iso iec 27706 2025 transition announcement

The ISO/IEC 27706:2025 Standard, intended for organizations providing audit and certification of Privacy Information Management Systems, was published on 31 October 2025 and replaced ISO/IEC TS 27006-2:2021.

International Accreditation Service (IAS) defined the transition period as 12 months through the IAS/MSCB/125 Technical Bulletin dated 25 February 2026. Accordingly, PIMS certification bodies are required to complete their transition to ISO/IEC 27706:2025 no later than 31 October 2026.

With the new standard, the following areas in particular have been revised:

  • Competence and authorization criteria for personnel involved in certification activities,
  • Calculation of audit durations based on the organization’s PII role, effective number of personnel and personal data processing risks,
  • Planning of on-site, remote and hybrid audit methods,
  • Verification during application that the PIMS is documented and implemented,
  • Clear identification of PII controller and PII processor roles within the certification scope,
  • PIMS-specific aspects to be evaluated during Stage 1, Stage 2 and surveillance audits,
  • Audit reports, technical review and certification decision processes,
  • PII role, PII principals and Statement of Applicability information required to be included on certificates.

Kioscert Certification has conducted the gap analysis within the scope of the transition to ISO/IEC 27706:2025 and has updated the relevant procedures, forms, audit duration calculation method, personnel competence criteria, audit reports and certificate documents.

Due to the changes in the audit duration calculation method, the audit durations of our existing customers and, where necessary, their contracts may be reassessed.

For details of the transition process, you may review our ISO/IEC 27706:2025 Transition Guide and Gap Analysis document or contact Kioscert Certification.


Please Wait