Information security policies
ISO/IEC 27045

Search this site

Security awareness content

ISO/IEC 27045 — Information technology — Security techniques — Big data security and privacy processes [DRAFT]


This standard aims to improve organizations’ capabilities for security and privacy around big data.


Scope and purpose

The standard will deliver a process reference model, assessment and maturity models for big data security and privacy.

The models will focus on architecture of the processes used to achieve big data security and privacy, particularly the maturity of those processes.

The processes will include a set of indicators of process performance and process capability to be used as a basis for collecting objective evidence, enabling an assessor to assign ratings.


Content of the standard

The processes may be:

  • Organisational such as compliance management, data sharing agreements, governance of big data, data asset management and data supply chain management;
  • Technical such as data source verification and recording, big data de-identification, instrumenting for data traceability and big data analytical security;
  • Managerial such as metadata management, data rights management, big data incident management, big data risk management, data quality management, data categorization and classification, data disposal management and logging and auditing.


Status of the standard

The project started in 2018. The standard is due to be published in 2022.

It is currently at WD stage.


Personal comments

We do not know, yet, what is meant by “big data” since the term is presently undefined.

The NWIP referred to mobile Internet, IoT and cloud leading to big data, and was angled towards addressing security and privacy issues arising from the sharing of data across those realms.

In the context of this standard, big data may mean:

  • Conventional but large, complex, high-volume IT systems;
  • Extensive networks of IT systems;
  • Truly colossal data sets that are too big and too dynamic for conventional database systems; or
  • Something else entirely.

We shall see.



< Previous standard      ^ Up a level ^      Next standard >

Copyright © 2019 IsecT Ltd.