International standard ISO/IEC 29101:2013 “Information technology – Security techniques – Privacy architecture framework” was published on November 1st, 2013. The standard describes the architecture of IT systems that process personally identifiable information (PII). Cybernetica researcher Dan Bogdanov was coordinating the development of the standard in the role of an editor since 2010. Other Cybernetica researchers also contributed to the contents of the standard.
The standard explains how to design, describe and compare IT systems that process PII. The standard is intended both for developers of new systems as well as auditors of existing systems. It is particularly helpful at developing new systems, as it provides a catalogue of components that help to protect PII during processing.
ISO/IEC JTC 1 is an international standardization body formed by countries around the world to develop international technical standards. ISO/IEC 29101:2013 was developed at the security techniques subcommittee SC 27. In Estonia, information security standardization is coordinated by the Estonian Centre for Standardization committee TK4 that carries out this work together with partners, including Cybernetica.
ISO/IEC 29101:2013 is available at the ISO website.