Guidance for developing security and privacy functional requirements based on ISO/IEC 15408
This document provides guidance for:
— selecting and specifying security functional requirements (SFRs) from ISO/IEC 15408-2 to protect Personally Identifiable Information (PII);
— the procedure to define both privacy and security functional requirements in a coordinated manner; and
— developing privacy functional requirements as extended components based on the privacy…
CAN/CSA-ISO/IEC 18013-2:18 Information technology — Personal identification — ISO-compliant driving ...
1 Scope
ISO/IEC 18013 establishes guidelines for the design format and data content of an ISO-compliant driving
licence (IDL) with regard to human-readable features (ISO/IEC 18013-1), ISO machine-readable technologies
(ISO/IEC 18013-2), and access control, authentication and integrity validation (ISO/IEC 18013-3). It creates a
common basis for international use and mutual recognition of the…
Information technology — Personal identification — ISO-compliant driving licence — Part 3: Access co...
1 Scope
ISO/IEC 18013 establishes guidelines for the design format and data content of an ISO-compliant driving licence (IDL) with regard to human-readable features (ISO/IEC 18013-1), machine-readable technologies (ISO/IEC 18013-2), and access control, authentication and integrity validation (ISO/IEC 18013-3). It creates a common basis for international use and mutual recognition of the IDL…
Information technology — Security techniques — Guidelines for privacy impact assessment
1 Scope
This document gives guidelines for
— a process on privacy impact assessments, and
— a structure and content of a PIA report.
It is applicable to all types and sizes of organizations, including public companies, private companies, government entities and not-for-profit organizations.
This document is relevant to those involved in designing or implementing projects, including the…
Health informatics — Person-owned document repository for PHR applications and health information ex...
This document describes the concept of a person-owned repository (PoR) of health documents. It suggests representative uses for PoRs and surveys some of the existing technologies and projects that can be categorized as PoRs. It is, however, not intended to cover document formats (such as HL7 CDA), exact communication protocols, details of security and privacy protection strategies, or any other…
Intelligent transport systems — Criteria for privacy and integrity protection in probe vehicle infor...
This document specifies the basic rules to be considered by service providers handling privacy in probe vehicle information services. This document is aimed at protecting the privacy as well as the intrinsic rights and interests of the probe data subjects specified in ISO 24100:2010.
This document specifies the following items related to probe vehicle systems (PVS), i.e. systems collecting probe…
Intelligent transport systems — Cooperative ITS — Part 1: Roles and responsibilities in the context ...
This document contains a detailed description of the (actor invariant) roles (3.22) and responsibilities (3.21) required to deploy and operate Cooperative-ITS (C-ITS) (3.8). The organization/organization of actors / roles described in this document are designed to be appropriate for any fully operational system that uses the C-ITS concepts and techniques in order to achieve its service provision…
Information technology — Guidance for biometric enrolment
This document consolidates information relating to successful, secure and usable implementation of biometric enrolment processes, while indicating risk factors that organisations proposing to use biometric technologies will should address during procurement, design, deployment and operation. Much of the information is generic to many types of application, e.g. from national scale commercial and…
