Final Draft
International Standard
ISO/IEC FDIS 27701
Information security, cybersecurity and privacy protection — Privacy information management systems — Requirements and guidance
Reference number
ISO/IEC FDIS 27701
Edition 2
© ISO 2025
Projet final Norme internationale
Indisponible en français
Projet
Projet au stade approbation.
Remplacera ISO/IEC 27701:2019

What is ISO/IEC 27701?

ISO/IEC 27701 is an international standard that specifies requirements and provides guidance for establishing, implementing, maintaining and continuously improving a privacy information management system (PIMS). It extends ISO/IEC 27001 to specifically address privacy and the protection of personally identifiable information (PII), making it highly relevant for organisations acting as PII controllers or processors.

Why is ISO/IEC 27701 important?

In a world where personal data is handled by almost every organisation and privacy regulations are rapidly evolving, ISO/IEC 27701 offers a practical framework to demonstrate accountability and compliance. It helps organisations manage privacy risks by embedding privacy-specific controls into existing information security management systems. With its mappings to GDPR and other standards like ISO/IEC 29100 and ISO/IEC 27018, it supports alignment with legal requirements while improving stakeholder trust and operational transparency.

Benefits

  • Strengthens data privacy and protection capabilities
  • Helps demonstrate compliance with global privacy regulations such as GDPR
  • Supports trust-building with partners, clients and regulators
  • Aligns with existing ISO/IEC 27001 systems to streamline implementation
  • Facilitates accountability and evidence-based privacy management

 

FAQ

Any organisation that collects, processes, stores or controls personally identifiable information (PII), including public, private and not-for-profit entities.

No. It is an extension of ISO/IEC 27001 and must be implemented in conjunction with it.

A privacy information management system (PIMS) is a structured framework for managing PII responsibly and in line with privacy laws and standards.

Informations générales

  • État actuel
     : Projet
    Stade
    : Epreuve envoyée au secrétariat ou mise au vote du FDIS: 8 semaines [50.20]
  • Edition
     : 2
  • Comité technique :
    ISO/IEC JTC 1/SC 27
    ICS :
    35.030 
  • RSS mises à jour

Cycle de vie

Vous avez une question?

Consulter notre Aide et assistance

  2. Store
  3. Store
  4. TC
  5. ISO/IEC JTC 1/SC 27
  6. ISO/IEC FDIS 27701