iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 15944-12:2025

(Main)

Information technology — Business operational view — Part 12: Privacy protection requirements (PPR) on information life cycle management (ILCM) and EDI of personal information (PI)

Information technology — Business operational view — Part 12: Privacy protection requirements (PPR) on information life cycle management (ILCM) and EDI of personal information (PI)

This document: — provides method(s) for identifying, in Open-edi modelling technologies and development of scenarios, the additional requirements in business operational view (BOV) specifications for identifying the additional external constraints to be applied to recorded information in business transactions relating to personal information of an individual, as required by legal and regulatory requirements of applicable jurisdictional domains; — integrates existing normative elements in support of privacy and data protection requirements as are already identified in ISO/IEC 14662 and ISO/IEC 15944-1, ISO/IEC 15944-2, ISO/IEC 15944-4, ISO/IEC 15944-5, ISO/IEC 15944-8, ISO/IEC 15944-9 and ISO/IEC 15944-10; — provides overarching, operational ‘best practice’ statements for associated (and not necessarily automated) processes, procedures, practices and governance requirements that act in support of implementing and enforcing technical mechanisms which support the privacy/data protection requirements necessary for implementation in Open-edi transaction environments; — focuses on the life cycle management of personal information, i.e. the contents of SPIs (and their SRIs) related to the business transaction interchanged via EDI as Information Bundles (IBs) and their associated Semantic Components (SCs) among the parties to a business transaction. NOTE Privacy protection requirements (PPR) on information life cycle management (ILCM) and EDI of personal information as stated in this document primarily via enumerated rules which serve as a minimum set of ILCM policy and operational requirements for all recorded information pertaining to a business transaction in particular, as well as ILCM implementation in any organization in general. This document does not specify the technical mechanisms, i.e. functional support services (FSV) which are required to support BOV-identified requirements. Detailed exclusions to the scope of this document are provided in Annex H.

Technologies de l'information — Vue opérationnelle d'affaires — Partie 12: Exigences en matière de protection de la vie privée (PPR) relatives à la gestion du cycle de vie de l’information (ILCM) et de l'EDI des renseignements personnels (PI)

General Information

Status
Published
Publication Date
30-Jun-2025
ICS
35.240.63 - IT applications in trade
Technical Committee
ISO/IEC JTC 1/SC 32 - Data management and interchange
Drafting Committee
ISO/IEC JTC 1/SC 32 - Data management and interchange
Current Stage
6060 - International Standard published
Start Date
01-Jul-2025
Due Date
22-Mar-2025
Completion Date
01-Jul-2025
Ref Project

Relations

Revises
ISO/IEC 15944-12:2020 - Information technology — Business operational view — Part 12: Privacy protection requirements (PPR) on information life cycle management (ILCM) and EDI of personal information (PI)
Effective Date
06-Jun-2022

Buy Standard

ISO/IEC 15944-12:2025 - Information technology — Business operational view — Part 12: Privacy protection requirements (PPR) on information life cycle management (ILCM) and EDI of personal information (PI) Released:1. 07. 2025ISO/IEC 15944-12:2025 - Information technology — Business operational view — Part 12: Privacy protection requirements (PPR) on information life cycle management (ILCM) and EDI of personal information (PI) Released:1. 07. 2025
PreviousNext
Standard
ISO/IEC 15944-12:2025 - Information technology — Business operational view — Part 12: Privacy protection requirements (PPR) on information life cycle management (ILCM) and EDI of personal information (PI) Released:1. 07. 2025
English language
120 pages
sale 15% off
Preview
sale 15% off
Preview
ISO/IEC FDIS 15944-12 - Information technology — Business operational view — Part 12: Privacy protection requirements (PPR) on information life cycle management (ILCM) and EDI of personal information (PI) Released:28. 03. 2025ISO/IEC FDIS 15944-12 - Information technology — Business operational view — Part 12: Privacy protection requirements (PPR) on information life cycle management (ILCM) and EDI of personal information (PI) Released:28. 03. 2025
PreviousNext
Draft
ISO/IEC FDIS 15944-12 - Information technology — Business operational view — Part 12: Privacy protection requirements (PPR) on information life cycle management (ILCM) and EDI of personal information (PI) Released:28. 03. 2025
English language
120 pages
sale 15% off
Preview
sale 15% off
Preview
REDLINE ISO/IEC FDIS 15944-12 - Information technology — Business operational view — Part 12: Privacy protection requirements (PPR) on information life cycle management (ILCM) and EDI of personal information (PI) Released:28. 03. 2025REDLINE ISO/IEC FDIS 15944-12 - Information technology — Business operational view — Part 12: Privacy protection requirements (PPR) on information life cycle management (ILCM) and EDI of personal information (PI) Released:28. 03. 2025
PreviousNext
Draft
REDLINE ISO/IEC FDIS 15944-12 - Information technology — Business operational view — Part 12: Privacy protection requirements (PPR) on information life cycle management (ILCM) and EDI of personal information (PI) Released:28. 03. 2025
English language
120 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


International
Standard
ISO/IEC 15944-12
Second edition
Information technology — Business
2025-07
operational view —
Part 12:
Privacy protection requirements
(PPR) on information life cycle
management (ILCM) and EDI of
personal information (PI)
Technologies de l'information — Vue opérationnelle d'affaires —
Partie 12: Exigences en matière de protection de la vie privée
(PPR) relatives à la gestion du cycle de vie de l’information
(ILCM) et de l'EDI des renseignements personnels (PI)
Reference number
© ISO/IEC 2025
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2025 – All rights reserved
ii
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Abbreviated terms .29
5 Fundamental privacy protection principles .31
5.1 Overview .31
5.2 Primary sources of privacy protection principles .32
5.3 Key eleven (11) privacy protection principles .32
5.4 Link to “consumer protection” and “individual accessibility” requirements . 33
5.5 Privacy protection principles in the context of ILCM requirements . 34
5.6 Requirement for tagging (or labelling) sets of personal information (SPIs) in support of
privacy protection requirements (PPR) . 34
5.7 Requirements for making all personal information (PI) available to the buyer where
the buyer is an individual . 35
5.8 Rules governing ILCM aspects of personal information profiles (PIPs) . 35
6 Integrated set of information life cycle management (ILCM) principles in support of
information law and privacy protection requirements (PPR) .37
6.1 Primary purpose.37
6.2 Information life cycle management (ILCM) principles that support privacy protection
requirements (PPR) . 38
6.2.1 conformance with privacy protection requirements (PPR) and associated
information law requirements . 38
6.2.2 Direct relevance, informed consent and openness . 39
6.2.3 Ensuring that personal information is “under the control of” the organization
throughout its ILCM . 40
6.2.4 Limiting use, disclosure and retention .41
6.2.5 Timely, accurate, relevant .43
6.2.6 Data integrity and quality .45
6.2.7 Safeguards for non-authorized disclosure requirements .45
6.2.8 Back-up, retention and archiving . 46
6.2.9 Disposition and expungement .47
6.2.10 Organizational archiving .47
6.2.11 Historical, statistical and/or research value .47
6.3 Requirement for tagging (or labelling) data elements in support of privacy protection
requirements (PPR) . 48
7 Rules governing ensuring accountability for and control of personal information (PI) .49
7.1 Purpose . 49
7.2 Key aspects of Open-edi requirements . 49
7.3 Key aspects of “under the control of” . 49
7.4 “under the control of” in support of PPR and in an ILCM context . 50
7.5 Implementing “under the control of” and accountability .51
8 Rules governing the specification of ILCM aspects of personal information .56
8.1 Overview . 56
8.2 Rules governing establishing ILCM responsibilities for personal information (PI).57
8.3 Rules governing establishing specifications for retention of personal information
(PI) — applicable “SRI retention triggers” .59
8.4 Rules governing identification and specification of state changes of personal
information (PI) .62
8.4.1 General requirements .62
8.4.2 Specification of state changes allowed to personal information (PI) . 63

© ISO/IEC 2025 – All rights reserved
iii
8.4.3 Specification of store change type . 65
8.4.4 Rules governing specification of source of state changes .67
8.5 Rules governing disposition of personal information (PI). 68
8.6 Rules governing the establishment and maintenance of record retention and disposal
schedules (RRDS) for sets of personal information (SPIs) .71
9 Data conversion, data migration and data synchronization .73
9.1 Purpose . 73
9.2 Rules governing data conversion of set(s) of personal information (SPI) . 73
9.3 Rules governing requirements for data synchronization of sets of personal information
(SPI) .74
10 Rules governing the EDI of personal information (PI) between a primary ILCM Person
and its agent, third party and/or regulator . 76
10.1 General requirements .76
10.2 ILCM rules pertaining to use of an “agent” by a Person . 77
10.3 ILCM rules pertaining to use of a “third party” by a Person . 77
10.4 ILCM rules pertaining to the use of a “regulator” by a Person . 78
11 Conformance statement .79
11.1 Overview . 79
11.2 Conformance to the ISO/IEC 14662 Open-edi reference model and the ISO/
IEC 15944series . 79
11.3 Conformance to ISO/IEC 15944-12 . 79
11.4 Conformance by agents and third parties to ISO/IEC 15944-12 . 80
Annex A (normative) Consolidated controlled vocabulary definitions and associated terms,
as human interface equivalents (HIEs), with cultural adaptability: English and French
language equivalency in an IT standardization context .81
Annex B (normative) Consolidated set of rules in the ISO/IEC 15944 series of particular
relevance to privacy protection requirements (PPR) as external constraints on business
transactions which apply to personal information (PI) in an ILCM requirements context .85
Annex C (informative) Business transaction model (BTM): Classes of constraints .101
Annex D (normative) Linking ILCM rules to process phases rules of a business transaction .104
Annex E (normative) Generic approach to ILCM decisions in a PPR context — ILCM conformance
decision tree and associated rules .106
Annex F (informative) Generic approach to identification of properties and behaviours of
personal information (PI) as transitory records and their disposition/expungement .109
Annex G (informative) Notes on referential integrity and privacy protection transactional
integrity (PPTI) in Open-edi among IT systems .
...


FINAL DRAFT
International
Standard
ISO/IEC
FDIS
15944-12
ISO/IEC JTC 1/SC 32
Information technology — Business
Secretariat: ANSI
operational view —
Voting begins on:
Part 12:
Privacy protection requirements
Voting terminates on:
(PPR) on information life cycle
management (ILCM) and EDI of
personal information (PI)
Technologies de l'information — Vue opérationnelle d'affaires —
Partie 12: Exigences en matière de protection de la vie privée
(PPR) relatives à la gestion du cycle de vie de l’information
(ILCM) et de l'EDI des renseignements personnels (PI)
RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT,
WITH THEIR COMMENTS, NOTIFICATION OF ANY
RELEVANT PATENT RIGHTS OF WHICH THEY ARE AWARE
AND TO PROVIDE SUPPOR TING DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO­
LOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT
INTERNATIONAL STANDARDS MAY ON OCCASION HAVE
TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL
TO BECOME STAN DARDS TO WHICH REFERENCE MAY BE
MADE IN NATIONAL REGULATIONS.
Reference number
ISO/IEC FDIS 15944­12:2025(en) © ISO/IEC 2025

FINAL DRAFT
ISO/IEC FDIS 15944-12:2025(en)
International
Standard
ISO/IEC
FDIS
15944-12
ISO/IEC JTC 1/SC 32
Information technology — Business
Secretariat: ANSI
operational view —
Voting begins on:
Part 12:
Privacy protection requirements
Voting terminates on:
(PPR) on information life cycle
management (ILCM) and EDI of
personal information (PI)
Technologies de l'information — Vue opérationnelle d'affaires —
Partie 12: Exigences en matière de protection de la vie privée
(PPR) relatives à la gestion du cycle de vie de l’information
(ILCM) et de l'EDI des renseignements personnels (PI)
RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT,
WITH THEIR COMMENTS, NOTIFICATION OF ANY
RELEVANT PATENT RIGHTS OF WHICH THEY ARE AWARE
AND TO PROVIDE SUPPOR TING DOCUMENTATION.
© ISO/IEC 2025
IN ADDITION TO THEIR EVALUATION AS
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO­
LOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
INTERNATIONAL STANDARDS MAY ON OCCASION HAVE
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL
or ISO’s member body in the country of the requester.
TO BECOME STAN DARDS TO WHICH REFERENCE MAY BE
MADE IN NATIONAL REGULATIONS.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland Reference number
ISO/IEC FDIS 15944­12:2025(en) © ISO/IEC 2025

© ISO/IEC 2025 – All rights reserved
ii
ISO/IEC FDIS 15944-12:2025(en)
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Abbreviated terms .29
5 Fundamental privacy protection principles .31
5.1 Overview .31
5.2 Primary sources of privacy protection principles .32
5.3 Key eleven (11) privacy protection principles .32
5.4 Link to “consumer protection” and “individual accessibility” requirements (see ISO/
IEC 15944-8:—, 6.3) . 33
5.5 Privacy protection principles in the context of ILCM requirements . 34
5.6 Requirement for tagging (or labelling) sets of personal information (SPIs) in support of
privacy protection requirements (PPR) . 34
5.7 Requirements for making all personal information (PI) available to the buyer where
the buyer is an individual . 35
5.8 Rules governing ILCM aspects of personal information profiles (PIPs) . 35
6 Integrated set of information life cycle management (ILCM) principles in support of
information law and privacy protection requirements (PPR) .37
6.1 Primary purpose.37
6.2 Information life cycle management (ILCM) principles that support privacy protection
requirements (PPR) . 38
6.2.1 conformance with privacy protection requirements (PPR) and associated
information law requirements . 38
6.2.2 Direct relevance, informed consent and openness . 39
6.2.3 Ensuring that personal information is “under the control of” the organization
throughout its ILCM . 40
6.2.4 Limiting use, disclosure and retention .41
6.2.5 Timely, accurate, relevant . 44
6.2.6 Data integrity and quality .45
6.2.7 Safeguards for non-authorized disclosure requirements .45
6.2.8 Back-up, retention and archiving . 46
6.2.9 Disposition and expungement .47
6.2.10 Organizational archiving .47
6.2.11 Historical, statistical and/or research value .47
6.3 Requirement for tagging (or labelling) data elements in support of privacy protection
requirements (PPR) . 48
7 Rules governing ensuring accountability for and control of personal information (PI) .49
7.1 Purpose . 49
7.2 Key aspects of Open-edi requirements . 49
7.3 Key aspects of “under the control of” . 49
7.4 “under the control of” in support of PPR and in an ILCM context . 50
7.5 Implementing “under the control of” and accountability .51
8 Rules governing the specification of ILCM aspects of personal information .56
8.1 Overview . 56
8.2 Rules governing establishing ILCM responsibilities for personal information (PI).57
8.3 Rules governing establishing specifications for retention of personal information
(PI) — applicable “SRI retention triggers” .59
8.4 Rules governing identification and specification of state changes of personal
information (PI) .62
8.4.1 General requirements .62

© ISO/IEC 2025 – All rights reserved
iii
ISO/IEC FDIS 15944-12:2025(en)
8.4.2 Specification of state changes allowed to personal information (PI) . 63
8.4.3 Specification of store change type . 65
8.4.4 Rules governing specification of source of state changes .67
8.5 Rules governing disposition of personal information (PI). 68
8.6 Rules governing the establishment and maintenance of record retention and disposal
schedules (RRDS) for sets of personal information (SPIs) .71
9 Data conversion, data migration and data synchronization .73
9.1 Purpose . 73
9.2 Rules governing data conversion of set(s) of personal information (SPI) . 73
9.3 Rules governing requirements for data synchronization of sets of personal information
(SPI) .74
10 Rules governing the EDI of personal information (PI) between a primary ILCM Person
and its agent, third party and/or regulator . 76
10.1 General requirements .76
10.2 ILCM rules pertaining to use of an “agent” by a Person . 77
10.3 ILCM rules pertaining to use of a “third party” by a Person . 77
10.4 ILCM rules pertaining to the use of a “regulator” by a Person . 78
11 Conformance statement .79
11.1 Overview . 79
11.2 Conformance to the ISO/IEC 14662 Open-edi reference model and the ISO/
IEC 15944series .
...


Date: 2025-02-20
nd
Reference number of document: ISO/IEC FDIS 15944--12:2025(E) 2 edition
Committee identification: ISO/IEC JTC 001 1/SC 32/WG 01
Secretariat: ISO/IEC JTC1/SC32 ANSI
Date: 2025-03-28
Information technology — Business Operational View — operational
view —
Part 12:
Privacy protection requirements (PPR) on information life cycle
management (ILCM) and EDI of personal information (PI)
Technologies de l'information — Vue opérationnelle d'affaires —
Partie 12: Exigences en matière de protection de la vie privée (PPR) relatives à la gestion du cycle de vie de
l’information (ILCM) et de l'EDI des renseignements personnels (PI)
FDIS stage
ISO/IEC PRF FDIS 15944--12:2020(E2025(en)
© ISO/IEC 2025
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication
may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying,
or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO
at the address below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: + 41 22 749 01 11
EmailE-mail: copyright@iso.org
Website: www.iso.orgwww.iso.org
Published in Switzerland
ii © ISO/IEC 2020 – All rights reserved
© ISO/IEC 2025 – All rights reserved
ii
ISO/IEC FDIS 15944--12:2025(Een)
Contents
Foreword . ix
Introduction . x
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Abbreviated terms . 33
5 Fundamental privacy protection principles . 35
6 Integrated set of information life cycle management (ILCM) principles in support of
information law and privacy protection requirements (PPR) . 44
7 Rules governing ensuring accountability for and control of personal information (PI) . 58
8 Rules governing the specification of ILCM aspects of personal information . 68
9 Data conversion, data migration and data synchronization . 87
10 Rules governing the EDI of personal information (PI) between a primary ILCM Person
and its agent, third party and/or regulator . 91
11 Conformance statement . 94
Annex A (normative) Consolidated controlled vocabulary definitions and associated terms, as
human interface equivalents (HIEs), with cultural adaptability: English and French
language equivalency in an IT standardization context . 97
Annex B (normative) Consolidated set of rules in the ISO/IEC 15944 series of particular
relevance to privacy protection requirements (PPR) as external constraints on business
transactions which apply to personal information (PI) in an ILCM requirements context102
Annex C (informative) Business transaction model (BTM): Classes of constraints . 121
Annex D (normative) Linking ILCM rules to process phases rules of a business transaction . 126
Annex E (normative) Generic approach to ILCM decisions in a PPR context — ILCM conformance
decision tree and associated rules . 130
Annex F (informative) Generic approach to identification of properties and behaviours of
personal information (PI) as transitory records and their disposition/expungement . 135
Annex G (informative) Notes on referential integrity and privacy protection transactional
integrity (PPTI) in Open-edi among IT systems . 137
Annex H (informative) Exclusions to the scope of ISO/IEC 15944-12 . 139
Annex I (informative) Aspects not currently addressed in this document . 142
Bibliography . 151

Foreword . v
iii
Introduction . ix
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
© ISO/IEC 2025 – All rights reserved
iiiiii
ISO/IEC PRF FDIS 15944--12:2020(E2025(en)
4 Abbreviated terms . 33
5 Fundamental privacy protection principles . 35
5.1 Overview . 35
5.2 Primary sources of privacy protection principles . 36
5.3 Key eleven (11) privacy protection principles . 37
5.4 Link to “consumer protection” and “individual accessibility” requirements (see
ISO/IEC 15944-8:2025, 6.3) . 38
5.5 Privacy protection principles in the context of ILCM requirements . 39
5.6 Requirement for tagging (or labelling) sets of personal information (SPIs) in support of
privacy protection requirements (PPR) in accordance with ISO/IEC 15944-8:2025, 5.4 . 40
5.7 Requirements for making all personal information (PI) available to the buyer where the
buyer is an individual . 40
5.8 Rules governing ILCM aspects of personal information profiles (PIPs) . 40
6 Integrated set of information life cycle management (ILCM) principles in support of
information law and privacy protection requirements (PPR) . 42
6.1 Primary purpose of Clause 6 . 42
6.2 Information life cycle management (ILCM) principles that support privacy protection
requirements (PPR) . 44
6.2.1 Compliance with privacy protection requirements (PPR) and associated information law
requirements . 44
6.2.2 Direct relevance, informed consent and openness . 44
6.2.3 Ensuring that personal information is “under the control of” the organization
throughout its ILCM . 46
6.2.4 Limiting use, disclosure and retention . 47
6.2.5 Timely, accurate, relevant . 50
6.2.6 Data integrity and quality . 51
6.2.7 Safeguards for non-authorized disclosure requirements . 51
6.2.8 Back-up, retention and archiving . 52
6.2.9 Disposition and expungement . 53
6.2.10 Organizational archiving . 53
6.2.11 Historical, statistical and/or research value . 54
6.3 Requirement for tagging (or labelling) data elements in support of privacy protection
requirements (PPR) . 55
7 Rules governing ensuring accountability for and control of personal information (PI) . 55
7.1 Purpose . 55
7.2 Key aspects of Open-edi requirements . 55
7.3 Key aspects of “under the control of” . 56
iv © ISO/IEC 2020 – All rights reserved
© ISO/IEC 2025 – All rights reserved
iv
ISO/IEC FDIS 15944--12:2025(Een)
7.4 “under the control of” in support of PPR and in an ILCM context . 56
7.5 Implementing “under the control of” and accountability . 58
8 Rules governing the specification of ILCM aspects of personal information . 62
8.1 Overview . 62
8.2 Rules governing establishing ILCM responsibilities for personal information (PI) . 64
8.3 Rules governing establishing specifications for retention of personal information (PI) —
applicable “SRI retention triggers” . 66
8.4 Rules governing identification and specification of state changes of personal information
(PI) . 69
8.4.1 General requirements . 69
8.4.2 Specification of state changes allowed to personal information (PI) . 70
8.4.3 Specification of store change type . 73
8.4.4 Rules governing specification of source of state changes . 74
8.5 Rules governing disposition of personal information (PI) . 75
8.6 Rules governing the establishment and maintenance of record retention and disposal
schedules (RRDS) for sets of personal information (SPIs) . 79
9 Data conversion, data migration and data synchronization . 81
9.1 Purpose . 81
9.2 Rules governing data conversion of set(s) of personal information (SPI) . 82
9.3 Rules governing requirements for data synchronization of sets of personal information
(SPI) . 82
10 Rules governing the EDI of personal information (PI) between a primary ILCM Person
and its agent, third party, and/or regulator . 84
10.1 General requirements . 84
10.2 ILCM rules pertaining to use of an “agent”by a Person . 85
10.3 ILCM rules pertaining to use of a “third party”by a Person . 86
10.4 ILCM rules pertaining to use of a “regulator”by a Person .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC 15944-1:2025(Main)
Information technology — Business operational view — Part 1: Operational aspects of open-edi for implementation

This document addresses the fundamental requirements of the commercial and legal frameworks and their environments on business transactions. It also integrates the requirements of the information technology and telecommunications environments. In addition to the existing strategic directions of "portability" and "interoperability", the added strategic direction of ISO/IEC JTC 1 of "cultural adaptability" is supported in this document. It also supports requirements arising from the public policy/consumer environment, cross-sectoral requirements and the need to address horizontal issues. It integrates these different sets of requirements. (See Figure 3) This document allows constraints which include legal requirements, commercial and/or international trade and contract terms, public policy (e.g. privacy/data protection, product or service labelling, consumer protection), laws and regulations to be defined and clearly integrated into Open-edi through the BOV. This means that terms and definitions in this document serve as a common bridge between these different sets of business operational requirements, allowing the integration of code sets and rules defining these requirements to be integrated into business processes electronically. This document contains a methodology and tool for specifying common business practices as part of common business transactions in the form of scenarios, scenario attributes, roles, Information Bundles and Semantic Components. It achieves this by: 1) developing standard computer processable specifications of common business rules and practices as scenarios and scenario components; and thus, 2) maximizing the re-use of these components in business transactions.

  • Draft
    212 pages
    English language
    sale 15% off
  • Draft
    212 pages
    English language
    sale 15% off
ISO
ISO/IEC 15944-17:2024(Main)
Information technology — Business operational view — Part 17: Fundamental principles and rules governing Privacy-by-Design (PbD) requirements in an EDI and collaboration space context

This document: a) focuses on PbD aspects of privacy protection requirements as external constraints on any type of Person, (e.g. organization or public administration) involved in any kind of business transaction among such Persons which involves the electronic data interchange (EDI) of any personal information; b) establishes a fundamental set of privacy principles known as Privacy by Design and assumptions based on primary sources; c) integrates existing normative elements in support of PbD as are already identified in ISO/IEC 14662 and ISO/IEC 15944-1, ISO/IEC 15944-5, ISO/IEC 15944-8, ISO 15944-12; d) provides overarching operational ‘best practice’ statements for associated (and not necessarily automated) processes, procedures, practices and governance requirements that need to act in support of implementing and enforcing technical mechanisms that support PbD in Open-edi transaction and collaboration space environments; e) focuses on PbD related aspects of the life cycle management of and accountability for the personal information, i.e. the contents of SPIs (and their SRIs) related to the business transaction interchanged via EDI as information bundles and their associated semantic components among the parties to a business transaction. This document focuses on the BOV aspects of a business transaction and does not concern itself with the technical mechanisms needed to implement the FSV aspects of the business requirements of the FSV including the specification of requirements of an FSV nature which include security techniques and services, communication protocols, etc.). The FSV includes any existing standard (or standards development of an FSV nature), which has been ratified by existing ISO, IEC, UN/ECE and/or ITU standards. This document does not specify the technical mechanisms, i.e. FSV which are required to support BOV-identified requirements. Detailed exclusions to the scope of this document are provided in Annex D.

  • Standard
    63 pages
    English language
    sale 15% off
ISO
ISO/IEC 15944-16:2023(Main)
Information technology — Business operational view — Part 16: Consolidated set of the rules and guidelines identified in ISO/IEC 15944 Business Operational View standards and their IT-enablement

This document provides a consolidated set of rules and associated guidelines as found and defined in the existing parts of the ISO/IEC 15944 series. NOTE Not all parts of the ISO/IEC 15944 series have rules, that is ISO/IEC 15944-6, ISO/IEC 15944-14 and ISO/IEC 15944-20.

  • Standard
    213 pages
    English language
    sale 15% off
ISO
ISO/IEC 15944-9:2023(Main)
Information technology — Business operational view — Part 9: Business transaction traceability framework for commitment exchange

This document: — specifies a group of structured and inter-related concepts pertaining to traceability as a legal or regulatory requirement in the Open-edi context, in addition to concepts that appear in other parts of ISO/IEC 15944 series these concepts having the characteristics of cultural adaptability through the use of multilingual terms and definitions; — provides additional specifications for Open-edi scenarios and scenario components from the perspective of traceability as required by internal or external constraints in business transactions; — provides a more detailed specification for business transactions regarding aspects of traceability, including refined models of Person, Data and Process in support of the ability for Open-edi to incorporate elements or characteristics of traceability in its information bundles (including their semantic components) and business processes; — realizes specifications and descriptions from the traceability requirements as rules and guidelines, to provide recommendations or guidance on Open-edi practices; and, — provides revised primitive Open-edi scenario templates for traceability, integrating the modifications to the template from other existing parts of ISO/IEC 15944 series. This document can be used by Open-edi implementers (including business modellers and system designers) and Open-edi standard developers in specifying Open-edi scenarios, developing Open-edi related standards, and implementing Open-edi rules and guidelines for Open-edi activities. This document does not specify the FSV aspects of traceability, internal behaviour requirements of an organization, or traceability as a metrological concept. Detailed exclusions to the scope of this document are provided in Annex H.

  • Standard
    60 pages
    English language
    sale 15% off
ISO
ISO/IEC 15944-10:2023(Main)
Information technology — Business operational view — Part 10: IT-enabled coded domains as semantic components in business transactions

This document specifies the fundamental principles governing coded domains, identification and description of the coded domains from the BOV view, the rules governing the rule-base of coded domains, the rules for management of ID codes, rules for specifying Human Interface Equivalents (HIEs) to an ID Code, the relations between the coded domain and controlled vocabularies, the rules governing the registration of coded domains as re-usable business objects, and the IT-enablement of coded domains. The document is applicable to the use of standards, specifications, authority files, etc., of a “codes representing X” nature being used in electronic business transactions among parties engaged in Open-edi, which pertains to flows of information using information bundles which cause pre-defined (or pre-definable) changes in the states of the IT systems of the parties to such electronic data interchanges. Detailed exclusions to the scope of this document are provided in Annex I.

  • Standard
    105 pages
    English language
    sale 15% off
ISO
ISO/IEC 15944-21:2023(Main)
Information technology — Business operational view — Part 21: Guidance on the application of the Open-edi business transaction ontology in distributed business transaction repositories

This document specifies the business operational view of an implementation of an Open-edi Distributed Business Transaction Repository (OeDBTR), building on the principles and concepts defined in ISO/IEC 15944-4 of a business transaction. The repository stores the history of the transitions in states of the economic claim and/or other business entities that happen over the course of a business transaction, and does so for a collection of business events. These business events, comprised of transactions and their states, can be identified unambiguously so as to provide the ability to inspect or query the information at some point after the record has been made. The distributed nature of the repository offers users ubiquitous and robust access to the recorded history. A history of business transactions of market exchanges can be useful in auditing or other memoing-based activities, looking back at the immutable record of the interactions between parties. This document does not specify the Functional Services View of a particular implementation of an Open-edi Distributed Business Transaction Repository. For best performance, candidate technologies would likely exhibit properties of long-term permanence, robust immutability, decentralized access, distributed resilience, and fine-grained addressability.

  • Standard
    21 pages
    English language
    sale 15% off
ISO
ISO/IEC TR 15944-14:2020(Main)
Information technology — Business operational view — Part 14: Open-edi reference model and cloud computing architecture

This document: — examines the basic concepts that have been developed for both cloud computing and Open-edi; — identifies key Open-edi concepts relevant to cloud computing; — identifies key cloud computing concepts relevant to Open-edi; — compares Open-edi model and cloud computing architecture and identifies mappings (similarities in whole or in part) between them using formal semantic modelling techniques.

  • Technical report
    45 pages
    English language
    sale 15% off
ISO
ISO/IEC 15944-12:2020(Main)
Information technology — Business operational view — Part 12: Privacy protection requirements (PPR) on information life cycle management (ILCM) and EDI of personal information (PI)

This document: — provides method(s) for identifying, in Open-edi modelling technologies and development of scenarios, the additional requirements in business operational view (BOV) specifications for identifying the additional external constraints to be applied to recorded information in business transactions relating to personal information of an individual, as required by legal and regulatory requirements of applicable jurisdictional domains; — integrates existing normative elements in support of privacy and data protection requirements as are already identified in ISO/IEC 14662 and ISO/IEC 15944-1, ISO/IEC 15944-2, ISO/IEC 15944-4, ISO/IEC 15944-5, ISO/IEC 15944-8, ISO/IEC 15944-9, and ISO/IEC 15944-10; — provides overarching, operational ?best practice' statements for associated (and not necessarily automated) processes, procedures, practices and governance requirements that act in support of implementing and enforcing technical mechanisms which support the privacy/data protection requirements necessary for implementation in Open-edi transaction environments; — focuses on the life cycle management of personal information i.e., the contents of SPIs (and their SRIs) related to the business transaction interchanged via EDI as information bundles and their associated semantic components among the parties to a business transaction. NOTE Privacy protection requirements (PPR) on information life cycle management (ILCM) and EDI of personal information as stated in this document serve as a minimum set of ILCM policy and operational requirements for all recorded information pertaining to a business transaction in particular, as well as ILCM implementation in any organization in general. This document does not specify the technical mechanisms, i.e., functional support services (FSV) which are required to support BOV-identified requirements. Detailed exclusions to the scope of this document are provided in Annex H.

  • Standard
    136 pages
    English language
    sale 15% off
ISO
ISO/IEC 15944-20:2015(Main)
Information technology — Business operational view — Part 20: Linking business operational view to functional service view

ISO/IEC 15944-20:2015 specifies the properties of Base Functional Specification View (FSV) Standards in order to best meet the requirements of the Business Operational View (BOV) with interoperable implementations. Base FSV standards exhibiting these properties support business transactions beyond those that are in compliance with Open-edi scenarios (OeS). Additional beneficial business transactions may also be supported between a given IT system and IT system(s) outside of the Open-edi scenarios for which they were designed. These base FSV standards address those aspects of interoperability between IT systems used among Parties of the Open-edi Community participating in the scenario. Examples of such standards include the choreography of interchanges among systems, and the foundational structure and syntax used to express Information Bundles (IB) in the interchanges.

  • Standard
    27 pages
    English language
    sale 15% off
ISO
ISO/IEC 15944-2:2015(Main)
Information technology — Business operational view — Part 2: Registration of scenarios and their components as business objects

ISO/IEC 15944-2:2015 specifies procedures to be followed in establishing, maintaining, and publishing registers of unique, unambiguous and permanent identifiers and meanings that are assigned to Open-edi scenarios and scenario components. In order to accomplish this purpose, ISO/IEC 15944-2:2015 specifies elements of information that are necessary to provide identification and meaning to the registered items and to manage the registration of these items. ISO/IEC 15944-2:2015 defines the procedures to be applied by qualified JTC1 Registration Authority(ies) appointed by the ISO and IEC council to maintain a register(s) of Open-edi scenarios and/or scenario components for the purpose of their reusability.

  • Standard
    107 pages
    English language
    sale 15% off