ISO/IEC 27701 Certification Mark

ISO/IEC 27701 Certification Mark

Certified Privacy Information Management System

Certified Privacy Information Management System


Management system certification / Voluntary assessment

Basis of certification:

TUV SUD South Asia Pvt. Ltd.-NABCB Accreditation

Standard owner: 

ISO - International Organization for Standardization


  • ISO/IEC 27001 specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the context of the organization.
  • This standard specifies PIMS-related requirements and provides guidance for PII (Personally Idenfiable Information) controllers and PII processors holding responsibility and accountability for PII processing.
  • The customer has submitted to voluntary assessment (audit) according to defined criteria (certification standard).
  • A certificate and/or the authorization to use a certification mark are only issued if the assessment (audit) does not reveal any major nonconformities with the requirements of the relevant standard.
  • Certificates and/or certification marks are valid for a restricted period of time. Interested parties can check the validity of individual certificates in the certificate database.
  • To maintain certificate validity, the certificate holder must complete and successfully pass annual surveillance assessments (audits).
  • Certificate of ISO/IEC 27701 shall be always considered valid in conjunction with ISO/IEC 27001 certificate validity.


Independent and qualified experts (auditors) apply the following auditing techniques:

  • Document review: 
    - Review the system documentation prepared by the client. 
    - Evaluates the organization location, number of sites and site-specific conditions. 
    - To review client’s status & understanding regarding requirements of standard. 
    - To collect, evaluate & verify the information regarding scope, management review, processes and interactions, objectives of the organization, related statutory and regulatory aspects, internal audits, performance data and risk associated. 
    - To review the allocation of resources for conformation assessment / audit and agree with the client on the details of the audit. 
    - To ensure appropriate planning by gaining sufficient understanding of the client’s management system and site operations in the context of possible significant aspects. 
    - This audit shall identify concerns that could affect the subsequent conformation assessment / audit.
  • On-site audit:
    - System effectiveness with respect to documentation
    - Criticality & Number of deviations 
    - Complaints handling mechanism 
    - Management commitment 
    - Complete failure of an element of the standard 
    - Effect of deviations observed on the control effectiveness


  • Applies to all management-system certifications: This certification does not constitute product certification. Certification thus does not provide any direct statements on the quality of a product or service of the certified customer.
  • Certification according to ISO/IEC 27701 does not mean that the company manufactures products or provides services of higher quality.
  • Certification according to ISO/IEC 27701 does not mean that a company's privacy information security controls/ information / data cannot be lost, cannot be unlawfully altered or can be accessed at the right time, even though these are key objectives of the pirvacy information management system.
  • A certification does not confirm that the technical and organizational measures taken by the company for protecting privacy information are functioning without errors.

Next Steps

Site Selector