Information security policies
ISO/IEC 27556

Search this site

Security awareness content

ISO/IEC 27556 — Information technology — User-centric framework for the handling of personally identifiable information (PII) based on privacy preferences [DRAFT]


May The standard will lay out a “user-centric framework” (an architecture) to handle personal information in a controlled manner in accordance with the privacy-by-design and other requirements of applicable privacy laws and regulations.


Scope of the standard

May The standard will describe a generic high-level system architecture without specifying the content and format of privacy preference information.

The architecture, in turn, will inform the design and implementation of IT systems handling personal information and communicating it between organisations, while managing the privacy preferences of data subjects (known as ‘PII Principals’ in the standard i.e. the people whose personal information is being handled).

The standard will expand upon ISO/IEC 29100 “Privacy framework”.


Content of the standard




The project started in 2019. The standard is due to be published in 2022.

May It is already at Committee Draft stage.


Personal notes



< Previous standard      ^ Up a level ^      Next standard >

Copyright © 2020 IsecT Ltd.