iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
CEN

prEN ISO/IEC 27701

(Main)

Information security, cybersecurity and privacy protection - Privacy information management systems - Requirements and guidance (ISO/IEC DIS 27701:2024)

Information security, cybersecurity and privacy protection - Privacy information management systems - Requirements and guidance (ISO/IEC DIS 27701:2024)

This document specifies requirements for establishing, implementing, maintaining and continually improving a privacy information management system (PIMS).
Guidance is provided to assist in the implementation of the controls in this document.
This document is intended for PII controllers and PII processors holding responsibility and accountability for PII processing.
This document is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations.

Informationssicherheit, Cybersicherheit und Schutz der Privatsphäre - Datenschutz-Informationsmanagementsysteme - Anforderungen und Leitlinien (ISO/IEC DIS 27701:2024)

Dieses Dokument legt Anforderungen für die Einrichtung, Umsetzung, Aufrechterhaltung und fortlaufende Verbesserung eines Managementsystems für Datenschutzinformationen (PIMS) fest.
Es wird eine Anleitung bereitgestellt, um die Umsetzung der Anforderungen in diesem Dokument zu unterstützen.
Dieses Dokument ist für verantwortliche Stellen und Auftragsverarbeiter gedacht, die für die Verarbeitung von personenbezogenen Daten verantwortlich und rechenschaftspflichtig sind.
Dieses Dokument ist für alle Arten und Größen von Organisationen, einschließlich öffentlicher und privater Unternehmen, öffentlicher Stellen und gemeinnütziger Organisationen anwendbar.

Sécurité de l'information, cybersécurité et protection de la vie privée - Systèmes de management de la protection de la vie privée - Exigences et recommandations (ISO/IEC DIS 27701:2024)

Le présent document spécifie les exigences et fournit des recommandations pour la création, la mise en œuvre, le maintien et l'amélioration continue d'un système de management de la protection de la vie privée (PIMS) sous la forme d'une extension de l'ISO/IEC 27001 et l'ISO/IEC 27002 pour le management de la protection de la vie privée dans le contexte de l'organisation.
Le présent document spécifie les exigences liées au PIMS et fournit des recommandations destinées aux responsables de traitement de DCP et aux sous-traitants de DCP chargés de et responsables du traitement des DCP.
Le présent document s'applique aux organisations de tous types et de toutes tailles, y compris les entreprises publiques et privées, les entités gouvernementales et les organisations à but non lucratif, qui sont des responsables de traitement de DCP et/ou des sous-traitants de DCP qui traitent les DCP à l'aide d'un SMSI.

Informacijska varnost, kibernetska varnost in varovanje zasebnosti - Sistem upravljanje informacij o zasebnosti - Zahteve in smernice (ISO/IEC DIS 27701:2024)

General Information

Status
Not Published
Publication Date
28-Dec-2025
ICS
35.030 - IT Security
Technical Committee
CEN/CLC/TC 13 - Cybersecurity and Data Protection
Drafting Committee
CEN/CLC/JTC 13/WG 5 - Data Protection, Privacy and Identity Management
Current Stage
4060 - Closure of enquiry - Enquiry
Start Date
27-Aug-2024
Completion Date
27-Aug-2024
Ref Project
oSIST prEN ISO/IEC 27701:2024 - Information security, cybersecurity and privacy protection - Privacy information management systems - Requirements and guidance (ISO/IEC DIS 27701:2024)

Relations

Revises
EN ISO/IEC 27701:2021 - Security techniques - Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management - Requirements and guidelines (ISO/IEC 27701:2019)
Effective Date
19-Jun-2024

Buy Standard

prEN ISO/IEC 27701:2024 - BARVEprEN ISO/IEC 27701:2024 - BARVE
PreviousNext
Draft
prEN ISO/IEC 27701:2024 - BARVE
English language
81 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-september-2024
Informacijska varnost, kibernetska varnost in varovanje zasebnosti - Sistem
upravljanje informacij o zasebnosti - Zahteve in smernice (ISO/IEC DIS 27701:2024)
Information security, cybersecurity and privacy protection - Privacy information
management systems - Requirements and guidance (ISO/IEC DIS 27701:2024)
Informationssicherheit, Cybersicherheit und Schutz der Privatsphäre - Datenschutz-
Informationsmanagementsysteme - Anforderungen und Leitlinien (ISO/IEC DIS
27701:2024)
Titre manque
Ta slovenski standard je istoveten z: prEN ISO/IEC 27701
ICS:
35.030 Informacijska varnost IT Security
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

DRAFT
International
Standard
ISO/IEC
DIS
27701.2
ISO/IEC JTC 1/SC 27
Information security, cybersecurity
Secretariat: DIN
and privacy protection — Privacy
Voting begins on:
information management systems
2024-07-02
— Requirements and guidance
Voting terminates on:
ICS: 35.030
2024-08-27
THIS DOCUMENT IS A DRAFT CIRCULATED
FOR COMMENTS AND APPROVAL. IT
IS THEREFORE SUBJECT TO CHANGE
AND MAY NOT BE REFERRED TO AS AN
INTERNATIONAL STANDARD UNTIL
PUBLISHED AS SUCH.
This document is circulated as received from the committee secretariat.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL,
TECHNOLOGICAL, COMMERCIAL AND
USER PURPOSES, DRAFT INTERNATIONAL
STANDARDS MAY ON OCCASION HAVE TO
ISO/CEN PARALLEL PROCESSING
BE CONSIDERED IN THE LIGHT OF THEIR
POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN
NATIONAL REGULATIONS.
IMPORTANT — Please use this updated version dated 2024-06-19, and
RECIPIENTS OF THIS DRAFT ARE INVITED
TO SUBMIT, WITH THEIR COMMENTS,
discard any previous version of this DIS as VA relation has been added.
NOTIFICATION OF ANY RELEVANT PATENT
RIGHTS OF WHICH THEY ARE AWARE AND TO
PROVIDE SUPPORTING DOCUMENTATION.
Reference number
© ISO/IEC 2024
ISO/IEC DIS 27701.2:2024(en)
DRAFT
ISO/IEC DIS 27701.2:2024(en)
International
Standard
ISO/IEC
DIS
27701.2
ISO/IEC JTC 1/SC 27
Information security, cybersecurity
Secretariat: DIN
and privacy protection — Privacy
Voting begins on:
information management systems
2024-07-02
— Requirements and guidance
Voting terminates on:
ICS: 35.030 2024-08-27
THIS DOCUMENT IS A DRAFT CIRCULATED
FOR COMMENTS AND APPROVAL. IT
IS THEREFORE SUBJECT TO CHANGE
AND MAY NOT BE REFERRED TO AS AN
INTERNATIONAL STANDARD UNTIL
PUBLISHED AS SUCH.
This document is circulated as received from the committee secretariat.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL,
© ISO/IEC 2024
TECHNOLOGICAL, COMMERCIAL AND
USER PURPOSES, DRAFT INTERNATIONAL
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
STANDARDS MAY ON OCCASION HAVE TO
ISO/CEN PARALLEL PROCESSING
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
BE CONSIDERED IN THE LIGHT OF THEIR
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN
or ISO’s member body in the country of the requester.
NATIONAL REGULATIONS.
ISO copyright office
RECIPIENTS OF THIS DRAFT ARE INVITED
CP 401 • Ch. de Blandonnet 8
TO SUBMIT, WITH THEIR COMMENTS,
CH-1214 Vernier, Geneva
NOTIFICATION OF ANY RELEVANT PATENT
Phone: +41 22 749 01 11
RIGHTS OF WHICH THEY ARE AWARE AND TO
PROVIDE SUPPORTING DOCUMENTATION.
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland Reference number
© ISO/IEC 2024
ISO/IEC DIS 27701.2:2024(en)
© ISO/IEC 2024 – All rights reserved
ii
ISO/IEC DIS 27701.2:2024(en)
Contents Page
Foreword . viii
Introduction . ix
1 Scope . 1
2 Normative references . 1
3 Terms, definitions and abbreviations . 1
4 Context of the organization . 5
4.1 Understanding the organization and its context . 5
4.2 Understanding the needs and expectations of interested parties . 5
4.3 Determining the scope of the privacy information management system . 6
4.4 Privacy information management system . 6
5 Leadership . 7
5.1 Leadership and commitment . 7
5.2 Privacy Policy . 7
5.3 Roles, responsibilities and authorities . 7
6 Planning . 8
6.1 Actions to address risks and opportunities . 8
6.1.1 General . 8
6.1.2 Privacy risk assessment . 8
6.1.3 Privacy risk treatment . 9
6.2 Privacy objectives and planning to achieve them . 10
6.3 Planning of changes . 10
7 Support . 10
7.1 Resources . 10
7.2 Competence . 10
7.3 Awareness . 11
7.4 Communication . 11
7.5 Documented information . 11
7.5.1 General . 11
7.5.2 Creating and updating documented information . 11
7.5.3 Control of documented information . 12
8 Operation . 12
8.1 Operational planning and control . 12
8.2 Privacy risk assessment . 12
8.3 Privacy risk treatment . 13
9 Performance evaluation . 13
9.1 Monitoring, measurement, analysis and evaluation . 13
9.2 Internal audit . 13
9.2.1 General . 13
9.2.2 Internal audit programme . 13
9.3 Management review . 14
9.3.1 General . 14
9.3.2 Management review inputs . 14
© ISO/IEC 2024 – All rights reserved
iii
ISO/IEC DIS 27701.2:2024(en)
9.3.3 Management review results . 14
10 Improvement . 14
10.1 Continual improvement . 14
10.2 Nonconformity and corrective action . 14
11 Further information on Annexes . 15
Annex A (normative) PIMS reference control objectives and controls for PII Controllers and
PII Processors . 16
Annex B (normative) Implementation guidance for PII Controllers and PII processors . 23
B.1 Implementation guidance for PII controllers . 23
B.1.1 General . 23
B.1.2 Conditions for collection and processing . 23
B.1.2.1 Objective . 23
B.1.2.2 Identify and document purpose . 23
B.1.2.3 Identify lawful basis . 23
B.1.2.4 Determine when and how consent is to be obtained . 24
B.1.2.5 Obtain and record consent . 24
B.1.2.6 Privacy impact assessment . 25
B.1.2.7 Contracts with PII processors . 25
B.1.2.8 Joint PII controller . 26
B.1.2.9 Records related to processing PII . 26
B.1.3 Obligations to PII principals . 27
B.1.3.1 Objective . 27
B.1.3.2 Determining and fulfilling obligations to PII principals . 27
B.1.3.3 Determining information for PII principals . 27
B.1.3.4 Providing information to PII principals . 28
B.1.3.5 Providing mechanism to modify or withdraw consent .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

CEN
CEN/CLC ISO/IEC/TS 23532-2:2024(Main)
Information security, cybersecurity and privacy protection - Requirements for the competence of IT security testing and evaluation laboratories - Part 2: Testing for ISO/IEC 19790 (ISO/IEC/TS 23532-2:2021)
kSIST-TS FprCEN/CLC ISO/IEC/TS 23532-2:2024

This document complements and supplements the procedures and general requirements found in ISO/IEC 17025:2017 for laboratories performing testing based on ISO/IEC 19790 and ISO/IEC 24759.

  • Draft
    32 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/CLC ISO/IEC/TS 23532-1:2024(Main)
Information security, cybersecurity and privacy protection - Requirements for the competence of IT security testing and evaluation laboratories - Part 1: Evaluation for ISO/IEC 15408 (ISO/IEC/TS 23532-1:2021)
kSIST-TS FprCEN/CLC ISO/IEC/TS 23532-1:2024

his document complements and supplements the procedures and general requirements found in ISO/IEC 17025:2017 for laboratories performing evaluations based on the ISO/IEC 15408 series and ISO/IEC 18045.

  • Draft
    26 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO/IEC 27001:2023/A1:2024(Amendment)
Information security, cybersecurity and privacy protection - Information security management systems - Requirements - Amendment 1: Climate action changes (ISO/IEC 27001:2022/Amd 1:2024)
SIST EN ISO/IEC 27001:2023/oprA1:2024
  • Draft
    4 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 18031-1:2024(Main)
Common security requirements for radio equipment - Part 1: Internet connected radio equipment
SIST EN 18031-1:2024

This document specifies common security requirements for internet-connected radio equipment. This document provides technical specifications for radio equipment, which concerns electrical or electronic products that are capable to communicate over the internet, regardless of whether these products communicate directly or via any other equipment.

  • Standard
    180 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 18031-3:2024(Main)
Common security requirements for radio equipment - Part 3: Internet connected radio equipment processing virtual money or monetary value
SIST EN 18031-3:2024

Common security requirements for internet connected radio equipment that equipment enables the holder or user to transfer money, monetary value or virtual currency. This document provides technical specifications for radio equipment processing virtual money or monetary value, which apply to electrical or electronic products that are capable to communicate over the internet, regardless of whether these products communicate directly or via any other equipment.

  • Standard
    185 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 18031-2:2024(Main)
Common security requirements for radio equipment - Part 2: radio equipment processing data, namely Internet connected radio equipment, childcare radio equipment, toys radio equipment and wearable radio equipment
SIST EN 18031-2:2024

Common security requirements for radio equipment processing personal data or traffic data or location data being either internet connected radio equipment, radio equipment designed or intended exclusively for childcare; toys and wearable radio equipment. The standard provides technical specifications for radio equipment processing personal data, traffic data or location data, which concerns electrical or electronic products that are capable to communicate over the internet, regardless of whether these products communicate directly or via any other equipment, childcare, toys or wearable radio equipment.
The scope does not apply to 5G network equipment used by providers of public electronic communications networks and publicly available electronic communications services within the meaning of in Directive (EU) 2018/1972 of the European Parliament and of the Council as defined in that Regulation.

  • Standard
    220 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO/IEC 27005:2024(Main)
Information security, cybersecurity and privacy protection - Guidance on managing information security risks (ISO/IEC 27005:2022)
SIST EN ISO/IEC 27005:2024

This document provides guidance to assist organizations to:
—    fulfil the requirements of ISO/IEC 27001 concerning actions to address information security risks;
—    perform information security risk management activities, specifically information security risk assessment and treatment.
This document is applicable to all organizations, regardless of type, size or sector.

  • Standard
    71 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TS 18026:2024(Main)
Three-level approach for a set of cybersecurity requirements for cloud services
SIST-TS CEN/CLC/TS 18026:2024

This Technical Specification (TS) provides a set of cybersecurity requirements for cloud services.
This TS is applicable to organizations providing cloud services and their subservice organizations

  • Technical specification
    180 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO/IEC 27006-1:2024(Main)
Information security, cybersecurity and privacy protection - Requirements for bodies providing audit and certification of information security management systems - Part 1: General (ISO/IEC 27006-1:2024)
SIST EN ISO/IEC 27006-1:2024

This document specifies requirements and provides guidance for bodies providing audit and certification of an information security management system (ISMS), in addition to the requirements contained within ISO/IEC 17021-1.
The requirements contained in this document are demonstrated in terms of competence and reliability by bodies providing ISMS certification. The guidance contained in this document provides additional interpretation of these requirements for bodies providing ISMS certification.
NOTE       This document can be used as a criteria document for accreditation, peer assessment or other audit processes.

  • Standard
    56 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO/IEC 15408-1:2023(Main)
Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 1: Introduction and general model (ISO/IEC 15408-1:2022)
SIST EN ISO/IEC 15408-1:2024

This document establishes the general concepts and principles of IT security evaluation and specifies the general model of evaluation given by various parts of the standard which in its entirety is meant to be used as the basis for evaluation of security properties of IT products.
This document provides an overview of all parts of the ISO/IEC 15408 series. It describes the various parts of the ISO/IEC 15408 series; defines the terms and abbreviations to be used in all parts of the standard; establishes the core concept of a Target of Evaluation (TOE); describes the evaluation context and describes the audience to which the evaluation criteria is addressed. An introduction to the basic security concepts necessary for evaluation of IT products is given.
This document introduces:
—    the key concepts of Protection Profiles (PP), PP-Modules, PP-Configurations, packages, Security Targets (ST), and conformance types;
—    a description of the organization of security components throughout the model;
—    the various operations by which the functional and assurance components given in ISO/IEC 15408‑2 and ISO/IEC 15408‑3 can be tailored through the use of permitted operations;
—    general information about the evaluation methods given in ISO/IEC 18045;
—    guidance for the application of ISO/IEC 15408‑4 in order to develop evaluation methods (EM) and evaluation activities (EA) derived from ISO/IEC 18045;
—    general information about the pre-defined Evaluation Assurance Levels (EALs) defined in ISO/IEC 15408‑5;
—    information in regard to the scope of evaluation schemes.

  • Standard
    154 pages
    English language
    sale 10% off
    e-Library read for
    1 day