ISO/IEC 15944-12:2020 信息技术 业务操作视图 第12部分：个人信息生命周期管理（ILCM）和EDI（PI）的隐私保护要求（PPR）

标准编号：ISO/IEC 15944-12:2020

中文名称：信息技术 业务操作视图 第12部分：个人信息生命周期管理（ILCM）和EDI（PI）的隐私保护要求（PPR）

英文名称：Information technology — Business operational view — Part 12: Privacy protection requirements (PPR) on information life cycle management (ILCM) and EDI of personal information (PI)

发布日期：2020-05

标准范围

本文件:-提供用于在开放式edi建模技术和场景开发中识别业务操作视图(BOV)规范中的附加要求的方法，用于识别适用于与个人个人信息相关的业务交易中的记录信息的附加外部约束，如适用管辖域的法律和监管要求所要求的；-整合现有的规范性元素，以支持ISO/IEC 14662和ISO/IEC 15944-1、ISO/IEC 15944-2、ISO/IEC 15944-4、ISO/IEC 15944-5、ISO/IEC 15944-8、ISO/IEC 15944-9和ISO/IEC 15944-10中已经确定的隐私和数据保护要求；-提供总体的、可操作的？支持实施和执行支持隐私/数据保护的技术机制的相关（不一定是自动化的）流程、程序、实践和治理要求的最佳实践声明在开放式edi交易环境中实施的必要要求；-侧重于个人信息的生命周期管理，即通过EDI作为信息包交换的与商业交易相关的SPI（及其SRI）的内容及其在商业交易各方之间的相关语义组件。注:本文件中所述的关于信息生命周期管理（ILCM）和个人信息EDI的隐私保护要求（PPR）是一套最低限度的ILCM政策和操作要求，适用于与商业交易相关的所有记录信息，也适用于任何组织中的ILCM实施。本文件没有规定支持BOV确定的需求所需的技术机制，即功能支持服务（FSV）。附件H提供了本文件范围的详细排除。

This document:
- provides method(s) for identifying, in Open-edi modelling technologies and development of scenarios, the additional requirements in business operational view (BOV) specifications for identifying the additional external constraints to be applied to recorded information in business transactions relating to personal information of an individual, as required by legal and regulatory requirements of applicable jurisdictional domains;
- integrates existing normative elements in support of privacy and data protection requirements as are already identified in ISO/IEC 14662 and ISO/IEC 15944-1, ISO/IEC 15944-2, ISO/IEC 15944-4, ISO/IEC 15944-5, ISO/IEC 15944-8, ISO/IEC 15944-9, and ISO/IEC 15944-10;
- provides overarching, operational?best practice' statements for associated (and not necessarily automated) processes, procedures, practices and governance requirements that act in support of implementing and enforcing technical mechanisms which support the privacy/data protection requirements necessary for implementation in Open-edi transaction environments;
- focuses on the life cycle management of personal information i.e., the contents of SPIs (and their SRIs) related to the business transaction interchanged via EDI as information bundles and their associated semantic components among the parties to a business transaction.
NOTE Privacy protection requirements (PPR) on information life cycle management (ILCM) and EDI of personal information as stated in this document serve as a minimum set of ILCM policy and operational requirements for all recorded information pertaining to a business transaction in particular, as well as ILCM implementation in any organization in general.
This document does not specify the technical mechanisms, i.e., functional support services (FSV) which are required to support BOV-identified requirements. Detailed exclusions to the scope of this document are provided in Annex H.

标准预览图