Back to Frameworks

ISO/IEC 27701:2019

International
3 domains
38 controls

ISO/IEC 27701:2019 is a privacy extension to ISO/IEC 27001 and ISO/IEC 27002, providing requirements and guidance for establishing, maintaining, and continually improving a Privacy Information Management System (PIMS).

Unverified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (3)

Both

24 controls
Controls in the Both domain of ISO/IEC 27701:201924 controls
CodeTitle
5.2.1Understanding the organization and its context (PIMS)
5.2.2Understanding the needs and expectations of interested parties (PIMS)
5.2.3Determining the scope of the PIMS
5.2.4PIMS establishment, implementation, maintenance and continual improvement
5.3.1Leadership and commitment (PIMS)
5.3.2Privacy policy
5.3.3Organizational roles, responsibilities and authorities (PIMS)
5.4.1.2Privacy risk assessment
5.4.1.3Privacy risk treatment
5.4.2Articulating risk management commitment
5.5.3Awareness (PIMS)
5.5.4Communication (PIMS)
5.5.5Documented information (PIMS)
5.7.1Monitoring, measurement, analysis and evaluation (PIMS)
5.7.2Internal audit (PIMS)
5.7.3Management review (PIMS)
5.8.1Nonconformity and corrective action (PIMS)
6.11.1.2Inclusion of PII in supplier agreements
6.13.1.1Privacy incident management
6.15.1.1Identification of applicable privacy legislation
6.2.1.1Policies for information security (privacy-extended)
6.5.2.1Classification of information (PII)
6.5.3.1Management of removable media (PII)
6.9.4.1Event logging (PII access)

PII Controller

12 controls
Controls in the PII Controller domain of ISO/IEC 27701:201912 controls
CodeTitle
7.2.4Obtain and record consent (Controller)
7.2.5Privacy impact assessment (Controller)
7.2.6Contracts with PII processors (Controller)
7.2.7Joint PII controller (Controller)
7.2.8Records related to processing PII (Controller)
7.3.1Determining and fulfilling obligations to PII principals (Controller)
7.4.4PII minimization objectives (Controller)
7.4.5PII de-identification and deletion at end of processing (Controller)
7.4.6Temporary files (Controller)
7.4.7Retention (Controller)
7.4.8Disposal (Controller)
7.4.9PII transmission controls (Controller)

PII Processor

2 controls
Controls in the PII Processor domain of ISO/IEC 27701:20192 controls
CodeTitle
8.5.7Engagement of a sub-contractor to process PII (Processor)
8.5.8Change of sub-contractor to process PII (Processor)

Your Compliance Coverage

If you comply with ISO/IEC 27701:2019, you already cover:

Maps to 19 other frameworks

38 total controls
ISO 27701:2019
17 source controls mapped|20 target controls covered
45%
ISO 14001:2015
6 source controls mapped|6 target controls covered
16%
ISO 9001:2015
6 source controls mapped|6 target controls covered
16%
ISO 14004:2016
5 source controls mapped|5 target controls covered
13%
ISO 22000:2018
4 source controls mapped|4 target controls covered
11%
ISO 55001:2014
4 source controls mapped|4 target controls covered
11%
ISO/IEC 42001:2023
3 source controls mapped|3 target controls covered
8%
ISO 22301:2019
3 source controls mapped|3 target controls covered
8%
ISO 37301:2021
3 source controls mapped|3 target controls covered
8%
ISO 37001:2016
3 source controls mapped|3 target controls covered
8%
ISO 27018:2019
2 source controls mapped|2 target controls covered
5%
ISO 27002:2022
2 source controls mapped|2 target controls covered
5%
ISO 45001:2018
2 source controls mapped|2 target controls covered
5%
ISO 50001:2018 - Energy Management Systems
2 source controls mapped|3 target controls covered
5%
ISO/IEC 23894:2023
2 source controls mapped|3 target controls covered
5%
ISO 31000:2018
2 source controls mapped|2 target controls covered
5%
ISO 27005:2022
1 source controls mapped|1 target controls covered
3%
ISO 10007:2017
1 source controls mapped|1 target controls covered
3%
ISO 13485:2016
1 source controls mapped|1 target controls covered
3%

Frequently Asked Questions

What is ISO/IEC 27701:2019?

ISO/IEC 27701:2019 is a compliance framework from International with 3 domains and 38 controls. ISO/IEC 27701:2019 is a privacy extension to ISO/IEC 27001 and ISO/IEC 27002, providing requirements and guidance for establishing, maintaining, and continually improving a Privacy Information Management System (PIMS). It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does ISO/IEC 27701:2019 have?

ISO/IEC 27701:2019 has 38 controls organised across 3 domains. The largest domains are Both (24 controls), PII Controller (12 controls), PII Processor (2 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does ISO/IEC 27701:2019 map to?

ISO/IEC 27701:2019 maps to 19 other compliance frameworks. The top mapping partners are ISO 27701:2019 (45% coverage), ISO 14001:2015 (16% coverage), ISO 9001:2015 (16% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with ISO/IEC 27701:2019 compliance?

Start your ISO/IEC 27701:2019 compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about ISO/IEC 27701:2019 requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 38 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 723 frameworks.

Get Started Free →

Free forever — no credit card required