IT Security

This document specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the context of the organization.

This document specifies PIMS-related requirements and provides guidance for PII controllers and PII processors holding responsibility and accountability for PII processing.

This document is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations, which are PII controllers and/or PII processors processing PII within an ISMS.

ISO/IEC 29134:2017 gives guidelines for

- a process on privacy impact assessments, and

- a structure and content of a PIA report.

It is applicable to all types and sizes of organizations, including public companies, private companies, government entities and not-for-profit organizations.

ISO/IEC 29134:2017 is relevant to those involved in designing or implementing projects, including the parties operating data processing systems and services that process PII.

ISO/IEC 29191:2012 provides a framework and establishes requirements for partially anonymous, partially unlinkable authentication.

This document defines a privacy architecture framework that:

— specifies concerns for ICT systems that process PII;

— lists components for the implementation of such systems; and

— provides architectural views contextualizing these components.

This document is applicable to entities involved in specifying, procuring, architecting, designing, testing, maintaining, administering and operating ICT systems that process PII.

It focuses primarily on ICT systems that are designed to interact with PII principals.

ISO/IEC 24760-2:2015

provides guidelines for the implementation of systems for the management of identity information, and
specifies requirements for the implementation and operation of a framework for identity management.
ISO/IEC 24760-2:2015 is applicable to any information system where information relating to identity is processed or stored.

ISO/IEC TS 33052:2016 defines a process reference model (PRM) for the domain of information security management. The model architecture specifies a process architecture for the domain and comprises a set of processes, with each described in terms of process purpose and outcomes.

This document provides the overview of cybersecurity. The terms and definitions provided in this document — describe cybersecurity and relevant concepts do not cover all terms and definitions applicable to cybersecurity; do not limit other standards in defining new cybersecurity- related terms for use

EC 61511-1:2016+A1:2017 gives requirements for the specification, design, installation, operation and maintenance of a safety instrumented system (SIS), so that it can be confidently entrusted to achieve or maintain a safe state of the process. IEC 61511-1 has been developed as a process sector implementation of IEC 61508:2010. The contents of the corrigendum of September 2016 have been included in this copy

Identity assertion, role gathering, multilevel access control, assurance, and auditing are provided by the Biometric Open Protocol Standard (BOPS). An implementation of the BOPS III spec is described, which includes both the software running on the client device as well as the server. Pluggable components are allowed to replace existing components' functionality, accepting integration into current operating environments in a short period of time. A “point-and-cut” mechanism to add the appropriate security to both development and production systems is offered through the BOPS implementation functionality. Homomorphic encryption and a tremendous simplification of the API are also described.

The standard defines methods of out-of-band third-party individual identity attestation and secure conveyance requiring no key storage on the endpoint device.