ISO/IEC 29151:2017 信息技术 安全技术 个人可识别的信息保护的实践守则

标准编号：ISO/IEC 29151:2017

中文名称：信息技术 安全技术 个人可识别的信息保护的实践守则

英文名称：Information technology — Security techniques — Code of practice for personally identifiable information protection

发布日期：2017-08

标准范围

ISO/IEC 29151:2017确立了实施控制的控制目标、控制措施和指南，以满足与个人识别信息（PII）保护相关的风险和影响评估确定的要求。特别是，本建议|国际标准规定了基于ISO/IEC 27002的指南，并考虑了在组织的信息安全风险环境中可能适用的处理PII的要求。ISO/IEC 29151:2017适用于作为PII控制器（定义见ISO/IEC 29100）的所有类型和规模的组织，包括公共和私营公司、政府实体和非政府组织-处理PII的营利组织。

ISO/IEC 29151:2017 establishes control objectives, controls and guidelines for implementing controls, to meet the requirements identified by a risk and impact assessment related to the protection of personally identifiable information (PII).In particular, this Recommendation | International Standard specifies guidelines based on ISO/IEC 27002, taking into consideration the requirements for processing PII that may be applicable within the context of an organization's information security risk environment(s).ISO/IEC 29151:2017 is applicable to all types and sizes of organizations acting as PII controllers (as defined in ISO/IEC 29100), including public and private companies, government entities and not-for-profit organizations that process PII.

标准预览图