ISO/IEC 27701:2025 published: updated privacy standard offers organizations more guidance

The international standard ISO/IEC 27701 for privacy information management has been fully revised. While the 2019 edition was still an extension to ISO/IEC 27001 and 27002, the new ISO/IEC 27701:2025 has evolved into an independent standard for establishing and maintaining a Privacy Information Management System (PIMS). This gives organizations a stronger and clearer framework for responsible privacy management within their information security and cybersecurity processes.

The most important update is that ISO/IEC 27701:2025 is no longer an extension of ISO 27001, but a full, standalone standard with a new title: ‘Information security, cybersecurity and privacy protection – Privacy information management systems’. The standard aligns with the updated ISO 27000 family and uses the same terminology and structure, making integration with existing management systems easier.

The ISO/IEC 27701:2025 provides organizations with practical guidelines for:

  • Establishing and maintaining a PIMS
  • Processing personal data responsibly
  • Separating responsibilities for PII controllers and PII processors
  • Supporting compliance with international privacy legislation, such as the GDPR and similar laws worldwide

Why is this revision important?

The revision of the standard helps organizations embed privacy more structurally into their operations. This supports demonstrable compliance with international privacy legislation, strengthens customer trust by showing that personal data is processed carefully and transparently and contributes to better risk management by enabling systematic identification and mitigation of privacy risks. Moreover, the updated standard aligns seamlessly with other ISO management systems, enabling efficient and coherent integration within the organization.

Key changes compared to the 2019 version

Organizations already working with ISO/IEC 27701 will notice several important changes:

  • The ISO 27701 is now a fully autonomous standard (an ISO 27001 certificate is no longer a prerequisite for certification)
  • A new title and broader scope, aligned with the ISO 27000 structure
  • Increased emphasis on governance, accountability and transparency
  • Expanded guidelines for modern technologies and international collaborations

Want to know more?

The ISO/IEC 27701:2025 provides a solid foundation for organizations that want to process personal data securely, responsibly and future-proof in an increasingly complex digital landscape. Would you like to learn more about the revision or the transition period? We would be glad to assist you!

Contact

Learn more?

Would you like to know more about this topic? Call us at +31 (0)88 998 49 00 or fill out the contact form. Our experts will be happy to help you!

Go to contact form
ISO 27701 Certification Privacy Information Management System
Certification

ISO 27701 Certification Privacy Management System

ISO/IEC 27701 – an extension of the ISO 27001 standard – contains specific management measures for the protection of privacy-sensitive information. Based on ISO 27701, organisations that already work with an Information Security Management System can upgrade their system to a Privacy Information Management System.