CompliWiseAI
Data Protection · Global

ISO 27701 documentation generator

ISO/IEC 27701 extends ISO 27001 with a Privacy Information Management System (PIMS). It maps closely to the GDPR, covering controller and processor obligations for handling personally identifiable information (PII).

ISO/IEC 27701 turns your information security management system into a privacy management system, and it is the cleanest way to demonstrate GDPR accountability through a certifiable standard. It adds privacy-specific requirements and controls for both data controllers (Annex A) and processors (Annex B). CompliWiseAI generates the PIMS documentation set — privacy policy, PII processing records, controller/processor controls and data-subject-rights procedures — extending an existing ISO 27001 ISMS or standing alone.

Documents we generate for ISO 27701

9 required documents, each tailored to your company and structured for audit.

PIMS Scope & Applicability

Required

Boundaries of the Privacy Information Management System and its relationship to the ISMS.

Data protection · ISO 27701 §5.2

Privacy Information Management Policy

Required

Top-level policy for managing privacy and the protection of PII.

Data protection · ISO 27701 §5.2

Privacy Roles & DPO Responsibilities

Required

Privacy governance roles, including the DPO where appointed.

Data protection · ISO 27701 §6

Privacy Risk Assessment & DPIA Process

Required

How privacy risks to PII are assessed and when a DPIA is required.

Risk register · ISO 27701 §5.4 / GDPR Art. 35

Record of PII Processing

Required

Inventory of PII processing as controller and/or processor.

Log template · ISO 27701 §7.2 / GDPR Art. 30

Controller PII Controls (Annex A)

Required

Privacy controls applicable to PII controllers.

Data protection · ISO 27701 Annex A

Processor PII Controls (Annex B)

Privacy controls applicable to PII processors.

Data protection · ISO 27701 Annex B

Data Subject Rights Procedure

Required

Handling access, rectification, erasure and other PII rights.

SOP · ISO 27701 §7.3 / GDPR Art. 12–22

Privacy Incident & Breach Procedure

Required

Detecting, assessing and notifying personal data breaches.

Incident response · ISO 27701 / GDPR Art. 33–34

Privacy by Design & Default Procedure

Required

Embedding privacy into new systems, products and processes.

SOP · ISO 27701 Annex A / GDPR Art. 25

ISO 27701 readiness checklist

  • PIMS scope defined and roles (controller/processor) identified
  • Privacy management policy approved
  • Record of PII processing maintained
  • Privacy risk assessment / DPIA process in place
  • Controller (and processor) PII controls implemented
  • Data subject rights process operational
  • Privacy breach procedure tested
  • Privacy by design embedded in change process

ISO 27701 — frequently asked questions

What is the difference between ISO 27001 and ISO 27701?+

ISO 27001 manages information security; ISO 27701 extends it with privacy-specific requirements and controls for handling personal data (PII). You implement 27701 on top of a 27001 ISMS.

Does ISO 27701 prove GDPR compliance?+

It strongly supports it — ISO 27701 maps to GDPR articles and is widely used to demonstrate accountability — but certification is to the ISO standard, not to the GDPR itself.

Do I need ISO 27001 first?+

ISO 27701 builds on ISO 27001, so you implement or hold both. CompliWiseAI can generate the ISO 27001 ISMS documents alongside the 27701 privacy extension.

Start your ISO 27701 documentation free

Create a workspace, add ISO 27701, and generate your first audit-ready document in minutes.