ISO/IEC 27701:2025 specifies the requirements and provides guidance for implementing a privacy information management system (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management, within the context of your organization.

By attending our two-day course, you will understand how to implement the principles of ISO/IEC 27701:2025 and the required changes to extend your ISMS. It will help you understand how the requirements of ISO/IEC 27701 provide the basis of an effective PIMS and provides guidance for personally identifiable information (PII) controllers and/or processors, processing PII.

With the full support of a world-class BSI tutor, you’ll learn about ISO/IEC 27701:2025 common terms and definitions, as well as the how to implement the key concepts and requirements.

Course aim

The aim of this course is to gain an understanding of effective privacy management, by using a systematic framework to protect the confidentiality, integrity and availability of your information and that of your interested parties.

How will I benefit?

This course will help you to:

• Recognize how to extend an ISO/IEC 27001 ISMS to include specific requirements for protecting your PII and implementing a PIMS (addressing both information security and privacy protection)
• Identify where adjustments might need to be made to your ISMS to accommodate your situation and progress made to date, in respect of protecting privacy
• Increase your knowledge of the requirements and guidance contained within ISO 27701, from an implementation perspective

Your learning will be through an activity-based, delegate-centred approach. This will help you share experiences and knowledge with other attendees; bringing alive the information presented and resulting in enhanced retention and application to your own workplace.

What will I learn?

The course covers the following specific learning objectives:

• Explain key elements of a management system implementation process
• Identify a typical framework for implementing ISO/IEC 27701 following the PDCA cycle
• Conduct a base line review of the organizations current position with regard to ISO/IEC 27701
• Interpret the requirements of ISO/IEC 27701 from an implementation perspective in the context of their organization
• Implement key elements of ISO/IEC 27701

Who should attend?

Anyone involved in planning, implementing, maintaining or supervising an ISO/IEC 27701 PIMS should attend. The course is equally relevant to PII controllers and PII processors. 

Duration

2 days

How will I learn?

Our high-impact accelerated learning approach increases learning by improving knowledge retention and skill application. This course is activity-based, resulting in a deeper understanding of the material and a greater impact on job performance.

What will I gain?

On completion, you’ll be awarded an internationally recognized BSI Training Academy certificate.

Prerequisites 

You should already have a good knowledge of implementing an ISMS based on ISO/IEC 27001 and ISO/IEC 27002 and be looking to extend your ISMS to include privacy information management. 

A good knowledge of PIMS requirements and terminology is recommended. 

You should have previously attended an ISO/IEC 27701 requirements course and we also recommend that you understand whether a PIMS is currently employed in your organization.