All framework guides
Help Center · Framework guide
ISO/IEC 27701:2019
ISO 27701 · Privacy · Global · v2019
PrivacyPIIExtension
Overview
ISO/IEC 27701 extends ISO 27001 with privacy-specific requirements for PII controllers and processors.
12 controls available in ComplAI for this framework.
Who it's for
- Organizations already on or pursuing ISO 27001
- Privacy and DPO teams managing PII processing
- Processors supporting GDPR / DPDP-aligned customers
Why it matters
It bridges security ISMS practice with privacy accountability — useful when customers ask for both security and privacy assurance.
PII controller and processor rolesPrivacy risk and DPIA alignmentData subject rights processesProcessor agreements and transfers
How ComplAI helps
- Activate ISO 27701 in the Framework Library to load its control catalog
- Assign owners, track compliance status, and attach evidence per control
- Use risk register and issues workflows when controls fail or deviate
- Export readiness views for leadership and auditors
Sample controls
- data protection
P.5.1
Privacy policy
- governance
P.5.2
Privacy roles
- data protection
P.6.1
Lawful basis
- data protection
P.6.2
Purpose specification
- data protection
P.7.1
Consent management
- data protection
P.7.2
Privacy notices
Getting started
- Open Framework Library and activate ISO 27701
- Review the control list and prioritize high-impact domains
- Attach policies, procedures, and technical evidence
- Mark controls audit-ready and monitor residual gaps
