🔥🔥 Don’t Miss Out on Our End of Autumn Sale. If you have any questions, feel free to click the bottom right corner to contact our customer service..

Concat us[email protected]
Shopping Cart

No products in the cart.

🔍
BS ISO/IEC 15944-12:2020

BS ISO/IEC 15944-12:2020

$215.11

Information technology. Business operational view – Privacy protection requirements (PPR) on information life cycle management (ILCM) and EDI of personal information (PI)

Published By Publication Date Number of Pages
BSI 2020 154
PDF Format Searchable Printable Preview Now
Guaranteed Safe Checkout
Categories: ,

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

This document:

  1. provides method(s) for identifying, in Open-edi modelling technologies and development of scenarios, the additional requirements in business operational view (BOV) specifications for identifying the additional external constraints to be applied to recorded information in business transactions relating to personal information of an individual, as required by legal and regulatory requirements of applicable jurisdictional domains;

  2. integrates existing normative elements in support of privacy and data protection requirements as are already identified in ISO/IEC 14662 and ISO/IEC 15944-1 , ISO/IEC 15944-2 , ISO/IEC 15944-4 , ISO/IEC 15944-5 , ISO/IEC 15944-8 , ISO/IEC 15944-9 , and ISO/IEC 15944-10 ;

  3. provides overarching, operational ‘best practice’ statements for associated (and not necessarily automated) processes, procedures, practices and governance requirements that act in support of implementing and enforcing technical mechanisms which support the privacy/data protection requirements necessary for implementation in Open-edi transaction environments;

  4. focuses on the life cycle management of personal information i.e., the contents of SPIs (and their SRIs) related to the business transaction interchanged via EDI as information bundles and their associated semantic components among the parties to a business transaction.

NOTE

Privacy protection requirements (PPR) on information life cycle management (ILCM) and EDI of personal information as stated in this document serve as a minimum set of ILCM policy and operational requirements for all recorded information pertaining to a business transaction in particular, as well as ILCM implementation in any organization in general.

This document does not specify the technical mechanisms, i.e., functional support services (FSV) which are required to support BOV-identified requirements. Detailed exclusions to the scope of this document are provided in Annex H.

PDF Catalog

PDF Pages PDF Title
2 undefined
7 Foreword
8 Introduction
17 1 Scope
2 Normative references
18 3 Terms and definitions
46 4 Abbreviated terms
47 5 Fundamental privacy protection principles
5.1 Overview
5.2 Primary sources of privacy protection principles
48 5.3 Key eleven (11) privacy protection principles
49 5.4 Link to “consumer protection” and “individual accessibility” requirements (see ISO/IEC 15944-8:2012, 6.3)
50 5.5 Privacy protection principles in the context of ILCM requirements
5.6 Requirement for tagging (or labelling) sets of personal information (SPIs) in support of privacy protection requirements (PPR) in accordance with ISO/IEC 15944-8:2012, 5.4
5.7 Requirements for making all personal information (PI) available to the buyer where the buyer is an individual
51 5.8 Rules governing ILCM aspects of personal information profiles (PIPs)
52 6 Integrated set of information life cycle management (ILCM) principles in support of information law and privacy protection requirements (PPR)
6.1 Primary purpose of Clause 6
54 6.2 Information life cycle management (ILCM) principles that support privacy protection requirements (PPR)
6.2.1 Compliance with privacy protection requirements (PPR) and associated information law requirements
6.2.2 Direct relevance, informed consent and openness
56 6.2.3 Ensuring that personal information is “under the control of” the organization throughout its ILCM
57 6.2.4 Limiting use, disclosure and retention
59 6.2.5 Timely, accurate, relevant
61 6.2.6 Data integrity and quality
6.2.7 Safeguards for non-authorized disclosure requirements
62 6.2.8 Back-up, retention and archiving
63 6.2.9 Disposition and expungement
6.2.10 Organizational archiving
6.2.11 Historical, statistical and/or research value
65 6.3 Requirement for tagging (or labelling) data elements in support of privacy protection requirements (PPR)
7 Rules governing ensuring accountability for and control of personal information (PI)
7.1 Purpose
7.2 Key aspects of Open-edi requirements
66 7.3 Key aspects of “under the control of”
7.4 “under the control of” in support of PPR and in an ILCM context
67 7.5 Implementing “under the control of” and accountability
72 8 Rules governing the specification of ILCM aspects of personal information
8.1 Overview
73 8.2 Rules governing establishing ILCM responsibilities for personal information (PI)
75 8.3 Rules governing establishing specifications for retention of personal information (PI) — applicable “SRI retention triggers”
78 8.4 Rules governing identification and specification of state changes of personal information (PI)
8.4.1 General requirements
79 8.4.2 Specification of state changes allowed to personal information (PI)
81 8.4.3 Specification of store change type
83 8.4.4 Rules governing specification of source of state changes
84 8.5 Rules governing disposition of personal information (PI)
87 8.6 Rules governing the establishment and maintenance of record retention and disposal schedules (RRDS) for sets of personal information (SPIs)
89 9 Data conversion, data migration and data synchronization
9.1 Purpose
90 9.2 Rules governing data conversion of set(s) of personal information (SPI)
9.3 Rules governing requirements for data synchronization of sets of personal information (SPI)
92 10 Rules governing EDI of personal information (PI) between primary ILCM Person, i.e., the seller, and its “agent”, “third party” and/or “regulator”
10.1 General requirements
93 10.2 ILCM rules pertaining to use of an “agent”
94 10.3 ILCM rules pertaining to use of a “third party”
10.4 ILCM rules pertaining to involvement of a “regulator”
95 11 Conformance statement
11.1 Overview
11.2 Conformance to the ISO/IEC 14662 Open-edi reference model and the ISO/IEC 15944 series
96 11.3 Conformance to ISO/IEC 15944-12
11.4 Conformance by agents and third parties to ISO/IEC 15944-12
97 Annex A (normative) Consolidated list of terms and definitions with cultural adaptability: ISO English and ISO French language equivalency
112 Annex B (normative) Consolidated set of rules in the ISO/IEC 15944 series of particular relevance to privacy protection requirements (PPR) as external constraints on business transactions which apply to personal information (PI) in an ILCM requirements c
128 Annex C (informative) Business transaction model (BTM): Classes of constraints
132 Annex D (informative) Linking ILCM to process phases of a business transaction
134 Annex E (informative) Generic approach to ILCM decisions in a PPR context — ILCM compliance decision tree
137 Annex F (informative) Generic approach to identification of properties and behaviours of personal information (PI) as transitory records and their disposition/expungement
139 Annex G (informative) Notes on referential integrity and privacy protection transactional integrity (PPTI) in Open-edi among IT systems
141 Annex H (informative) Exclusions to the scope of ISO/IEC 15944-12
143 Annex I (informative) Aspects not currently addressed in this document
146 Annex J (informative) List of parts of the ISO/IEC 15944 series
147 Annex K (informative) Abstract of ISO/IEC 15944-12: ISO English, ISO French and ISO Chinese
150 Bibliography

Related products

BS ISO/IEC 15944-12:2020
$215.11