SAC Announces Transition to New Privacy Information Management System Standard

The Singapore Accreditation Council (SAC) has announced transition arrangements for accredited Privacy Information Management System (PIMS) certification bodies following the publication of new international standards ISO/IEC 27701:2025 and ISO/IEC 27706:2025 on 14 October 2025.

The updated ISO/IEC 27701:2025 certification standard represents a significant change from its predecessor, converting PIMS into a standalone management system standard that is now independent of ISO/IEC 27001. Key improvements include strengthened leadership and governance requirements, formal integration of privacy risk management, and the introduction of climate change considerations.

The new ISO/IEC 27706:2025 accreditation standard establishes a dedicated framework for PIMS certification bodies (CBs), with enhanced competence requirements for auditors and strengthened governance expectations for CBs. 

SAC has set a transition deadline of 31 October 2027 for accredited CBs to complete their transition to the above new standards. Certification bodies must then transition all their clients to ISO/IEC 27701:2025 by 31 October 2028.

Existing CBs currently accredited to ISO/IEC 27006-2:2021 are required to submit new application for PIMS through SACiNet. Following successful transition assessments, SAC will issue separate standalone certificates and schedules for PIMS and ISMS accreditations.

For more information, CBs to contact SAC.