IT-säkerhet
- +Ämnesområden
- +Informationsteknik, kontorsutrustning (21)
- Informationsteknik: allmänt (1)
- IT-säkerhet (11)
- +Kodning av information (3)
- Programspråk (0)
- Programutveckling och systemdokumentation (1)
- +Öppna system (OSI) (0)
- Nätarkitekturer (0)
- Datorgrafik (0)
- Mikroprocessorsystem (0)
- Terminalutrustning och övrig kringutrustning (0)
- Gränssnitt och anslutningsutrustning (0)
- Molnbaserade datortjänster (0)
- +Datalagringsmedier (0)
- +IT-tillämpningar (11)
- Kontorsutrustning (0)
This document specifies refinements for an application of EN ISO/IEC 27701 in a European context. This document is applicable to the same entities as is ISO/IEC 27701: all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations, which are PII controllers and/or PII processors. An organization can use this document for the implementation of the generic requirements and controls of EN ISO/IEC 27701 according to its context and its applicable obligations. Certification criteria based on these refinements can provide a certification model under ISO/IEC 17065 for processing operations performed within the scope of a privacy information management system according to EN ISO/IEC 27701, which can be combined with certification requirements for EN ISO/IEC 27701 under ISO/IEC 17021.
This document: - defines terms for identity management and specifies core concepts of identity and identity management, and their relationships; - is applicable to any information system where information relating to identity is processed or stored; - is considered to be a horizontal document for the following reasons: - it applies concepts such as distinguishing the term “identity” from the term “identifier” on the implementation of systems for the management of identity information and on the requirements for the implementation and operation of a framework for identity management, - it provides an important contribution to assess identity management systems with regard to their privacy-friendliness and their ability to assure the relevant attributes of an identity, and consequently it provides a foundation and a common understanding for any other standard addressing identity, identity information, and identity management.
This document: - provides guidelines for the implementation of systems for the management of identity information; - specifies requirements for the implementation and operation of a framework for identity management; - is applicable to any information system where information relating to identity is processed or stored; - is considered to be a horizontal document for the following reasons: - it applies concepts such as distinguishing the term "identity" from the term "identifier" on the implementation of systems for the management of identity information and on the requirements for the implementation and operation of a framework for identity management, - it provides an important contribution to assess identity management systems with regard to their privacy-friendliness and their ability to assure the relevant attributes of an identity, and consequently it provides a foundation and a common understanding for any other standard addressing identity, identity information, and identity management
- provides requirements and guidance for the management of identity information and for ensuring that an identity management system conforms to ISO/IEC 24760-1 and ISO/IEC 24760-2; - is applicable to any information system where information relating to identity is processed or stored; - is considered to be a horizontal document for the following reasons: - it applies concepts such as distinguishing the term “identity” from the term “identifier” on the implementation of systems for the management of identity information and on the requirements for the implementation and operation of a framework for identity management, - it provides an important contribution to assess identity management systems with regard to their privacy-friendliness and their ability to assure the relevant attributes of an identity, and consequently it provides a foundation and a common understanding for any other standard addressing identity, identity information, and identity management.
This document contains guidelines for developing and establishing policies and procedures for deletion of personally identifiable information (PII) in organizations by specifying: — a harmonized terminology for PII deletion; — an approach for defining deletion rules in an efficient way; — a description of required documentation; — a broad definition of roles, responsibilities and processes. This document is intended to be used by organizations where PII is stored or processed. This document does not address: — specific legal provision, as given by national law or specified in contracts; — specific deletion rules for particular clusters of PII that are defined by PII controllers for processing PII; — deletion mechanisms; — reliability, security and suitability of deletion mechanisms; — specific techniques for de-identification of data.
This document specifies requirements and guidance for the interoperability of data, data sharing mechanisms, and services within data spaces. It covers requirements, criteria and implementation guidance on: - dataset content, use restrictions, licences, data collection methodology, data quality and uncertainty, and on machine-readable formats to find, access and use of data; - data structures, data formats, vocabularies, classification schemes, taxonomies and code lists, and how to describe these elements a publicly available and consistent manner; - technical means to access the data, such as application programming interfaces, and their terms of use and quality of service to enable automatic access and transmission of data between parties; - where applicable, the means to enable the interoperability of tools for automating the execution of data sharing contracts. This document is applicable to all organizations participating in dataspaces, regardless of their size or type.
This document provides terminology, concepts, requirements, and guidance for logging of AI systems. It is primarily intended for organizations placing on the market or putting into service AI systems and is not specific to any particular sector.
This document provides guidance on managing an information security management system (ISMS) audit programme, on conducting audits, and on the competence of ISMS auditors, in addition to the guidance contained in ISO 19011. This document is applicable to those needing to understand or conduct internal or external audits of an ISMS or to manage an ISMS audit programme.
This document establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect personally identifiable information (PII) in line with the privacy principles in ISO/IEC 29100 for the public cloud computing environment. In particular, this document specifies guidelines based on ISO/IEC 27002:2022, taking into consideration the regulatory requirements for the protection of PII which can be applicable within the context of the information security risk environment(s) of a provider of public cloud services. This document is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations, which provide information processing services as PII processors via cloud computing under contract to other organizations. The guidelines in this document can also be relevant to organizations acting as PII controllers.
This document provides a privacy framework which: — specifies a common privacy terminology; — defines the actors and their roles in processing personally identifiable information (PII); — describes privacy safeguarding considerations; — provides references to known privacy principles for information technology. This document is applicable to natural persons and organizations involved in specifying, procuring, architecting, designing, developing, testing, maintaining, administering, and operating information and communication technology systems or services where privacy controls are required for the processing of PII
This document defines cyber security requirements for products with digital elements belonging to product category “Hardware Device with Security Boxes” (hereinafter called “Product” or “HWSB product”). The technical description of “Hardware Devices with Security Boxes” can be found in Annex II of [CRA]. The Hardware Devices with Security Boxes in scope are designed for deployment in a range of environments and where the threat landscape includes attackers with various attack potential. HWSB are hardware-based systems intended to provide secure storage, processing and use of sensitive data, including cryptographic assets, within a protected hardware boundary (envelope). This document applies to the HWSB part of the product. The applicability of this document to specific products is determined based on their intended purpose, use case and risk assessment.