Home Certification Schemes ISO/IEC 27701
Information Security & AI ISO/IEC 27701 2025

Privacy Information Management

Stand-alone international standard for privacy information management systems (PIMS). Addresses GDPR and other privacy regulatory frameworks through a structured management approach.

technology finance healthcare data management
About This Standard

ISO/IEC 27701 is a stand-alone privacy information management system standard, providing requirements and guidance for protecting personally identifiable information (PII). While it extends ISO/IEC 27001 and ISO/IEC 27002 with privacy-specific controls, the 2025 revision makes it usable independently of those standards.

The standard maps to major privacy regulations including GDPR, CCPA, and similar frameworks, providing organisations with a structured approach to demonstrating privacy compliance. It includes specific requirements for both PII controllers and PII processors.

ACI-certified auditors assess PIMS design and operational effectiveness, review controller and processor-specific requirements, and evaluate the adequacy of privacy risk management and data subject rights processes.

Examination Topic Areas
Privacy risk assessment and privacy impact assessment (DPIA)
GDPR and international privacy regulation mapping
PII controller-specific requirements and data governance
PII processor-specific requirements and contractual controls
Consent management and data subject rights fulfilment
Privacy by design and data minimisation requirements
International PII transfers and cross-border data flow controls
Third-party privacy obligations and vendor assessment
Examination & Certification Process
01
Attend Training

Attend an ACI-Approved Training Provider (ATP) course for your chosen grade level. ACI-approved courses are aligned to the examination syllabus for ISO/IEC 27701.

02
Sit the Examination

Examinations are administered exclusively through ACI Approved Training Providers. Foundation and Internal Auditor examinations require 70% to pass; Lead Auditor requires 65%.

03
Apply for Certification

Submit your application through the ACI portal with your examination result, training certificate, and relevant audit experience log. Upon approval you receive your ACI Card ID and digital certificate.

Scheme Details
Standard ISO/IEC 27701
Edition 2025
Category Information Security & AI
Cert. Period 3 years
Framework ISO/IEC 17024 Aligned
Available Grades PA · AA · AU · LA · PR · FACI
Get Certified
Apply for Certification → Find an ATP Entry Requirements
All Certification Schemes
Auditor Grades

Available Grades for ISO/IEC 27701

All six ACI auditor grades are available for this scheme. Each grade has defined competence, experience, and examination requirements.

PA
Provisional Auditor

Entry-level certification for those beginning their auditing career. Suitable for individuals who have completed foundation training but have limited audit experience.

Foundation examination pass (70%)
No prior audit experience required
Annual CPD requirement applies
AA
Associate Auditor

For auditors who have completed Internal Auditor training and have begun accumulating audit experience under supervision or in an internal audit role.

Internal Auditor examination pass
Minimum 2 internal audits conducted
Annual CPD requirement applies
AU
Auditor

Full auditor grade for practitioners with demonstrated audit experience. Recognised as a competent independent auditor of management systems.

Internal Auditor examination pass
Minimum 5 complete audits
Annual CPD requirement applies
LA
Lead Auditor

Senior grade for experienced auditors capable of leading audit teams and managing full audit programmes. The most widely recognised auditor grade internationally.

Lead Auditor examination pass (65%)
Lead Auditor training course
Minimum 10 complete audits as team lead
PR
Principal Auditor

Advanced grade for highly experienced auditors demonstrating sustained performance in complex audit environments and contributions to the auditing profession.

Lead Auditor grade prerequisite
Minimum 5 years audit experience
Professional development portfolio
FACI
Fellow of ACI

The highest ACI designation, awarded to individuals who have made an exceptional contribution to the management system auditing profession and to the ACI community.

By nomination and committee review
Exceptional professional contribution
Sustained ACI membership
Ready to certify in ISO/IEC 27701?

Find an Approved Training Provider, sit the examination, and submit your application to ACI.

How to Apply → Find an ATP