ISO Certifications
ISO 27701 in detail
Building Trust Through Privacy Compliance
View customer success stories Take the next stepISO certifications
ISO 27701 certification audit process
ISO 27701 extends the ISO 27001 framework to include privacy and data protection, creating a Privacy Information Management System (PIMS). It provides clear guidance for managing personal data in compliance with global privacy laws like GDPR and CCPA.
By achieving ISO 27701 certification, your organization demonstrates a strong commitment to protecting user privacy. It builds trust with customers, regulators, and partners—proving that your data handling practices meet the highest international standards.
There are two audit stages that must be completed in order to achieve ISO 27701 certification.
01
Stage 1 Audit
The certification body reviews your documented policies, procedures, and privacy management system to ensure they meet ISO 27701 (and ISO 27001) requirements. This includes assessing your Privacy Information Management System (PIMS) scope, data protection roles, risk assessments, and legal/regulatory mapping.
02
Stage 2 Audit
Auditors evaluate how effectively your privacy controls are implemented and maintained in practice. This involves interviews, system inspections, and evidence collection to confirm your organization follows what’s documented—especially regarding the handling of personally identifiable information (PII).
Like ISO 27001, the ISO 27701 privacy framework does not require organizations to implement every control in every situation. Instead, compliance relies on a risk-based approach; you can apply relevant controls based on the way you use your information management system.
The framework prescribes different requirements for data processors and data controllers. However, common requirements for ISO 27701 certification include:
Data controllers must have documented agreements with data processors regarding the access and protection of PII.
Employees that have access to personal data must sign a confidentiality agreement and complete a privacy awareness training program.
Organizations must have a public-facing privacy policy.
Organizations must complete a privacy risk assessment to identify potential threats.
Organizations must appoint a responsible individual for their governance and privacy program.
Organizations must have a documented incident response plan.
Organizations must keep a record of all activities and systems through which personal information is processed.
Organizations must implement appropriate mechanisms to accommodate individuals’ rights to access, correct, and erase their PII.
Accordion content
ISO 27701 sets the framework for compliance with a variety of regulations. The standards can be mapped to:
- GDPR
- ISO/IEC 29100
- ISO/IEC 27018
- ISO/IEC 29151
Mappings to other privacy standards, such as CCPA and HIPAA, are expected in the future, allowing organizations to demonstrate compliance with an even broader spectrum of privacy laws.
While many organizations use their ISO 27701 certification to communicate their GDPR compliance efforts, it is important to note that the certification is not currently recognized as an official GDPR certification. However, it may be considered a potential path to certification in the future.
TESTIMONIALS
You Don’t Have to Take Our Word for it
“I was introduced to the team and right away there was a gel. It didn’t feel transactional. What 360 Advanced did for me was give me the confidence that I had a long-term compliance-services relationship.”
Steve Hindle
Principal Chief Security & Compliance Officer | Spirion
“We work with them on every single project, so it’s really nice to have history with 360 Advanced. They operate at a good pace – and they are friendly.”
Emma Fountinelle
Information Security Engineer | Luma Health
Learn more about 360 Advanced’s Integrated Compliance Strategy with our free guide
Integrating your compliance needs into one strategy can save your business time and money. Download our free guide to find out how.
Download our Integrated Compliance Guide
Contact
Begin your ISO Certification
Audit today!
Looking for support with ISO 27001, 27701, or 42001? We’re here for you! Fill out the contact form, and within 24 hours, our team will provide the expert guidance you need.
360 Cyber News and Resources
Explore a wealth of knowledge in our client stories, insightful blogs, cutting-edge white papers, and the latest press releases—your gateway to a repository of expertise and industry insights.
