iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO 22307:2008

(Main)

Financial services — Privacy impact assessment

Financial services — Privacy impact assessment

ISO 22307:2008 recognizes that a privacy impact assessment (PIA) is an important financial services and banking management tool to be used within an organization, or by “contracted” third parties, to identify and mitigate privacy issues and risks associated with processing consumer data using automated, networked information systems. ISO 22307:2008 describes the privacy impact assessment activity in general, defines the common and required components of a privacy impact assessment, regardless of business systems affecting financial institutions, and provides informative guidance to educate the reader on privacy impact assessments. A privacy compliance audit differs from a privacy impact assessment in that the compliance audit determines an institution's current level of compliance with the law and identifies steps to avoid future non-compliance with the law. While there are similarities between privacy impact assessments and privacy compliance audits in that they use some of the same skills and that they are tools used to avoid breaches of privacy, the primary concern of a compliance audit is simply to meet the requirements of the law, whereas a privacy impact assessment is intended to investigate further in order to identify ways to safeguard privacy optimally. ISO 22307:2008 recognizes that the choices of financial and banking system development and risk management procedures are business decisions and, as such, the business decision makers need to be informed in order to be able to make informed decisions for their financial institutions. ISO 22307:2008 provides a privacy impact assessment structure (common PIA components, definitions and informative annexes) for institutions handling financial information that wish to use a privacy impact assessment as a tool to plan for, and manage, privacy issues within business systems that they consider to be vulnerable.

Services financiers — Évaluation de l'impact privé

General Information

Status
Published
Publication Date
15-Apr-2008
ICS
03.060 - Finances. Banking. Monetary systems. Insurance
Technical Committee
ISO/TC 68/SC 9 - Information exchange for financial services
Drafting Committee
ISO/TC 68/SC 9 - Information exchange for financial services
Current Stage
9020 - International Standard under periodical review
Start Date
15-Apr-2024
Completion Date
15-Apr-2024
Ref Project

Buy Standard

ISO 22307:2008 - Financial services -- Privacy impact assessmentISO 22307:2008 - Financial services -- Privacy impact assessment
PreviousNext
Standard
ISO 22307:2008 - Financial services -- Privacy impact assessment
English language
28 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

INTERNATIONAL ISO
STANDARD 22307
First edition
2008-05-01

Financial services — Privacy impact
assessment
Services financiers — Évaluation de l'impact privé




Reference number
ISO 22307:2008(E)
©
ISO 2008

---------------------- Page: 1 ----------------------
ISO 22307:2008(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.


COPYRIGHT PROTECTED DOCUMENT


©  ISO 2008
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland

ii © ISO 2008 – All rights reserved

---------------------- Page: 2 ----------------------
ISO 22307:2008(E)
Contents Page
Foreword. iv
Introduction . v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions. 1
4 Abbreviated terms . 2
5 PIA requirements . 3
5.1 Overview of PIA requirements. 3
5.2 General PIA process requirements. 3
5.3 Specific PIA process requirements . 3
Annex A (informative) Frequently asked questions related to PIA . 8
Annex B (informative) General questionnaire to determine when to begin a PIA. 16
Annex C (informative) Questionnaire for PIA objectives . 17
Annex D (informative) Questionnaire on PIA initial procedures . 18
Annex E (informative) Questionnaire on adequacy of internal controls and procedures . 19
Annex F (informative) PIA questionnaire for assessing privacy impacts for retail financial
systems. 20
Bibliography . 28

© ISO 2008 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO 22307:2008(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
(ISO member bodies). The work of preparing International Standards is normally carried out through ISO
technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organiz
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO 18245:2023(Main)
Retail financial services — Merchant category codes

This document defines code values used to enable the classification of merchants into specific categories based on the type of business, trade or services supplied. Values are specified only for those merchant categories that are generally expected to originate retail financial transactions. It is not within the scope of this document to mandate the use of merchant category codes in any given situation.

  • Standard
    2 pages
    English language
    sale 15% off
ISO
ISO/TR 22126-3:2023(Main)
Financial services — Semantic technology — Part 3: Semantic enrichment of the ISO 20022 conceptual model

This document examines semantic enrichment to support the maintenance of the ISO 20022 conceptual model. It reports on existing and proposed practices to enrich a model: — in a repository, annotating repository concepts with metadata using semantic markup or constraints; — outside a repository, using references to repository concepts, such as the provenance of changes.

  • Technical report
    12 pages
    English language
    sale 15% off
ISO
ISO/TR 7340:2023(Main)
Reference data distribution in financial services

This document discusses the modes, related mainstream technologies, logical models, physical implementation models, data management (data storage and data security) and service quality control used in the reference data distribution in financial services. This document applies to the reference data distribution and transmission processes in financial services.

  • Technical report
    15 pages
    English language
    sale 15% off
ISO
ISO/TR 22126-5:2022(Main)
Financial services — Semantic technology — Part 5: Mapping from FIX Orchestra to the common model

This document reports on a study to map messages defined using FIX Orchestra into the ISO 20022 model.

  • Technical report
    6 pages
    English language
    sale 15% off
ISO
ISO 3531-1:2022(Main)
Financial services — Financial information eXchange session layer — Part 1: FIX tagvalue encoding

This document provides the normative specification of the FIX tagvalue encoding, which is one of the possible syntaxes for FIX messages.

  • Standard
    17 pages
    English language
    sale 15% off
ISO
ISO 3531-2:2022(Main)
Financial services — Financial information eXchange session layer — Part 2: FIX session layer

This document provides the normative specification of the FIX session layer standard and its session profiles.

  • Standard
    79 pages
    English language
    sale 15% off
ISO
ISO 3531-3:2022(Main)
Financial services — Financial information eXchange session layer — Part 3: FIX session layer test cases

This document provides a set of mandatory and optional conformity tests applicable to all versions of the FIX session layer standard.

  • Standard
    15 pages
    English language
    sale 15% off
ISO
ISO 5116-3:2021(Main)
Improving transparency in financial and business reporting — Harmonization topics — Part 3: Mapping between DPM and MDM

This document aims to provide an introduction to the topic of creating a conceptual model for storing multidimensional data which is received as XBRL instances that follow the rules defined by European taxonomies published by the European Banking Authority (EBA) or by the European Insurance and Occupational Pensions Authority (EIOPA).

  • Standard
    52 pages
    English language
    sale 15% off
ISO
ISO 5116-1:2021(Main)
Improving transparency in financial and business reporting — Harmonization topics — Part 1: European data point methodology for supervisory reporting

This document defines the Data Point Methodology for the creation of Data Point Models in the context of European supervisory reporting. Data Point Models are published by a European supervisory authority. To reflect the defined structures in a machine-readable form, they can be accompanied by an XBRL taxonomy. It is also possible to extend the described methodology to other environments.

  • Standard
    18 pages
    English language
    sale 15% off
ISO
ISO 5116-2:2021(Main)
Improving transparency in financial and business reporting — Harmonization topics — Part 2: Guidelines for data point modelling

This document provides guidelines for data point modelling for supervising experts. The main body consists of four sections. The interrogative form helps in choosing which section may best answer your question and lead you to a good understanding of the subject matter. After this first introductory section and the section containing terms and definitions, the main part starts to provide basic knowledge about different types of data models and data modelling approaches. The first and the second sections provide an overview of data models in general, in contrast to the third section that highlights the necessity of data modelling for supervisory data. This third section draws on the objectives and background information of the preceding sections. Furthermore, a paragraph classifies the Data Point Model introduced by the Eurofiling Initiative and elaborated by EIOPA and EBA, where many new terms related to DPM are introduced. Another paragraph explains the areas of application for the DPM. The third section concludes with a paragraph introducing a subset of the technical constrains that need to be considered in the creation process of the DPM. The fourth section gives step-by-step instructions on how to create a DPM. The paper concludes with remarks on the progress achieved so far, and provides an outlook on the software that is being developed at the moment to support you during the creation process.

  • Standard
    36 pages
    English language
    sale 15% off