ISMS policies
ISO/IEC 27556

Search this site

ISMS templates

< Previous standard      ^ Up a level ^      Next standard >


ISO/IEC 27556 — Information technology — User-centric framework for the handling of personally identifiable information (PII) based on privacy preferences [DRAFT]


The standard will lay out a “user-centric framework” (an architecture) to handle personal information in a controlled manner in accordance with the privacy-by-design and other requirements of applicable privacy laws and regulations.


Scope of the standard

The standard will describe a generic high-level system architecture without specifying the content and format of privacy preference information.

The architecture, in turn, will inform the design and implementation of IT systems handling personal information and communicating it between organisations, while managing the privacy preferences of data subjects (known as ‘PII Principals’ in the standard i.e. the people whose personal information is being handled).

The standard will expand upon ISO/IEC 29100 “Privacy framework”.


Content of the standard




The project started in 2019. The standard is due to be published in 2022.

July It is already at Committee Draft stage although there are substantial issues being addressed.


Personal notes



< Previous standard      ^ Up a level ^      Next standard >

Copyright © 2020 IsecT Ltd.