1. Home
  2. Moldova standards
  3. STM
  4. St ISO IEC TR 27550-2019

ISO IEC TR 27550-2019 PDF

St ISO IEC TR 27550-2019

Name in English:
St ISO IEC TR 27550-2019

Name in Russian:
Ст ISO IEC TR 27550-2019

Description in English:

Original standard ISO IEC TR 27550-2019 in PDF full version. Additional info + preview on request

Description in Russian:
Оригинальный стандарт ISO IEC TR 27550-2019 в PDF полная версия. Дополнительная инфо + превью по запросу
Document status:
Active
Format:
Electronic (PDF)
Delivery time (for English version):
1 business day
Delivery time (for Russian version):
365 business days
SKU:
stiso27576
Choose Document Language:
€25

Full title and description

Information technology — Security techniques — Privacy engineering for system life cycle processes (ISO/IEC TR 27550:2019). This technical report provides practical privacy engineering guidelines to help organisations integrate privacy considerations across system life cycle processes, and explains relationships with system engineering, security engineering and risk management.

Abstract

ISO/IEC TR 27550:2019 describes privacy engineering activities for key engineering processes — including knowledge management, risk management, requirements analysis and architecture design — and clarifies how privacy-by-design and privacy-by-default principles can be applied during system development, implementation and operation. The guidance is intended for engineers, practitioners and managers responsible for systems that require privacy considerations.

General information

  • Status: Technical Report (TR)
  • Publication date: 15 September 2019
  • Publisher: ISO/IEC (developed by ISO/IEC JTC 1/SC 27 — Information security, cybersecurity and privacy protection)
  • ICS / categories: 35.030 (Information technology — Security techniques)
  • Edition / version: 1.0 (first edition, 2019)
  • Number of pages: 52

Scope

This report provides privacy engineering guidelines intended to help organisations integrate advances in privacy engineering into system life cycle processes. It covers the relationship between privacy engineering and other engineering viewpoints and outlines activities for embedding privacy considerations into requirements, design, risk treatment and operational processes. The guidance is technology‑agnostic and applicable across sectors and project types.

Key topics and requirements

  • Overview of privacy engineering and its relationship with system and security engineering.
  • Privacy-by-design and privacy-by-default principles and how to apply them in life cycle activities.
  • Privacy-related knowledge management and documentation practices.
  • Privacy risk identification, analysis and treatment integrated with existing risk management processes.
  • Requirements analysis for privacy (elicitation, specification and traceability).
  • Architecture and design considerations to support privacy objectives and controls.
  • Guidance for implementing operational and organizational measures that sustain privacy across system life cycle.

Typical use and users

Engineers and system architects embedding privacy into product and system design; security and privacy practitioners conducting privacy risk assessments and controls design; product managers, program managers and compliance teams seeking to align engineering practices with privacy principles; and auditors or assessors who evaluate privacy engineering practices.

Related standards

ISO/IEC TR 27550 complements other privacy and information security standards such as ISO/IEC 27701 (Privacy information management — PIMS) and guidance on privacy impact assessment (for example ISO/IEC 29134). It is intended to be used alongside information security management standards (ISO/IEC 27000 series) and national/regulatory privacy frameworks where applicable.

Keywords

privacy engineering; privacy-by-design; privacy-by-default; privacy risk management; system life cycle; requirements analysis; architecture; ISO/IEC JTC 1/SC 27; TR 27550

FAQ

Q: What is this standard?

A: ISO/IEC TR 27550:2019 is a Technical Report that provides guidelines for privacy engineering across system life cycle processes, helping organisations embed privacy considerations into engineering and risk management activities.

Q: What does it cover?

A: It covers the relationship between privacy engineering and other engineering viewpoints, privacy engineering activities in knowledge management, risk management, requirements analysis and architecture design, and practical guidance for applying privacy-by-design and privacy-by-default throughout the life cycle.

Q: Who typically uses it?

A: System and software engineers, security and privacy practitioners, product and program managers, compliance teams and others involved in design, development, deployment and operation of systems that process personal data.

Q: Is it current or superseded?

A: ISO/IEC TR 27550:2019 is the published Technical Report from 2019. Users should verify whether newer or related standards (for example updates to ISO/IEC privacy-related standards or management system standards) apply to their context before relying solely on this report.

Q: Is it part of a series?

A: It sits within the body of ISO/IEC JTC 1/SC 27 work on information security, cybersecurity and privacy protection and is intended to be used alongside other standards in the ISO/IEC 27000 family and privacy-specific standards like ISO/IEC 27701 and ISO/IEC 29134.

Q: What are the key keywords?

A: Privacy engineering, privacy-by-design, privacy-by-default, privacy risk management, system life cycle processes, requirements engineering, privacy controls.