Topic-specific policies
ISO/IEC 27556

Search this site

ISMS templates

< Previous standard      ^ Up a level ^      Next standard >


ISO 27556 — Information security, cybersecurity and privacy protection — User-centric framework for the handling of personally identifiable information (PII) based on privacy preferences [DRAFT]



The standard will lay out a “user-centric framework” (an architecture) to handle personal information in a controlled manner in accordance with the privacy-by-design and other requirements of applicable privacy laws and regulations.

The standard outlines a mechanism for organizations handling personal data to comply with the data subject’s privacy requirements, even as they share and collaborate on processing the data.


Scope of the standard

The standard will describe a generic high-level system architecture without specifying the content and format of privacy preference information.

The architecture, in turn, will inform the design and implementation of IT systems handling personal information and communicating it between organisations, while managing the privacy preferences of data subjects (known as ‘PII Principals’ in the standard i.e. the people whose personal information is being handled).

The standard will expand upon ISO/IEC 29100 “Privacy framework”.


Content of the standard




The project started in 2019.

The standard is due to be published in 2022.

It is at 2nd Committee Draft stage.


Personal notes



< Previous standard      ^ Up a level ^      Next standard >

Copyright © 2021 IsecT Ltd.