We are pleased to announce that the update of ISO/IEC 27701, the global standard for Privacy Information Management Systems (PIMS), has officially arrived. On 14 October 2025, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) announced the approval and release of the revised version.

The most notable change in this edition is that ISO/IEC 27701 is now a fully independent standard. Organizations can now implement and certify their PIMS without relying on an existing Information Security Management System (ISMS), making privacy management more accessible and tailored to a broader range of entities.

While the new version builds on foundational elements from ISO/IEC 27701:2019, ISO/IEC 27001:2022, and ISO/IEC 27002:2022, it is designed to integrate seamlessly with other management systems such as ISO 9001 (quality), ISO/IEC 27001 (information security), and ISO/IEC 42001 (artificial intelligence). This flexibility supports adoption across organizations of varying sizes and complexities.

🔍 Key Enhancements in ISO/IEC 27701:2025

– Transitioned to a stand-alone PIMS, no longer dependent on ISO/IEC 27001.

– Expanded and refined guidance for both data controllers and processors.

– Clearer directives for handling personal data in AI-driven and digital environments.

– Stronger emphasis on embedding privacy into organizational leadership, governance, planning, and continuous improvement.

– Better alignment with global privacy regulations including GDPR, CCPA, and LGPD.