ISO/IEC

ISO/IEC 29146:2016 defines and establishes a framework for access management (AM) and the secure management of the process to access information and Information and Communications Technologies (ICT) resources, associated with the accountability of a subject within some context.

This International Standard provides concepts, terms and definitions applicable to distributed access management techniques in network environments.

This International Standard also provides explanations about related architecture, components and management functions.

The subjects involved in access management might be uniquely recognized to access information systems, as defined in ISO/IEC 24760.

The nature and qualities of physical access control involved in access management systems are outside the scope of this International Standard.

ISO/IEC 29115:2013 provides a framework for managing entity authentication assurance in a given context. In particular, it:

- specifies four levels of entity authentication assurance;

- specifies criteria and guidelines for achieving each of the four levels of entity authentication assurance;

- provides guidance for mapping other authentication assurance schemes to the four LoAs;

- provides guidance for exchanging the results of authentication that are based on the four LoAs; and

- provides guidance concerning controls that should be used to mitigate authentication threats.

ISO/IEC 24760-2:2015:

- provides guidelines for the implementation of systems for the management of identity information, and

- specifies requirements for the implementation and operation of a framework for identity management.

ISO/IEC 24760-2:2015 is applicable to any information system where information relating to identity is processed or stored.

This document defines terms for identity management, and specifies core concepts of identity and identity management and their relationships. It is applicable to any information system that processes identity information.

The document takes a multiple agency as well as a citizen-centric viewpoint. It provides guidance on:

- smart city ecosystem privacy protection;

- how standards can be used at a global level and at an organizational level for the benefit of citizens; and

- processes for smart city ecosystem privacy protection.

This document is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations that provide services in smart city environments.

This document specifies an interoperable, open and extensible information structure for recording PII principals' consent to PII processing. This document provides requirements and recommendations on the use of consent receipts and consent records associated with a PII principal's PII processing consent, aiming to support the:

- provision of a record of the consent to the PII principal;

- exchange of consent information between information systems;

- management of the life cycle of the recorded consent.

This document provides privacy engineering guidelines that are intended to help organizations integrate recent advances in privacy engineering into system life cycle processes. It describes:

(1) the relationship between privacy engineering and other engineering viewpoints (system engineering, security engineering, risk management); and

(2) privacy engineering activities in key engineering processes such as knowledge management, risk management, requirement analysis, and architecture design.

The intended audience includes engineers and practitioners who are involved in the development, implementation or operation of systems that need privacy consideration, as well as managers in organizations responsible for privacy, development, product management, marketing, and operations.

This document specifies controls which shape the content and the structure of online privacy notices as well as the process of asking for consent to collect and process personally identifiable information (PII) from PII principals.

This document is applicable in any online context where a PII controller or any other entity processing PII informs PII principals of processing.

This document gives guidelines for:

- a process on privacy impact assessments, and

- a structure and content of a PIA report.

It is applicable to all types and sizes of organizations, including public companies, private companies, government entities and not-for-profit organizations. This document is relevant to those involved in designing or implementing projects, including the parties operating data processing systems and services that process PII.

ISO/IEC 29100:2011 provides a privacy framework which

- specifies a common privacy terminology;

- defines the actors and their roles in processing personally identifiable information (PII);

- describes privacy safeguarding considerations; and

- provides references to known privacy principles for information technology.

ISO/IEC 29100:2011 is applicable to natural persons and organizations involved in specifying, procuring, architecting, designing, developing, testing, maintaining, administering, and operating information and communication technology systems or services where privacy controls are required for the processing of PII.

ISO/IEC 14496-16:2011 specifies MPEG-4 Animation Framework eXtension (AFX) model for representing and encoding 3D graphics assets to be used standalone or integrated in interactive multimedia presentations (the latter when combined with other parts of MPEG-4). Within this model, MPEG-4 is extended with higher-level synthetic objects for geometry, texture, and animation as well as dedicated compressed representations.

This document specifies the syntax and semantics of description schemes to represent data exchanged by media things (e.g., media sensors, media actuators, media analysers, media storages). Moreover, it specifies the APIs to exchange these data between media things. This document does not specify how sensing and analysing is carried out but defines the interfaces between the media things.