ISO/IEC 15944-17:2024 信息技术 业务操作视图 第17部分：在电子数据交换（EDI）和协作空间背景中管理设计隐私（PbD）要求的基本原则和规则

标准编号：ISO/IEC 15944-17:2024

中文名称：信息技术 业务操作视图 第17部分：在电子数据交换（EDI）和协作空间背景中管理设计隐私（PbD）要求的基本原则和规则

英文名称：Information technology — Business operational view — Part 17: Fundamental principles and rules governing Privacy-by-Design (PbD) requirements in an EDI and collaboration space context

发布日期：2024-04

标准范围

ISO/IEC 15944-17:20 24本文件:a)侧重于隐私保护要求的PbD方面，作为对任何类型的人（例如组织或公共行政部门）的外部约束，这些人参与了涉及任何个人信息的电子数据交换（EDI）的任何类型的商业交易；b)建立一套基本的隐私原则，称为设计隐私和基于主要来源的假设；c)整合已在ISO/IEC 14662和ISO/IEC 15944-1、ISO/IEC 15944-5、ISO/IEC 15944-8、ISO 15944-12中确定的支持PbD的现有规范元素；d)为相关（不一定是自动化的）流程、程序、实践和治理要求提供总体操作“最佳实践”声明，这些流程、程序、实践和治理要求需要采取行动，以支持实施和执行支持开放中PbD的技术机制-edi交易和协作空间环境；e)侧重于个人信息的生命周期管理和责任的PbD相关方面，即与通过EDI作为信息包交换的商业交易相关的SPI（及其SRI）的内容及其在商业交易各方之间的相关语义组件。本文件侧重于商业交易的BOV方面，而不涉及实现FSV业务需求的FSV方面所需的技术机制，包括FSV性质的需求规范，包括安全技术和服务、通信协议等。）.FSV包括已被现有ISO、IEC、UN/ECE和/或ITU标准批准的任何现有标准（或FSV性质的标准开发）。本文件没有规定支持BOV确定的要求所需的技术机制，即FSV。附件D提供了本文件范围的详细排除。

ISO/IEC 15944-17:2024 This document:
a) focuses on PbD aspects of privacy protection requirements as external constraints on any type of Person, (e.g. organization or public administration) involved in any kind of business transaction among such Persons which involves the electronic data interchange (EDI) of any personal information;
b) establishes a fundamental set of privacy principles known as Privacy by Design and assumptions based on primary sources;
c) integrates existing normative elements in support of PbD as are already identified in ISO/IEC 14662 and ISO/IEC 15944-1, ISO/IEC 15944-5, ISO/IEC 15944-8, ISO 15944-12;
d) provides overarching operational ‘best practice’ statements for associated (and not necessarily automated) processes, procedures, practices and governance requirements that need to act in support of implementing and enforcing technical mechanisms that support PbD in Open-edi transaction and collaboration space environments;
e) focuses on PbD related aspects of the life cycle management of and accountability for the personal information, i.e. the contents of SPIs (and their SRIs) related to the business transaction interchanged via EDI as information bundles and their associated semantic components among the parties to a business transaction.
This document focuses on the BOV aspects of a business transaction and does not concern itself with the technical mechanisms needed to implement the FSV aspects of the business requirements of the FSV including the specification of requirements of an FSV nature which include security techniques and services, communication protocols, etc.). The FSV includes any existing standard (or standards development of an FSV nature), which has been ratified by existing ISO, IEC, UN/ECE and/or ITU standards.
This document does not specify the technical mechanisms, i.e. FSV which are required to support BOV-identified requirements. Detailed exclusions to the scope of this document are provided in Annex D.

标准预览图