iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 27562:2024

(Main)

Information technology — Security techniques — Privacy guidelines for fintech services

Information technology — Security techniques — Privacy guidelines for fintech services

This document provides guidelines on privacy for fintech services. It identifies all relevant business models and roles in consumer-to-business relations and business-to-business relations, as well as privacy risks and privacy requirements, which are related to fintech services. It provides specific privacy controls for fintech services to address privacy risks. This document is based on the principles from ISO/IEC 29100, ISO/IEC 27701, and ISO/IEC 29184, the privacy impact assessment framework described in ISO/IEC 29134, and the risk management guideline described in ISO 31000. It also provides guidelines focusing on a set of privacy requirements for each stakeholder. This document can be applicable to all kinds of organizations such as regulators, institutions, service providers and product providers in the fintech service environment.

Technologies de l'information — Techniques de sécurité — Lignes directrices relatives à la protection de la vie privée pour les services fintech

General Information

Status
Published
Publication Date
10-Dec-2024
ICS
03.060 - Finances. Banking. Monetary systems. Insurance
35.030 - IT Security
35.240.40 - IT applications in banking
Technical Committee
ISO/IEC JTC 1/SC 27 - Information security, cybersecurity and privacy protection
Drafting Committee
ISO/IEC JTC 1/SC 27 - Information security, cybersecurity and privacy protection
Current Stage
6060 - International Standard published
Start Date
11-Dec-2024
Due Date
11-Dec-2024
Completion Date
11-Dec-2024
Ref Project

Buy Standard

ISO/IEC 27562:2024 - Information technology — Security techniques — Privacy guidelines for fintech services Released:12/11/2024ISO/IEC 27562:2024 - Information technology — Security techniques — Privacy guidelines for fintech services Released:12/11/2024
PreviousNext
Standard
ISO/IEC 27562:2024 - Information technology — Security techniques — Privacy guidelines for fintech services Released:12/11/2024
English language
30 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


International
Standard
ISO/IEC 27562
First edition
Information technology — Security
2024-12
techniques — Privacy guidelines for
fintech services
Technologies de l'information — Techniques de sécurité — Lignes
directrices relatives à la protection de la vie privée pour les
services fintech
Reference number
© ISO/IEC 2024
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2024 – All rights reserved
ii
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 4
5 Stakeholders and general considerations for fintech services . 5
5.1 Stakeholders and business models for fintech services .5
5.2 General considerations.6
5.2.1 General .6
5.2.2 Consumers .6
5.2.3 Regulators .6
5.2.4 Service providers .6
5.2.5 Financial company .7
6 General principles applicable to fintech services . 7
7 Actors in fintech services . 7
7.1 Service providers as a PII controller .7
7.1.1 General .7
7.1.2 Adherence to the privacy principles .7
7.2 Service providers as a PII processor .8
7.3 Customer as a PII principal .8
7.4 Financial company as a PII controller .8
7.5 Regulators .8
8 Privacy risks to actors . 8
8.1 General privacy threats .8
8.2 Privacy risks to service providers as PII controllers .9
8.3 Privacy risks to service providers as PII processors .11
8.4 Privacy risks to customers as PII principals.11
8.5 Privacy risks to financial companies as PII controllers . 12
9 Privacy controls for actors .12
9.1 General . 12
9.2 Privacy controls applicable to service providers as PII controllers . 13
9.2.1 General . 13
9.2.2 Policies to ensure compliance with data protection regulations — Control . 13
9.2.3 Request for permission and consent . 13
9.2.4 Legitimate purpose — Control . 13
9.2.5 Authentication mechanisms — Control.14
9.2.6 Automated decision making — Control.14
9.2.7 De-identification method — Control .14
9.2.8 Risk management and governance arrangements — Control .14
9.2.9 Preventing algorithmic discrimination — Control .14
9.2.10 Policy of encryption — Control .14
9.2.11 PII transfers between jurisdictions — Control .14
9.2.12 Malware infection — Control . 15
9.2.13 Data breach notification to the supervisory authority — Control . 15
9.2.14 Security logging and monitoring policy — Control . 15
9.2.15 Recovery procedures — Control . 15
9.2.16 Backup policy — Control . 15
9.2.17 Data provenance and traceability — Control . 15
9.2.18 Explainable and analysable automatic decision — Control . 15
9.3 Privacy controls applicable to service providers as PII processors . 15

© ISO/IEC 2024 – All rights reserved
iii
9.3.1 General . 15
9.3.2 Contract agreement — Control . 15
9.3.3 Non-disclosure — Control .16
9.3.4 Improper data disclosure — Control .16
9.3.5 Risk assessment — Control .16
9.3.6 Personal data breach management — Control .16
9.3.7 Privacy Impact Assessment (PIA) — Control .16
9.4 Privacy controls by fintech service providers for customers as PII principals .16
9.4.1 General .16
9.4.2 Rights of PII principals — Control .16
9.4.3 Due diligence — Control .16
9.4.4 PII management— Control .16
9.4.5 Re-identification and anonymization — Control .17
9.4.6 Discrimination — Control .17
9.4.7 Surveillance — Control .17
9.4.8 Systematic and extensive profiling — Control .17
9.4.9 Accessible information — Control .17
9.4.10 PII processing after log-in — Control .17
9.5 Privacy controls applicable to financial companies as PII controllers .17
9.5.1 General .17
9.5.2 Processing limitation — Control.17
9.5.3 PII disclosure limitation — Control.17
9.5.4 PII transfer management — Control .17
10 Privacy guidelines for actors .18
10.1 Privacy risk treatment.
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/TR 5863:2025(Main)
Integrative design of the building envelope — General principles

This document provides an overview of the design principles for the building envelope in order to achieve a high quality and energy efficient built environment. The design principles include: — thermal performance; — daylight and visual environment; — air quality; — provisions of natural and mechanical ventilation; — air barrier (airtightness); — watertightness; — moisture proof; — soundproofing; — sustainability and integration with technical building systems and controls. This document is applicable to new buildings and the retrofit of existing buildings.

  • Technical report
    18 pages
    English language
    sale 15% off
ISO
ISO 16823:2025(Main)
Non-destructive testing — Ultrasonic testing — Through-transmission technique

This document specifies the principles of ultrasonic through-transmission techniques. Through-transmission techniques can be used for: — detection of discontinuities; — determination of sound attenuation. The general principles required for the use of ultrasonic testing of industrial products are described in ISO 16810. The through-transmission technique is used for the testing of flat products, e.g. plates and sheets. Further, it can be used for tests, for example: — where the shape, dimensions or orientation of possible discontinuities are unfavourable for direct reflection; — of materials with high sound attenuation; — on thin test objects.

  • Standard
    12 pages
    English language
    sale 15% off
ISO
ISO 16122-1:2024(Main)
Agricultural and forestry machinery — Inspection of sprayers in use — Part 1: General

This document defines the general requirements to be fulfilled for the inspection of all types of sprayers for plant protection products used in agriculture, horticulture, forestry and other areas, except knapsack sprayers. NOTE For knapsack sprayers, see ISO/FDIS 19932–3:—. The specific requirements for the different types of sprayers are defined in the relevant specific parts of the ISO 16122 series. When used in conjunction with the relevant sprayer specific part (see Annex A), this document specifies the requirements and test methods for the inspection of sprayers in use. The requirements relate mainly to the condition of the sprayer with respect to potential risks for the environment and its performance to achieve a good application. This document also includes minimum requirements for the preparation of the sprayer for the inspection and the minimum safety requirements with respect to the safety of the inspector (test operator) during the inspection.

  • Standard
    8 pages
    English language
    sale 15% off
  • Standard
    9 pages
    French language
    sale 15% off
ISO
ISO/TR 5914:2024(Main)
Railway applications — Rolling stock — Interior passive safety

This document reports worldwide best practice to minimize the risk of death and injury to occupants of rail vehicles in the event of a collision or derailment. This document investigates recent interior designs for passenger areas in heavy rail vehicles (e.g. coaches, fixed units, trainsets), including refurbished interiors.

  • Technical report
    62 pages
    English language
    sale 15% off
ISO
ISO/IEC 15415:2024(Main)
Automatic identification and data capture techniques — Bar code symbol print quality test specification — Two-dimensional symbols

This document — specifies two methodologies for the measurement of specific attributes of two-dimensional bar code symbols – one of which applies to multi-row bar code symbologies and the other to two-dimensional matrix symbologies; — specifies methods for evaluating and grading these measurements and deriving an overall assessment of symbol quality; — gives information on possible causes of deviation from optimum grades to assist users in taking appropriate corrective action. This document applies to two-dimensional symbologies for which a reference decode algorithm has been defined, however the methodologies in this document can be applied partially or wholly to other similar symbologies. NOTE While this document can be applied to direct part marks, better correlation between measurement results and scanning performance can be obtained with ISO/IEC 29158 in combination with this document.

  • Standard
    46 pages
    English language
    sale 15% off
ISO
ISO 209:2024(Main)
Wrought aluminium and aluminium alloys — Chemical composition

This document specifies the chemical composition limits of wrought products and ingots intended to be wrought in aluminium and aluminium alloys.

  • Standard
    20 pages
    English language
    sale 15% off
  • Standard
    17 pages
    French language
    sale 15% off
ISO
ISO 4379:2024(Main)
Plain bearings — Copper alloy bushes — Dimensions and tolerances

This document specifies dimensions and tolerances for cylindrical and flanged bushes with inside diameter, d1, in the range 6 mm to 200 mm. This document applies to solid mono-metal copper alloy bushes to be used as plain bearings with and without oil holes and oil grooves.

  • Standard
    8 pages
    English language
    sale 15% off
ISO
ISO 23675:2024(Main)
Cosmetics — Sun protection test methods — In vitro determination of sun protection factor (SPF)

This document specifies a method for the in vitro determination of sun protection factor (SPF). This method is applicable to sunscreen products in form of an emulsion or alcoholic one-phase formulation, excluding in form of a loose or compressed powder or stick. Specifications are given to enable determination of the spectral absorbance characteristics of SPF protection in a reproducible manner. Use of this method is strictly for the determination of a static sun protection factor. It is not applicable for the determination of water-resistance properties of a sun protection product.

  • Standard
    44 pages
    English language
    sale 15% off
  • Standard
    45 pages
    French language
    sale 15% off
ISO
ISO 12129-1:2024(Main)
Plain bearings — Tolerances — Part 1: Fits

This document specifies a system of fits applicable to metallic plain bearings used in general engineering for mean relative bearing clearances, ψm, of 0,56 ‰ up to 3,15 ‰. Other clearance ranges can be used depending upon the requirements in specific applications. This system of fits is not applicable to half-bearings and bushes which, due to their special characteristics, are not measured by diameter but by wall thickness, and which are dimensionally changed on assembly. It is not applicable to profile bore or tilting pad bearings, or to cases where specific tolerances have been established by consideration of the bearing performance at both extremes of clearance. This document is applicable preferably to bearings in rotating machines or transmissions, but it can be used similarly in other ranges of application.

  • Standard
    9 pages
    English language
    sale 15% off
ISO
ISO 16122-3:2024(Main)
Agricultural and forestry machinery — Inspection of sprayers in use — Part 3: Sprayers for bush and tree crops

This document, when used together with ISO 16122-1:2024, specifies the requirements and test methods for the inspection of sprayers for bush and tree crops, when in use. The requirements relate mainly to the condition of the sprayer with respect to its potential risk for the environment and its performance to achieve good application. NOTE Requirements for the protection of inspectors during an inspection are given in ISO 16122-1:2024.

  • Standard
    15 pages
    English language
    sale 15% off
  • Standard
    15 pages
    French language
    sale 15% off