ISO 27701: Privacy of Personal Information

Information Privacy
ISO 27701

Implement, manage, and maintain all requirements set out by ISO 27701 for Information Privacy (PII) in an automated way.

PRODUCT SHEET

REQUEST A DEMO

Our software

Discover our ISO 27701 Software

With GlobalSuite®, you can implement the requirements to administer, manage data, and protect the privacy of Personally Identifiable Information (PII) without the need to develop a new management system. The platform is designed to complement the requirements and controls established by the ISO 27001 standard and the ISO 27002 code of practice, integrating privacy directly into information security.

The large-scale processing of personal information makes it necessary to verify that data is properly protected through a Privacy Information Management System (PIMS) in line with legislation. GlobalSuite® enables a “paperless” implementation, with a document manager that will help you handle all related documentation with full traceability of the actions performed.

Risk Analysis and Assessment
Measure the likelihood and impact of threats using the ISO 27701 control catalogue. Manage dependent risks and easily define acceptable risk levels.

Native integration with ISO 27001
Automate Information Security Management System (ISMS/PIMS) processes, producing the Statement of Applicability (SoA), Gap Analysis, and capacity management in a unified way.

Documentation and Metrics Management
Supports a 100% paperless environment. Consolidate documentation with version control and view indicators through the integrated dashboard or by connecting to Power BI.

Everything you need in
A single solution

PII Risk Identification

Configure rating levels and dimensions to guide services and processes through the asset inventory related to the processing of personal information.

Risk Analysis and Assessment

Parameterize likelihood and impact, and assess acceptable risk. View heat maps, simultaneous or dependent risks, and generate associated cost analyses.

ISMS Process Management

Manage key indicators, perform Gap Analysis, and automate the Statement of Applicability (SoA), directly linking ISO 27701 controls.

Dashboard and Power BI

Enables strategic management and control of the privacy system through advanced metrics, integrating an executive dashboard with Business Intelligence tools.

Take control of your operation
with a powerful and flexible solution

PII Control Catalogue

Integrates specific controls for controllers (Clause 7) and processors (Clause 8) of Personally Identifiable Information.

Assessment Questionnaires

Send and manage configurable questionnaires to assess privacy security internally and with your third parties or subcontractors.

Continuity and Training Plans

Maintain a record of each staff training plan and operational continuity plans linked to data processing.

Centralized Document Manager

Enables control of privacy policies, processing flows, and audit reports, eliminating document dispersion across the company.

Gap Analysis (GAP Analysis)

Quickly identify what is missing to align your current ISO 27001-based ISMS with the strict privacy requirements of ISO 27701.

GDPR Automation

Establishes an ideal certifiable foundation to facilitate and demonstrate ongoing compliance with data protection legislation such as the GDPR.

REQUEST A DEMO

Comprehensive Solutions

Privacy consulting and auditing

Our role is to provide consulting for the implementation, management, and maintenance of all the standard’s requirements. We assess how you should extend your ISO 27001 controls for cloud protection and analyze in detail the applicability of Clauses 5 to 8, ensuring transparency and readiness to certify your Privacy Information Management System (PIMS).

REQUEST A DEMO

Turnkey projects

We enable an agile rollout by integrating privacy requirements directly into your security environment. We parameterize catalogues, configure risk matrices, and generate dashboards so you can manage and protect Personally Identifiable Information (PII) from day one without technical friction.

REQUEST A DEMO

Accompaniment and Training

We provide technical training for DPOs and information security teams, ensuring they acquire the skills to operate the platform and maintain data traceability, supporting an ongoing process of continuous improvement of internal procedures.

REQUEST A DEMO

Support

Ongoing support service from GRC and Privacy experts. We resolve any technical issues and provide the necessary support to keep the solution up to date with new regulations or during the ISO 27701 audit and certification process.

REQUEST A DEMO

Resources

Whitepaper

Download the most important files on Privacy and Security

Webinar

Access our webinars and exclusive video content

Product sheet

Download the most important files from the Security module

References from our clients

“A very complete platform for the entire lifecycle of regulatory processes and document management. The user support is efficient and fast.”

Jose Maria R

Professor at the University of La Rioja

“What I like most about GlobalSuite® is its integrated approach that allows for seamless management of risk, compliance, and business continuity.”

Xavier R.

Research Economist

“It is easy to use and navigate. It allows you to manage all GRC processes in the same tool. The process was easy and the support in the project was excellent.”

Gemma G.

Mr. Director Risk Center of Expertise

Discover our reviews

Frequently asked questions about ISO 27701

ISO 27701 is an international standard that extends information privacy requirements. It provides guidelines for establishing, implementing, and improving a Privacy Information Management System (PIMS). It applies to any organization—public or private, of any size—that processes Personally Identifiable Information (PII).

ISO 27701 does not operate in isolation; it is a direct extension of ISO 27001 and the ISO 27002 code of practice. Its goal is to naturally integrate compliance and the management of personal data privacy (PIMS) under the umbrella of the organization’s existing Information Security Management System (ISMS).

Yes, it is a certifiable standard. Companies that already hold ISO 27001 certification can extend their scope to also certify their Privacy Information Management System, demonstrating to customers and auditors a higher level of commitment and transparency in data protection.

The standard provides a robust, methodological framework that is ideal for evidencing and facilitating ongoing compliance with the General Data Protection Regulation (GDPR) in Europe, as well as other applicable privacy legislation. It acts as an auditable foundation that builds trust with regulatory authorities.

The standard divides responsibilities. Clause 7 sets out the controls and specific implementation guidance for “controllers” or those responsible for Personally Identifiable Information. Clause 8, on the other hand, establishes the recommended controls for “processors” who handle third-party data or manage subcontractors.

Find out why customers
prefer GlobalSuite®

PRODUCT SHEET

REQUEST A DEMO

NIS 2

Our software