Standard about privacy

By | Wednesday October 21st, 2015

ISO – the International Organization for Standardization has already issued a set of guidelines and frameworks that anticipate the European Regulation on privacy.

The main standards already published are:

  • ISO / IEC 29100: 2011 Information technology – Security techniques – Policy framework
  • ISO / IEC 29101: 2013 Information technology – Security techniques – Privacy architecture
  • ISO / IEC 29190: 2015 Information technology – Security techniques – Privacy capability assessment model
  • ISO / IEC 27018: 2014 Information technology – Security techniques – Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII

The ISO / IEC 29100:2011 provides a privacy framework which:

  • specifies a common privacy terminology;
  • defines the actors and their roles in processing personally identifiable information (PII);
  • describes privacy safeguarding considerations; and
  • provides references to known privacy principles for information technology.

This framework should be used to protect personal information using specific controls to mitigate significant risks from the treatment.

The standard ISO / IEC CD 29134 Privacy impact assessment, is currently under development and it proposes a methodology to conduct an audit on the ‘ impact of privacy’.

ISO / IEC 29100 can be downloaded for free at this link:

Category: Impact, Risk and Measures Open Forum Tags: , , ,

About Attilio Rampazzo

I am a professional working in the Information Systems Domain: CISA, CRISC, CISO, CMC certified. My experience is mostly with Banks and big organizations especially in IT Service Management, Information Security Governance & Risk Management fields. Lead Auditor ISO 9001 ISO/IEC 27001 ISO/IEC 20000-1 ISO 22301 & Mod. 231, Privacy (D.Lgs. 196/03), IT Governance, Risk Analysis & Management, Architectural strategist for Information Systems: QoS, SLA, Business Continuity, Disaster Recovery Excellent Knowledge on multiple environments & new technologies: Mainframes, DBMS, TP Monitor, Windows, Linux Scientific Director of the project "Information Technology & Disability" of Progetto Gulliver Association Participation in meetings and activities of AICQ, AIPSI, ANIP, AIEA, AICA ALSI, Confindustria, Università di Udine, ISACA Venice Partecipation working groups AICQ: Information Security,Business Continuity, IT Service Management, Green/ Cloud/ Grid Computing Author and coauthor of articles published by the magazine "ICT Security", "Qualità" and "Mondo Digitale" Trainer qualified ISO/IEC 27001, ISO/IEC 20000, ISO 22301, ITIL found., Cobit 5 found.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.