All frameworks// framework reference

ISO 27701 for EU B2B software companies.

ISO 27701 extends an ISO 27001 security management system with privacy controls. It is voluntary, but useful for companies that need to demonstrate GDPR-aligned privacy governance to enterprise customers, auditors, or procurement teams.

Information bankrecommendedLast updated May 12, 2026

Who it applies to

Companies with an ISO 27001 program that also need privacy assurance.
Processors and controllers handling customer or employee personal data.
Teams receiving GDPR and privacy governance questions from buyers.

What you need to do

Define privacy roles, processing responsibilities, and control ownership.
Maintain privacy risk, vendor, and evidence records.
Connect privacy controls to the broader ISMS.

How to use this entry

Use this page to understand the buyer or regulatory pressure before it becomes a deadline.
Run the regulation checker to see whether this area is likely to matter for your company now.
If it becomes relevant, Kaamos can help you scope the gap and turn it into prioritized security work.