Drata supports ISO/IEC 27701:2025

Drata now supports ISO/IEC 27701:2025! ISO/IEC 27701:2025 is the latest version of the global standard for building a Privacy Information Management System (PIMS), extending ISO 27001 to define clear responsibilities for PII controllers and processors while supporting compliance efforts under regulations such as GDPR and CCPA. The 2025 update clarifies privacy governance, aligns with ISO’s harmonized structure and ISO 27001:2022, and strengthens accountability across the full PII lifecycle.

We now have those updates reflected in Drata as a fully mapped framework with requirements, DCF controls, and policy coverage.

What’s new

• Pre-Mapped Controls: Activate ISO 27701 controls that align to existing security programs—so teams spend less time interpreting requirements and more time operationalizing privacy.

• Cross-Framework Mapping: Reuse controls across ISO 27701, ISO 27001, GDPR, CCPA, and more to minimize duplicate work and simplify framework expansion.

• Policy Templates: Use privacy-focused templates (e.g., PIMS Policy, Data Protection, Breach Notification, Privacy Use & Disclosure) to accelerate policy adoption while maintaining alignment with ISO 27701 terminology and structure.