Reference number
ISO/IEC 27557:2022
International Standard
ISO/IEC 27557:2022
Information security, cybersecurity and privacy protection — Application of ISO 31000:2018 for organizational privacy risk management
Edition 1
2022-11
Preview
ISO/IEC 27557:2022
71675
Indisponible en français
Publiée (Edition 1, 2022)

ISO/IEC 27557:2022

ISO/IEC 27557:2022
71675
Langue
Format
CHF 129
Convertir les francs suisses (CHF) dans une autre devise

Résumé

This document provides guidelines for organizational privacy risk management, extended from ISO 31000:2018.

This document provides guidance to organizations for integrating risks related to the processing of personally identifiable information (PII) as part of an organizational privacy risk management programme. It distinguishes between the impact that processing PII can have on an individual with consequences for organizations (e.g. reputational damage). It also provides guidance for incorporating the following into the overall organizational risk assessment:

—    organizational consequences of adverse privacy impacts on individuals; and

—    organizational consequences of privacy events that damage the organization (e.g. by harming its reputation) without causing any adverse privacy impacts to individuals.

This document assists in the implementation of a risk-based privacy program which can be integrated in the overall risk management of the organization.

This document is applicable to all types and sizes of organizations processing PII or developing products and services that can be used to process PII, including public and private companies, government entities, and non-profit organizations.

Informations générales

  •  : Publiée
     : 2022-11
    : Norme internationale publiée [60.60]
  •  : 1
  • ISO/IEC JTC 1/SC 27
    35.030 
  • RSS mises à jour

Cycle de vie

Vous avez une question?

Consulter notre Aide et assistance