Skip to main content
SWC CRM Logo
Book a Demo
ISO 27701 · Privacy Information Management System (PIMS)

ISO 27701:2019 — Privacy Information Management Systems

ISO 27701 is the international standard for a privacy information management system (PIMS). It extends ISO 27001 with requirements for managing personal data and demonstrating privacy controls, helping organizations support obligations under laws such as GDPR.

Who needs ISO 27701?

Organizations that process personal data and want to prove strong privacy practices — especially those already certified, or pursuing, ISO 27001.

Software & SaaSFinancial servicesHealthcareMarketing & adtechBPO & shared servicesTelecom

How does ISO 27701 certification work?

Certified as an extension to ISO 27001, following the same Stage 1 / Stage 2, three-year certificate, annual surveillance, and recertification model.

The structure of ISO 27701

  • Built on the ISO 27001 ISMS clauses (4–10)
  • PIMS-specific requirements extending the ISMS
  • Annex A — controls for PII controllers
  • Annex B — controls for PII processors

How SWC CRM helps you manage ISO 27701 certification

Manage privacy evidence alongside security

Keep your records of processing, privacy controls, and data-protection evidence in the same project workspace as your ISO 27001 ISMS.

Audit the PIMS extension

Use a configurable ISO 27701 checklist to audit controller and processor controls together with the underlying ISMS clauses.

Track privacy findings

Log nonconformities and corrective actions for privacy controls and track them to closure with assigned owners.

One schedule for both certificates

Manage surveillance and recertification for ISO 27001 and ISO 27701 together so the integrated certificate stays current.

Manage ISO 27701 certification in one platform

Run ISO 27701 projects, clause-by-clause audits, evidence, and renewals in SWC CRM — fully customizable to your team's workflow.

Book a demoExplore the platform

ISO 27701 certification: frequently asked questions

Can you get ISO 27701 without ISO 27001?

No. ISO 27701 is an extension of ISO 27001 and cannot be certified on its own. You need an ISO 27001 information security management system in place first, which ISO 27701 then builds on.

Does ISO 27701 make us GDPR compliant?

ISO 27701 helps demonstrate strong, auditable privacy controls and maps to many GDPR requirements, but certification is not the same as legal compliance. It is strong evidence of good practice, not a legal guarantee.

How does ISO 27701 relate to ISO 27001?

ISO 27701 adds privacy-specific requirements and controls on top of the ISO 27001 management clauses, turning an information security management system into a combined security and privacy management system.

Related standards

New to certification? Start with our step-by-step certification guide or browse the ISO glossary.