISO 27701 can help you successfully manage your organization's data privacy

Learn More


Next Steps

Site Selector