ISO27k-aligned security awareness service
ISO/IEC 27550
Creative security awareness materials

Creative security awareness materials for your ISMS

Copyright © 2018 IsecT Ltd.

ISO/IEC TR 27550 — Information technology — Security techniques — Privacy engineering [draft]

Introduction

‘Privacy engineering’ involves taking account of privacy during the entire lifecycle of IT systems, such that privacy is an integral part of their function.

Scope of the standard

This is an IT security standard, concerning privacy (personal data protection) in the specific context of IT systems.

Content of the standard

The standard will:

  • Discuss how privacy engineering supports system and security engineering, information risk management, knowledge management etc.
  • Elaborate on conceptual principles such as privacy-by-design and privacy-by-default;
  • Explain how systems can be engineered to support and satisfy the OECD privacy principles.

Status

Currently in draft. Unlikely to surface before 2019. Due to be published as a Technical Report.

Personal notes

The procedures for operating, using, monitoring, managing and maintaining IT systems and their privacy controls are just as important as the technical controls themselves, and also benefit from being systematically designed: I hope this standard will not be totally focused on the technology itself