All framework guides
ISO 27701 Hub
ISO 27701 Privacy Hub
Privacy extension to your ISMS
Overview
ISO/IEC 27701 extends ISO 27001 and ISO 27002 with privacy-specific controls for PII controllers and processors. It provides a certifiable privacy management framework aligned with GDPR and global privacy expectations.
Who needs it?
Organizations already pursuing or certified to ISO 27001 that need a structured privacy program — especially those processing personal data across multiple jurisdictions.
Key topics
- PII controller vs processor controls
- Privacy policy and consent management
- PII transfer and sub-processor oversight
- Privacy impact assessment alignment
- Extension audit to existing ISO 27001 certification
Typical timeline
Often pursued as an extension after ISO 27001; add 2–4 months for privacy control implementation and extension audit.
How ComplAI helps
- ISO 27701 mapped controls alongside ISO 27001
- Privacy policy templates and DPIA documentation support
- Unified control mapping to reduce duplicate evidence
