ISO 27701 Transition Course (2019 → 2025) clarifies the main changes introduced by the new edition of ISO/IEC 27701:2025 and their practical impact on documentation, controls, evidence, operation and auditing of a Privacy Information Management System (PIMS). The training supports a structured, consistent and applicable transition in an organisational context.
Quick Access: Introduction· Why this course exists· What this course enables· Frameworks and standards· Value· Objectives· Target audience· Prerequisites· Programme· Exam & Certification· Other information· Benefits· Logistics· FAQs· Registration
Upcoming dates
Confirmed dates.
Synchronous, live training. Interaction with the trainer and the group.
Live Online • next edition
Live Online • base price
Language: available in Portuguese or English
Training: practical and case-study based
Exam: 1h
PROFESSIONAL LEVEL — practical update and transition applied to the organisational context
Why this course exists
To support the transition from ISO/IEC 27701:2019 to ISO/IEC 27701:2025 with method, judgement and practical applicability.
Many organisations and professionals already work with ISO/IEC 27701:2019, but the move to the 2025 edition requires a structured reading of the changes, their impact on the PIMS, and how those changes translate into documentation, controls, records, evidence and audit readiness.
This course exists to reduce ambiguity and accelerate a consistent transition, combining a review of the 2019 edition, presentation of the 2025 edition, mapping between editions and a practical step-by-step approach, supported by a case study and workshop, so that the organisation can plan and execute the update with greater confidence.
What this course enables you to do
Identify changes
Recognise the main structural, conceptual and operational differences between ISO/IEC 27701:2019 and ISO/IEC 27701:2025.
Map impact
Understand the effect of the changes on policies, procedures, records, controls, roles, responsibilities and PIMS evidence.
Transition with method
Apply a practical step-by-step approach to structure the organisational transition from the 2019 edition to the 2025 edition.
Prepare audits
Understand the implications for internal audits, external audits and certification processes, including the audit and certification perspective associated with ISO/IEC 27706:2025.
Frameworks, standards and best practices addressed throughout the course
ISO/IEC 27701:2025
ISO/IEC 27706:2025
ISO/IEC 27001
ISO/IEC 27002
ISO/IEC 29100
ISO/IEC 27018
ISO/IEC 29151
GDPR
2019 → 2025 mapping
Documentary and operational transition
Audit and certification
Correlated best practices
Value for the organisation
- Clarifies the changes introduced by the new edition and reduces the risk of partial or outdated interpretations in privacy management.
- Supports the structured review of PIMS documentation, controls, records, roles and evidence.
- Accelerates the definition of an achievable transition plan aligned with the organisation’s reality.
- Strengthens readiness for internal audits, external audits and certification processes associated with the new edition.
Introduction
The ISO 27701 Transition course (2019 → 2025) is based on ISO/IEC 27701:2025 and supported by a structured review of ISO/IEC 27701:2019, following a practical approach with a case study, through which participants analyse differences between editions and their impact in an organisational context.
The course helps participants understand what has changed, what has remained, what should be reviewed and how to structure a consistent transition path for a Privacy Information Management System (PIMS), framing the relationship with ISO/IEC 27001, ISO/IEC 27002, the GDPR and relevant correlated references.
Throughout the training, participants work on requirements, controls, documentation, evidence, responsibilities and practical implications for implementation, operation, evaluation and auditing, including an audit and certification perspective with reference to ISO/IEC 27706:2025.
This ISO 27701 Transition Course (2019 → 2025) prepares participants to support an organisation in the transition to the new edition and to update professional competences, whether or not they already hold certifications in the field.
This Training Plan and all associated documents are protected by Copyright and registered as a literary work with IGAC.
General Objectives
At the end of this course, participants will be able to:
- Identify the main changes between ISO/IEC 27701:2019 and ISO/IEC 27701:2025.
- Understand the structure and requirements of ISO/IEC 27701:2025, including clauses 4–10 and relevant references.
- Understand the controls and guidance associated with the PIMS, including relevant annexes and guidance.
- Relate the new edition to ISO/IEC 27001, ISO/IEC 27002, ISO/IEC 27706:2025 and the GDPR.
- Assess the impact of the new edition on documentation, controls, records, evidence, roles and responsibilities.
- Apply a practical step-by-step approach to structure the organisational transition.
- Understand the implications for internal audits, external audits and certification processes.
- Discuss with peers, teams and auditors the main topics associated with the update to the 2025 edition.
Target Audience
- Privacy, data protection, risk, compliance, cybersecurity and governance professionals who need to update their knowledge for the 2025 edition.
- DPOs and profiles with coordination or support responsibilities in privacy programmes.
- Implementers, consultants and operational managers involved in maintaining or evolving a PIMS.
- Internal and external auditors who need to frame the new edition and its assessment implications.
- Certified or non-certified professionals in ISO/IEC 27701 who need to understand, in practical terms, the 2019 → 2025 transition.
Prerequisites
There are no mandatory formal prerequisites. However, familiarity with ISO/IEC 27701:2019 or practical experience in privacy, GDPR, audit, risk or ISO/IEC 27001 is recommended.
Other specific requirements may apply, where relevant, depending on the quotation or proposal presented.
Programme
Introduction to the course
- Training and ISO/IEC 27701 transition framework
- Objectives, structure and pedagogical approach
- Case study, workshop and working dynamics
Framework for the ISO/IEC 27701:2019 → 2025 transition
- Why the new edition was published and what changes in the standard’s framework
- Expected impact for organisations, teams and professionals
- Strategic reading of the transition: documentation, operation, control and evidence
Structured review of ISO/IEC 27701:2019
- Review of the structure and main requirements of the 2019 edition
- Core PIMS elements to preserve or reassess
- Points of attention when moving to the new edition
ISO/IEC 27701:2025 — requirements (clauses 4–10)
- Structured presentation of the requirements of the new edition
- Practical reading of clauses 4–10 in an organisational context
- Implications for context, leadership, planning, support, operation, evaluation and improvement
ISO/IEC 27701:2025 — PIMS controls and guidance
- Controls and guidance associated with the PIMS
- Applied reading of the annexes and relevant references
- Articulation with ISO/IEC 27001, ISO/IEC 27002 and other correlated references
2019 → 2025 correspondence and impact on documentation
- Mapping between editions
- Impact on policies, procedures, records, metrics and evidence
- Identification of gaps and review priorities
Practical step-by-step approach for the transition
- How to structure a realistic transition plan
- Recommended sequence for analysis, decision, update and validation
- Coordination between privacy, security, compliance, risk and audit
Audit, certification and ISO/IEC 27706:2025
- Implications of the new edition for internal and external audits
- Audit and certification perspective with reference to ISO/IEC 27706:2025
- Preparation for assessment and transition evidence
Case study, workshop and final consolidation
- Practical application of the changes in a real scenario
- Guided discussion on transition decisions
- Final consolidation of the main update points
Exam(s) and Certification
Exam “Certified Data Protection ISO/IEC 27701:2025 Transition”
The exam covers the following competence domains:
- Domain 1: Structure, concepts and main changes between ISO/IEC 27701:2019 and ISO/IEC 27701:2025
- Domain 2: Requirements, controls and operational implications of ISO/IEC 27701:2025
- Domain 3: Transition approach, evidence, audit and certification
Language(s): Portuguese and English.
Duration: 1 hour (60 minutes).
Format: Multiple choice.
Number of questions: as defined for the exam edition.
Pass mark: according to the criteria applicable to the current edition.
Results: Pass or Fail.
Issuing entity: Behaviour (legal entity), through its certification service Behaviour Certification Services.
Retake: 1 free retake within a maximum period of 2 months after the result of the initial exam.
Certification
After successfully completing the exam and accepting or signing the applicable agreement and Code of Ethics, the candidate achieves the credential Certified Data Protection ISO/IEC 27701:2025 Transition, issued by Behaviour (legal entity), through its certification service Behaviour Certification Services.
A Certificate and a Digital Certification Badge will be issued to participants who successfully complete the certification exam and satisfy all requirements of the certification for which they are applying.
The personal certification programme Certified Data Protection ISO/IEC 27701:2025 Transition is developed and maintained in accordance with the international standard ISO/IEC 17024.
Certification programmes are valid only for individuals, and the award and maintenance of certification depend on the exam result, professional experience and compliance with the applicable agreement and Code of Ethics.
If the professional does not comply with the agreement or the Code of Ethics, the certification is not granted or is revoked.
Other Information
General Information
- Training available in Portuguese or English.
- Training materials available in Portuguese or English, with online access, in accordance with the awarded conditions.
- Behaviour digital Training Attendance Certificate with 16 CPD/CPE credits.
- Online Certification Exam, in Portuguese or English, subject to the current edition and applicable conditions.
- If the candidate does not pass the exam, they are entitled to one free retake within a maximum period of 2 months from the release date of the initial exam result.
- Digital Certification Diploma and Digital Certification Badge after passing the exam and completing the application process.
Trainer(s)
The trainers are consultants, implementers and auditors with experience in privacy, data protection, risk, compliance and the ISO/IEC 27000 family of standards, with particular focus on ISO/IEC 27701 (2019 and 2025), ISO/IEC 27706:2025 and relevant correlated references.
Benefits
View benefits
- Structured update for certified professionals or professionals with practical responsibilities in privacy and data protection.
- Consistent reading of the changes introduced by the 2025 edition, reducing the risk of incorrect or incomplete interpretations.
- Practical support for reviewing PIMS policies, procedures, records, controls and evidence.
- Greater readiness for internal audits, external audits and certification processes associated with the new edition.
- Strengthening individual technical credibility by demonstrating formal and verifiable updating in relation to the new edition.
Logistics
Useful information
- Live Online (synchronous time): 09h30–13h00 and 14h00–17h30 (Lisbon time), with short breaks
- Classroom (synchronous time): 09h30–13h00 and 14h00–17h30 (Lisbon time), with short breaks
- 14 hours of synchronous training, distributed across 2 consecutive days
- Estimated 2 hours of guided autonomous work, intended for content consolidation and exam preparation
- Requirements: computer with stable internet, updated browser, PDF reader and audio/video
Hotels in Lisbon
Find out where you can stay in Lisbon, near Behaviour, for classroom training.
Frequently Asked Questions
Objective answers to additional questions about the scope and usefulness of the ISO 27701 Transition course (2019 → 2025)
Does this course replace an ISO 27701 Lead Implementer or ISO 27701 Lead Auditor course?
No. This course is focused on the transition between editions and on the practical understanding of the impact of ISO/IEC 27701:2025. For full implementation or in-depth auditing of a PIMS, dedicated paths such as Lead Implementer or Lead Auditor remain appropriate.
Is ISO/IEC 27706:2025 studied as a PIMS implementation standard?
No. In this course, ISO/IEC 27706:2025 is addressed as a complementary reference to frame audit, certification and the implications of the transition, and not as a substitute for ISO/IEC 27701 in implementing the management system.
Can the transition to the 2025 edition be treated only as a documentation update?
No. Although documentation is an important component, a consistent transition also requires reviewing processes, controls, records, roles, responsibilities and the evidence produced in practice.
Is this course useful for professionals certified by other entities?
Yes. The value of the course lies in the structured update to the new edition and in the ability to translate the changes into practical decisions and actions, regardless of the entity that issued the professional’s previous certification.
Does it make sense to attend this course before defining the internal transition plan or internal audit?
Yes. Attending the course before closing the transition plan or internal audit helps create a common understanding of what has changed, define priorities and reduce rework in the review of documentation, controls and evidence.
For general questions about registration, delivery modes, exams, certification and recertification, please consult the BEHAVIOUR® FAQs.
Registration
Complete the form to request your registration for the preferred edition. Check the upcoming dates.
Request more information
If you would like help to frame the course within your professional or organisational context, contact us and we will indicate the most suitable path.
Companies: request a proposal
For team registrations, we provide volume conditions and a proposal tailored to the organisational need.
This course may be attended by individual professionals. It may also be integrated into team update plans for organisations that need to follow the evolution of privacy requirements and transition to the current version of ISO/IEC 27701, with impact on processes, documentation and evidence.