Skip links

ISO 27701


A relatively new, but important, data privacy standard is ISO 27701 Privacy Information Management System (PIMS), which is a privacy extension to ISO 27001 Information Security Management (ISMS) and ISO 27002 Security Controls. PIMS outlines a framework for Personally Identifiable Information (PII) Controllers and Processors to manage data privacy. As an international management system standard, it provides guidance on the protection of privacy, including how organizations should manage PII, and helps demonstrate compliance with privacy regulations around the world.


Achieving a Privacy Information Management System (PIMS) that conforms to ISO 27701 not only provides peace of mind for both you and your partners, significantly reduces your non-compliance risks, and demonstrates that your organization is respecting data privacy laws, but provides many other benefits, including:

  • Provides transparency between stakeholders
  • Builds trust in managing personal information
  • Reduces audit fatigue so you respond to security questionnaires and inquiries more quickly
  • Facilitates effective business agreements
  • Supports compliance with privacy regulations
  • Identifies and maps controls relevant to the requirements framework and generates and retains necessary evidence of compliance
  • Clarifies roles and responsibilities
  • Reduces complexity by integrating with the leading information security standard ISO/IEC 27001

PIMS Process

The process of achieving a Privacy Information Management System (PIMS) that conforms to ISO 27701 is accomplished in four phases:

  • Identify key stakeholders and contacts
  • Develop Communications Plan
  • Define priorities, timelines, scope, and what constitutes success
Scope & Plan 25%
  • Initial Gap Assessment/Internal Audit
  • Detailed recommendations
  • Checklist for action items
  • Validate plan is actionable
Current State Assessment 50%
  • PIMS
  • Policies
  • Risk Assessment
Remediation Roadmap 75%
  • Implement controls
  • Policies and procedures
  • Execute Risk Assessment
  • Establish governance structure
  • Strategic planning cadence
Program Implementation 100%

To ensure the highest levels of success, HPS has partnered with OneTrust to leverage its technology platform. The OneTrust platform helps operationalize privacy initiatives for organizations and ensure year after year compliance with all routine privacy requirements.

Contact us today to see how HPS can help you achieve ISO 27701 compliance.