.png?fit=max&auto=format&n=tsMQJyneJ1xquFUo&q=85&s=4d401cc03b547d99b6f75a6bd170c334){kind=spacer}
Extend your ISMS to a Privacy Information Management System (PIMS) for managing PII.ISO/IEC 27701 is a privacy extension to ISO 27001 and ISO 27002. It specifies requirements for establishing, implementing, maintaining, and continually improving a Privacy Information Management System (PIMS). It helps organizations manage personally identifiable information (PII) as both controllers and processors.
ISO 27701 builds on top of an existing ISO 27001 certification. You cannot certify to 27701 without an ISO 27001 ISMS in place.
Who needs ISO 27701:2019?
PII controllers and processors
Any organization that collects, processes, or stores personal data and wants to demonstrate privacy governance.
GDPR-regulated organizations
27701 maps closely to GDPR and helps demonstrate accountability to regulators and customers.
Key components
PIMS requirements
Privacy-specific extensions to the ISO 27001 management system clauses.
Controller guidance
Controls and obligations for organizations that determine the purpose of processing PII.
Processor guidance
Controls for organizations that process PII on behalf of others.
PII mapping
Maps controls to GDPR, ISO 29100, and other privacy frameworks.
How DSALTA helps with ISO 27701:2019
Activate ISO 27701
Select ISO 27701 from the Frameworks page. DSALTA layers PIMS controls on top of your ISO 27001 ISMS.
Collect evidence automatically
Connect integrations to collect privacy and security evidence continuously.
Approve privacy policies
Review and approve AI-generated privacy policies and records of processing.
Frequently asked questions
Do I need ISO 27001 first?
Do I need ISO 27001 first?
Yes. ISO 27701 is an extension and requires an established ISO 27001 ISMS as its foundation.
Does 27701 satisfy GDPR?
Does 27701 satisfy GDPR?
It does not replace GDPR but provides a strong, auditable framework that maps to many GDPR obligations and demonstrates accountability.