Meet ComplAIIntelligence: Your AI-powered teammate for risk & complianceLearn more
All framework guides

Help Center · Framework guide

ISO/IEC 27701:2019

ISO 27701 · Privacy · Global · v2019

PrivacyPIIExtension

Overview

ISO/IEC 27701 extends ISO 27001 with privacy-specific requirements for PII controllers and processors.

12 controls available in ComplAI for this framework.

Who it's for

  • Organizations already on or pursuing ISO 27001
  • Privacy and DPO teams managing PII processing
  • Processors supporting GDPR / DPDP-aligned customers

Why it matters

It bridges security ISMS practice with privacy accountability — useful when customers ask for both security and privacy assurance.

PII controller and processor rolesPrivacy risk and DPIA alignmentData subject rights processesProcessor agreements and transfers

How ComplAI helps

  • Activate ISO 27701 in the Framework Library to load its control catalog
  • Assign owners, track compliance status, and attach evidence per control
  • Use risk register and issues workflows when controls fail or deviate
  • Export readiness views for leadership and auditors

Sample controls

  • P.5.1

    Privacy policy

    data protection
  • P.5.2

    Privacy roles

    governance
  • P.6.1

    Lawful basis

    data protection
  • P.6.2

    Purpose specification

    data protection
  • P.7.1

    Consent management

    data protection
  • P.7.2

    Privacy notices

    data protection

Getting started

  1. Open Framework Library and activate ISO 27701
  2. Review the control list and prioritize high-impact domains
  3. Attach policies, procedures, and technical evidence
  4. Mark controls audit-ready and monitor residual gaps