Who should use ISO/IEC 27701?
ISO/IEC 27701 is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations. It provides guidance for organizations who are responsible for PII processing within an information security management system (ISMS), specifically PII controllers (including those who are joint PII controllers) and PII processors.