ISO/IEC 27701 Certification: Privacy Information Management

Strengthen your personal information protection practices in line with regulatory and stakeholder expectations.

Journey continues on Veracity, DNV's trusted digital platform.

ISO/IEC 27701 Certification: Privacy Information Management

Certification of your privacy information management system to ISO/IEC 27701 demonstrates your commitment to proactively protect personally identifiable information (PII) and operate with transparency and accountability. This provides tangible business benefits that help you manage privacy risks, meet national and international regulatory requirements, such as GDPR, and build trust with customers, partners and other stakeholders.

The ISO/IEC 27701 standard provides a structured and internationally recognized framework for privacy information management that enhances your ability to consistently safeguard personal information and demonstrate compliance with legal, contractual and customer expectations. It supports confidence internally and builds trust externally by ensuring that privacy information protection practices and system are clearly defined and effectively managed.

What is the ISO/IEC 27701 standard?

ISO/IEC 27701 is a stand alone international standard providing requirements for a Privacy Information Management System (PIMS). It is applicable to organizations of any size, sector or geography that process and hold personally identifiable information, helping them to manage how personal information is collected, used, stored, shared and protected.

It enables a proactive and risk based approach to protecting personal information, defining responsibilities, implementing appropriate controls and continually improving performance. It helps organizations understand their privacy information context, meet regulatory and stakeholder expectations, and continually improve its management system.

ISO/IEC 27701 helps you:

  • Identify relevant internal and external factors
  • Establish and improve a robust privacy information management system
  • Define clear roles and responsibilities
  • Implement controls to manage privacy information risks
  • Address regulatory obligations such as GDPR or others
  • Continually improve privacy information practices
  • Demonstrate accountability and responsible governance

ISO/IEC 27701 is aligned with the information security standards ISO/IEC 27001 and ISO/IEC 27002.  Organizations with an existing ISO/IEC 27001 Information Security Management System (ISMS) can integrate ISO/IEC 27701 seamlessly, while those without can adopt it as a dedicated privacy information framework.

Built on ISO’s Harmonized Structure (HS), it also integrates smoothly with other management system standards such as ISO 9001 and ISO/IEC 42001 to support a consistent and unified approach across disciplines.

Value of ISO/IEC 27701 certification

Certification to ISO/IEC 27701 by an independent third-party like DNV demonstrates that your privacy information management system meets the requirements of the standard and that you effectively apply its principles in practice.

As a result, you get:

  • Strengthened privacy information and data protection capabilities
  • Demonstrated compliance with national or international privacy regulations such as GDPR
  • Objective insight from external auditors to identify gaps and improvement opportunities
  • Ability to compete when certification is required in customer or supplier relationships
  • Reduced privacy information security risks through structured and risk based controls
  • Clear demonstration of commitment toward stakeholders, partners and regulators

Why partner with DNV?

DNV is one of the world’s leading certification bodies. Through management system certification, supply chain assurance and training services, we help companies manage risks, assure compliance and build competence in organizations, supply chains and people.

Trusted

A global partner locally before, during and after the audit

Knowledge

Solid auditor competence and industry experience

Innovation

Value adding services, solutions and digital tools

Experience

Commitment to a superior customer experience

80000

Customers

90000

Certificates

20000

People trained annually

180 +

Countries

How to get ISO/IEC 27701 certified

To obtain certification, you need to implement an effective privacy information management system complying with the requirements of the standard.

DNV is an accredited third-party certification body. We can help you throughout the journey and our services include training, self-assessment, gap analysis and certification.

As a DNV customer, you also get access to a suite of digital tools that can help you ensure compliance, continually improve and manage your entire certification journey with us.

Learn how to get started and be certified

    • Obtain the standard:

    Get a licensed copy of the relevant standard and familiarize yourself with the requirements to decide if certification/registration to this standard makes good sense for your organization.

    • Review available literature and apply digital tools

    Explore available literature, guidelines from the standard owners (e.g. ISO/TS 9002 for ISO 9001, ISO 14004 for ISO 14001)   and digital sources and tools that can assist with implementation. Note that as a DNV customer you get access to tailored tools that can assist you.

    • Assemble a team and define strategy:

    To implement a management system should be a strategic decision for the entire organization. Senior management must be involved in the decision, committed and involved in shaping the system. They decide the business strategy the management system should support. In addition, you need a dedicated team to develop and implement your management system.

    • Determine competence needs:

    First, your team implementing and maintaining the management system needs a thorough understanding of the chosen standards. Later on, the wider organization needs awareness training. DNV offers a variety of public and in-house courses worldwide that meets your competence training needs at all levels within your organization.

    • Review consultant options:

    Independent consultants can advise on a workable, realistic, and cost-effective strategy plan for implementation if you do not have this competence or capacity already.

    • Develop management system documentation: 

    Decide on an appropriate platform for your documented information (e.g. software, process map- or SharePoint-based). The right platform is important to ensure effective management, communication and implementation.

    • Determine, manage and document processes:

    First identify key processes – what they are, how they work, and how they interact. Each process should have a clear purpose, defined responsibilities, and expected outputs. The level of documented information needed depends on the organization’s size, complexity, and the importance of each process, but must include relevant processes and other documented information needed to deliver on intended outcomes and comply with the chosen standard’s requirements.

    • Implement management system:

    Clear communication and necessary competence training are essential elements. During the implementation phase, you will work to ensure that your organization is working according to defined and documented processes. Once successful, you can prove system’s compliance and effectiveness.

    • Select a certification body/registrar:

    Selecting the right certification body/registrar can make a difference throughout your certification journey. DNV offers a trusted partnership approach, a risk-based approach and range of free digital tools that help you manage your certification journey before, during and after the audit.

    • Consider a pre-audit gap analysis:

    Consider a preliminary evaluation by your certification body/registrar to identify and correct nonconformities before starting the official certification process. The purpose is to identify areas of non-conformance or weaknesses, allowing you to correct these before you begin the official certification process.

FAQ – ISO/IEC 27701

  • ISO 27701 or ISO/IEC 27701, which is its formal name, is an international standard for privacy information management. It provides requirements and guidance for managing personally identifiable information (PII) in a structured, risk based and managed way. The standard helps organizations protect personal information, meet regulatory obligations such as GDPR and demonstrate responsible governance to customers, partners and regulators.

  • A Privacy Information Management System (PIMS) is a structured framework for managing how personal information is collected, used, stored, shared and protected. It defines roles and responsibilities, establishes privacy controls and ensures that privacy risks are identified, managed and continually improved over time. A PIMS enables organizations to demonstrate accountability and compliance with global privacy requirements.

  • ISO 27701 certification is an independent third party confirmation that an organization’s PIMS meets the requirements of the ISO/IEC 27701 standard, which is its formal name. Certification demonstrates that the organization manages personal information responsibly, applies effective privacy controls and can provide evidence of compliance with regulatory and stakeholder expectations. It strengthens trust, reduces privacy risks and supports competitive advantage in markets where privacy assurance is required.

ISO/IEC 27701 training

ISO/IEC 27701:2025 induction course

An eLearning course providing employees with an understanding of the ISO/IEC 27701 Management System.

Discover ISO/IEC 27701:2025 induction course
Data technology background

ISO/IEC 27701:2025 Information Security foundation course

A two-day course which provides a comprehensive understanding of the ISO/IEC 27701:2025 standard.

Discover ISO/IEC 27701:2025 Information Security foundation course
IT background binary

ISO/IEC 27701:2025 Information Security internal auditor course

A two-day course which focuses on developing the ability to plan, conduct, report, and follow-up on internal audits of Privacy Information Management System (PIMS) according to standard ISO/IEC 27701:2025 standard.

Discover ISO/IEC 27701:2025 Information Security internal auditor course
How to protect our servers

More information

Training

Relevant insight in an active learning environment.

Interested in how this service can support your organization?

Contact us