ISO/IEC 29100:2011 – Information technology — Security techniques — Privacy framework

Increasing of commercial use and value of Personal, or in other words Personally Identifiable Information (PII) data, the processing and transmission of this information, and the increasing complexity of ICT systems can make it difficult to an organization to maintain privacy and comply with legal regulations.

The ISO/IEC 29100:2011 standard defines the privacy framework, including:

  • defining a common privacy terminology;
  • defining entities and their roles in data processing;
  • description of privacy security conditioning;
  • ensuring to IT technologies references to known privacy principles.

The standard applies to natural persons and organizations involved in defining, ordering, designing, developing, testing, maintaining, administering and operating ICT systems or services that require privacy safeguards when processing PII – (Personally Identifiable Information).

Zobacz podobne  Business Continuity Plan for IT Services or IT infrastructure

ISO / IEC 29100 has been developed to implement the principles of privacy in ICT systems and to create privacy management systems that should be implemented in the organization’s ICT systems.

What principles we’re talking about?

These are the 11 privacy principles:

  • consent and choice;
  • aim, legality and specification;
  • ograniczenie gromadzenia;
  • data minimization;
  • restriction of use, storage and disclosure;
  • accuracy and quality;
  • openness, transparency and attention;
  • individual participation and access;
  • responsibility;
  • information security
  • privacy compliance.

The privacy principles should be used to guide the design, development and implementation of privacy policies and privacy measures and controls. In addition, they can be used as a basis for monitoring and measuring of efficeincy, as well as for benchmarking and auditing of the program’s aspects.

Zobacz podobne  Sanitary safety in accommodation facilities

 

We offer training, assistance in implementation and auditing of compliance with the basic privacy principles contained in the ISO/IEC 29100 standard.

 

 

Scroll to Top