HomeCompliance › ISO 27701

ISO 27701 compliance software for privacy information management.

PIMS controls layered on top of ISO 27001 Annex A, controller and processor obligations split per Annex A and B, privacy-impact assessment register, sub-processor list. From €29 a month.

Open the portal See pricing

What is ISO 27701?

ISO/IEC 27701:2019 (Privacy Information Management System). Organisations already running an ISO 27001 ISMS who need a privacy-specific extension: controllers, processors, and joint-controllers who want a single certifiable PIMS aligned with GDPR.

Who needs to comply

  • B2B SaaS already certified to ISO 27001 wanting a privacy add-on
  • Data processors (especially platforms hosting customer personal data)
  • Controllers in regulated sectors (health, finance, public sector)
  • Multi-national groups operating GDPR alongside other privacy regimes (CCPA, LGPD, PIPL)

Key ISO 27701 controls covered by Dazr

Clauses 5-8PIMS-specific extensions to ISO 27001 Clauses 4-10: context, leadership, planning, support, operation, performance evaluation, improvement.
Annex A (controller)31 controller-specific controls: lawful basis, data subject rights, transparency, retention, transfers.
Annex B (processor)18 processor-specific controls: contractual basis, sub-processor governance, controller assistance, transfers.
GDPR mappingPIMS clauses mapped to GDPR Articles 5-49 in Annex D for joint use.

What auditors look for

ISO 27701 audits sample the same evidence as ISO 27001, plus the PIMS-specific clauses: controller obligations in Annex A and processor obligations in Annex B, with a DPIA register and a sub-processor list as routine sampling targets.

How Dazr helps with ISO 27701

  • Layer ISO 27701 controls on top of an existing ISO 27001 program in one workspace
  • Run the controller / processor split with separate task sets
  • Hold the DPIA register and sub-processor list with review cadences
  • Track international transfers, SCCs and TIA evidence per arrangement
  • Hand the auditor a read-only view that covers ISMS and PIMS together

Back to the full Dazr Compliance overview › | Sign up free ›

ISO 27701 questions, answered.

Do we need ISO 27001 first?

Yes, in practice. ISO 27701 is a privacy extension that requires an ISMS in scope. Dazr lets you enable both frameworks; the same evidence often serves both.

Are we a controller, a processor, or both?

Most B2B SaaS is processor for customer data and controller for marketing and HR data. Dazr lets you record both roles and runs Annex A and Annex B tasks in parallel where they apply.

How does this differ from GDPR?

GDPR is the law; ISO 27701 is a certifiable management system that helps demonstrate compliance. The platform tracks both: GDPR Articles 30 and 33 alongside ISO 27701 Annex A and B.

Where is data hosted?

European Union only. AES-256-GCM at rest. Italian entity, EU jurisdiction.

Ready to start your ISO 27701 program?

Free for one user. Pro €29/mo and Enterprise €299/mo are self-serve via Mollie. Custom (from €800/mo) is the only tier on a contract.

Open the portal All frameworks