+31 (0)73 220 2000 | info@brandcompliance.com
English
  • Dutch
  • English
  • Français
  • België
  • Dutch
  • English
  • Français
  • België
Brand Compliance
  • Certify
    • ISO 9001
    • ISO 22301 (BCM)
    • ISO 19770-1 (IT-assets)
    • ISO 27001
    • ISO 27017 and ISO 27018
    • BIO
    • ISO 27701 (Privacy)
    • NEN 7510
  • IT Assurance
    • SOC 2
  • Vacancies
  • Knowledge base
  • BC Academy
Discuss your situation
  • Information security
    • ISO 27001
    • NEN 7510
    • CyFun
      • CyFun verification
      • Request CyFun verification
    • ISO 27799
    • ISO 27017 and ISO 27018
    • BIO
    • ISO 19770-1
  • Privacy
    • BC 5701
    • ISO 27701
    • GDPR standard BC 5701:2024 EN
  • IT assurance
    • SOC 2
    • ISAE 3402
    • ISAE 3000
  • Quality & continuity
    • ISO 9001
    • ISO 14001
    • ISO 22301
  • Knowledge & news
    • Knowledge articles
    • News
  • Academy
    • All training courses
    • NIS2 & CyFun
    • ISO 27001
  • About us
    • Accreditations
    • Careers
    • Compliment, complaint or tip
    • Locations
    • Privacy Statement
    • Contact

Preparing for certification

6
  • Certification checklist: how to prepare for certification
  • Do you have your first certification audit soon?
  • The certification process step by step
  • How long does ISO certification take?
  • How to conduct an internal audit
  • Describing the scope of certification: tips and examples

Audit process & certification cycle

7
  • Initial audit Stage 1
  • Initial audit Stage 2
  • What is a certification cycle?
  • Nonconformities within the management system
  • What should you know about certificate suspension or revocation?
  • Transfer of certification
  • The use of certification logos

Management systems & key concepts

6
  • Whitepaper management system audits
  • Quality Management: best practices for success
  • The Brand Compliance glossary
  • What is a management system?
  • Internal or external audit?
  • Accreditation versus certification

Information security

3
  • Excelling in information security: best practices
  • Operational Capabilities: The Backbone of Information Security
  • The Traffic Light Protocol (TLP): what does it mean for you?

NEN 7510 & healthcare

4
  • Transition to NEN 7510-1:2024
  • NEN 7510 without healthcare institution?
  • How to expand with NEN 7510
  • The differences between ISO 27001 and NEN 7510

NIS2 & CyberFundamentals

5
  • ISO 27001 in a NIS2 context in Belgium
  • CyberFundamentals 2025: transition from CyFun 2023 to 2025
  • Self-assessment & CyFun verification: best chance of success
  • NIS2 liability for board members
  • CyberFundamentals Framework in Belgium: what is the relationship with NIS2?

Privacy & data protection

8
  • ISO 27701:2025 transition
  • GDPR compliance best practices
  • Data breach: What is it and how do you prevent it?
  • Your Data Protection Officer and the GDPR
  • Your record of processing activities and the GDPR
  • Checklist for your BC 5701 certification
  • BC 5701 certification: where do you start?

Assurance audits

1
  • ISAE 3402 vs SOC 2: what is the difference?
View Categories

ISO 27701:2025 transition

ISO 27701:2025 is the revised international standard for privacy information management systems (PIMS). Organisations currently certified against ISO/IEC 27701:2019 must transition to the new edition by 1 October 2028.

The official designation of the standard is ISO/IEC 27701:2025. The new edition contains several substantive changes and has been restructured as a standalone management system standard. This means that ISO/IEC 27701 can now be implemented and certified independently of ISO/IEC 27001.

This page explains what the ISO 27701:2025 update means for your certification, when you must complete the transition and what Brand Compliance will assess during the transition audit.

What has changed in ISO 27701:2025? #

The previous edition, ISO/IEC 27701:2019, was structured as an extension to ISO/IEC 27001 and ISO/IEC 27002. ISO/IEC 27701:2025 has been rewritten as a standalone management system standard for privacy information management.

The revised standard contains its own management system requirements and follows the harmonised structure used by other ISO management system standards. Organizations must therefore assess the differences between the 2019 and 2025 editions and determine which changes are required within their PIMS.

ISO 27701:2025 #

ISO 27701:2025 transition deadline #

A transition period of three years applies from the publication of ISO/IEC 27701:2025. The transition period ends on 1 October 2028.

Until this date, existing certificates based on ISO/IEC 27701:2019 remain valid, provided that the regular certification requirements continue to be met.

After 1 October 2028, certificates based on ISO/IEC 27701:2019 will no longer be valid. Organisations must therefore successfully complete the transition audit before the end of the transition period.

What does the ISO 27701 update mean for your organization? #

A transition audit is required to transfer your existing certification to ISO/IEC 27701:2025.

Brand Compliance will contact its certificate holder to schedule the transition audit. Where possible, the transition audit will be combined with a regular surveillance or recertification audit within the current certification cycle.

We recommend starting your preparations in good time. Your organization should analyse the changes to the standard, assess their impact on the PIMS and implement any necessary adjustments before the transition audit.

How can you prepare for the transition? #

Before the transition audit, your organization should be able to demonstrate that it has:

• Analysed the differences between ISO/IEC 27701:2019 and ISO/IEC 27701:2025
• Assessed whether changes to the PIMS are necessary
• Updated the Statement of Applicability
• Updated the risk treatment plan
• Implemented new or modified PIMS processes where required
• Conducted an internal audit against the new requirements
• Evaluated the transition and the effectiveness of the PIMS during the management review

These activities provide the evidence required to demonstrate that your organization has addressed the ISO 27701:2025 requirements.

What does the transition audit cover? #

During the transition audit, Brand Compliance assesses the application of ISO/IEC 27701:2025 in accordance with ISO/IEC 27706:2025.

The audit includes an assessment of:

  • Your organization’s approach to the transition
  • The analysis of the changes between the two editions
  • The gap analysis used to determine whether changes to the PIMS are required
  • The updated Statement of Applicability
  • The updated risk treatment plan
  • The implementation and effectiveness of new or modified PIMS processes
  • The internal audit and management review relating to the new requirements

How long does the transition audit take? #

The ISO 27701:2025 transition audit takes six hours. An additional two hours are allocated for reporting and administrative processing.

Where possible, Brand Compliance will schedule these activities in conjunction with a regular audit.

Nonconformities during the transition audit #

Nonconformities may be identified during the transition audit. They are handled as follows:

  • Minor nonconformities: your organization must submit an action plan for approval by Brand Compliance
  • Major nonconformities: the corrective actions must be fully verified before the new certificate can be issued

Completion of the ISO 27701:2025 transition #

Once the transition audit has been successfully completed and any nonconformities have been adequately addressed, your organization will receive a new certificate based on ISO/IEC 27701:2025.

The expiry date of your current certification cycle remains unchanged. Completing the transition does not start a new certification cycle.

Frequently asked questions about ISO 27701:2025 #

When is the ISO 27701:2025 transition deadline?

The transition period ends on 1 October 2028. After this date, certificates based on ISO/IEC 27701:2019 will no longer be valid.

Does my ISO 27701:2019 certificate remain valid?

Yes. Your existing certificate remains valid during the transition period, provided that the regular certification requirements continue to be met. You must complete the transition before 1 October 2028.

Is a transition audit mandatory?

Yes. Organizations currently certified against ISO/IEC 27701:2019 must complete a transition audit to receive a certificate based on ISO/IEC 27701:2025.

Can the transition audit be combined with a regular audit?

Where possible, Brand Compliance will combine the transition audit with a regular surveillance or recertification audit.

Will the transition start a new certification cycle?

No. After successful completion of the transition, the expiry date of your current certification cycle remains unchanged.

What happens if nonconformities are identified?

For minor nonconformities, your organization must submit an action plan for approval. Major nonconformities must be fully verified before Brand Compliance can issue the new certificate.

Questions about ISO 27701:2025?

Do you have questions about ISO/IEC 27701:2025, the transition deadline or the required transition audit? Please contact Brand Compliance.

Share This Article :

  • Facebook
  • X
  • LinkedIn
Updated on 14 July 2026
BC 5701 certification: where do you start?GDPR compliance best practices
Contents
  • What has changed in ISO 27701:2025?
  • ISO 27701:2025 transition deadline
  • What does the ISO 27701 update mean for your organization?
  • How can you prepare for the transition?
  • What does the transition audit cover?
  • How long does the transition audit take?
  • Nonconformities during the transition audit
  • Completion of the ISO 27701:2025 transition
  • Frequently asked questions about ISO 27701:2025

Accreditation

RvA C548Brand Compliance B.V. has accreditation (C548) to certify ISO 27001, ISO 27701 NEN 7510 and ISO 9001 technical area 33 information technology and 35 other services.

View our accreditations

Contact

Have a question about certification, verification or assurance?

info@brandcompliance.com
+31 (0)73 220 2000

Prefer local contact details?
View our locations

Our locations

‘s-Hertogenbosch, The Netherlands

Antwerp, Belgium

Ottignies-Louvain-la-Neuve, Belgium

Stockholm, Sweden

Dublin, Ireland

Luxembourg, coming soon

Practical information

Privacy statement

Terms and conditions

Company details

Feedback and complaints

 

© Copyright 2026 Brand Compliance