ISO/IEC 27701

Build a certifiable privacy programme with ISO/IEC 27701, mapped to GDPR.

PIMS Gap & Design

Privacy gap analysis and PIMS build

Audit Readiness

Internal audit and mock readiness run

Certification Support

Guided through the 27701 extension audit

PIMS Auditors

Privacy-management specialists

Get a free consultation All frameworks

What it is

ISO/IEC 27701 specifies requirements for a Privacy Information Management System, extending ISO/IEC 27001 and 27002 with privacy controls for organisations acting as PII controllers and/or processors. It maps to GDPR and other privacy laws.

Who must comply

Organisations handling significant personal data: SaaS platforms, data processors, adtech, healthcare.

How IntelligenceX helps

Privacy gap assessment and PIMS design (roles, RoPA, DPIA process)

GDPR and privacy-law mapping

Internal audit and certification-audit support

Controller and processor control-set implementation

Evidence reuse from an existing ISO 27001 ISMS

Gap AssessmentISMS DesignInternal AuditStage 1 & 2 SupportRemediation GuidanceCertification Readiness

Frequently Asked Questions

No. There is no official GDPR certification, but 27701 is the leading certifiable privacy framework and maps directly to GDPR, demonstrating accountability to regulators and customers.

Yes. 27701 is an extension of 27001 and cannot be certified standalone. Many clients pursue both together; we sequence the work to share evidence and audit effort.

Typically three to five months. With a mature ISMS already running, much of the security evidence carries over and we focus on the privacy-specific controller and processor controls, the RoPA and the DPIA process, then certify it as an extension.

Offensive Security

More Testing

Managed Security

Cloud & DevOps

Global standards

India regulatory

Privacy & cloud

Audit & assurance

Free privacy scan