Compliance Hub: ISO 27701
Build a world-class PIMS — privacy-certified, GDPR-aligned, and audit- ready
Extend ISO 27001 with comprehensive privacy controls. Achieve GDPR alignment
and demonstrate privacy maturity with ISO 27701 PIMS certification — the
international standard that proves you manage personal data systematically, not
just promisingly.
What is ISO 27701?
ISO/IEC 27701 is an extension to ISO 27001 that adds Privacy Information Management System (PIMS) requirements. Published in 2019, it provides a framework for managing personal data as a controller and/or processor.
The standard maps directly to GDPR requirements including records of processing activities, privacy by design, data subject rights, privacy impact assessments, and processor obligations. ISO 27701 certification demonstrates systematic privacy management and regulatory alignment.
Unlike GDPR compliance, which is self-declared, ISO 27701 certification is independently audited and internationally recognised — giving customers and regulators documented evidence of your privacy posture.
Benefits
Privacy Gap Analysis
Month 1PIMS Design
Month 1 - 3Controls & PIA
Month 3 - 6Internal Audit
Month 7Stage 1 & 2
Month 8 - 10What's leaving organisations exposed on privacy today
HOW WE DELIVER CERTIFICATION
From privacy gap to certified PIMS — the full delivery
journey
Privacy gap analysis
Assess current privacy posture against all ISO 27701 requirements
PIMS design
Privacy framework, ROPA, policies, and controller/processor scope
Controls & PIAs
Privacy controls implemented and DPIAs conducted for high-risk processing
Internal audit
Pre-certification PIMS audit to. close gaps before external auditor arrives
Stage 1 & 2 Audit Support
On-site audit support through both stages to certificate
WHAT'S INCLUDED —The full scope of our ISO 27701 programme
Privacy gap analysis
Comprehensive assessment of your current privacy posture against all ISO 27701 requirements — for both controller and processor roles where applicable.
PIMS documentation suite
Complete, bespoke Privacy Information Management System documentation — privacy policy, ROPA, processing agreements, data subject request procedures, and all supporting policies.
Privacy impact assessments
Full risk assessment methodology design, risk register build, control selection against Annex A, and risk treatment plan accepted by management.
Weak processor obligations
Third-party data processors used without adequate contracts, assessments, or ongoing monitoring
Data subject rights gaps
No process for handling access, erasure, or portability requests within regulatory timeframes
HOW WE GET STARTED
From first call to certified — in four steps
1
Privacy gap analysis
We assess your
current PIMS posture
against ISO 27701,
map gaps to GDPR
articles, and deliver a
written report within
2weeks
2
PIMS design &
documentation
Bespoke ROPA,
privacy policies, DPA
templates, consent
frameworks, and DSR
procedures built for
your organisation
3
Controls & PIAS
implemented
Privacy controls
deployed, DPIAs
conducted for high-
risk processing, staff
trained, and internal
audit completed
4
Certification &
aftercare
Stage 1 and Stage 2
audit supported on-
site — then a12-
month aftercare
programme to protect
your PIMS certificate
BUSINESS OUTCOMES — What our customers achieve
100%
GDPR Article mapping coverage across the PIMS
6 - 10 mo
Typical time from gap analysis to certification
50+
Privacy controls implemented across PIMS
Audit Ready
Annual surveillance audit and recertification supported.
Certified - Not just claimed
1SO 27701 certification is independently audited — giving customers and regulators documented ‘evidence of your privacy posture, not just a self- declaration
Dual Framework Value
ISO 27701 maps to GDPR, UK GDPR, DPDP Act, CCPA, and HIPAA — one certification programme, multiple regulatory frameworks evidenced