ISO/IEC TR 27550-2019 pdf free.Information technology — Securitytechniques — Privacy engineering forsystem life cycle processes.
This document provides privacy engineering guidelines that are intended to help organizationsintegrate recent advances in privacy engineering into system life cycle processes. It describes:
the relationship between privacy engineering and other engineering viewpoints (system engineering, security engineering, risk management); and
privacy engineering activities in key engineering processes such as knowledge management, risk management, requirement analysis,and architecture design.The intended audience includes engineers and practitioners who are involved in the development,implementation or operation of systems that need privacy consideration, as well as managers inorganizations responsible for privacy, development, product management, marketing, and operations.
There are no normative references in this document.
This document provides additional descriptions of processes, purposes,outcomes, activities and tasksconcerning privacy engineering where appropriate.Covered ISo/IEC/IEEE 15288 processes are shownin Table 1.
acquisition and supply processes: guidelines on the relationships between stakeholders in thesupply chain are needed to ensure that all relevant privacy requirements have been identified anddocumented and that they are provided to all sub-system suppliers as appropriate. This includesthe relations between Pll controllers and Pll processors as well as the relationships between PIIcontrollers/processors and suppliers;
human resources management process: guidelines on privacy engineering human resourcemanagement are needed to ensure that relevant competency is available and becomes an integralpart of an organization’s culture and core values;
knowledge management process: guidelines on howto carry out continuous improvementin privacyengineering are needed to ensure that best practices are updated within an organization;
risk management process: guidelines on how to carry out a risk management process are neededto ensure that relevant privacy risk sources, as well as relevant impacts, are properly assessed.Risk sources stem from problematic Pll processing as well as threats to and vulnerabilities of thesystem. The resulting impact may be on Pll principals’ privacy as well as organizations’ operationsand business;
stakeholders needs and requirements process: guidelines on how to address stakeholders’ privacyexpectations are needed;
system requirements definition process: guidelines on the transformation of privacy principles intoa set of operational requirements is needed to ensure that these principles are taken into accountfrom the start of the system life cycle;
architecture definition process: guidelines on the definition of a system architecture are needed toensurethatprivacy principles are taken into account.For instance,data minimization considerationscan have an influence on the location of data storage; and
design definition process: guidelines on the design of the system are needed to ensure thatappropriate privacy controls are integrated.ISO/IEC TR 27550 pdf download.