Comprehensive guidelines for protecting PII throughout the AI system lifecycle 1. Introduction to ISO/IEC 27565 ISO/IEC 27565 provides comprehensive guidelines for protecting personally identifiable information (PII) throughout the lifecycle of artificial intelligence (AI) systems, from data collection and model training…

A comprehensive framework for age assurance systems balancing privacy and regulatory compliance 1. Introduction to ISO/IEC 27566-1 ISO/IEC 27566-1 establishes a comprehensive framework for age assurance systems — technical solutions that estimate or verify an individual’s age for the purpose…

Extension to ISO/IEC 27001 for privacy information management with PII controller and processor requirements 1. ISO/IEC 27701:2019 — Privacy Extension to ISO/IEC 27001 ISO/IEC 27701:2019 extends the ISO/IEC 27001 information security management system (ISMS) framework to address privacy information management…

A comprehensive framework for organizational privacy risk assessment and treatment 1. Introduction to ISO/IEC 27557 ISO/IEC 27557 provides a comprehensive framework for organizations to identify, assess, treat, and monitor privacy risks within their operations. Published as part of the ISO/IEC…

A systematic methodology for de-identification of personally identifiable information 1. Introduction to ISO/IEC 27559 ISO/IEC 27559 establishes a structured framework for de-identification of personally identifiable information (PII), providing organizations with a systematic methodology to reduce privacy risks while maintaining the…

Translating privacy principles into actionable engineering and organisational practices 1. Introduction to ISO/IEC 27561 ISO/IEC 27561 provides a structured framework for operationalising privacy principles within organizations, translating high-level privacy requirements into actionable engineering processes and organisational practices. It bridges the…

Concrete mechanisms and implementation guidance for privacy-preserving authentication 1. Overview of ISO/IEC 27553-2 Mechanisms ISO/IEC 27553-2:2022 builds upon the framework established in Part 1 by providing detailed technical specifications for privacy-preserving authentication mechanisms. While Part 1 defines the principles and…

End-to-end framework for data de-identification and re-identification risk management 1. Understanding ISO/IEC 27554:2022 ISO/IEC 27554:2022 establishes a comprehensive framework for de-identification of personally identifiable information (PII). In an era of big data analytics, artificial intelligence, and open data sharing, organizations…

Comprehensive guidelines for selecting and deploying Privacy Enhancing Technologies 1. Introduction to ISO/IEC 27555:2022 ISO/IEC 27555:2022 provides comprehensive guidelines for Privacy Enhancing Technologies (PETs) — a diverse set of tools, techniques, and systems designed to protect personal information while enabling…

Structured multi-criteria decision framework for selecting Privacy Enhancing Technologies 1. The Need for a PET Selection Framework ISO/IEC 27556:2022 addresses a fundamental challenge faced by privacy engineers and decision-makers: how to systematically select the most appropriate Privacy Enhancing Technology (PET)…

Smart home security and privacy guidelines addressing multi-vendor interoperability, voice assistant security, and residential IoT protection 1. Introduction to ISO/IEC 27403:2023 ISO/IEC 27403:2023 provides IoT security and privacy guidelines specifically tailored for domotics (smart home) environments. Published as part of…

Standardised cybersecurity labelling framework for IoT products with 1-5 star ratings, conformity assessment, and market implications 1. Purpose of ISO/IEC 27404:2024 ISO/IEC 27404:2024 defines a cybersecurity labelling framework for IoT products, enabling consumers and procurement professionals to make informed security…

A comprehensive engineering guide to Privacy Impact Assessment methodology 1. Introduction to ISO/IEC 27551:2022 ISO/IEC 27551:2022 provides structured guidelines for conducting Privacy Impact Assessments (PIA) within any organization that processes personally identifiable information (PII). Published as part of the ISO/IEC…

Framework and principles for privacy-preserving online authentication 1. Scope and Purpose of ISO/IEC 27553-1 ISO/IEC 27553-1:2022 establishes a comprehensive framework for the use of personally identifiable information (PII) in online authentication systems. As digital services increasingly rely on identity verification…

A Strategic Framework for Managing Cyber Risk through Insurance ISO/IEC 27102: A Strategic Framework for Cyber Insurance ISO/IEC 27102 provides guidelines for information security management regarding cyber insurance. As cyber threats grow in frequency and sophistication, organizations increasingly turn to…

A comprehensive framework for cybersecurity and privacy protection in IoT ecosystems 1. Scope and Purpose of ISO/IEC 27400:2022 ISO/IEC 27400:2022 provides comprehensive guidelines for cybersecurity, privacy, and data protection in the Internet of Things (IoT) ecosystem. Published by ISO/IEC JTC…

Baseline security requirements for IoT devices and gateways with capability class framework 1. Overview of ISO/IEC 27402:2023 ISO/IEC 27402:2023 specifies baseline security requirements for IoT devices and IoT gateways. Unlike the guideline-level 27400, this standard defines concrete, auditable requirements organised…