ISO/IEC 27701 specifies requirements and provides guidance for the establishment, implementation, maintenance and continuous improvement of a privacy information management system (PIMS).

It is based on the requirements of ISO/IEC 27001, the Information Security Management System (ISMS) standard and the code of practice for information security controls in ISO/IEC 27002.ISO/IEC 27701 specifies the requirements and provides guidance for the establishment, implementation, maintenance and continuous improvement of a Privacy Information Management System (PIMS).

ISO 27701 is an extension of the requirements and guidance set out in ISO 27001. ISO 27001 provides a framework for Information Security Management Systems (ISMS) that enables the continued confidentiality, integrity and availability of information and compliance with legislation.

ISO/IEC 27701 provides the management system framework for the protection of personally identifiable information (PII). It covers how organizations should manage personal information and helps demonstrate compliance with privacy regulations that may apply.

If you have implemented ISO/IEC 27001, ISO/IEC 27701 extends your security efforts and covers privacy management. This includes processing PII to demonstrate compliance with data protection regulations such as GDPR.

ISO/IEC 27701 applies to all types and sizes of organizations, including public and private companies, government agencies and non-profit organizations. It provides guidance to organizations that are responsible for processing personally identifiable information (PII) within an information security management system (ISMS).