ISO/IEC TR 27550 — Information technology — Security techniques — Privacy engineering for system life cycle processes [DRAFT]
‘Privacy engineering’ involves taking account of privacy during the entire lifecycle of ICT systems, such that privacy is and remains an integral part of their function.
Scope of the standard
This is an IT security standard about engineering ICT systems to satisfy privacy requirements relating to the protection of personal data.
Content of the standard
The standard will:
- Discuss how privacy engineering supports system and security engineering, information risk management, knowledge management etc.
- Elaborate on conceptual principles such as privacy-by-design and privacy-by-default, important design goals noted in GDPR and elsewhere;
- Elaborate on the processes for identifying, evaluating and treating privacy risks in the course of ICT systems design;
- Explain how ICT systems can be engineered to support and satisfy the OECD privacy principles.
Currently at Preliminary Draft Technical Report stage. Conceivably it may be published before 2019 ... but I doubt it. A new title has been agreed.
The procedures for operating, using, monitoring, managing and maintaining IT systems and their privacy controls are just as important as the technical controls themselves, and also benefit from being systematically designed: I’m relieved this standard is not totally focused on the technology.
< Previous standard ^ Up a level ^ Next standard >