IT Governance achieves ISO 27701 certification, a privacy extension to ISO 27001


IT Governance has achieved ISO 27701 certification alongside its sister companies in GRC International Group. It is one of the world’s first organisations to receive ISO 27701 certification for a PIMS (privacy information management system).

ISO 27701 is a privacy extension to ISO 27001 that establishes privacy controls for the processing of personal data. The standard sets out how an organisation should include information security and data protection requirements in its management system activities. Specifically, it details the necessary provisions for establishing, implementing, maintaining and continually improving a PIMS.

To become one of the first organisations to achieve ISO 27701 certification, IT Governance undertook a thorough and meticulous audit of its internal PIMS through Certification Europe, one of the world’s leading certification bodies. The PIMS covers the processing of personal information across all activities of GRC International Group and for all group companies*.

Alan Calder, founder and executive chairman of IT Governance, said: “We’re incredibly proud to achieve ISO 27701 certification across GRC International Group. It’s a testament to our teams’ incredible work in rigorously ensuring our PIMS and data protection processes operate to an established, world-class standard. Like its parent, ISO 27001, ISO 27701 certification is likely to become a criterion for many business transactions, and we’re proud to be one of the organisations leading the way and upholding the highest standards of privacy and security.”

To find out more about IT Governance’s cyber risk and privacy management solutions, please visit our website, call +44 (0)1474 55 66 85 or email

* Excludes DQM GRC

This website uses cookies. View our cookie policy