ISO

This document provides privacy engineering guidelines that are intended to help organizations integrate recent advances in privacy engineering into system life cycle processes. It describes:

— the relationship between privacy engineering and other engineering viewpoints (system engineering, security engineering, risk management); and

— privacy engineering activities in key engineering processes such as knowledge management, risk management, requirement analysis, and architecture design.

The intended audience includes engineers and practitioners who are involved in the development, implementation or operation of systems that need privacy consideration, as well as managers in organizations responsible for privacy, development, product management, marketing, and operations.

This document provides guidance for technical and non-technical personnel at senior management levels within an organization, including those with responsibility for compliance with statuary and regulatory requirements, and industry standards.

It describes how such personnel can identify and take ownership of risks related to electronic discovery, set policy and achieve compliance with corresponding external and internal requirements. It also suggests how to produce such policies in a form which can inform process control. Furthermore, it provides guidance on how to implement and control electronic discovery in accordance with the policies.

ISO/IEC TS 27034-5-1:2018 defines XML Schemas that implement the minimal set of information requirements and essential attributes of ASCs and the activities and roles of the Application Security Life Cycle Reference Model (ASLCRM) from ISO/IEC 27034-5.

This document describes the minimum requirements when the required activities specified by an Application Security Control (ASC) are replaced with a Prediction Application Security Rationale (PASR). The ASC mapped to a PASR define the Expected Level of Trust for a subsequent application. In the context of an Expected Level of Trust, there is always an original application where the project team performed the activities of the indicated ASC to achieve an Actual Level of Trust.

The use of Prediction Application Security Rationales (PASRs), defined by this document, is applicable to project teams which have a defined Application Normative Framework (ANF) and an original application with an Actual Level of Trust.

Predictions relative to aggregation of multiple components or the history of the developer in relation to other applications is outside the scope of this document.

ISO 12812-1:2017 defines the general framework of mobile financial services (payment and banking services involving a mobile device), with a focus on:

a) a set of definitions commonly agreed by the international financial industry;

b) the opportunities offered by mobile devices for the development of such services;

c) the promotion of an environment that reduces or minimizes obstacles for mobile financial service providers who wish to provide a sustainable and reliable service to a wide range of customers (persons and businesses), while ensuring that customers' interests are protected;

d) the different types of mobile financial services accessed through a mobile device including mobile proximate payments, mobile remote payments and mobile banking, which are detailed in other parts of ISO 12812;

e) the mobile financial services supporting technologies;

f) the stakeholders involved in the mobile payment ecosystems.

ISO 12812-2:2017 describes and specifies a framework for the management of the security of MFS. It includes

- a generic model for the design of the security policy,

- a minimum set of security requirements,

- recommended cryptographic protocols and mechanisms for mobile device authentication, financial message secure exchange and external authentication

ISO 37100:2016 defines terms relating to sustainable development in communities, smart community infrastructure and related subjects.

ISO/IEC TR 20547-2:2018 provides examples of big data use cases with application domains and technical considerations derived from the contributed use cases.

The development of standards for the protection of information and ICT. This includes generic methods, techniques and guidelines to address both security and privacy aspects, such as:

• Security requirements capture methodology;
• Management of information and ICT security; in particular information security management systems, security processes, and security controls and services;
• Cryptographic and other security mechanisms, including but not limited to mechanisms for protecting the accountability, availability, integrity and confidentiality of information;
• Security management support documentation including terminology, guidelines as well as procedures for the registration of security components;
• Security aspects of identity management, biometrics and privacy;
• Conformance assessment, accreditation and auditing requirements in the area of information security management systems;
• Security evaluation criteria and methodology.

SC 27 engages in active liaison and collaboration with appropriate bodies to ensure the proper development and application of SC 27 standards and technical reports in relevant areas

SC 31 continues to deliver technically rigorous standards that meet user requirements. Looking ahead in 2016 SC31 will deliver three standards of note. One jointly developed with SC 17 will measure the quality of OCR Characters used on passports significantly improving the readability of the characters (ISO/IEC 30116). The second will establish the first quantitative method for test and evaluation of localization systems aiding the first responder community and public safety (ISO/IEC 18305). The third is a method for uniquely identifying devices and items touching the Internet of Things (ISO/IEC 29161). In 2016 SC31 will commence a joint effort with the ISO Conformance Assessment Organization (CASCO) focusing on use of an “eLabel” to replace traditional conformance markings on electronic devices.

Standardization in the area of Internet of Things and related technologies.

1. Serve as the focus and proponent for JTC 1's standardization programme on the Internet of Things and related technologies, including Sensor Networks and Wearables technologies.
2. Provide guidance to JTC 1, IEC, ISO and other entities developing Internet of Things related applications.

Standardization in the area of Artificial Intelligence

• Serve as the focus and proponent for JTC 1's standardization program on Artificial Intelligence
• Provide guidance to JTC 1, IEC, and ISO committees developing Artificial Intelligence applications