The ISO/IEC TS 29003:2018 standard:- gives guidelines for the identity proofing of a person;- specifies levels of identity proofing, and requirements to achieve these levels.ISO/IEC TS 29003:2018 is applicable to identity management systems.
This document specifies the key requirements of a quality open source license compliance program in order to provide a benchmark that builds trust between organizations exchanging software solutions comprised of open source software.
This document provides a description of privacy-enhancing data de-identification techniques, to be used to describe and design de-identification measures in accordance with the privacy principles in ISO/IEC 29100.In particular, this document specifies terminology, a classification of de-identification techniques according to their characteristics, and their applicability for reducing the risk of re-identification.This document is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations, that are PII controllers or PII processors acting on a controller's behalf, implementing data de-identification processes for privacy enhancing purposes.
ISO/IEC 29100:2011 provides a privacy framework which- specifies a common privacy terminology;- defines the actors and their roles in processing personally identifiable information (PII);- describes privacy safeguarding considerations; and- provides references to known privacy principles for information technology.ISO/IEC 29100:2011 is applicable to natural persons and organizations involved in specifying, procuring, architecting, designing, developing, testing, maintaining, administering, and operating information and communication technology systems or services where privacy controls are required for the processing of PII.
This document gives guidelines for:- a process on privacy impact assessments, and- a structure and content of a PIA report.It is applicable to all types and sizes of organizations, including public companies, private companies, government entities and not-for-profit organizations. This document is relevant to those involved in designing or implementing projects, including the parties operating data processing systems and services that process PII.
This document specifies controls which shape the content and the structure of online privacy notices as well as the process of asking for consent to collect and process personally identifiable information (PII) from PII principals.This document is applicable in any online context where a PII controller or any other entity processing PII informs PII principals of processing.
This document provides privacy engineering guidelines that are intended to help organizations integrate recent advances in privacy engineering into system life cycle processes. It describes:(1) the relationship between privacy engineering and other engineering viewpoints (system engineering, security engineering, risk management); and(2) privacy engineering activities in key engineering processes such as knowledge management, risk management, requirement analysis, and architecture design.The intended audience includes engineers and practitioners who are involved in the development, implementation or operation of systems that need privacy consideration, as well as managers in organizations responsible for privacy, development, product management, marketing, and operations.
This document specifies an interoperable, open and extensible information structure for recording PII principals' consent to PII processing. This document provides requirements and recommendations on the use of consent receipts and consent records associated with a PII principal's PII processing consent, aiming to support the:- provision of a record of the consent to the PII principal;- exchange of consent information between information systems;- management of the life cycle of the recorded consent.
The document takes a multiple agency as well as a citizen-centric viewpoint. It provides guidance on:- smart city ecosystem privacy protection;- how standards can be used at a global level and at an organizational level for the benefit of citizens; and- processes for smart city ecosystem privacy protection. This document is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations that provide services in smart city environments.
ISO/IEC 14496-27:2009 specifies how tests can be designed to verify whether compressed data (i.e. bitstreams) and decoders meet the requirements for the synthetic 3D graphics tools specified in ISO/IEC 14496‑11:2005, ISO/IEC 14496‑16:2006, ISO/IEC 14496‑21:2006, and ISO/IEC 14496‑25:2009. ISO/IEC 14496-27:2009 does not specifically address encoders. As far as synthetic 3D graphics are concerned, an encoder can be said to be an ISO/IEC 14496 encoder if it generates compressed data compliant with the syntactic and semantic bitstream payload requirements specified in ISO/IEC 14496‑11, ISO/IEC 14496‑16, ISO/IEC 14496‑21, and ISO/IEC 14496‑25. Characteristics of coded bitstreams and decoders are defined for ISO/IEC 14496‑11, ISO/IEC 14496‑16, ISO/IEC 14496‑21, and ISO/IEC 14496‑25. The characteristics of a bitstream define the subset of the standard that is exploited in the bitstream. Examples are the applied values or range of the bitrate. Decoder characteristics define the properties and capabilities of the applied decoding process. An example of a property is the applied arithmetic accuracy. The capabilities of a decoder specify which coded bitstreams the decoder can decode and reconstruct, by defining the subset of the standard that may be exploited in decodable bitstreams. A bitstream can be decoded by a decoder if the characteristics of the coded bitstream are within the subset of the normative references. ISO/IEC 14496-27:2009 describes procedures for testing conformance of compressed data and decoders to the requirements defined in ISO/IEC 14496‑11, ISO/IEC 14496‑16, ISO/IEC 14496‑21, and ISO/IEC 14496‑25; given the set of characteristics claimed, the requirements that shall be met are fully determined by these parts. ISO/IEC 14496-27:2009 summarizes the requirements, cross references them to characteristics, and defines how conformance with them can be tested. Guidelines are given on constructing tests to verify decoder conformance.