ISO 27701

Privacy Information Management Systems

ISO 27701 is the global standard for Privacy Information Management Systems (PIMS), also known as the PIM system. Developed by ISO, it helps organisations better protect sensitive customer and employee data, reduce the risk of security breaches and provide accountability for safeguarding privacy.

Certification Europe
ISO 27701 Working at laptop privacy

ISO 27701 certification

  • Suitable for all types and sizes of organisations – from SMEs to corporates.
  • Achieve ISO 27701 certification with an internationally accredited certification body.
  • Gain a competitive advantage through increased transparency.
  • Demonstrate compliance with GDPR managing Personally Identifiable Information (PII).
  • Protect personal data and your organisation’s data handling reputation.

What is ISO 27701?

ISO 27701 is the world’s first international standard that focuses on Privacy Information Management System (PIMS). The standard provides a comprehensive framework for organisations to establish, maintain and enhance their PIMS based on the requirements of ISO/IEC 27001 and the guidance of ISO/IEC 27002. The standard can be utilised by all organisations regardless of their size, complexity or country of operation. Before incorporating ISO 27701 into their system, organisations need to be certified to the ISO/IEC 27001 Information Security Management System (ISMS) standard.

By obtaining the ISO/IEC 27701 certification, organisations can build a robust PIM system that enables them to:

  • Implement best practices for managing, processing, and safeguarding personal information.
  • Minimise the risk of data breaches or mishandling, storing, and utilising personal information by processors.
  • Develop practical solutions to address privacy requirements.
  • Ensure compliance with relevant data protection regulations, such as GDPR compliance.
  • Foster a culture of privacy and data security.


ISO 27701 certification offers a reliable framework for Personal Information Management System (PIMS) that organisations that handle Personally Identifiable Information (PII) can use to safeguard personal information. It also assists in reducing the risk of data breaches and ensuring compliance with relevant regulations such as BS 10012, ISO/IEC 27001 and ISO/IEC 27002.

What are the benefits of ISO 27701 Certification?

This standard is essential for every organisation responsible and accountable for Personally Identifiable Information (PII) as it provides requirements on how to manage, process data and safeguard privacy. It enriches an already implemented ISMS to address privacy concerns adequately by assisting the organisation to understand the practical approaches involved in the implementation of effective management of Personally Identifiable Information(PII) processors.

ISO 27701 certification allows organisations to:

  • Understand the Privacy Information Management System implementation process.
  • Acquire the necessary skills to support an organisation in implementing a PIM system.
  • Support the continuous improvement process of the PIMS across an organisation.
  • Protect and increase an organisation by reducing reputational risk.
  • Build customer trust by demonstrating effective privacy systems.
  • Increase transparency of the organisation’s processes and procedures.
  • Maintain the integrity of customers’ and other interested parties information.
ISO Certification

Nulla vitae elit libero, a pharetra augue. Duis mollis, est non commodo luctus, nisi erat.

ISO Certification

How to become ISO 27001 certified

We’ve certified hundreds of organisations to ISO standards, including Diageo, Greenstar and Liverpool Victoria. Certification Europe also provides ISO training courses to help your organisation define, develop and implement a management system.

Our expert ISO assessors will conduct a comprehensive multi-stage assessment process to audit your PIM system and determine if your organisation is compliant with ISO 27701 requirements.

If your organisation meets the requirements, your ISO 27001 certificate is updated to reflect your newly-acquired ISO 27701 certification status. Your organisation can then use its ISO 27701 certification status in marketing and promotional materials.

Start your journey to ISO 27001 certification

Contact our team for a free, no-obligation quotation from our dedicated ISO support team to start your ISO certification journey. We tailor our quotes to meet your requirements, and we support a range of ISO standards, including ISO 27001, ISO 45001, ISO 9001 and Cyber Essentials.

Learn more about Certification Europe’s accreditations, discover our client testimonials and find out more about working with us.

The Certification Journey

Certification Europe small Rosette logo

The Certification Journey

Stage One

The initial assessment determines if the mandatory requirements of the standard are being met and if the management system is capable of proceeding to Stage 2.


Stage Two

The second assessment determines the effectiveness of the system, and seeks to confirm that the management system is implemented and operational.


Recommendation for Certification

At this point in the process we review any corrective actions taken to address findings raised at Stage 1 & 2. Certification may be recommended.


Certification Review & Decision

The organisations files are reviewed by an independent and impartial panel and the certification decision is made.


Certification Achieved

Successful certification is communicated to the client. Certificates are issued.


ISO 27701 FAQs

ISO 27701 Certification is suitable for any organisation, large or small, in any sector. The standard is especially relevant where the protection of personal information is critical, such as in the banking, financial, health, public and IT sectors. The standard is also applicable to organisations that manage high volumes of data or information on behalf of other organisations such as data centres and IT outsourcing companies.

ISO 27701:2019 is the latest edition of the international standard. We assess and audit organisations in line with the most up-to-date ISO certification requirements.

Companies must be certified to ISO 27001 Information Security Management System first before adding ISO 27701 Privacy Information Management standard. The information security management standard is valid for three years and is subject to mandatory audits to ensure compliance.

When you become certified in ISO 27701, you don’t receive a physical certificate – your ISO 27001 certificate is updated to reflect this.

ISO 27701 is valid for three years and is subject to mandatory audits to ensure compliance.

At the end of the three years, you will be required to complete a reassessment audit to receive the standard for an additional three years.

Certification Europe provides both public and in-house ISO training for any organisation implementing or assessing the Privacy Information Management System.

We’re accredited by the INAB and meet rigorous international certification standards, delivering ISO expertise to audit and certify ISO standards.

Accreditation is the process by which a certification body is recognised to offer certification services. To become accredited, Certification Europe is required to implement a Quality Management System which is assessed by an Independent Authorised Body (Irish National Accreditation Board) to determine that it meets International Standards.

We’re audited annually to ensure our services meet the exact requirements of the relevant accreditation standards.

Would you like to speak to our team?

We’d love to hear from you and answer any questions you may have regarding Certification Services.

Our latest LinkedIn insights

Related ISO Certifications

iso 27001

Information Security Management Systems

ISO 27001 is the international standard for managing risks related to the security of information and data your organisation holds. The standard ensures...

ISO 27017

Cloud Data Protection

ISO 27017 is the global standard used by organisations to strengthen their current cloud data protection and cloud security services. The standard highlights the actions an organisation must take in creating...

ISO 27018

Protection of Personally Identifiable Information (PII)

ISO 27018 is the global standard organisations use to implement and manage systems that protect Personally Identifiable Information (PII), such as sensitive customer...

ISO 22301

Business Continuity Management Systems

ISO 22301 is the business continuity management system (BCMS) standard. It provides a framework that helps protect companies from the risks associated with downtime, which can occur due to...

Related Insights

Big Data

How to save energy with a carbon footprint calculator 

Irish businesses believe that Big Data, analytics and cloud technologies will deliver the most value over the next two years. EY’s Tech Horizon Report, which explores how technology and transformation can...

Subject Access Request guide - main image

How to handle a subject access request (SAR)

Under GDPR guidance, individuals are entitled to access their personal data stored by an organisation. These requests are known as Subject Access Requests (SAR) or Data Subject Access Requests (DSAR).

Sustainable business - main image

ISO 27001 guide for beginners

Over 35,000 organisations across the globe are ISO 27001 certified, ensuring their information security management systems (ISMS) provide robust, compliance data protection for their business and their customers.