Accreditation of PIMS Certification Bodies

Privacy Information Management System

A PIMS is a comprehensive system for appropriately managing and protecting Personally Identifiable Information (PII) in the context of the processing of PII.

For information: Revision from ISO/IEC 27701:2019 to ISO/IEC 27701:2025

ISO/IEC 27701:2019, published in 2019, was a standard that extended ISO/IEC 27001 by adding privacy-specific requirements.
In ISO/IEC 27701:2025, revised in October 2025, it became an independent management system standard, not an extension of ISO/IEC 27001.

As a result of this change, the certification scheme is shifting from ISMS-PIMS certification, which was based on obtaining ISMS (ISO/IEC 27001) certification, to an independent PIMS certification that does not require ISMS certification.

Although the structure of ISO/IEC 27701:2025 has been significantly revised to be aligned with the ISO harmonized structure (identical clause numbers, clause titles, text and common terms and core definitions) that are common to other ISO management system standards (MSS) such as ISO/IEC 27001, the requirements for privacy information protection have not changed substantially.