Connect with us

Hi, what are you looking for?

Information Security

ISO/IEC TR 27550

ISO/IEC TR 27550:2019 — Information technology — Security techniques — Privacy engineering for system life cycle processes

Introduction

“Privacy engineering” involves ensuring that privacy is integrated into the function of IT systems during the entire lifecycle, as part of their design and function.

The scope of the standard

Data privacy is a critical aspect of IT systems, so this IT security standard pertains to the design of IT systems to comply with that requirement.

The content

This standard:

– Addresses the ability of privacy engineering to support systems and security engineering, information risk management, human resource management, etc.
– Exceptional discussion of concepts like privacy-by-design and privacy-by-default, as well as privacy-by-default as described in the GDPR;
– Explains how privacy risks are identified, evaluated, and treated when designing IT systems;
– Describes how IT systems can be designed to comply with the OECD privacy principles that are the foundation of many laws and regulations regarding privacy.

Status

2019 marked the publication of the standard as a Technical Report.

Commentary

The operation, use, monitoring, management, and maintenance of IT systems and their privacy controls are just as important as the technical controls themselves, especially if they are systematically developed (engineered, documented, standardized, operational, managed, and maintained). It is good that this standard is not solely focused on technology.

Advertisement Advertisement
  • solutions-inc
  • solutions-inc
  • solutions-inc
  • solutions-inc

Latest Post

Advertisement Advertisement
  • solutions-inc
  • solutions-inc
  • solutions-inc
  • solutions-inc

You May Also Like

Information Privacy

ISO/IEC TS 27560 — Privacy technologies — Consent record information structure [Draft] Introduction For recording PII Principals’ (data subjects’) consent to data processing, this...

Compliance

The task to be performed ISO 27001 Clause 10.1 Nonconformity and corrective action, Clause 10 which includes sections 10.1 and 10.2 covers the “Act”...

Cyber Security

ISO/IEC TS 27110:2021 — Information security, cybersecurity and privacy protection — Cybersecurity framework development instructions Introduction As a Technical Specification, the standard (an architecture...

Compliance

The article discusses Compliance with Legal and Contractual Requirements, Identification of Applicable Legislation and Contractual Requirements and Intellectual Property Rights accordingly controls.A.18.1 Compliance with...