ISO/IEC 27701 specifies the requirements and provides guidance for the creation, implementation, maintenance and continuous improvement of a Privacy Information Management System (PIMS). It is based on the requirements of ISO/IEC 27001, the Information Security Management System Standard (ISMS) and the Code of Practice for Information Security Controls in ISO/IEC 27002.

ISO 27701 is an extension of the requirements and directions set out in ISO 27001. ISO 27001 provides a framework for Information Security Management Systems (ISMS) that enables continuous confidentiality, integrity and availability of information and compliance with legislation.

ISO/IEC 27701 provides the framework of the management system for the protection of personally identifiable information (PII). Covers how organizations should manage personal information and helps demonstrate compliance with privacy regulations that may apply.

If you have applied ISO/IEC 27001, ISO/IEC 27701 extends your security efforts and covers privacy management. This includes PII processing to demonstrate compliance with data protection regulations such as GDPR.

ISO/IEC 27701 applies to all types and sizes of organizations, including public and private companies, government agencies and non-profit organizations. It provides guidance to organizations responsible for the processing of personal data (PII) within an information security management system (ISMS).