ISO/IEC 15045-3-2:2024
(Main)Information technology - Home Electronic System (HES) gateway - Part 3-2: Privacy, security, and safety - Privacy framework
Information technology - Home Electronic System (HES) gateway - Part 3-2: Privacy, security, and safety - Privacy framework
ISO/IEC 15045-3-2:2024 specifies cybersecurity requirements for protecting the privacy of premises and personally identifiable information through the use of the HES gateway and related HES standards. This document applies a set of principles including those specified in ISO/IEC 29100 that are applicable to the HES gateway such as consent, purpose legitimacy, collection limitation, data minimization, retention, accuracy, openness, and individual access.
General Information
Standards Content (Sample)
ISO/IEC 15045-3-2
Edition 1.0 2024-10
INTERNATIONAL
STANDARD
colour
inside
Information technology - Home Electronic System (HES) gateway –
Part 3-2: Privacy, security, and safety – Privacy framework
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or
by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either
IEC or IEC's member National Committee in the country of the requester. If you have any questions about ISO/IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.
IEC Secretariat Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.
About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigendum or an amendment might have been published.
IEC publications search - webstore.iec.ch/advsearchform IEC Products & Services Portal - products.iec.ch
The advanced search enables to find IEC publications by a Discover our powerful search engine and read freely all the
variety of criteria (reference number, text, technical publications previews, graphical symbols and the glossary.
committee, …). It also gives information on projects, replaced With a subscription you will always have access to up to date
and withdrawn publications. content tailored to your needs.
IEC Just Published - webstore.iec.ch/justpublished
Electropedia - www.electropedia.org
Stay up to date on all new IEC publications. Just Published
The world's leading online dictionary on electrotechnology,
details all new publications released. Available online and once
containing more than 22 500 terminological entries in English
a month by email.
and French, with equivalent terms in 25 additional languages.
Also known as the International Electrotechnical Vocabulary
IEC Customer Service Centre - webstore.iec.ch/csc
(IEV) online.
If you wish to give us your feedback on this publication or need
further assistance, please contact the Customer Service
Centre: sales@iec.ch.
ISO/IEC 15045-3-2
Edition 1.0 2024-10
INTERNATIONAL
STANDARD
colour
inside
Information technology - Home Electronic System (HES) gateway –
Part 3-2: Privacy, security, and safety – Privacy framework
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 35.200; 35.240.99 ISBN 978-2-8322-9880-0
– 2 – ISO/IEC 15045-3-2:2024 © ISO/IEC 2024
CONTENTS
FOREWORD . 4
INTRODUCTION . 6
0.1 Overview. 6
0.2 Relation to existing work . 6
0.3 Privacy in HES gateway . 6
0.4 Future features . 7
1 Scope . 8
2 Normative references . 8
3 Terms, definitions and abbreviated terms . 8
3.1 Terms and definitions . 8
3.2 Abbreviated terms . 10
4 Conformance . 10
5 Considerations, architecture and requirements . 10
5.1 Overview. 10
5.2 Premises and personally identifiable information (PPII) . 11
5.3 PPII parties . 12
5.4 Privacy principles . 12
5.4.1 Privacy principles summary . 12
5.4.2 Consent and choice . 12
5.4.3 Purpose legitimacy and specification . 14
5.4.4 Collection limitation . 14
5.4.5 Data minimization . 15
5.4.6 Use, retention and disclosure limitation . 15
5.4.7 Accuracy and quality . 16
5.4.8 Openness, transparency and notice . 16
5.4.9 Individual participation and access . 17
Annex A (informative) Mapping ISO/IEC 29100 to the HES gateway . 18
Annex B (normative) Permitted PPII flows . 19
B.1 General . 19
B.2 Local device or user to controller service module (Scenario A) . 20
B.3 Controller service module to processor service module (Scenario B) . 21
B.4 Processor service module to controller service module (Scenario C) . 22
B.5 Controller service module to local device or user (Scenario D) . 23
B.6 Local device or user to processor service module (Scenario E) . 24
B.7 Processor service module to local device or user (Scenario F) . 25
B.8 Controller service module to remote device or user (Scenario G) . 25
B.9 Processor service module to remote device or user (Scenario H) . 26
B.10 Remote device or user not allowed to view local device directly . 27
Annex C (informative) Use of other privacy standards, including JTC 1 . 28
Bibliography . 29
Figure 1 – ISO/IEC 15045-3-2 within the core interoperability and
HES gateway standards . 7
Figure 2 – HES gateway architecture for privacy . 11
Figure 3 – Conditioning for input of binding map allows blocking of PPII processing . 14
Figure A.1 – System layout for ISO/IEC 29100 . 18
Figure B.1 – Local device or user to controller service module . 20
Figure B.2 – Example of controller service module to processor service module . 21
Figure B.3 – Processor service module to controller service module . 22
Figure B.4 – Controller service module to local device or user . 23
Figure B.5 – Local device or user to processor service module . 24
Figure B.6 – Processor service module to local device or user . 25
Figure B.7 – Controller service module to remote device or user . 25
Figure B.8 – Processor service module to remote device or user . 26
Figure B.9 – Data flow not allowed . 27
Table 1 – Summary of HES gateway privacy principles . 12
Table A.1 – ISO/IEC 29100 and HES gateway terms . 18
Table B.1 – Permitted PPII flow . 19
– 4 – ISO/IEC 15045-3-2:2024 © ISO/IEC 2024
INFORMATION TECHNOLOGY –
HOME ELECTRONIC SYSTEM (HES) GATEWAY –
Part 3-2: Privacy, security, and safety – Privacy framework
FOREWORD
1) ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission)
form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC
participate in the development of International Standards through technical committees established by the
respective organization to deal with particular fields of technical activity. ISO and IEC technical committees
collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental,
in liaison with ISO and IEC, also take part in the work.
2) The formal decisions or agreements of IEC and ISO on technical matters express, as nearly as possible, an
international consensus of opinion on the relevant subjects since each technical committee has representation
from all interested IEC and ISO National bodies.
3) IEC and ISO documents have the form of recommendations for international use and are accepted by IEC and
ISO National bodies in that sense. While all reasonable efforts are made to ensure that the technical content of
IEC and ISO documents is accurate, IEC and ISO cannot be held responsible for the way in which they are used
or for any misinterpretation by any end user.
4) In order to promote international uniformity, IEC and ISO National bodies undertake to apply IEC and ISO
documents transparently to the maximum extent possible in their national and regional publications. Any
divergence between any IEC and ISO document and the corresponding national or regional publication shall be
clearly indicated in the latter.
5) IEC and ISO do not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC and ISO marks of conformity. IEC and ISO are not
responsible for any services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this document.
7) No liability shall attach to IEC and ISO or their directors, employees, servants or agents including individual
experts and members of its technical committees and IEC and ISO National bodies for any personal injury,
property damage or other damage of any nature whatsoever, whether direct or indirect, or for costs (including
legal fees) and expenses arising out of the publication, use of, or reliance upon, this ISO/IEC document or any
other IEC and ISO documents.
8) Attention is drawn to the Normative references cited in this document. Use of the referenced publications is
indispensable for the correct application of this document.
9) IEC and ISO draw attention to the possibility that the implementation of this document may involve the use of (a)
patent(s). IEC and ISO take no position concerning the evidence, validity or applicability of any claimed patent
rights in respect thereof. As of the date of publication of this document, IEC and ISO had not received notice of
(a) patent(s), which may be required to implement this document. However, implementers are cautioned that this
may not represent the latest information, which may be obtained from the patent database available at
https://patents.iec.ch and www.iso.org/patents. IEC and ISO shall not be held responsible for identifying any or
all such patent rights.
ISO/IEC 15045-3-2 has been prepared by subcommittee 25: Interconnection of information
technology equipment, of ISO/IEC joint technical committee 1: Information technology. It is an
International Standard.
The text of this International Standard is based on the following documents:
Draft Report on voting
JTC1-SC25/3190/CDV JTC1-SC25/3261/RVC
Full information on the voting for its approval can be found in the report on voting indicated in
the above table.
The language used for the development of this International Standard is English.
This document was drafted in accordance with ISO/IEC Directives, Part 2, and developed in
accordance with ISO/IEC Directives, Part 1, and the ISO/IEC Directives, JTC 1 Supplement
available at www.iec.ch/members_experts/refdocs and www.iso.org/directives.
A list of all parts in the ISO/IEC 15045 series, published under the general title Information
technology – Home Electronic System (HES) gateway, can be found on the IEC and
ISO websites.
IMPORTANT – The "colour inside" logo on the cover page of this document indicates
that it contains colours which are considered to be useful for the correct understanding
of its contents. Users
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.