ISO 27701

Security techniques. Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management. Requirements and guidelines

ISO / IEC 27701 is a standard aimed at methods for security and management of personal information, defining requirements and providing guidance to help companies manage privacy risks related to personal information (PII).
It is applicable to all types and sizes of organizations responsible for the control and processing of personal information, including public and private companies, public organizations and non-profit organizations.
As it complies with international regulations, this standard allows you to demonstrate to customers and other stakeholders that effective systems exist to maintain compliance with the GDPR and other privacy regulations worldwide.
As an extension to ISO / IEC 27001, organizations wishing to obtain an ISO / IEC 27701 certificate must have an information security management system implemented in accordance with ISO / IEC 27001.
The main benefits of implementation and subsequent certification in accordance with this standard include:
– support for compliance with the GDPR and other data protection provisions
– Increased trust from customers and other stakeholders in the ability to manage personal information
– ensuring adequate data protection
– can be easily integrated with ISO / IEC 27001
– transparency in established confidentiality management controls
– improving internal processes to avoid breaches of confidentiality
– facilitates the conclusion of agreements with business partners with which the processing of personal data is mutually relevant


1. Development and implementation in the organization of a system according to the respective ISO standard
2. Conducting an audit establishing the operation of the implemented system
3. Taking a decision on certification based on facts established during the audit