ISO/IEC 27554

ISO/IEC 27554 — Information technology — Security techniques — Application of ISO 31000 for assessment of identity management-related risk [Draft]


To facilitate the application of ISO 31000 risk management guidelines to identity management, this standard will outline the associated risks.

To evaluate identity management-related risks through the ISO 31000 process, scenarios will be developed for processes and implementations as part of the risk assessment.

The scope of the standard

In particular, the standard applies to the assessment of risks associated with services and processes dependent upon or related to the management of identities. The risk assessment will exclude risks associated with delivery, technology, or security generally. Other standards that concern the control of identity information will be used alongside this standard.

By providing a standardized definition, context and impact of identity-related risks, the standard fills gaps in other standards.

The content

To be determined.


The project began in 2018.

The standard should be published by the end of 2023.

A skeletal outline was included in the first Working Draft.


To be determined.

About Author /

Start typing and press Enter to search