ISO/IEC 27701:2019 – Privacy Information Management System (PIMS)

ISO/IEC 27701:2019 is a Privacy Information Management System (PIMS) standard that provides guidance on managing and protecting personal data. It extends the ISO/IEC 27001 Information Security Management System (ISMS) by introducing specific privacy-focused controls. The standard is designed to help organizations meet data privacy requirements, including regulations such as the General Data Protection Regulation (GDPR)

pexels-cottonbro-7012262
    Strengthening data protection with globally aligned privacy management

    About the standard

    Applicable across sectors, ISO/IEC 27701 supports organizations in aligning with international privacy expectations and strengthening internal data governance. It helps reduce risks related to personal data handling and enhances accountability across processes and stakeholders.

    ISO/IEC 27701:2019 is a privacy extension to ISO/IEC 27001, focused on managing personally identifiable information (PII) within an Information Security Management System. It provides detailed guidance for organizations acting as data controllers or processors, helping them meet global privacy obligations.

    The standard introduces structured requirements and controls for implementing a Privacy Information Management System (PIMS), enabling better transparency, accountability, and trust in how personal data is handled.

    Certification process

    1. Application – by prospect
    2. Application review and offer – by Control Union (CU)
    3. Offer acceptance – by Prospect
    4. Confirmation of registration and Invoicing  – by Control Union (CU)
    5. Payment of invoice – by Client
    6. Planning the audit and informing to the client – by Control Union (CU)
    7. Logistic arrangements for site visit – by Client
    8. Physical audit and reporting – by CU inspector
    9. Report review and certification decision – by CU certifier
    10. Sending inspection report and certificate to the client – by CU certifier

    Data protection assured

    Control Union offers ISO/IEC 27701:2019 certification services in partnership with SBCert, under SWEDAC accreditation. Our audit services are designed to support organizations handling personal data in demonstrating compliance with global privacy regulations.

    By integrating ISO 27701 with ISO 27001, we help clients build a unified approach to information security and data privacy — trusted by stakeholders, customers, and regulators alike.

    Sustainability Report 2023 b

    How you benefit

    • Strengthen privacy management within your ISMS

    • Demonstrate compliance with global data protection laws (e.g., GDPR, CCPA)

    • Improve customer and stakeholder trust

    • Enhance transparency in personal data handling

    • Align internal policies with regulatory expectations

    • Reduce reputational and financial risks from privacy breaches

    • Position your organization as a privacy-conscious leader

    pexels-cottonbro-7012262

    How can we help you?

    If you have any questions about our activities in Sri Lanka, please contact us.

    Contact us