The aim of the standard is to enhance the existing Information Security Management System (ISMS) with additional requirements to establish, implement, maintain, and continuously improve a Privacy Information Management System (PIMS).

Compared to the ISO/IEC 27001 standard, ISO/IEC 27701 includes additional requirements for understanding the organization's context and planning, as well as additional guidelines for implementing controls from Annex A.

ISO/IEC 27701 provides a framework for managing privacy controls for personal data processors and controllers, aiming to reduce the risk of compromising personal data.

The standard consists of:
1. Specific PIMS requirements related to ISO/IEC 27001.
2. Specific PIMS guidelines related to ISO/IEC 27002.
3. Additional ISO/IEC 27002 guidelines for controllers.
4. Additional ISO/IEC 27002 guidelines for processors.
5. Six annexes, including two normative and four informative annexes:
◦ Annex A (normative): PIMS-specific control and control reference objectives (controllers).
◦ Annex B (normative): PIMS-specific control and control reference objectives (processors).
◦ Annex C (informative): Mapping to ISO/IEC 29100.
◦ Annex D (informative): Mapping to GDPR (General Data Protection Regulation).
◦ Annex E (informative): Mapping to ISO/IEC 27018 and ISO/IEC 29151.
◦ Annex F (informative): How to apply ISO/IEC 27701 to ISO/IEC 27001 and ISO/IEC 27002.

ISO/IEC 27701 is intended for certification as an extension to the ISO/IEC 27001 certification. In other words, organizations seeking ISO/IEC 27701 certification must already be certified under the ISO 27001:2013 standard for information security.

The ISO/IEC 27701 certificate serves as evidence of compliance with GDPR (General Data Protection Regulation) and data protection laws.