Press Release

OneTrust Achieves World’s First ISO 27701 Certification, the Privacy Extension to ISO 27001

OneTrust earned ISO 27701 certification by completing audits using OneTrust’s own Privacy Management technology to document and demonstrate compliance regarding the processing of personal information

August 19, 2019

OneTrust today announced it has received the world’s-first ISO 27701 certification for a Privacy Information Management System, the privacy extension of the ISO 27001 that establishes privacy controls and for the processing of personal data, and may likely become the foundation for future GDPR certifications.

OneTrust completed the certification process quickly and efficiently by using the OneTrust Privacy Management suite of technology to demonstrate internal privacy program accountability under the ISO 27701 standards. ISO 27701 is fully built-in and available out of the box in OneTrust.

Learn more in our webinar ISO 27701 New Privacy Standard: How We Got Certified & How You Can Too! hosted by Andrew Clearwater, OneTrust’s CPO and Alex Li, Microsoft’s Director of Certification Policy, who is responsible for public policy aspect of ISO 27701 standard on August 28 at 11:00 am ET

“We’re incredibly proud to present OneTrust with the world’s first certificate issuance for a Privacy Information Management System (PIMS) against the audit criteria within ISO/IEC 27701:2019,” said David Forman, Senior Director of ISO Services, Coalfire. “OneTrust has been able to quickly establish and implement a brand-new management system within just a few days of the standard being released to the public, a testament to the OneTrust Privacy Management software system that complements the PIMS requirements and control objectives. We look forward to the continued partnership with OneTrust and further adoption of ISO 27701 as the de facto privacy standard within the market.”

Built on top of ISO 27001, which more than 60,000 organizations have certified to date, the ISO 27701 is the highly anticipated standard that is expected to be the first privacy management certification to get mainstream adoption and may serve as a basis for upcoming GDPR certifications. The ISO 27701 standard recommends organizations include information security and the protection of personal data requirements into their management system activities. Specifically, ISO 27701 details the necessary provisions for establishing, implementing, maintaining, and continually improving a PIMS. ISO 27701 provides practical guidance that can be used by personal data controllers, (including joint personal data controllers) and personal data processors (including those using subcontractors) to manage their privacy program.

To become the first to achieve ISO 27701 certification, OneTrust completed a rigorous audit of its internal PIMS by Coalfire ISO, the accredited certification body extension of Coalfire. OneTrust used the OneTrust Privacy Management technology to document evidence and demonstrate compliance regarding the processing of personal information. Some of these processes documented within the OneTrust Privacy Management software included:

  • PIMS Decision-Making
  • Documentation
  • Privacy Training, Testing and Attestation
  • Internal Audits
  • Records of Processing Activities
  • Risk Assessment and Treatment
  • Vendor Management
  • Incident Response
  • Data Subject Request Management
  • Consent Management

“As the first to announce ISO 27701 certification, we’re able to serve as a case study to ISO 27001-certified companies in how OneTrust technology can be used during an ISO 27701 audit for the documentation of evidence and demonstration of personal information processing compliance,” said Andrew Clearwater, CIPP/US, OneTrust Chief Privacy Officer, who led OneTrust’s ISO 27701 efforts alongside Brian Philbrook, Fellow of Information Privacy (FIP) and Privacy Counsel, OneTrust. “The ISO 27701 certification is likely to become a prerequisite for many business transactions just as ISO 27001 is viewed today. We look forward to working with companies across the globe to use OneTrust Privacy Management technology to help complete a successful ISO 27701 audit.”

To learn more, register for our webinar, ISO 27701 New Privacy Standard: How We Got Certified & How You Can Too! For additional information, or to request a live OneTrust Privacy Management Software demo, visit or email


About OneTrust

OneTrust is the #1 most widely used privacy, security and third-party risk technology platform trusted by more than 3,000 companies to comply with the CCPA, GDPR, ISO27001 and hundreds of the world’s privacy and security laws. OneTrust’s three primary offerings include OneTrust Privacy Management Software, OneTrust PreferenceChoice™ consent and preference management software, and OneTrust Vendorpedia™ third-party risk management software and vendor risk exchange. To learn more, visit or connect on LinkedInTwitter and Facebook.


About Coalfire ISO

As the certification arm of Coalfire, Coalfire ISO provides audit and certification services to public and private sector organizations, adhering to the applicable requirements of both ISO/IEC 17021-1:2015 and ISO/IEC 27006:2015. Coalfire ISO is an accredited certification body under both the ANSI National Accreditation Board (ANAB) and the United Kingdom Accreditation Service (UKAS).

You may also like


Third-Party Risk

Staying vigilant: 7 practical tips for ongoing third-party risk monitoring

In this webinar, we'll share seven practical tips for effective third-party risk monitoring, helping you to identify new risks and take timely action to protect your business.

August 02, 2023

Learn more


Third-Party Risk

Automating third-party management workflows: 5 ways to drive alignment across teams

Join us as we explore how automating third-party management workflows streamlines processes, drives alignment across teams, and reduces reduntant work.

July 19, 2023

Learn more


Third-Party Risk

Are your third parties a privacy compliance liability? 5 tips to reduce your exposure

Join our webinar and learn how to create an effective, privacy-focused third-party risk management (TPRM) program that streamlines recordkeeping and reduces your risk exposure.

July 05, 2023

Learn more