ISO/IEC 30141:2018

ISO/IEC 30141
Edition 1.0 2018-08
INTERNATIONAL
STANDARD
colour
inside
Internet of Things (IoT) – Reference architecture

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about
ISO/IEC copyright or have an enquiry about obtaining additional rights to this publication, please contact the address
below or your local IEC member National Committee for further information.

IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.

IEC Catalogue - webstore.iec.ch/catalogue Electropedia - www.electropedia.org
The stand-alone application for consulting the entire The world's leading online dictionary of electronic and
bibliographical information on IEC International Standards, electrical terms containing 21 000 terms and definitions in
Technical Specifications, Technical Reports and other English and French, with equivalent terms in 16 additional
documents. Available for PC, Mac OS, Android Tablets and languages. Also known as the International Electrotechnical
iPad. Vocabulary (IEV) online.

IEC publications search - webstore.iec.ch/advsearchform IEC Glossary - std.iec.ch/glossary
The advanced search enables to find IEC publications by a 67 000 electrotechnical terminology entries in English and
variety of criteria (reference number, text, technical French extracted from the Terms and Definitions clause of
committee,…). It also gives information on projects, replaced IEC publications issued since 2002. Some entries have been
and withdrawn publications. collected from earlier publications of IEC TC 37, 77, 86 and

CISPR.
IEC Just Published - webstore.iec.ch/justpublished

Stay up to date on all new IEC publications. Just Published IEC Customer Service Centre - webstore.iec.ch/csc
details all new publications released. Available online and If you wish to give us your feedback on this publication or
also once a month by email. need further assistance, please contact the Customer Service
Centre: sales@iec.ch.
ISO/IEC 30141
Edition 1.0 2018-08
INTERNATIONAL
STANDARD
colour
inside
Internet of Things (IoT) – Reference architecture

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 35.020 ISBN 978-2-8322-5972-6

– 2 – ISO/IEC 30141:2018 © ISO/IEC 2018
CONTENTS
FOREWORD . 6
INTRODUCTION . 7
1 Scope . 9
2 Normative references . 9
3 Terms and definitions . 9
4 Abbreviated terms . 9
5 Internet of Things Reference Architecture (IoT RA) conformance . 10
6 IoT RA goals and objectives . 10
6.1 General . 10
6.2 Characteristics . 11
6.3 Conceptual Model . 11
6.4 Reference Model and architecture views . 11
7 Characteristics of IoT systems . 12
7.1 General . 12
7.2 IoT system trustworthiness characteristics . 13
7.2.1 General . 13
7.2.2 Availability . 14
7.2.3 Confidentiality . 14
7.2.4 Integrity . 15
7.2.5 Protection of personally identifiable information (PII) . 15
7.2.6 Reliability. 16
7.2.7 Resilience . 17
7.2.8 Safety . 17
7.3 IoT system architecture characteristics . 18
7.3.1 Composability . 18
7.3.2 Functional and management capability separation . 18
7.3.3 Heterogeneity . 19
7.3.4 Highly distributed systems . 20
7.3.5 Legacy support . 20
7.3.6 Modularity . 21
7.3.7 Network connectivity . 21
7.3.8 Scalability . 22
7.3.9 Shareability . 22
7.3.10 Unique identification . 23
7.3.11 Well-defined components. 23
7.4 IoT system functional characteristics . 24
7.4.1 Accuracy . 24
7.4.2 Auto-configuration . 25
7.4.3 Compliance . 25
7.4.4 Content-awareness . 26
7.4.5 Context-awareness . 26
7.4.6 Data characteristics – volume, velocity, veracity, variability and variety . 27
7.4.7 Discoverability . 27
7.4.8 Flexibility . 28
7.4.9 Manageability . 29
7.4.10 Network communication . 29

7.4.11 Network management and operation . 30
7.4.12 Real-time capability . 31
7.4.13 Self-description . 31
7.4.14 Service subscription . 32
8 IoT Conceptual Model (CM) . 32
8.1 Main purpose . 32
8.2 Concepts in the IoT CM . 33
8.2.1 IoT entities and domains . 33
8.2.2 Identity . 35
8.2.3 Services, network, IoT device and IoT gateway . 36
8.2.4 IoT-User . 38
8.2.5 Virtual entity, Physical Entity and IoT device . 39
8.3 High level view of CM . 41
9 IoT Reference Model (RM). 42
9.1 The IoT Reference Model context . 42
9.2 IoT RMs . 42
9.2.1 Entity-based RM . 42
9.2.2 Domain-based RM . 44
9.2.3 Relation between entity-based RM and domain-based RM . 46
10 IoT Reference Architecture (RA) views . 46
10.1 General description . 46
10.2 IoT RA functional view . 47
10.2.1 General . 47
10.2.2 Intra-domain functional components . 47
10.2.3 Cross-domain capabilities . 50
10.3 IoT RA system deployment view . 51
10.3.1 General . 51
10.3.2 Systems/sub-systems in Physical Entity Domain (PED) . 52
10.3.3 Systems/sub-systems in Sensing & Controlling Domain (SCD) . 52
10.3.4 Systems/sub-systems in Application & Service Domain (ASD) . 52
10.3.5 Systems/sub-systems in Operation & Management Domain (OMD) . 53
10.3.6 Systems/sub-systems in User Domain (UD) . 53
10.3.7 Systems/sub-systems in Resource Access & Interchange Domain (RAID) . 53
10.4 IoT RA networking view . 54
10.4.1 Communications networks . 54
10.4.2 Communication networks implementation . 55
10.5 IoT RA usage view . 56
10.5.1 General description . 56
10.5.2 Description of the roles, sub-roles and related activities . 56
10.5.3 Mapping activities, roles and IoT systems in domains . 61
11 IoT trustworthiness . 64
11.1 General . 64
11.2 Safety . 65
11.3 Security . 66
11.3.1 General . 66
11.3.2 IoT system Information Security Management System (ISMS) . 66
11.3.3 IoT system & product Security Life Cycle Reference Model . 68
11.4 Privacy and PII Protection . 69

– 4 – ISO/IEC 30141:2018 © ISO/IEC 2018
11.5 Reliability . 72
11.6 Resilience . 73
11.7 Trustworthiness and the Reference Architecture . 74
Annex A (informative) Interpreting UML Class diagram for Conceptual Model . 76
Annex B (informative) Entity relationship tables for the CM . 77
B.1 IoT entities and domains . 77
B.2 Identity . 78
B.3 Services, network, IoT device and IoT gateway . 78
B.4 IoT-User . 79
B.5 Virtual entity, Physical Entity and IoT device . 80
Annex C (informative) Relation between CM, RMs and RAs . 81
Bibliography . 83

Figure 1 – From generic Reference Architecture to context specific architecture . 8
Figure 2 – IoT RA structure . 11
Figure 3 – RM and architecture views . 12
Figure 4 – Entity and domain concepts of the CM . 33
Figure 5 – Domain interactions of the CM . 34
Figure 6 – Identity concept of the CM. 35
Figure 7 – Service, network, IoT device and IoT gateway concepts of the CM . 36
Figure 8 – IoT-User concepts of the CM . 38
Figure 9 – Virtual entity, Physical Entity, and IoT device concepts of the CM . 39
Figure 10 – High level view of CM . 41
Figure 11 – Entity-based IoT RM . 42
Figure 12 – Domain and entity relationship, and representative conceptual entities in
IoT systems . 44
Figure 13 – Domain-based IoT RM. 44
Figure 14 – Relation between entity-based RM and domain-based RM . 46
Figure 15 – IoT RA functional view –decomposition of IoT RA functional components . 47
Figure 16 – IoT RA system deployment view . 52
Figure 17 – IoT RA networking view . 54
Figure 18 – Roles present when the system is in use . 57
Figure 19 – IoT service provider sub-roles and activities . 59
Figure 20 – IoT service developer sub-roles and activities . 60
Figure 21 – IoT-User sub-roles and activities . 61
Figure 22 – Activities of device and application development . 63
Figure 23 – Using device data for security-related analytics and operations . 64
Figure 24 – IoT product Security Life Cycle Reference Model . 69
Figure A.1 – Generalization . 76
Figure A.2 – Association . 76
Figure C.1 – Relation between IoT CM, RM, and RA . 82

Table 1 – Characteristics of IoT systems. 13
Table 2 – Overview of activities and roles . 62

Table B.1 – Entity . 77
Table B.2 – Domain . 77
Table B.3 – Digital Entity . 77
Table B.4 – Physical Entity . 77
Table B.5 – IoT-User. 77
Table B.6 – Network . 78
Table B.7 – Identifier . 78
Table B.8 – Endpoint . 78
Table B.9 – IoT gateway . 78
Table B.10 – IoT device . 79
Table B.11 – Service. 79
Table B.12 – Human user . 79
Table B.13 – Digital user. 79
Table B.14 – Application . 80
Table B.15 – Sensor . 80
Table B.16 – Actuator . 80
Table B.17 – Virtual entity . 80

– 6 – ISO/IEC 30141:2018 © ISO/IEC 2018
INTERNET OF THINGS (IoT) – REFERENCE ARCHITECTURE
FOREWORD
1) ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission)
form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC
participate in the development of International Standards through technical committees established by the
respective organization to deal with particular fields of technical activity. ISO and IEC technical committees
collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in
liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have
established a joint technical committee, ISO/IEC JTC 1.
2) The formal decisions or agreements of IEC and ISO on technical matters express, as nearly as possible, an
international consensus of opinion on the relevant subjects since each technical committee has representation
from all interested IEC National Committees and ISO member bodies.
3) IEC, ISO and ISO/IEC publications have the form of recommendations for international use and are accepted
by IEC National Committees and ISO member bodies in that sense. While all reasonable efforts are made to
ensure that the technical content of IEC, ISO and ISO/IEC publications is accurate, IEC or ISO cannot be held
responsible for the way in which they are used or for any misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees and ISO member bodies undertake to
apply IEC, ISO and ISO/IEC publications transparently to the maximum extent possible in their national and
regional publications. Any divergence between any ISO, IEC or ISO/IEC publication and the corresponding
national or regional publication should be clearly indicated in the latter.
5) ISO and IEC do not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. ISO or IEC are not responsible
for any services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or ISO or its directors, employees, servants or agents including individual experts
and members of their technical committees and IEC National Committees or ISO member bodies for any
personal injury, property damage or other damage of any nature whatsoever, whether direct or indirect, or for
costs (including legal fees) and expenses arising out of the publication of, use of, or reliance upon, this ISO/IEC
publication or any other IEC, ISO or ISO/IEC publications.
8) Attention is drawn to the normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this ISO/IEC publication may be the subject of
patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
International Standard ISO/IEC 30141 was prepared by subcommittee 41: Internet of Things
and related technologies, of ISO/IEC joint technical committee 1: Information technology.
This International Standard has been approved by vote of the member bodies, and the voting
results may be obtained from the address given on the second title page.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.

IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct
understanding of its contents. Users should therefore print this document using a
colour printer.
INTRODUCTION
IoT has a broad use in industry and society today and it will continue to develop for many
years to come. Various IoT applications and services have adopted IoT techniques to provide
capabilities that were not possible a few years ago. IoT is one of the most dynamic and
exciting areas of ICT. It involves the connecting of Physical Entities (“things”) with IT systems
through networks. Foundational to IoT are the electronic devices that interact with the
physical world. Sensors collect the information about the physical world, while actuators can
act upon Physical Entities. Both sensors and actuators can be in many forms such as
thermometers, accelerometers, video cameras, microphones, relays, heaters or industrial
equipment for manufacturing or process controlling. Mobile technology, cloud computing, big
data and deep analytics (predictive, cognitive, real-time and contextual) play important roles
by gathering and processing data to achieve the final result of controlling Physical Entities by
providing contextual, real-time and predictive information which has an impact on physical
and virtual entities.
IoT can be integrated into existing technologies. Real-time measurements generated by
adding sensors to existing technology can improve its functionality and lower the cost of
operations (e.g. smart traffic signals can adapt to traffic conditions, lowering congestion and
air pollution). The data generated by IoT sensors can support new business models and tailor
products and services to the tastes and needs of the customer. In addition to the applications,
the technology needs to support supervision and adaptation of the IoT system itself.
Several forecasts indicate that IoT will connect 50 billion devices worldwide by the year 2020.
There are a number of possible application areas, such as smart city, smart grid, smart
home/building, digital agriculture, smart manufacturing, intelligent transport system, e-Health.
IoT is an enabling technology that consists of many supporting technologies, for example,
different types of communication networking technologies, information technologies, sensing
and control technologies, software technologies, device/hardware technologies. This
document is based on widely used enabling technologies that are defined in standards from
several organizations such as ISO, IEC, ITU, IETF, IEEE, ETSI, 3GPP, W3C, etc.
Trustworthiness is recognized as an area of importance, and IoT can leverage current and
future best practice. For example, monitoring and analysing deployed IoT systems is essential
to maintain reliability and safety and security. Measures such as controlled access can ensure
the security of the system.
This document provides a standardized IoT Reference Architecture using a common
vocabulary, reusable designs and industry best practices. It uses a top down approach,
beginning with collecting the most important characteristics of IoT, abstracting those into a
generic IoT Conceptual Model, deriving a high level system based reference with subsequent
dissection of that model into the four architecture views (functional view, system view,
networking view and usage view) from different perspectives.
This document serves as a base from which to develop (specify) context specific IoT
architectures and thence actual systems. The contexts can be of different kinds but shall
include the business context, the regulatory context and the technological context, e.g.
industry verticals, technological requirements and/or nation-specific requirement sets. For
more information, see Figure 1.

– 8 – ISO/IEC 30141:2018 © ISO/IEC 2018

Figure 1 – From generic Reference Architecture to context specific architecture

INTERNET OF THINGS (IoT) – REFERENCE ARCHITECTURE

1 Scope
This document specifies a general IoT Reference Architecture in terms of defining system
characteristics, a Conceptual Model, a Reference Model and architecture views for IoT.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their
content constitutes requirements of this document. For dated references, only the edition
cited applies. For undated references, the latest edition of the referenced document (including
any amendments) applies.
ISO/IEC 20924, Internet of Things (IoT) – Definition and vocabulary
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 20924 apply.
ISO and IEC maintain terminological databases for use in standardization at the following
addresses:
• ISO online browsing platform: available at http://www.iso.org/obp
• IEC Electropedia: available at http://www.electropedia.org/
4 Abbreviated terms
5Vs volume, velocity, veracity, variability, and variety
API application programming interface
ASD Application & Service Domain
BSS business support systems
CM Conceptual Model
FQDN fully qualified domain name
HMI human machine interface
HTTP Hypertext Transfer Protocol
HVAC heating, ventilation and air conditioning
IaaS infrastructure as a service
ICT information and communication technologies
IoT Internet of Things
IoT RA Internet of Things Reference Architecture
LAN local area network
__________
Under preparation. Stage at time of publication: ISO/IEC CDV 20924:2018.

– 10 – ISO/IEC 30141:2018 © ISO/IEC 2018
LOB line of business
OMD Operation & Management Domain
OSS operational support systems
PaaS platform as a service
PED Physical Entity Domain
PII personally identifiable information
QoS quality of service
RA Reference Architecture
RAID Resource Access & Interchange Domain
RFID radio-frequency identification
RM Reference Model
SaaS software as a service
SCD Sensing & Controlling Domain
UML Universal Modelling Language
UD User Domain
URI uniform resource identifier
UUID universally unique identifier
5 Internet of Things Reference Architecture (IoT RA) conformance
To claim conformance, the description of a concrete system architecture as provided by a
vendor or system integrator should use the terminology and modelling concepts defined in this
document, within the scope of their specific use case.
NOTE A separate conformity guide can be developed that can provide specific guidance to meeting and
evaluating conformity to ISO/IEC 30141 to a broader set of entities beyond actual system descriptions.
6 IoT RA goals and objectives
6.1 General
The IoT Reference Architecture (IoT RA) represented in this document describes generic IoT
system characteristics, a Conceptual Model, a Reference Model and a number of architectural
views aligned with the architecture descriptions defined in ISO/IEC/IEEE 42010. The IoT RA
outlines what the overall structured approach for the construction of IoT systems shall be by
providing an architectural structure framework. In short, the IoT RA provides guidance for the
architect developing an IoT system and aims to give a better understanding of IoT systems to
the stakeholders of such systems, including device manufacturers, application developers,
customers and users.
This document has the following descriptions:
1) the generic characteristics of IoT systems, outlining the characteristics expected from an
IoT system;
2) the Conceptual Model (CM), describing the key concepts characterizing an IoT system;
3) the Reference Model (RM), providing the overall structure of the elements of the
architecture;
4) a set of relevant architecture views, describing the architecture from a number of
perspectives.
This document supports the following important standardization objectives:

a) to enable the production of a coherent set of standards for IoT;
b) to provide a technology-neutral reference point for defining standards for IoT; and
c) to encourage openness and transparency in the development of a target IoT RA and in the
implementation of IoT systems.
Figure 2 illustrates how the IoT RA is derived from a Conceptual Model and a set of
characteristics that define a Reference Model and one or more architectural views.

Figure 2 – IoT RA structure
Subclauses 6.2, 6.3 and 6.4 provide a summary of the characteristics, Conceptual Model and
Reference Model, respectively.
6.2 Characteristics
The generic characteristics are described in Clause 7, which focuses on a number of key
properties that an IoT system typically exhibits. Different application specializations can differ
in terms of the actual quantification of these properties, but it is important for an IoT architect
to consider how important the respective categories are for the particular system being
designed. There are no characteristics that are required of any particular IoT system.
6.3 Conceptual Model
The Conceptual Model (CM) contains a number of vital concepts and describes how they
relate to each other logically. Together with the generic characteristics, it provides the
background and motivation for the architectural elements discussed in the architectural views
in Clause 10. CM is described in Clause 8.
6.4 Reference Model and architecture views
RM is described in Clause 9. The RM and architecture views contain the parts as illustrated in
Figure 3.
– 12 – ISO/IEC 30141:2018 © ISO/IEC 2018

Figure 3 – RM and architecture views
Figure 3 above illustrates the relations between architecture views, Reference Model and
domain concept. The domain concept is described in the CM in 8.2.1.1 and 8.2.1.3.
Additionally, the RM is founded on the domain concept. A detailed description of domain
based RM can be found in Clause 9.2.2.
The respective views are described in Clause 10.
7 Characteristics of IoT systems
7.1 General
Clause 7 provides characteristics of IoT systems. Functions based on all or a part of these
characteristics can be implemented in IoT systems. Some of these characteristics are
functional, such as network connectivity, while others are non-functional, such as availability
and compliance. The characteristics are grouped and summarized in Table 1 and individually
explained in 7.2 to 7.4.
Table 1 – Characteristics of IoT systems
Categories Related characteristics
7.2 IoT system 7.2.2 Availability
trustworthiness
7.2.3 Confidentiality
characteristics
7.2.4 Integrity
7.2.5 Protection of personally identifiable information
7.2.6 Reliability
7.2.7 Resilience
7.2.8 Safety
7.3 IoT system architecture 7.3.1 Composability
characteristics
7.3.2 Functional and management capability separation
7.3.3 Heterogeneity
7.3.4 Highly distributed systems
7.3.5 Legacy support
7.3.6 Modularity
7.3.7 Network connectivity
7.3.8 Scalability
7.3.9 Shareability
7.3.10 Unique identification
7.3.11 Well-defined components
7.4 IoT system functional
7.4.1 Accuracy
characteristics
7.4.2 Auto-configuration
7.4.3 Compliance
7.4.4 Content-awareness
7.4.5 Context-awareness
7.4.6 Data characteristics – volume, velocity, veracity, variability and variety
7.4.7 Discoverability
7.4.8 Flexibility
7.4.9 Manageability
7.4.10 Network communication
7.4.11 Network management and operation
7.4.12 Real-time capability
7.4.13 Self-description
7.4.14 Service subscription
7.2 IoT system trustworthiness characteristics
7.2.1 General
Trustworthiness is defined in ISO/IEC 20924 as follows:
"degree of confidence a stakeholder has that the system performs as expected with
characteristics including safety, security, privacy, reliability and resilience in the face of
environmental disruptions, human errors, system faults and attacks."
Within the scope of this document, security is defined as the combination of availability,
confidentiality, and integrity.

– 14 – ISO/IEC 30141:2018 © ISO/IEC 2018
7.2.2 Availability
7.2.2.1 Description
Availability is the property of being accessible and usable on demand by an authorized
entity. IoT systems can include both human users and service components as "authorized
entities".
7.2.2.2 Relevance to IoT systems
In IoT systems, availability can be considered as a characteristic of devices, data and
services. Availability of a device is related both to its inherent properties of operating correctly
over time and to the network connectivity of the device. Availability of data is related to the
ability of the system to get the requested data to and from a system component. Availability of
services is related to the ability of the system to provide the requested service to users with a
pre-defined QoS.
7.2.2.3 Examples
In some critical applications, e.g. health monitoring or intrusion detection, devices and data
have to be highly available so that alarms can be sent to the system immediately when raised.
In these cases, it is important that system design take into account potential failure modes
and provide means of continuing operations, such as power supply backups, redundant
devices, and multiple instances of a service.
7.2.3 Confidentiality
7.2.3.1 Description
Confidentiality is the property that information is not made available or disclosed to
unauthorized individuals, entities, or processes.
7.2.3.2 Relevance to IoT systems
In an IoT system, confidentiality protection policies and mechanisms are responsible for
prohibiting people or systems from reading data or control messages when they are not
authorized to do so.
Confidentiality is a pre-requisite for secure operation, especially when the data to be
transmitted contains secret tokens, e.g. for access control. Confidentiality is also required to
protect sensitive data, which can include PII, e.g. personal health and financial information.
7.2.3.3 Examples
Data flowing through an IoT system could be considered confidential. Confidential data need
to be protected from being used for criminal activities, and the inappropriate use of personal
data needs to be prevented. For example, IoT motion detection sensors could reveal whether
a property is occupied or not, allowing intruders to target the property.
Similar concerns relate to IoT smart meters, where the frequency of messages transmitted
should not depend on the rate of electricity use, since this could reveal whether a property is
occupied or not.
__________
Source: ISO/IEC 27000:2018, 3.7.
Source: ISO/IEC 27000:2018, 3.10.

7.2.4 Integrity
7.2.4.1 Description
Integrity is the property of accuracy and completeness, usually applied to information within
a system.
7.2.4.2 Relevance to IoT systems
Integrity is vital for IoT systems to ensure that the data used for decision-making processes in
the system and executable software have not been altered by faulty or unauthorized devices,
by malicious actors, or by environmental causes.
7.2.4.3 Examples
In IoT deployments there is a risk that an intermediate device can alter the data and this can
have impact on the functioning of the system. For example, an intermediate node can
increase the value of the temperature of a room but air-conditioning system can rely on the
given setting and not an altered setting from an anomaly.
7.2.5 Protection of personally identifiable information (PII)
7.2.5.1 Description
The concept of privacy overlaps, but does not completely coincide with, the concept of
protection of PII. For IoT systems, pertinent entities can include people, technology and
processes.
The term PII is used by various policies, rules, laws, and regulations that have their own
scope and interpretation of the term. This document uses term PII as defined by
ISO/IEC 27018:2014, 3.2:
"any information that (a) can be used to identify the PII principal to whom such
information relates, or (b) is or might be directly or indirectly linked to a PII principal"
Protection of PII is a legal or regulatory requirement in most jurisdictions whenever an IoT
system involves personally identifiable information anywhere in its operation. Sensitivity
extends to all PII from which sensitive PII can be derived, whether through aggregation,
analysis or other means. Protection of PII is governed by a number of principles including, but
not limited to, consent and choice; purpose legitimacy and specification; collection limitation;
and data minimization. The principle of data minimization requires that organizations process
only the minimally necessary PII for the identified purposes. PII should be securely deleted
when no longer required.
Protection of PII is a general requirement and is governed by a series of principles which are
described in ISO/IEC 29100:
1) consent and choice;
2) purpose legitimacy and specification;
3) collection limitation;
4) data minimization;
5) use, retention and disclosure limitation;
6) accuracy and quality;
7) openness, transparency and notice;
__________
Source: ISO/IEC 27000:2018, 3.36.

– 16 – ISO/IEC 30141:2018 © ISO/IEC 2018
8) individual participation and access;
9) accountability;
10) information security;
11) privacy compliance.
It is important that these principles are applied in any IoT system that is processing PII.
NOTE ISO/IEC 29100:2011, Clause 5 provides a more detailed discussion of these principles.
7.2.5.2 Relevance to IoT systems
Any IoT system which does collect, receive, process and/or exchange PII needs to ensure
that such IoT systems and their interactions with other IoT systems (or IT systems in general)
are in full compliance with privacy protection requirements of applicable jurisdictions.
Situations where a user or person can be identified by data analysis or derived by machine
learning mechanisms also need to be considered for protection. System owners in many
jurisdictions are required to disclose a data breach. In the event of a compromise, it is
important to ensure that they can identify the data that was compromised and report to local
agencies.
7.2.5.3 Examples
Independent of the IoT application (e.g. wearables, healthcare monitoring, factory and
building systems, automotive, energy, or smart home), the IoT system owner and op
...