Information technology — Security techniques — Code of practice for personally identifiable information protection Technologies de l'information — Techniques de sécurité — Code de bonne pratique pour la protection des données à caractère personnelINTERNATIONAL STANDARDISO/IEC29151 Reference numberISO/IEC 29151:2017(E)First edition2017-08 © ISO/IEC 2017This preview is downloaded from www.sis.se. Buy the entire standard via https://www.sis.se/std-922311 ii © ISO/IEC 2017 – All rights reservedCOPYRIGHT PROTECTED DOCUMENT © ISO/IEC 2017, Published in SwitzerlandAll rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of the requester.ISO copyright officeCh. de Blandonnet 8 • CP 401CH-1214 Vernier, Geneva, SwitzerlandTel. +41 22 749 01 11Fax +41 22 749 09 [email protected] ISO/IEC 29151:2017(E)This preview is downloaded from www.sis.se. Buy the entire standard via https://www.sis.se/std-922311Rec. ITU -T X.1058 (03/2017) iii CONTENTS Page 1 Scope ................................ ................................ ................................ ................................ .............................. 1 2 Normative references ................................ ................................ ................................ ................................ ...... 1 3 Definitions and abbreviated terms ................................ ................................ ................................ .................. 1 3.1 Definitions ................................ ................................ ................................ ................................ ........... 1 3.2 Abbreviated terms ................................ ................................ ................................ ............................... 1 4 Overview ................................ ................................ ................................ ................................ ........................ 2 4.1 Objective for the protection of PII ................................ ................................ ................................ ...... 2 4.2 Requirement for the protection of PII ................................ ................................ ................................ . 2 4.3 Controls ................................ ................................ ................................ ................................ ............... 2 4.4 Selecting controls ................................ ................................ ................................ ................................ 2 4.5 Developing organization specific guidelines ................................ ................................ ....................... 3 4.6 Life cycle considerations ................................ ................................ ................................ ..................... 3 4.7 Structure of this Specification ................................ ................................ ................................ ............. 3 5 Information security policies ................................ ................................ ................................ .......................... 4 5.1 Management directions for information security ................................ ................................ ................ 4 6 Organization of information security ................................ ................................ ................................ .............. 4 6.1 Internal organization ................................ ................................ ................................ ........................... 4 6