Final Draft
International Standard
ISO/IEC FDIS 27701
Information security, cybersecurity and privacy protection — Privacy information management systems — Requirements and guidance
Reference number
ISO/IEC FDIS 27701
Edition 2
Final Draft International Standard
ISO/IEC FDIS 27701
85819
This draft is in the approval phase.
Will replace ISO/IEC 27701:2019

What is ISO/IEC 27701?

ISO/IEC 27701 is an international standard that specifies requirements and provides guidance for establishing, implementing, maintaining and continuously improving a privacy information management system (PIMS). It extends ISO/IEC 27001 to specifically address privacy and the protection of personally identifiable information (PII), making it highly relevant for organisations acting as PII controllers or processors.

Why is ISO/IEC 27701 important?

In a world where personal data is handled by almost every organisation and privacy regulations are rapidly evolving, ISO/IEC 27701 offers a practical framework to demonstrate accountability and compliance. It helps organisations manage privacy risks by embedding privacy-specific controls into existing information security management systems. With its mappings to GDPR and other standards like ISO/IEC 29100 and ISO/IEC 27018, it supports alignment with legal requirements while improving stakeholder trust and operational transparency.

Benefits

  • Strengthens data privacy and protection capabilities
  • Helps demonstrate compliance with global privacy regulations such as GDPR
  • Supports trust-building with partners, clients and regulators
  • Aligns with existing ISO/IEC 27001 systems to streamline implementation
  • Facilitates accountability and evidence-based privacy management

 

FAQ

Any organisation that collects, processes, stores or controls personally identifiable information (PII), including public, private and not-for-profit entities.

No. It is an extension of ISO/IEC 27001 and must be implemented in conjunction with it.

A privacy information management system (PIMS) is a structured framework for managing PII responsibly and in line with privacy laws and standards.

General information

  •  : Under development
    : Proof sent to secretariat or FDIS ballot initiated: 8 weeks [50.20]
  •  : 2
     : 64
  • ISO/IEC JTC 1/SC 27
    35.030 
  • RSS updates

Got a question?

Check out our Help and Support