Topic-specific policies
ISO/IEC 27564


Search this site
 
ISMS templates

< Previous standard      ^ Up a level ^      Next standard >

 

ISO/IEC TS 27564 — Privacy protection — Guidance on the use of models for privacy engineering [DRAFT]

 

Abstract

[ISO/IEC TS 27564] provides guidance on how to use modelling in privacy engineering. It describes categories of models that can be used, the use of modelling to support engineering, and the relationships with other references and standards for privacy engineering and for modelling. It provides high-level use cases describing how models are used.”
[Source: ISO.org page]
 

Introduction

Modelling and other systems engineering approaches are useful when designing complex systems, such as IT systems plus their associated operating environments and processes. This standard will focus on using modelling and engineering to design suitable privacy arrangements into complex systems.

 

Scope of the standard

Guidance on applying the Model-Based Systems and Software Engineering approach (as per ISO/IEC/IEEE 24641:2023 - Systems and Software engineering - Methods and tools for model-based systems and software engineering) to design-in appropriate privacy controls for complex systems using conceptual models.

 

Content of the standard

April outline added Main clauses:

  1. Introduces MBSSE for consistent modelling
  2. Explains the beneficial application of MBSSE for privacy engineering
  3. Discusses various models (with examples in an annex) and offers guidance on their use

 

Status

The standard development project made a slow start back in 2021 while the 24631 MBSSE standard was being finalised and published.

The Preliminary Work Item study generated a specification and draft Technical Specification, building on the published 24641 MBSSE standard in 2023.

In 2024, SC 27 agreed to develop a Technical Specification. Publication is due in 2026.

April status update In April 2025, the Draft Technical Standard became available to SC27 ...

 

Personal comments

This standard will explain the use of others such as ISO/IEC/IEEE 24641, ISO/IEC 27555 (models for deletion of personal information), ISO/IEC 27556 (models for managing privacy preferences), ISO/IEC 27559 (models for de-identification) and ISO/IEC 27561 (POMME), for privacy engineering.

 

 

< Previous standard      ^ Up a level ^      Next standard >

Copyright © 2025 IsecT Ltd. Contact us re Intellectual Property Rights