What is the primary objective of **WELL**?

**The primary objective of WELL is to advance human health and well-being through performance-based building design, operations, and policies.** Administered by the International WELL Building Institute (IWBI), WELL v2 organizes requirements across **10 concepts**—**Air, Water, Nourishment, Light, Movement, Thermal Comfort, Sound, Materials, Mind, and Community**—with **24 mandatory Preconditions** and **102 optional Optimizations** plus **6 Innovation Optimizations**. It mandates on-site performance verification for outcomes like CO₂ ≤900 ppm and requires continuous monitoring pathways for sustained compliance.

Who is legally or professionally required to comply with **WELL**?

**WELL is voluntary and not legally mandated for any organization.** Professionally, it applies to building owners, developers, and operators pursuing certification across new/existing buildings via pathways like **WELL Certification**, **WELL Core** (≥75% leased space), or **WELL for Residential**. Corporate real estate executives, facility managers, and ESG leaders adopt it for occupant health metrics, with billions of square feet certified globally by firms like CBRE and JPMorgan.

Does **WELL** require an external audit or third-party certification?

**Yes, WELL requires third-party documentation review and on-site performance verification by authorized WELL Performance Testing Agents.** This includes two rounds of review (preliminary/final) via IWBI's platform and testing for air, water, light, thermal comfort, and sound at ≥50% occupancy. Certification levels—**Bronze (40 points)**, **Silver (50, min 1/concept)**, **Gold (60, min 2/concept)**, **Platinum (80, min 3/concept)**—demand all **Preconditions** met first.

How often should an assessment for **WELL** be performed?

**WELL certification requires recertification every three years with annual reporting for select features like air quality.** Ongoing assessments involve continuous monitoring (e.g., CO₂, PM2.5) and performance testing; projects submit data via IWBI's platform. Pre-testing is recommended pre-verification for high-risk features (e.g., Air near highways).

What are the consequences of non-compliance with **WELL**?

**Non-compliance results in certification denial, additional curative review fees, and delayed timelines.** Failed performance verification (e.g., unmet pollutant thresholds) requires remediation; no fines apply as WELL is voluntary, but reputational risks include lost ESG credibility and tenant demands.

An **WELL** be mapped to other international frameworks?

**No, these FAQs address WELL independently per standalone requirements.**

What is the first step to begin implementing **WELL**?

**The first step is project enrollment on IWBI's digital platform and scorecard development.** Identify applicable features, Preconditions, and target certification level (e.g., 40-80 points), then conduct a gap analysis prioritizing **Preconditions** across 10 concepts.

What is the primary objective of **ISO 27701**?

**ISO 27701 defines requirements and guidance for establishing, implementing, maintaining, and continually improving a Privacy Information Management System (PIMS).** It governs the lifecycle of personally identifiable information (PII) for **PII controllers** and **processors**, emphasizing demonstrable accountability, privacy risk management, and alignment with privacy laws through PDCA cycles, Clauses 4–10, and Annexes A (controllers) and B (processors).

Who is legally or professionally required to comply with **ISO 27701**?

**ISO 27701 applies to any organization acting as a PII controller, processor, or both that processes PII.** It targets all sectors handling PII—financial services, healthcare, cloud providers, SaaS vendors—regardless of size, including SMEs and enterprises needing auditable privacy governance for regulatory, contractual, or market demands.

Does **ISO 27701** require an external audit or third-party certification?

**ISO 27701 certification involves external audits by accredited third-party certification bodies via a two-stage process.** Stage 1 reviews documentation; Stage 2 verifies implementation through interviews and evidence sampling. Certification is valid for three years with annual surveillance audits and recertification at year three; the 2025 edition supports stand-alone PIMS audits.

How often should an assessment for **ISO 27701** be performed?

**ISO 27701 requires periodic internal audits, management reviews, and continual monitoring as part of Clause 9 performance evaluation.** Assessments occur via ongoing PDCA cycles, with full internal audits before certification and regularly thereafter to support annual surveillance audits and three-year recertification.

What are the consequences of non-compliance with **ISO 27701**?

**Non-compliance with ISO 27701 exposes organizations to regulatory fines, operational restrictions, and reputational damage from underlying privacy laws.** While voluntary, failure undermines PIMS evidence for laws like GDPR, risking multimillion-euro penalties, lost contracts, data breaches, litigation, and exclusion from supply chains demanding certified privacy controls.

Can **ISO 27701** be mapped to other international frameworks?

**Yes, ISO 27701 provides explicit mappings in its annexes to frameworks like GDPR (Annex D), ISO/IEC 27018, and ISO/IEC 29151 (Annex E).** Annex F details relationships to ISO/IEC 27001 and 27002, enabling integrated control sets, shared risk assessments, and consolidated audits for multi-framework compliance.

What is the first step to begin implementing **ISO 27701**?

**The first step is Phase 1 Discover & Scope: secure executive sponsorship, define PIMS scope, and conduct context analysis per Clause 4.** This includes PII inventory, data flow mapping, controller/processor role determination, and gap analysis against Clauses 4–10 and Annexes A/B to prioritize risks and roadmap.

WELL vs ISO 27701

Standards Comparison

WELL

Voluntary

2014

Certification standard for occupant health in buildings

ISO 27701

Voluntary

2019

International standard for privacy information management systems

Quick Verdict

WELL certifies healthy buildings via performance testing for occupant well-being, while ISO 27701 establishes auditable PIMS for privacy governance. Companies adopt WELL for ESG and talent attraction; ISO 27701 for regulatory compliance and trust.

Building Health & Wellness

WELL

WELL Building Standard v2

Cost

€€€€

Complexity

High

Implementation Time

12-18 months

Key Features

Requires mandatory on-site performance verification testing
10 core concepts for occupant health outcomes
Preconditions mandatory, Optimizations earn certification points
Certification tiers Bronze to Platinum via points
Supports continuous monitoring and annual reporting

Privacy Management

ISO 27701

ISO/IEC 27701:2025 Privacy Information Management

Cost

€€€€

Complexity

High

Implementation Time

6-12 months

Key Features

Stand-alone PIMS for controllers and processors
Risk-based privacy impact assessments (DPIAs)
Data subject rights (DSR) handling processes
Third-party processor contracts and oversight
Mappings to GDPR and ISO 27001 controls

Detailed Analysis

A comprehensive look at the specific requirements, scope, and impact of each standard.

WELL Details

What It Is

WELL Building Standard v2 is a performance-based certification framework administered by the International WELL Building Institute (IWBI). It focuses on designing, operating, and verifying buildings to advance human health and well-being. Scope covers new/existing buildings across types like offices, residential, hospitality. Key approach: evidence-based Preconditions (mandatory) and Optimizations (points-based) across 10 concepts.

Key Components

**10 core conceptsAir, Water, Nourishment, Light, Movement, Thermal Comfort, Sound, Materials, Mind, Community (+ Innovation).
24 Preconditions, 102+ Optimizations; total ~110 max points.
Built on public health/building science research.
Certification model: tiers (Bronze 40pts, Silver 50pts, Gold 60pts, Platinum 80pts) with concept minimums; requires documentation review + on-site testing.

Why Organizations Use It

Drives occupant productivity, retention, ESG reporting; complements LEED. Mitigates health risks, boosts rents/values (e.g., 7.7% higher rents). Builds stakeholder trust via verified outcomes; voluntary but tenant-demanded.

Implementation Overview

Phased: gap analysis, scorecard, design/ops integration, verification (testing by agents), recert every 3yrs. Applies universally; cross-functional teams key. Costs include fees (~$0.16/sqft review), testing; suits all sizes via Core/Residential paths.

ISO 27701 Details

What It Is

ISO/IEC 27701:2025 is the international standard providing requirements and guidance for establishing, implementing, maintaining, and improving a Privacy Information Management System (PIMS). It focuses on managing personally identifiable information (PII) lifecycle for controllers and processors, using a risk-based PDCA (Plan-Do-Check-Act) methodology aligned with ISO/IEC 27001:2022.

Key Components

Clauses 4–10 extend management system requirements for privacy.
Annex A (controllers) and Annex B (processors) specify privacy controls.
Mappings to GDPR (Annex D) and other standards.
Certification via accredited bodies, often integrated with ISO 27001 audits.

Why Organizations Use It

Demonstrates accountability for global privacy laws like GDPR, CCPA.
Mitigates regulatory fines, breach risks, vendor exclusions.
Builds trust, enables procurement differentiation, reduces compliance costs.

Implementation Overview

Phased: discover/scope, design/plan, implement/operate, validate/improve.
Involves PII inventory, DPIAs, DSR processes, training.
Suits all sizes/industries handling PII; voluntary certification with 3-year cycle.

Key Differences

Aspect	WELL	ISO 27701
Scope	Occupant health, well-being in buildings (10 concepts)	Privacy management system for PII processing
Industry	Real estate, offices, all building types globally	All sectors handling PII worldwide
Nature	Voluntary performance-based certification	Voluntary PIMS certification standard
Testing	On-site performance verification, continuous monitoring	Internal audits, third-party certification audits
Penalties	Loss of certification, no legal fines	Loss of certification, no direct penalties

Scope

WELL

Occupant health, well-being in buildings (10 concepts)

ISO 27701

Privacy management system for PII processing

Industry

WELL

Real estate, offices, all building types globally

ISO 27701

All sectors handling PII worldwide

Nature

WELL

Voluntary performance-based certification

ISO 27701

Voluntary PIMS certification standard

Testing

WELL

On-site performance verification, continuous monitoring

ISO 27701

Internal audits, third-party certification audits

Penalties

WELL

Loss of certification, no legal fines

ISO 27701

Loss of certification, no direct penalties

Frequently Asked Questions

Common questions about WELL and ISO 27701

WELL FAQ

ISO 27701 FAQ

You Might also be Interested in These Articles...

Top 10 NIST CSF 2.0 Myths Busted: Separating Hype from Reality for Smarter Adoption

Bust 10 NIST CSF 2.0 myths like 'only for critical infrastructure' or 'Govern replaces Identify'. Plain-English breakdowns, evidence, and fixes for flexible ris

Top 10 SOC 2 Audit Pitfalls and Fixes: Real Auditor Red Flags from Type 2 Fieldwork with Evidence Checklists

Discover 10 common SOC 2 Type 2 audit pitfalls like evidence gaps, scope creep, vendor oversights. Get Fail/Pass visuals, client stories, checklists for 95% fir

SOC 2 Trust Services Criteria in Plain English: Side-by-Side Decoder for Security, Availability, and Beyond

Decode AICPA Trust Services Criteria from auditor jargon to plain English with side-by-side tables, analogies & TL;DRs. CISOs & founders: implement SOC 2 contro

Run Maturity Assessments with GRADUM

Transform your compliance journey with our AI-powered assessment platform

Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.

100+ Standards & Regulations

AI-Powered Insights

Collaborative Assessments

Actionable Recommendations

Check out these other Gradum.io Standards Comparison Pages

GDPR vs SQF

Compare GDPR vs SQF: EU data privacy law meets GFSI food safety standard. Uncover key differences, compliance tips & strategies for seamless regulatory mastery. Dive in now!

ISO 37301 vs ISO 55001

ISO 37301 vs ISO 55001: Compare certifiable CMS & AMS standards. HLS-aligned for risk-based compliance, leadership & integration. Unlock governance value now!

ISO 19600 vs ISO/IEC 42001:2023

Compare ISO 19600 vs ISO/IEC 42001:2023: Withdrawn compliance guidelines meet AI management revolution. Discover differences, evolution to ISO 37301, and governance edge. Explore now!

WELL

ISO 27701

Quick Verdict

WELL

Key Features

ISO 27701

Key Features

Detailed Analysis

WELL Details

What It Is

Key Components

Why Organizations Use It

Implementation Overview

ISO 27701 Details

What It Is

Key Components

Why Organizations Use It

Implementation Overview

Key Differences

Scope

Industry

Nature

Testing

Penalties

Frequently Asked Questions

WELL FAQ

What is the primary objective of WELL?

Who is legally or professionally required to comply with WELL?

Does WELL require an external audit or third-party certification?

How often should an assessment for WELL be performed?

What are the consequences of non-compliance with WELL?

An WELL be mapped to other international frameworks?

What is the first step to begin implementing WELL?

ISO 27701 FAQ

What is the primary objective of ISO 27701?

Who is legally or professionally required to comply with ISO 27701?

Does ISO 27701 require an external audit or third-party certification?

How often should an assessment for ISO 27701 be performed?

What are the consequences of non-compliance with ISO 27701?

Can ISO 27701 be mapped to other international frameworks?

What is the first step to begin implementing ISO 27701?

You Might also be Interested in These Articles...

Top 10 NIST CSF 2.0 Myths Busted: Separating Hype from Reality for Smarter Adoption

Top 10 SOC 2 Audit Pitfalls and Fixes: Real Auditor Red Flags from Type 2 Fieldwork with Evidence Checklists

SOC 2 Trust Services Criteria in Plain English: Side-by-Side Decoder for Security, Availability, and Beyond

Run Maturity Assessments with GRADUM

Check out these other Gradum.io Standards Comparison Pages

GDPR vs SQF

ISO 37301 vs ISO 55001

ISO 19600 vs ISO/IEC 42001:2023