ISO 27701 Certification
Privacy Information Management System

An extension to ISO 27001, use this Standard to ensure the privacy of the personal information you process.

Build confidence within and outside your business with ISO 27701.

As an internationally recognised Standard, ISO 27701 demonstrates to staff, suppliers, contractors and customers that you have processes in place to help you comply with privacy laws when processing personal information or PII (personally identifiable information).

Based on the requirements of ISO 27001, it includes a set of privacy-specific requirements and controls that help you to create a Privacy Information Management System that will ensure your business is fully equipped to safely manage, process and control personal information.

WHAT IS ISO 27701?

ISO 27701 has been created as an extension to the Information Security Management Standard (ISO 27001) and specifically looks at the protection of privacy and how businesses manage personal information.

With a wider application compared to other Standards, such as BS 10012, it helps businesses to comply with multiple privacy regulations, such as the EU GDPR (General Information Protection Regulation).

It acts as an enhancement to ISO 27001, enabling businesses to put in place a system that will help them assess, react to, and reduce risks that are linked to the collection, management and processing of personal information. When combined in this way, the two Standards create a Privacy Information Management System (PIMS).


Protecting personally identifiable information (PII) is extremely important. Everyone now has the right to decide how their personal information is managed and organisations have a legal obligation to respond. Technology also makes it easier to transfer such information, making it more readily available – and vulnerable.

ISO 27701 strengthens confidence in a business’ privacy management both inside and outside the business, enhancing its reputation and helping it to avoid large fines for breaches.

Unlike the UK-centric BS 10012, the international recognition of this Standard also means that it can help to ensure compliance in any geographic location. So, if your business is active across the globe, ISO 27701 will equip you with the right framework to meet all kinds of privacy laws.

Here are the top benefits of using the ISO 27701 framework:

  1. Supports compliance with a range of privacy regulations, such as the EU GDPR and UK DPA (Data Protection Act) 2018

  2. Defines key roles and responsibilities among those who create, collect and process personal information (data controllers and data processors)

  3. Facilitates the secure transfer of information and PII between different organisations and countries

  4. Builds trust among customers, suppliers and stakeholders for closer and more effective business agreements

  5. Ensures the context of PII processing is understood and accounted for in order to aid organisations in responding to relevant jurisdictional differences

  6. Thanks to its common framework, it can be easily integrated with other popular systems, such as the Business Continuity Standard (ISO 22301)

  7. Reduces the likelihood of expensive fines for breaches of privacy laws

  8. Enhances a business’ global reputation


The cost of ISO 27701 depends on several factors. These include your sector, annual turnover, and the number of offices and employees you have.

The price will also depend on whether you have already implemented and achieved certification to ISO 27001. This is because ISO 27701 is an extension of this Standard and the requirements for ISO 27701 go across eight different clauses and six annexes.

If you don’t already have an ISO 27001 information security management system in place, this does not mean you cannot achieve certification. You simply need to implement it at the same time as the ISO 27701, forming a combined ISO 27001/ISO 27701 management system.

To get an idea of price, add your details to our free quote calculator.

  • Product of Interest

  • Company Information

  • Contact Details

  • Product of Interest

  • Company Information

  • Contact Details

  • Product of Interest

  • Company Information

  • Contact Details


ISO 27701 has an Annex SL structure, which means it has a structure of 10 clauses that form the following requirements when grouped together.

  1. Management Responsibility – The areas your management team need to focus on and be accountable for within the Privacy Information Management System.

  2. Resource Management – How your business’ resources can be used to ensure the best performance.

  3. Privacy Security – How your business will control and process personal information to ensure it remains protected.

  4. Measurement, Monitoring and Improvement – How you can check that your Privacy Information Management System is working and how you can ensure improvements are made.


Can I get ISO 27701 as a standalone product?

Will I have to have separate audits for ISO 27001 and ISO 27701?

Do I have to have ISO 27001 in place before I can get ISO 27701?

Does ISO 27701 confirm legal compliance to GDPR?

Who needs ISO 27701?

How much does ISO 27701 cost?

Why is ISO 27701 certification important?

How long will the ISO 27701 certification process take?

Is ISO 27701 a legal requirement?

Why was ISO 27701 created?

Why should I apply for ISO 27701 certification?

I have ISO 27001, but it wasn’t created by QMS. Can I still get ISO 27701?

How can QMS help your Business?

The QMS process gets your business certified for success:


Our nationwide team of consultants and auditors has provided certifications to clients ranging from SMEs to blue chip organisations across a broad spectrum of verticals and industries.


Our processes add value at every stage, without taking up unwarranted management time. We commit to providing you with the best possible value for money – including a price promise from the outset, along with the ability to stagger payments at no extra cost.


We remove the red tape and paperwork for you, making the process as smooth and uncomplicated as possible, and ensuring you get the framework that works for you.

How have businesses benefited from ISO 27701?

Youtube logo YouTube logo

3 Steps to Certification

With the help of QMS, the certification process can take as little as 45 days to complete

    Gap Analysis

    A QMS Consultant will visit your Organisation to review and document your current processes and procedures, highlighting any areas that do not meet the requirements of the Standard.

    3 Step Certification


    Now its time to make sure any required process or procedural changes are made, as highlighted in the Review. QMS can provide templates to assist you in doing this.

    3 Step Certification


    An Auditor must now visit your Organisation to check that the documented processed are being followed and that the necessary changes have been made. Once they are satisfied, you will be rewarded with your certification.

    3 Step Certification

Once you have achieved certification the certification cycle will commence. This is made up of surveillance and re-certification audits, one of which must take place each year, around the anniversary of your certification. These visits confirm your continued compliance with the Standard and verify the validity of your certification.

Shaking hands in office


QMS Connect delivers all the tools you need to achieve and maintain ISO compliance.

With simple navigation, real-time reporting and the ability to modify and update content on the go, QMS Connect keeps you in control. Accessible online via your computer, tablet or smartphone 24 hours a day, QMS Connect helps you manage your ISO Management System in real-time.

QMS Connect helps engage your teams, so that you can capture data that will drive business decisions – increasing repeat business, reducing customer complaints and ultimately saving you both time and money.

QMS Connect website on multiple devices


    Guide to ISO certification

    Why you should choose QMS to assist your business with ISO certification

    Guide to Information and Cyber Security

    A visual guide to the areas covered by each of the information security products

    A visual guide to the areas covered by each of the information security products

    Case Study: IT Services Jersey

    A real life case study of a company that obtained both ISO 27001 & ISO 20000-1 certification

    A real life case study of a company that obtained both ISO 27001 & ISO 20000-1 certification

    Beginner's Guide to ISO 27001

    Information Security Management System requirements explained for every day users

    Learn the basics of ISO 27001 and what is required of your organisation

    Guide to implementing ISO 27001

    Understand the principles of ISO 27001 and how they impact your business

    Covering the principles of ISO 27001

    Standard Overview: ISO 27001

    Overview of the ISO 27001 Information Security Management System Standard

    An introduction to ISO 27001 and the service offered by QMS

    Checklist for ISO 27001:2013 implementation

    Understand what ISO 27001:2013 requires from your business

    Understand the impact of ISO 27001 on your business

    Case Study: IP House

    A real life case study of a company that has obtained ISO 27001 certification

    A real life case study of a company that has obtained ISO 27001 certification

    Top 10 Non-conformities for ISO 27001

    Areas to focus on in order to prevent non-conformities

    Areas to focus on in order to prevent non-conformities

    Is GDPR covered by ISO 27001?

    Understand the areas of the GDPR which are covered by ISO 27001 Certification

    Understand the areas of the GDPR which are covered by ISO 27001 Certification

    What Information Security Products are Available?

    The QMS International suite of information security products

    The QMS International suite of information security products

    QMS International Company Profile

    Find out about QMS, our achievements and some of our clients


At QMS we are constantly updating our approach and process to meet the latest changes in how ISO 27701 works.


QMS International use cookies to provide you with a better site experience, enable features and to help us understand how our website is being used.

By continuing, you consent to the use of cookies in accordance with our Cookie Policy

Allow All Cookies

Allow Strictly Necessary Cookies Only