Citiverse

This standard establishes a practical, technical baseline of specific methodologies and tools for the development, implementation, and use of effective fail-safe mechanisms in autonomous and semi-autonomous systems. The standard includes (but is not limited to): clear procedures for measuring, testing, and certifying a system's ability to fail safely on a scale from weak to strong, and instructions for improvement in the case of unsatisfactory performance. The standard serves as the basis for developers, as well as users and regulators, to design fail-safe mechanisms in a robust, transparent, and accountable manner.

This standard can be applied to internet-based business scenarios, and can also be served serve as a practical guide to achieve help assess business security risk control through the big data technology. This standard can be applied in other types of organization, including public or privately-owned or state-owned enterprises, associations, or organizations, or by individuals, to improve assessment of their protection capability against business security risks based on big data technology.

This document defines terms for identity management, and specifies core concepts of identity and identity management and their relationships. It is applicable to any information system that processes identity information.

ISO/IEC 24760-2:2015:

- provides guidelines for the implementation of systems for the management of identity information, and

- specifies requirements for the implementation and operation of a framework for identity management.

ISO/IEC 24760-2:2015 is applicable to any information system where information relating to identity is processed or stored.

ISO/IEC 29115:2013 provides a framework for managing entity authentication assurance in a given context. In particular, it:

- specifies four levels of entity authentication assurance;

- specifies criteria and guidelines for achieving each of the four levels of entity authentication assurance;

- provides guidance for mapping other authentication assurance schemes to the four LoAs;

- provides guidance for exchanging the results of authentication that are based on the four LoAs; and

- provides guidance concerning controls that should be used to mitigate authentication threats.

The document takes a multiple agency as well as a citizen-centric viewpoint. It provides guidance on:

- smart city ecosystem privacy protection;

- how standards can be used at a global level and at an organizational level for the benefit of citizens; and

- processes for smart city ecosystem privacy protection.

This document is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations that provide services in smart city environments.

This document specifies an interoperable, open and extensible information structure for recording PII principals' consent to PII processing. This document provides requirements and recommendations on the use of consent receipts and consent records associated with a PII principal's PII processing consent, aiming to support the:

- provision of a record of the consent to the PII principal;

- exchange of consent information between information systems;

- management of the life cycle of the recorded consent.

This document provides privacy engineering guidelines that are intended to help organizations integrate recent advances in privacy engineering into system life cycle processes. It describes:

(1) the relationship between privacy engineering and other engineering viewpoints (system engineering, security engineering, risk management); and

(2) privacy engineering activities in key engineering processes such as knowledge management, risk management, requirement analysis, and architecture design.

The intended audience includes engineers and practitioners who are involved in the development, implementation or operation of systems that need privacy consideration, as well as managers in organizations responsible for privacy, development, product management, marketing, and operations.

This document provides a framework and establishes requirements for attribute-based unlinkable entity authentication (ABUEA).

This document provides a user-centric framework for handling personally identifiable information (PII), based on privacy preferences.

This document provides a framework for identifying and mitigating re-identification risks and risks associated with the lifecycle of de-identified data.

This document is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations, that are PII controllers or PII processors acting on a controller’s behalf, implementing data de-identification processes for privacy enhancing purposes.

This document provides a description of privacy-enhancing data de-identification techniques, to be used to describe and design de-identification measures in accordance with the privacy principles in ISO/IEC 29100.

In particular, this document specifies terminology, a classification of de-identification techniques according to their characteristics, and their applicability for reducing the risk of re-identification.

This document is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations, that are PII controllers or PII processors acting on a controller's behalf, implementing data de-identification processes for privacy enhancing purposes.