Special requirements for digital infrastructure and digital health care technologies in Canadian hea...
Scope
1.1 General
This Standard provides a framework for the planning, design, and implementation of foundational digital infrastructure to support current and future health care data and technologies used in HCFs. It will address common integration requirements within the HCF and opportunities across the continuum of care. It is intended to assist in determining foundational investments that…
Information security, cybersecurity and privacy protection — Information security management systems...
1 Scope
This document specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. This document also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in this document are…
Information security, cybersecurity and privacy protection — Guidance on managing information securi...
1 Scope
This document provides guidance to assist organizations to:
— fulfil the requirements of ISO/IEC 27001 concerning actions to address information security risks;
— perform information security risk management activities, specifically information security risk assessment and treatment.
This document is applicable to all organizations, regardless of type, size or sector.
Information security, cybersecurity and privacy protection — Security and privacy requirements for a...
Scope
This document provides high-level security and privacy requirements and recommendations for authentication using biometrics on mobile devices, including security and privacy requirements and recommendations for functional components and for communication.
This document is applicable to the cases that the biometric data and derived biometric data do not leave the device, i.e. local modes
Information security, cybersecurity and privacy protection — Application of ISO 31000:2018 for organ...
Scope
This document provides guidelines for organizational privacy risk management, extended from ISO 31000:2018.
This document provides guidance to organizations for integrating risks related to the processing of personally identifiable information (PII) as part of an organizational privacy risk management programme. It distinguishes between the impact that processing PII can have on an…
Information security, cybersecurity and privacy protection — Privacy enhancing data de-identificatio...
Scope
This document provides a framework for identifying and mitigating re-identification risks and risks associated with the lifecycle of de-identified data.
This document is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations, that are PII controllers or PII processors acting on a controller’s behalf…
Information security, cybersecurity and privacy protection — Verification of cryptographic protocols...
Scope
This document establishes a framework for the verification of cryptographic protocol specifications according to academic and industry best practices.
Information technology — Security techniques — Guidelines for privacy impact assessment
Scope
This document gives guidelines for:
— a process on privacy impact assessments, and
— a structure and content of a PIA report.
It is applicable to all types and sizes of organizations, including public companies, private companies, government entities and not-for-profit organizations.
This document is relevant to those involved in designing or implementing projects, including the…
