Area of Expertise

ISO 27701:2025 PIMS

Privacy controls layered onto an existing ISMS without duplicating owners or evidence.

What This Involves

Scope & boundary definition

Establishing exactly what's in and out of scope before any control work starts — the single most common source of audit surprises.

Gap and risk assessment

Mapping current state against the framework's requirements, prioritised by actual business risk, not a generic checklist.

Control design and documentation

Policies and procedures written to match how the organisation actually operates.

Evidence and internal audit

Building the evidence trail an external auditor or customer security team will actually test.

Who This Matters For

Organisations under real pressure to demonstrate this framework — a customer contract requiring it, a certification deadline, or a board that wants independent assurance rather than internal sign-off.

How I Think About It

I apply the same four-step discipline to every framework: Assess Reality, Design What Fits, Validate Early, and Strengthen What Matters.

Delivered through CertiTrust Consulting

ISO 27701:2025 PIMS engagements are delivered through CertiTrust Consulting, where I lead every engagement personally as Principal Consultant. Scoping, proposals, and billing happen there — not on this profile.

View this service at CertiTrust →

Have a Question About ISO 27701:2025 PIMS?

Call Schedule a Conversation