Teamwork IMS
+44 (0) 118 207 8924
Get a quote
Insights
Home > Resources > ISO Standards > ISO 27701:2025 – What’s Changed & What It Means for Your Organisation 
Opinion | 2 minute read

ISO 27701:2025 – What’s Changed & What It Means for Your Organisation 

16 April, 2026

The International Organisation for Standardisation has released the updated ISO 27701:2025  standard.  Published in October 2025, the update introduced significant changes to the global framework for Privacy Information Management Systems (PIMS). This revision replaces the previous 2019 edition and reflects the evolving regulatory and security landscape. 

  1. ISO 27701 is now a fully standalone standard 

The most notable change is that ISO 27701:2025 is no longer an extension of ISO 27001 or 27002.  Organisations can now implement and certify a PIMS independently, without needing an ISMS in place.
 

  1. Improved alignment with modern ISO security standards

Although independent, the 2025 edition maintains strong alignment with ISO 27001:2022 and ISO 27002:2022.  Terminology, control structures and mappings have been updated to ensure consistency across related management systems.
 

  1. Restructured clauses and enhanced clarity

Management clauses (4.1 to 10.2) have been introduced, providing clearer requirements for establishing, operating and continually improving a PIMS.  This change creates a more intuitive and integrated structure that mirrors other ISO management system standards.
 

  1. Updated and expanded Annexes

The 2025 update includes revised and renumbered annexes with: 

  • 31 privacy controls for PII controllers 
  • 18 controls for PII processors 
  • 29 information security controls (newly introduced)
     
  1. Stronger global regulatory alignment

The standard has been tightened to better align with EU GDPR, UK GDPR and other global privacy frameworks.  Definitions and expectations around accountability, risk management and performance measurement are now more precise.
 

  1. Additionalguidance on emerging topics 

New guidance is provided for areas such as threat intelligence and cloud services, reflecting modern privacy and security risks.
 

  1. Transition timeline

Organisations certified to ISO 27701:2019 have three years from publication to transition to the new standard.  Certification bodies will phase out audits against the 2019 edition during this period.  More details are available on our dedicated transition webpage.  

If you require guidance on how these changes impact your organisation, or support preparing for the transition, please contact us. 

We’re here to help you stay compliant and future ready. 

Email share
LinkedIn share
Information securityISO 27701

Latest News

Read more
Read more
Read more