Skip to content

The International Organization for Standards, better known simply as ISO, is an international standard on how organizations should manage information security. Organizations can obtain a certification from an accredited assessor that it is compliant with ISO security standards.

In 2019, ISO developed a privacy framework that was intended to build off of the existing ISO data security standards – i.e., ISO/IEC 27001:2013 (Information security management systems) and ISO/IEC 27002:2013 (Code of practice for information security controls) – by integrating into those existing security standards data privacy-related concepts. Among other things, the ISO 27701 privacy framework integrated many controls that were intended to relate to the European General Data Protection Regulation, which went into force in 2018. ISO 27701 is intended to be a certifiable extension to the 27001 certifications.