ISO/IEC 15045-3-2:2024

ISO/IEC 15045-3-2
Edition 1.0 2024-10
INTERNATIONAL
STANDARD
colour
inside
Information technology - Home Electronic System (HES) gateway –
Part 3-2: Privacy, security, and safety – Privacy framework

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or
by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either
IEC or IEC's member National Committee in the country of the requester. If you have any questions about ISO/IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.

IEC Secretariat Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigendum or an amendment might have been published.

IEC publications search - webstore.iec.ch/advsearchform IEC Products & Services Portal - products.iec.ch
The advanced search enables to find IEC publications by a Discover our powerful search engine and read freely all the
variety of criteria (reference number, text, technical publications previews, graphical symbols and the glossary.
committee, …). It also gives information on projects, replaced With a subscription you will always have access to up to date
and withdrawn publications. content tailored to your needs.

IEC Just Published - webstore.iec.ch/justpublished
Electropedia - www.electropedia.org
Stay up to date on all new IEC publications. Just Published
The world's leading online dictionary on electrotechnology,
details all new publications released. Available online and once
containing more than 22 500 terminological entries in English
a month by email.
and French, with equivalent terms in 25 additional languages.

Also known as the International Electrotechnical Vocabulary
IEC Customer Service Centre - webstore.iec.ch/csc
(IEV) online.
If you wish to give us your feedback on this publication or need

further assistance, please contact the Customer Service
Centre: sales@iec.ch.
ISO/IEC 15045-3-2
Edition 1.0 2024-10
INTERNATIONAL
STANDARD
colour
inside
Information technology - Home Electronic System (HES) gateway –

Part 3-2: Privacy, security, and safety – Privacy framework

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 35.200; 35.240.99 ISBN 978-2-8322-9880-0

– 2 – ISO/IEC 15045-3-2:2024 © ISO/IEC 2024
CONTENTS
FOREWORD . 4
INTRODUCTION . 6
0.1 Overview. 6
0.2 Relation to existing work . 6
0.3 Privacy in HES gateway . 6
0.4 Future features . 7
1 Scope . 8
2 Normative references . 8
3 Terms, definitions and abbreviated terms . 8
3.1 Terms and definitions . 8
3.2 Abbreviated terms . 10
4 Conformance . 10
5 Considerations, architecture and requirements . 10
5.1 Overview. 10
5.2 Premises and personally identifiable information (PPII) . 11
5.3 PPII parties . 12
5.4 Privacy principles . 12
5.4.1 Privacy principles summary . 12
5.4.2 Consent and choice . 12
5.4.3 Purpose legitimacy and specification . 14
5.4.4 Collection limitation . 14
5.4.5 Data minimization . 15
5.4.6 Use, retention and disclosure limitation . 15
5.4.7 Accuracy and quality . 16
5.4.8 Openness, transparency and notice . 16
5.4.9 Individual participation and access . 17
Annex A (informative) Mapping ISO/IEC 29100 to the HES gateway . 18
Annex B (normative) Permitted PPII flows . 19
B.1 General . 19
B.2 Local device or user to controller service module (Scenario A) . 20
B.3 Controller service module to processor service module (Scenario B) . 21
B.4 Processor service module to controller service module (Scenario C) . 22
B.5 Controller service module to local device or user (Scenario D) . 23
B.6 Local device or user to processor service module (Scenario E) . 24
B.7 Processor service module to local device or user (Scenario F) . 25
B.8 Controller service module to remote device or user (Scenario G) . 25
B.9 Processor service module to remote device or user (Scenario H) . 26
B.10 Remote device or user not allowed to view local device directly . 27
Annex C (informative) Use of other privacy standards, including JTC 1 . 28
Bibliography . 29

Figure 1 – ISO/IEC 15045-3-2 within the core interoperability and
HES gateway standards . 7
Figure 2 – HES gateway architecture for privacy . 11
Figure 3 – Conditioning for input of binding map allows blocking of PPII processing . 14

Figure A.1 – System layout for ISO/IEC 29100 . 18
Figure B.1 – Local device or user to controller service module . 20
Figure B.2 – Example of controller service module to processor service module . 21
Figure B.3 – Processor service module to controller service module . 22
Figure B.4 – Controller service module to local device or user . 23
Figure B.5 – Local device or user to processor service module . 24
Figure B.6 – Processor service module to local device or user . 25
Figure B.7 – Controller service module to remote device or user . 25
Figure B.8 – Processor service module to remote device or user . 26
Figure B.9 – Data flow not allowed . 27

Table 1 – Summary of HES gateway privacy principles . 12
Table A.1 – ISO/IEC 29100 and HES gateway terms . 18
Table B.1 – Permitted PPII flow . 19

– 4 – ISO/IEC 15045-3-2:2024 © ISO/IEC 2024
INFORMATION TECHNOLOGY –
HOME ELECTRONIC SYSTEM (HES) GATEWAY –

Part 3-2: Privacy, security, and safety – Privacy framework

FOREWORD
1) ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission)
form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC
participate in the development of International Standards through technical committees established by the
respective organization to deal with particular fields of technical activity. ISO and IEC technical committees
collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental,
in liaison with ISO and IEC, also take part in the work.
2) The formal decisions or agreements of IEC and ISO on technical matters express, as nearly as possible, an
international consensus of opinion on the relevant subjects since each technical committee has representation
from all interested IEC and ISO National bodies.
3) IEC and ISO documents have the form of recommendations for international use and are accepted by IEC and
ISO National bodies in that sense. While all reasonable efforts are made to ensure that the technical content of
IEC and ISO documents is accurate, IEC and ISO cannot be held responsible for the way in which they are used
or for any misinterpretation by any end user.
4) In order to promote international uniformity, IEC and ISO National bodies undertake to apply IEC and ISO
documents transparently to the maximum extent possible in their national and regional publications. Any
divergence between any IEC and ISO document and the corresponding national or regional publication shall be
clearly indicated in the latter.
5) IEC and ISO do not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC and ISO marks of conformity. IEC and ISO are not
responsible for any services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this document.
7) No liability shall attach to IEC and ISO or their directors, employees, servants or agents including individual
experts and members of its technical committees and IEC and ISO National bodies for any personal injury,
property damage or other damage of any nature whatsoever, whether direct or indirect, or for costs (including
legal fees) and expenses arising out of the publication, use of, or reliance upon, this ISO/IEC document or any
other IEC and ISO documents.
8) Attention is drawn to the Normative references cited in this document. Use of the referenced publications is
indispensable for the correct application of this document.
9) IEC and ISO draw attention to the possibility that the implementation of this document may involve the use of (a)
patent(s). IEC and ISO take no position concerning the evidence, validity or applicability of any claimed patent
rights in respect thereof. As of the date of publication of this document, IEC and ISO had not received notice of
(a) patent(s), which may be required to implement this document. However, implementers are cautioned that this
may not represent the latest information, which may be obtained from the patent database available at
https://patents.iec.ch and www.iso.org/patents. IEC and ISO shall not be held responsible for identifying any or
all such patent rights.
ISO/IEC 15045-3-2 has been prepared by subcommittee 25: Interconnection of information
technology equipment, of ISO/IEC joint technical committee 1: Information technology. It is an
International Standard.
The text of this International Standard is based on the following documents:
Draft Report on voting
JTC1-SC25/3190/CDV JTC1-SC25/3261/RVC

Full information on the voting for its approval can be found in the report on voting indicated in
the above table.
The language used for the development of this International Standard is English.
This document was drafted in accordance with ISO/IEC Directives, Part 2, and developed in
accordance with ISO/IEC Directives, Part 1, and the ISO/IEC Directives, JTC 1 Supplement
available at www.iec.ch/members_experts/refdocs and www.iso.org/directives.

A list of all parts in the ISO/IEC 15045 series, published under the general title Information
technology – Home Electronic System (HES) gateway, can be found on the IEC and
ISO websites.
IMPORTANT – The "colour inside" logo on the cover page of this document indicates
that it contains colours which are considered to be useful for the correct understanding
of its contents. Users should therefore print this document using a colour printer.

– 6 – ISO/IEC 15045-3-2:2024 © ISO/IEC 2024
INTRODUCTION
0.1 Overview
The Home Electronic System (HES) is a set of standards that supports communication, control,
and monitoring applications for homes and buildings. However, homes and buildings present a
heterogeneous and evolving networked environment, where many of these networks and
applications (including some that are based on HES standards) are not directly interoperable
with each other. HES standards achieve interoperability through the ISO/IEC 15045 series,
which relies on the ISO/IEC 18012 series to support functional interworking among the
dissimilar home devices, applications, protocols, and networks found in this environment. The
ISO/IEC 15045 series and ISO/IEC 18012 series were created to render all protocols
interoperable.
The HES gateway enables an open and adaptable market for incompatible products by
specifying a standardized modular system intended to provide interoperability among the
diversity of networks found in homes and buildings. The HES interoperability process does not
require modification of the various networks, applications, or protocols that use it. Appropriate
interworking functions translate network messages through interface modules to a common
lexicon expression that is then exchanged using a private internal network bus protocol.
A protected application platform using a bus protocol supports an expanding array of services
for both the applications and the network.
In summary, the ISO/IEC 15045 series specifies a standardized modular dedicated private
internal network system that includes:
• interfaces (i.e. interface modules) for communication and semantic translation among
dissimilar home area networks (HANs), and between a HAN and external wide area
networks (WANs),
• a platform for supporting a variety of application services (i.e. service modules), and
• a secure communication path among these modular elements with access restricted to the
appropriate elements in order to protect data, safety and privacy.
0.2 Relation to existing work
The concepts of product interoperability are introduced in ISO/IEC 18012-1. The interworking
function (IWF) is specified in ISO/IEC 18012-2. The message content, including applications,
interface and service objects will be specified in ISO/IEC 18012-3. The method and format of
communication packet exchanges or direct API exchanges within a gateway will be specified in
ISO/IEC 18012-4.
0.3 Privacy in HES gateway
The HES gateway is described in ISO/IEC 15045-1. Several structural configurations of the
HES gateway are described in ISO/IEC 15045-4-1. All structural classes use the HES
interoperability system described above. However, for classes that use physically separated
modules, communication among modular elements is provided by a dedicated private serial bus
(i.e. Ethernet) and utilizes a set of protocols now known as the common language internal
protocol (CLIP), originally called the GL bus in ISO/IEC 15045-2. All HES gateway structural
class configurations use the same interworking functions, including lexicon, and event
encoding.
Privacy, security and safety requirements for the HES gateway are specified in
ISO/IEC 15045-3-1. ISO/IEC 15045-3-2 (this document) provides specifications that fulfil the
privacy requirements of ISO/IEC 15045-3-1. These privacy considerations are based upon
ISO/IEC 29100.
The privacy aspects in this document are focused on individual premises, and not focused on
apartment complexes or multi-family dwellings. Such situations are handled with
"interconnected gateways" structural class. A future part of the ISO/IEC 15045-4 series will
detail the privacy considerations and enhancements relating to these types of dwellings.
Figure 1 shows the core interoperability and HES gateway series of standards and where this
document fits into the HES gateway series.

Figure 1 – ISO/IEC 15045-3-2 within the core interoperability
and HES gateway standards
0.4 Future features
The HES gateway is structured to provide a foundation upon which features can be added as
appropriate while maintaining the privacy, security, safety and interoperability capabilities. The
interoperable objects, domains and services defined in the HES Lexicon can be expanded.

– 8 – ISO/IEC 15045-3-2:2024 © ISO/IEC 2024
INFORMATION TECHNOLOGY –
HOME ELECTRONIC SYSTEM (HES) GATEWAY –

Part 3-2: Privacy, security, and safety – Privacy framework

1 Scope
This document specifies cybersecurity requirements for protecting the privacy of premises and
personally identifiable information through the use of the HES gateway and related HES
standards. This document applies a set of principles including those specified in ISO/IEC 29100
that are applicable to the HES gateway such as consent, purpose legitimacy, collection
limitation, data minimization, retention, accuracy, openness, and individual access.
2 Normative references
There are no normative references in this document.
3 Terms, definitions and abbreviated terms
3.1 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following
addresses:
• IEC Electropedia: available at https://www.electropedia.org/
• ISO Online browsing platform: available at https://www.iso.org/obp
3.1.1
binding map
table that links inputs to outputs
3.1.2
controller service module
HES gateway service module that performs setup and configuration
Note 1 to entry: This module is similar to the "PII controller" in ISO/IEC 29100.
3.1.3
HES gateway
electronic device that transfers messages among WANs and HANs providing interoperability,
privacy, security and safety in accordance with the requirements of the ISO/IEC 15045 series
and ISO/IEC 18012 series standards
Note 1 to entry: For an HES gateway, a WAN is a network outside the protected area and a HAN is a network inside
the protected area.
[SOURCE: ISO/IEC 15045-3-1:2024, 3.1.3]

3.1.4
HES gateway system
HES gateway use case with specific in-premises networks and devices, and potentially off-
premises networks
[SOURCE: ISO/IEC 15045-3-1:2024, 3.1.4]
3.1.5
home electronic system
HES
collection of devices and components operating within the premises and interconnected over
one or more networks, in conformance with HES-related ISO/IEC standards
Note 1 to entry: The referenced ISO/IEC standards normally include HES in the title of each standard
[SOURCE: ISO/IEC 15045-3-1:2024, 3.1.2]
3.1.6
home electronic system common language message exchange
HES-CLME
protocol for messaging among HES gateway modules
3.1.7
local
logically situated within the premises
[SOURCE: ISO/IEC 15045-3-1:2024, 3.1.5]
3.1.8
PPII third party
entity or person having access to some premises and personally identifiable information (PPII)
intended or not by the other parties
3.1.9
premises and personally identifiable information
PPII
information associated with a premises or an individual that can be identified or linked to the
premises or individual
3.1.10
privacy
freedom from being observed or disturbed
[SOURCE: ISO/IEC 15045-3-1:2024, 3.1.6]
3.1.11
processor service module
HES gateway service module that operates real time functions
Note 1 to entry: This module is similar to the "PII processor" in ISO/IEC 29100.
3.1.12
remote
logically situated outside the premises
[SOURCE: ISO/IEC 15045-3-1:2024, 3.1.7]

– 10 – ISO/IEC 15045-3-2:2024 © ISO/IEC 2024
3.1.13
user
natural person
[SOURCE: ISO/IEC 15045-3-1:2024, 3.1.11]
3.2 Abbreviated terms
HAN home area network
HES home electronic system
HES-CLME HES common language message exchange
IP Internet Protocol
OSI Open Systems Interconnection
PII personally identifiable information
PPII premises and personally identifiable information
WAN wide area network
4 Conformance
An HES gateway system conforming to this document shall:
• implement the eight key privacy principles listed in 5.4.1, including supporting the HES
gateway lexicon indicated for each principle ("conditioning" in 5.4.2, "privacyAudience" in
5.4.5, etc.), and
• implement those features required for the specific system-application configuration,
including protection mechanisms, to cover at least one of the scenarios described in
Clause B.1. It shall also declare which of these scenarios it supports.
5 Considerations, architecture and requirements
5.1 Overview
This document outlines the architecture of the HES gateway system as it relates to privacy.
This document specifies mechanisms for how the gateway can protect information from entering
the premises from unauthorized users or leaving the premises to unauthorized users.
This document also specifies how gateway service modules can aid in privacy protection, both
for outgoing communication and for incoming communications, such as spam. It can be used to
protect children from accessing sensitive information as determined, for example, by their
parents.
Figure 2 shows how the HES gateway system operates within the premises and shows the
extent of the HES gateway as covered by the ISO/IEC 15045 and ISO/IEC 18012 series of
standards, and the communications between the key modules.

Figure 2 – HES gateway architecture for privacy
HAN and WAN interface modules translate messages from their native HAN or WAN protocol
to messages using interoperable objects on the HES gateway internal bus or translate
messages from the bus to the native HAN or WAN protocols. This message exchange is called
home electronic system common language message exchange (HES-CLME). HAN or WAN
interface modules communicate these objects with each other using HES-CLME only via the
binding map service, which is part of a service module.
The binding map functions required for privacy protection are specified in this document. The
flow of private information in the gateway is managed by one or more binding maps associated
with any given application service. The use of multiple binding maps can provide redundancy.
A binding map associates inputs with outputs (or sources with destinations), within the gateway.
It is up to the application developer (i.e. the software programmer that deals with the desired
application service) to use this binding resource properly to control the flow of information within
the constraints imposed by 1) the privacy principles, and 2) the particular user and service
provider terms of agreement. The default action is to protect the user and the private
information.
The HES gateway provides special features to a premises in addition to those of a conventional
gateway, including support for interoperability and cybersecurity, protection of data, privacy and
safety. Communications involving end-to-end encryption are not able to use these additional
services, but in the future limited services can be provided.
To clarify, the premises can have both conventional gateways and HES gateways.
5.2 Premises and personally identifiable information (PPII)
ISO/IEC 29100:2011 specifies several concepts that have been adopted in this document. In
particular, it specifies the concept of personally identifiable information (PII) . This document
extends the concept of PII by adding information that is or can be directly or indirectly
associated with a premises. This premises and personally identifiable information is abbreviated
PPII.
___________
See 2.9 in ISO/IEC 29100:2011.

– 12 – ISO/IEC 15045-3-2:2024 © ISO/IEC 2024
Information like room temperature and power consumption are typical elements of PII premises
information that can be misused if seen by unauthorized people.
5.3 PPII parties
A PPII principal is a local device or user that contains or generates information that can be
associated with either the building or a resident, and that is not seen by unauthorized users.
A PPII third party is a privacy stakeholder other than 1) the PPII principal, 2) the PPII controller
and the PPII processor, and 3) the natural persons who are authorized to process the data. The
resident shall instruct the PPII controller for which PPII third parties are authorized to receive
the information.
Further provisions are given in Annex B.
5.4 Privacy principles
5.4.1 Privacy principles summary
This HES gateway shall implement the eight key privacy principles summarized in Table 1,
which were developed by a number of countries, regions and international organizations. The
use of international privacy standards for developing this document is described in Annex C.
NOTE These eight principles are based upon the 11 privacy principles of ISO/IEC 29100:2011, Clause 5.
Table 1 – Summary of HES gateway privacy principles
Section Privacy principle
5.4.2 Consent and choice
5.4.3 Purpose legitimacy and specification
5.4.4 Collection limitation
5.4.5 Data minimization
5.4.6 Use, retention and disclosure limitation
5.4.7 Accuracy and quality
5.4.8 Openness,
...