ISO/IEC 27701 Privacy Information Management Certification
ISO/IEC 27701 is the global benchmark for managing personal information. Certify your Privacy Information Management System — standalone under the new 2025 edition, or integrated with your ISO/IEC 27001 ISMS — and prove, through independent certification, that you handle personal data responsibly. Stage 1 + Stage 2 audit, surveillance, recertification.
What Is ISO/IEC 27701?
A Privacy Information Management System (PIMS) you can certify. ISO/IEC 27701:2025 is the new standalone edition of the standard — a complete, certifiable framework of privacy requirements and controls for managing personal information (PII), no longer just an extension of ISO/IEC 27001.
It applies whether you are a PII controller (you decide how personal data is used) or a PII processor (you handle data for others) — and most organisations are both. The standard maps closely to the EU/UK GDPR, the NZ Privacy Act 2020 and the Australian Privacy Principles.
As an independent certification body, Cianaa assesses and certifies your PIMS — from Stage 1 through Stage 2 and ongoing surveillance — across New Zealand, Australia and beyond.
Why ISO/IEC 27701 Certification Matters
ISO/IEC 27701 turns privacy from a liability into a demonstrable, certified strength.
Demonstrate Privacy Trust
Independent assurance to customers, partners and regulators that personal information is handled to a recognised global standard.
Support Legal Compliance
Controls map closely to GDPR, the NZ Privacy Act 2020 and the Australian Privacy Principles — reducing breach and penalty risk.
Win Privacy-Sensitive Work
Stand out in tenders and vendor reviews that demand evidence of strong, certified personal-data governance.
One Integrated System
Already ISO 27001 certified? Integrate privacy into your existing management system — security and privacy, assessed and certified together.
Reduce Breach Risk
A structured approach to identifying and treating privacy risks lowers the likelihood and impact of incidents.
Clear Accountability
Defined roles, records of processing and DPIAs make privacy responsibilities visible and auditable across your organisation.
How ISO/IEC 27701 Works
ISO/IEC 27701:2025 is a complete privacy management system in its own right — with its own requirements and role-based privacy controls — and it integrates seamlessly with an existing ISO/IEC 27001 ISMS.
A Standard in Its Own Right
The 2025 edition has its own management-system requirements (clauses 4–10) — certify your PIMS on its own, or alongside ISO 27001.
Controller & Processor Controls
One normative control set covering both roles — lawful basis, consent, data-subject rights, privacy by design, documented instructions and sub-processors.
Implementation Guidance
Practical guidance for putting the Annex A controls into effect — for both PII controllers and PII processors.
Statement of Applicability
Your SoA is extended to cover the privacy controls you apply, with justification for inclusions and exclusions.
Regulatory Mapping
Controls map to GDPR, the NZ Privacy Act 2020 and the Australian Privacy Principles for cross-jurisdiction evidence.
PII Principal Rights
Processes for handling data-subject requests, transparency and consent — embedded into day-to-day operations.
The ISO/IEC 27701 Certification Process
Cianaa assesses you from Stage 1 through to recertification — every stage led by certified lead auditors with privacy and security expertise.
Stage 1 Readiness Review
Voluntary readiness review — we assess your PIMS maturity against ISO/IEC 27701 requirements.
Stage 1 Audit
Documentation review against ISO 27701 — PIMS scope, controller/processor roles, SoA and privacy risk treatment.
Stage 2 Audit
Assessment of how effectively your privacy controls operate in practice, with interviews and evidence sampling.
Certificate Issued
On a successful audit you receive your ISO/IEC 27701 certificate from an accredited body — valid for a 3-year cycle.
Surveillance Audits
Annual surveillance audits confirm ongoing conformity, PIMS effectiveness and continual improvement.
Recertification
Full recertification audit renews your ISO/IEC 27701 certificate for another 3-year cycle.
Why Choose Cianaa Certification Partner
Independent, conflict-free certification — we assess and certify, we never consult on the systems we audit.
Multi-audit efficiency
Certify 27701 alongside 27001 (and 9001/42001) in a combined audit — less disruption, unified evidence.
Privacy & security expertise
Certified lead auditors who understand both information security and privacy management.
Transparent pricing
No hidden costs — transparent pricing and clear deliverables based on the standard’s requirements.
Crystal-clear reports
Audit reports with prioritised nonconformities and improvement opportunities — actionable, not buzzword-heavy.
Predictable timelines
Clear, realistic timelines that keep your team focused from Stage 1 to Stage 2.
Internationally accepted
Our process mirrors internationally accepted certification practice (Stage 1/Stage 2 → surveillance → recertification).
Book a Free ISO 27701 Scoping Call
Talk to a Cianaa specialist for a complimentary scoping call — we’ll confirm your PIMS scope and outline a clear, realistic certification pathway. No consulting, no sales pitch.
Certify Your Privacy Management with ISO 27701
Speak with our independent assessors to scope your ISO/IEC 27701 certification — conflict-free, across New Zealand & Australia.
Get in Touch →







