ISO/IEC 27701 certification

Streamline compliance with global privacy laws
Pictogram in .SVG for Secure Checkmark Laptop

What is ISO/IEC 27701 certification?

ISO/IEC 27701 is a Privacy Information Management System (PIMS) standard that provides actionable guidance to help organisations comply with global privacy laws.

ISO/IEC 27701 is an extension of ISO/IEC 27001, the information security management system (ISMS) standard. Where ISO/IEC 27001 sets the standard for secure IT governance in the broadest sense, ISO/IEC 27701 focuses specifically on protecting personal data.

ISO 27701 is the first standard of its type in the world It is applicable to public and private companies, government entities and not-for-profit organisations.

TÜV SÜD’s ISO 27701 service supports you by providing a standardised compliance methodology, while ISO 27701 certification indicates compliance with global data protection laws.

Why ISO/IEC 27701 certification is important

Data protection laws across the world aim to protect the personally identifiable information (PII) of citizens, such as their names, addresses, age, bank account details etc. This includes the European Union’s GDPR, California’s Consumer Privacy Act, India’s Personal Data Protection Bill, and Brazil’s General Data Protection Law.

However, it is not always clear how to apply these regulations to your organisation’s Information Security Management System (ISMS). Furthermore, for organisations that process data across jurisdictions, ensuring compliance with the data governance laws of multiple countries is complex and time-consuming. ISO 27701 certification addresses these issues by enhancing privacy and data protection within organisations.

ISO 27701 certification helps you to:

  • Comply with all relevant data protection laws and clarifies the roles and responsibilities of PII controllers and processors.
  • Gain a competitive edge as strong IT governance increases stakeholder trust in your privacy and data protection practices.
  • Achieve world-class standards as a rigorous risk and compliance driven approach meets the requirements of global data governance laws.
  • Improve transparency by measuring and reporting data privacy improvements using detailed security and privacy controls.
  • Minimise PII related risk by keeping track of evolving privacy threats and the regulatory landscape.
  • Support business relationships with your customers and suppliers by demonstrating you meet PII protection standards worldwide.

TÜV SÜD’s ISO/IEC 27701 certification process

  • ISO27701

    Review

    We help you understand the standard’s objectives and informational requirements for the audit.

  • Team

    Audit on-site

    Our experts conduct audits of your PII protection activities, assessing how you store and process customer information.

  • Report

    Resolution

    After the audit, your organisation implements measures to correct any identified non-conformances.

  • Regulatory Compliance

    Report & certificate

    TÜV SÜD issues your ISO 27701 certificate, which you can use to demonstrate compliance.

  • Person Certificate

    Annual

    We conduct an annual surveillance to ensure you continue meeting ISO data management standards and maintain your certificate

Get started with TÜV SÜD 

Start your ISO 27701 certification journey with us today.