What Is ISO/IEC 27701?
ISO/IEC 27701 is an international standard that extends the ISO/IEC 27001 information-security management system to privacy, specifying requirements and guidance for a privacy information management system (PIMS) covering the processing of personally identifiable information.
ISO/IEC 27701 — an international standard that extends the ISO/IEC 27001 information-security management system to privacy, specifying requirements and guidance for a privacy information management system (PIMS) covering the processing of personally identifiable information.
ISO/IEC 27701 lets an organisation manage privacy on top of its security management system and map controls to regimes such as the GDPR. For AI, where systems often process personal data at scale, a PIMS is a recognised way to evidence privacy governance — complementing ISO/IEC 42001 (AI management) and ISO/IEC 27001 (security).
Source: ISO/IEC 27701
Plain-language explanation
ISO/IEC 27701 lets an organisation manage privacy on top of its security management system and map controls to regimes such as the GDPR. For AI, where systems often process personal data at scale, a PIMS is a recognised way to evidence privacy governance — complementing ISO/IEC 42001 (AI management) and ISO/IEC 27001 (security).
Related terms
See where you stand on AI governance
Take the free 7-question maturity assessment and get a personalised action plan.
Free assessment — 3 minutes →