ISO/IEC 29134 has just been released. It’s titled Information technology – Security techniques – Guidelines for privacy impact assessment. For any company needing to know what privacy risks it faces, this standard is essential. It shows you how to create a PIA (Privacy Impact Assessment) report which can be used in any area of your business where privacy concerns exist.
Understanding privacy and privacy risks is especially important when digitally connected devices are involved. Risks may extend to your supplier base as well. Additionally there may be regulatory or other legal requirements you need to meet. The guidance you’ll find in the use of PIA’s in the ISO/IEC 29134 will help you identify areas needing attention.
The document approaches PIA’s systematically. First, it reviews how to prepare for the use of a PIA. This section touches on accountability and scaleability as well. Then the ISO/IEC 29134 has guidance on the process of conducting the PIA. Topics covered are threshold analysis, preparation, performing the review, and follow-up. Next the report itself is discussed. You’ll find information on the structure of the report, scope, requirements, risk assessment, creating a plan, and summarizing the results.
Four informative Annexes are included in the publication. They cover scale criteria for likelihood and level of impact for risks, generic threats, understanding terms used in PIA’s, and illustrated examples of a workflow diagram of the PIA process and of a privacy risk map. A 30-item bibliography completes this 52 page standard.
If you’re looking for help in identifying and assessing privacy issues for your company, this is the standard for you. Purchase this copyright publication from an authorized distributor like Document Center Inc. We have been selling standards since 1982. You can search for and order them at our webstore, www.document-center.com. Here is the direct link to the order page for ISO/IEC 29134 for your convenience.
For help with your compliance documentation requirements, contact our staff by phone (650-591-7600) or email (info@document-center.com). We have a wide variety of services and products to help you with your standardization needs. You’ll soon find out why so many folks make us their Standards Experts!