ISO 27701 PIMS
ISO 27701 PIMS extension of ISO 27001 for privacy.
Definition
ISO 27701 includes Annex A (PII controllers: conditions for collection and processing, obligations to PII principals, privacy by design, sharing) and Annex B (PII processors: conditions for collection and processing on behalf, obligations, transfer, return / disposal). Aligned with GDPR, CCPA, LGPD Brazil. Cumulative certification with ISO 27001.
Origin
ISO/IEC JTC 1/SC 27, ISO/IEC 27701 published August 2019, revision 2025.
Usage
Chosen by companies wanting to prove systematic certifiable privacy governance, GDPR audit support.