iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 15944-12:2020

(Main)

Information technology — Business operational view — Part 12: Privacy protection requirements (PPR) on information life cycle management (ILCM) and EDI of personal information (PI)

Information technology — Business operational view — Part 12: Privacy protection requirements (PPR) on information life cycle management (ILCM) and EDI of personal information (PI)

This document: — provides method(s) for identifying, in Open-edi modelling technologies and development of scenarios, the additional requirements in business operational view (BOV) specifications for identifying the additional external constraints to be applied to recorded information in business transactions relating to personal information of an individual, as required by legal and regulatory requirements of applicable jurisdictional domains; — integrates existing normative elements in support of privacy and data protection requirements as are already identified in ISO/IEC 14662 and ISO/IEC 15944-1, ISO/IEC 15944-2, ISO/IEC 15944-4, ISO/IEC 15944-5, ISO/IEC 15944-8, ISO/IEC 15944-9, and ISO/IEC 15944-10; — provides overarching, operational ?best practice' statements for associated (and not necessarily automated) processes, procedures, practices and governance requirements that act in support of implementing and enforcing technical mechanisms which support the privacy/data protection requirements necessary for implementation in Open-edi transaction environments; — focuses on the life cycle management of personal information i.e., the contents of SPIs (and their SRIs) related to the business transaction interchanged via EDI as information bundles and their associated semantic components among the parties to a business transaction. NOTE Privacy protection requirements (PPR) on information life cycle management (ILCM) and EDI of personal information as stated in this document serve as a minimum set of ILCM policy and operational requirements for all recorded information pertaining to a business transaction in particular, as well as ILCM implementation in any organization in general. This document does not specify the technical mechanisms, i.e., functional support services (FSV) which are required to support BOV-identified requirements. Detailed exclusions to the scope of this document are provided in Annex H.

Technologies de l'information — Vue opérationnelle d'affaires — Partie 12: Exigences en matière de protection de la vie privée (PPR) relatives à la gestion du cycle de vie de l’information (ILCM) et de l'EDI des renseignements personnels (PI)

General Information

Status
Published
Publication Date
24-May-2020
ICS
35.240.63 - IT applications in trade
Technical Committee
ISO/IEC JTC 1/SC 32 - Data management and interchange
Drafting Committee
ISO/IEC JTC 1/SC 32 - Data management and interchange
Current Stage
9599 - Withdrawal of International Standard
Start Date
01-Jul-2025
Completion Date
05-Jul-2025
Ref Project

Relations

Revised
ISO/IEC 15944-12:2025 - Information technology — Business operational view — Part 12: Privacy protection requirements (PPR) on information life cycle management (ILCM) and EDI of personal information (PI)
Effective Date
06-Jun-2022

Buy Standard

ISO/IEC 15944-12:2020 - Information technology -- Business operational viewISO/IEC 15944-12:2020 - Information technology -- Business operational view
PreviousNext
Standard
ISO/IEC 15944-12:2020 - Information technology -- Business operational view
English language
136 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


INTERNATIONAL ISO/IEC
STANDARD 15944-12
First edition
2020-05
Information technology — Business
operational view —
Part 12:
Privacy protection requirements
(PPR) on information life cycle
management (ILCM) and EDI of
personal information (PI)
Technologies de l'information — Vue opérationnelle d'affaires —
Partie 12: Exigences en matière de protection de la vie privée (PPR)
relatives à la gestion du cycle de vie de l’information (ILCM) et de
l'EDI des renseignements personnels (PI)
Reference number
©
ISO/IEC 2020
© ISO/IEC 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2020 – All rights reserved

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Abbreviated terms .30
5 Fundamental privacy protection principles .31
5.1 Overview .31
5.2 Primary sources of privacy protection principles .31
5.3 Key eleven (11) privacy protection principles .32
5.4 Link to “consumer protection” and “individual accessibility” requirements (see
ISO/IEC 15944-8:2012, 6.3) .33
5.5 Privacy protection principles in the context of ILCM requirements .34
5.6 Requirement for tagging (or labelling) sets of personal information (SPIs) in
support of privacy protection requirements (PPR) in accordance with ISO/
IEC 15944-8:2012, 5.4 .34
5.7 Requirements for making all personal information (PI) available to the buyer
where the buyer is an individual .34
5.8 Rules governing ILCM aspects of personal information profiles (PIPs) .35
6 Integrated set of information life cycle management (ILCM) principles in support of
information law and privacy protection requirements (PPR) .36
6.1 Primary purpose of Clause 6 .36
6.2 Information life cycle management (ILCM) principles that support privacy
protection requirements (PPR) .38
6.2.1 Compliance with privacy protection requirements (PPR) and associated
information law requirements .38
6.2.2 Direct relevance, informed consent and openness .38
6.2.3 Ensuring that personal information is “under the control of” the
organization throughout its ILCM .40
6.2.4 Limiting use, disclosure and retention .41
6.2.5 Timely, accurate, relevant .43
6.2.6 Data integrity and quality .45
6.2.7 Safeguards for non-authorized disclosure requirements .45
6.2.8 Back-up, retention and archiving .46
6.2.9 Disposition and expungement .47
6.2.10 Organizational archiving .47
6.2.11 Historical, statistical and/or research value .47
6.3 Requirement for tagging (or labelling) data elements in support of privacy
protection requirements (PPR) .49
7 Rules governing ensuring accountability for and control of personal information (PI) .49
7.1 Purpose .49
7.2 Key aspects of Open-edi requirements .49
7.3 Key aspects of “under the control of” .50
7.4 “under the control of” in support of PPR and in an ILCM context .50
7.5 Implementing “under the control of” and accountability .51
8 Rules governing the specification of ILCM aspects of personal information .56
8.1 Overview .56
8.2 Rules governing establishing ILCM responsibilities for personal information (PI) .57
8.3 Rules governing establishing specifications for retention of personal information
(PI) — applicable “SRI retention triggers” .59
© ISO/IEC 2020 – All rights reserved iii

8.4 Rules governing identification and specification of state changes of personal
information (PI) .62
8.4.1 General requirements .62
8.4.2 Specification of state changes allowed to personal information (PI).63
8.4.3 Specification of store change type .65
8.4.4 Rules governing specification of source of state changes .67
8.5 Rules governing disposition of personal information (PI) .68
8.6 Rules governing the establishment and maintenance of record retention and
disposal schedules (RRDS) for sets of personal information (SPIs) .71
9 Data conversion, data migration and data synchronization .73
9.1 Purpose .73
9.2 Rules governing data conversion of set(s) of personal information (SPI) .74
9.3 Rules governing requirements for data synchronization of sets of personal
information (SPI) .74
10 Rules governing EDI of personal information (PI) between primary ILCM Person,
i.e., the seller, and its “agent”, “third party” and/or “regulator” . .76
10.1 General requirements .76
10.2 ILCM rules pertaining to use of an “agent” .77
10.3 ILCM rules pertaining to use of a “third party” .78
10.4 ILCM rules pertaining to involvement of a “regulator” .78
11 Conformance statement .79
11.1 Overview .79
11.2 Conformance to the ISO/IEC 14662 Open-edi reference model and the ISO/
IEC 15944 series .79
11.3 Conformance to ISO/IEC 15944-12 .80
11.4 Conformance by agents and third parties to ISO/IEC 15944-12 .80
Annex A (normative) Consolidated list of terms and definitions with cultural adaptability:
ISO English and ISO French language equivalency .81
Annex B (normative) Consolidated set of rules in the ISO/IEC 15944 series of particular
relevance to privacy protection requirements (PPR) as external constraints
on business transactions which apply to personal information (PI) in an ILCM
requirements context .96
Annex C (informative) Business transaction model (BTM): Classes of constraints .112
Annex D (informative) Linking ILCM to process phases of a business transaction .116
Annex E (informative) Generic approach to ILCM decisions in a PPR context — ILCM
compliance decision tree .118
Annex F (informative) Generic approach to identification of properties and behaviours of
personal information (PI) as transitory records and their disposition/expungement .121
Annex G (informative) Notes on referential integrity and privacy protection transactional
integrity (PPTI) in Open-edi among IT systems .123
Annex H (informative) Exclusions to the scope of ISO/IEC 15944-12 .125
Annex I (informative) Aspects not currently addressed in this document .127
Annex J (informative) List of parts of the ISO/IEC 15944 series .130
Annex K (informative) Abstract of ISO/IEC 1
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC 15944-12:2025(Main)
Information technology — Business operational view — Part 12: Privacy protection requirements (PPR) on information life cycle management (ILCM) and EDI of personal information (PI)

This document: — provides method(s) for identifying, in Open-edi modelling technologies and development of scenarios, the additional requirements in business operational view (BOV) specifications for identifying the additional external constraints to be applied to recorded information in business transactions relating to personal information of an individual, as required by legal and regulatory requirements of applicable jurisdictional domains; — integrates existing normative elements in support of privacy and data protection requirements as are already identified in ISO/IEC 14662 and ISO/IEC 15944-1, ISO/IEC 15944-2, ISO/IEC 15944-4, ISO/IEC 15944-5, ISO/IEC 15944-8, ISO/IEC 15944-9 and ISO/IEC 15944-10; — provides overarching, operational ‘best practice’ statements for associated (and not necessarily automated) processes, procedures, practices and governance requirements that act in support of implementing and enforcing technical mechanisms which support the privacy/data protection requirements necessary for implementation in Open-edi transaction environments; — focuses on the life cycle management of personal information, i.e. the contents of SPIs (and their SRIs) related to the business transaction interchanged via EDI as Information Bundles (IBs) and their associated Semantic Components (SCs) among the parties to a business transaction. NOTE Privacy protection requirements (PPR) on information life cycle management (ILCM) and EDI of personal information as stated in this document primarily via enumerated rules which serve as a minimum set of ILCM policy and operational requirements for all recorded information pertaining to a business transaction in particular, as well as ILCM implementation in any organization in general. This document does not specify the technical mechanisms, i.e. functional support services (FSV) which are required to support BOV-identified requirements. Detailed exclusions to the scope of this document are provided in Annex H.

  • Standard
    120 pages
    English language
    sale 15% off
  • Draft
    120 pages
    English language
    sale 15% off
  • Draft
    120 pages
    English language
    sale 15% off
ISO
ISO/IEC 15944-1:2025(Main)
Information technology — Business operational view — Part 1: Operational aspects of open-edi for implementation

This document addresses the fundamental requirements of the commercial and legal frameworks and their environments on business transactions. It also integrates the requirements of the information technology and telecommunications environments. In addition to the existing strategic directions of "portability" and "interoperability", the added strategic direction of ISO/IEC JTC 1 of "cultural adaptability" is supported in this document. It also supports requirements arising from the public policy/consumer environment, cross-sectoral requirements and the need to address horizontal issues. It integrates these different sets of requirements. (See Figure 3) This document allows constraints which include legal requirements, commercial and/or international trade and contract terms, public policy (e.g. privacy/data protection, product or service labelling, consumer protection), laws and regulations to be defined and clearly integrated into Open-edi through the BOV. This means that terms and definitions in this document serve as a common bridge between these different sets of business operational requirements, allowing the integration of code sets and rules defining these requirements to be integrated into business processes electronically. This document contains a methodology and tool for specifying common business practices as part of common business transactions in the form of scenarios, scenario attributes, roles, Information Bundles and Semantic Components. It achieves this by: 1) developing standard computer processable specifications of common business rules and practices as scenarios and scenario components; and thus, 2) maximizing the re-use of these components in business transactions.

  • Draft
    212 pages
    English language
    sale 15% off
  • Draft
    212 pages
    English language
    sale 15% off
ISO
ISO/IEC 15944-17:2024(Main)
Information technology — Business operational view — Part 17: Fundamental principles and rules governing Privacy-by-Design (PbD) requirements in an EDI and collaboration space context

This document: a) focuses on PbD aspects of privacy protection requirements as external constraints on any type of Person, (e.g. organization or public administration) involved in any kind of business transaction among such Persons which involves the electronic data interchange (EDI) of any personal information; b) establishes a fundamental set of privacy principles known as Privacy by Design and assumptions based on primary sources; c) integrates existing normative elements in support of PbD as are already identified in ISO/IEC 14662 and ISO/IEC 15944-1, ISO/IEC 15944-5, ISO/IEC 15944-8, ISO 15944-12; d) provides overarching operational ‘best practice’ statements for associated (and not necessarily automated) processes, procedures, practices and governance requirements that need to act in support of implementing and enforcing technical mechanisms that support PbD in Open-edi transaction and collaboration space environments; e) focuses on PbD related aspects of the life cycle management of and accountability for the personal information, i.e. the contents of SPIs (and their SRIs) related to the business transaction interchanged via EDI as information bundles and their associated semantic components among the parties to a business transaction. This document focuses on the BOV aspects of a business transaction and does not concern itself with the technical mechanisms needed to implement the FSV aspects of the business requirements of the FSV including the specification of requirements of an FSV nature which include security techniques and services, communication protocols, etc.). The FSV includes any existing standard (or standards development of an FSV nature), which has been ratified by existing ISO, IEC, UN/ECE and/or ITU standards. This document does not specify the technical mechanisms, i.e. FSV which are required to support BOV-identified requirements. Detailed exclusions to the scope of this document are provided in Annex D.

  • Standard
    63 pages
    English language
    sale 15% off
ISO
ISO/IEC 15944-16:2023(Main)
Information technology — Business operational view — Part 16: Consolidated set of the rules and guidelines identified in ISO/IEC 15944 Business Operational View standards and their IT-enablement

This document provides a consolidated set of rules and associated guidelines as found and defined in the existing parts of the ISO/IEC 15944 series. NOTE Not all parts of the ISO/IEC 15944 series have rules, that is ISO/IEC 15944-6, ISO/IEC 15944-14 and ISO/IEC 15944-20.

  • Standard
    213 pages
    English language
    sale 15% off
ISO
ISO/IEC 15944-9:2023(Main)
Information technology — Business operational view — Part 9: Business transaction traceability framework for commitment exchange

This document: — specifies a group of structured and inter-related concepts pertaining to traceability as a legal or regulatory requirement in the Open-edi context, in addition to concepts that appear in other parts of ISO/IEC 15944 series these concepts having the characteristics of cultural adaptability through the use of multilingual terms and definitions; — provides additional specifications for Open-edi scenarios and scenario components from the perspective of traceability as required by internal or external constraints in business transactions; — provides a more detailed specification for business transactions regarding aspects of traceability, including refined models of Person, Data and Process in support of the ability for Open-edi to incorporate elements or characteristics of traceability in its information bundles (including their semantic components) and business processes; — realizes specifications and descriptions from the traceability requirements as rules and guidelines, to provide recommendations or guidance on Open-edi practices; and, — provides revised primitive Open-edi scenario templates for traceability, integrating the modifications to the template from other existing parts of ISO/IEC 15944 series. This document can be used by Open-edi implementers (including business modellers and system designers) and Open-edi standard developers in specifying Open-edi scenarios, developing Open-edi related standards, and implementing Open-edi rules and guidelines for Open-edi activities. This document does not specify the FSV aspects of traceability, internal behaviour requirements of an organization, or traceability as a metrological concept. Detailed exclusions to the scope of this document are provided in Annex H.

  • Standard
    60 pages
    English language
    sale 15% off
ISO
ISO/IEC 15944-10:2023(Main)
Information technology — Business operational view — Part 10: IT-enabled coded domains as semantic components in business transactions

This document specifies the fundamental principles governing coded domains, identification and description of the coded domains from the BOV view, the rules governing the rule-base of coded domains, the rules for management of ID codes, rules for specifying Human Interface Equivalents (HIEs) to an ID Code, the relations between the coded domain and controlled vocabularies, the rules governing the registration of coded domains as re-usable business objects, and the IT-enablement of coded domains. The document is applicable to the use of standards, specifications, authority files, etc., of a “codes representing X” nature being used in electronic business transactions among parties engaged in Open-edi, which pertains to flows of information using information bundles which cause pre-defined (or pre-definable) changes in the states of the IT systems of the parties to such electronic data interchanges. Detailed exclusions to the scope of this document are provided in Annex I.

  • Standard
    105 pages
    English language
    sale 15% off
ISO
ISO/IEC 15944-21:2023(Main)
Information technology — Business operational view — Part 21: Guidance on the application of the Open-edi business transaction ontology in distributed business transaction repositories

This document specifies the business operational view of an implementation of an Open-edi Distributed Business Transaction Repository (OeDBTR), building on the principles and concepts defined in ISO/IEC 15944-4 of a business transaction. The repository stores the history of the transitions in states of the economic claim and/or other business entities that happen over the course of a business transaction, and does so for a collection of business events. These business events, comprised of transactions and their states, can be identified unambiguously so as to provide the ability to inspect or query the information at some point after the record has been made. The distributed nature of the repository offers users ubiquitous and robust access to the recorded history. A history of business transactions of market exchanges can be useful in auditing or other memoing-based activities, looking back at the immutable record of the interactions between parties. This document does not specify the Functional Services View of a particular implementation of an Open-edi Distributed Business Transaction Repository. For best performance, candidate technologies would likely exhibit properties of long-term permanence, robust immutability, decentralized access, distributed resilience, and fine-grained addressability.

  • Standard
    21 pages
    English language
    sale 15% off
ISO
ISO/IEC TR 15944-14:2020(Main)
Information technology — Business operational view — Part 14: Open-edi reference model and cloud computing architecture

This document: — examines the basic concepts that have been developed for both cloud computing and Open-edi; — identifies key Open-edi concepts relevant to cloud computing; — identifies key cloud computing concepts relevant to Open-edi; — compares Open-edi model and cloud computing architecture and identifies mappings (similarities in whole or in part) between them using formal semantic modelling techniques.

  • Technical report
    45 pages
    English language
    sale 15% off
ISO
ISO/IEC 15944-20:2015(Main)
Information technology — Business operational view — Part 20: Linking business operational view to functional service view

ISO/IEC 15944-20:2015 specifies the properties of Base Functional Specification View (FSV) Standards in order to best meet the requirements of the Business Operational View (BOV) with interoperable implementations. Base FSV standards exhibiting these properties support business transactions beyond those that are in compliance with Open-edi scenarios (OeS). Additional beneficial business transactions may also be supported between a given IT system and IT system(s) outside of the Open-edi scenarios for which they were designed. These base FSV standards address those aspects of interoperability between IT systems used among Parties of the Open-edi Community participating in the scenario. Examples of such standards include the choreography of interchanges among systems, and the foundational structure and syntax used to express Information Bundles (IB) in the interchanges.

  • Standard
    27 pages
    English language
    sale 15% off
ISO
ISO/IEC 15944-2:2015(Main)
Information technology — Business operational view — Part 2: Registration of scenarios and their components as business objects

ISO/IEC 15944-2:2015 specifies procedures to be followed in establishing, maintaining, and publishing registers of unique, unambiguous and permanent identifiers and meanings that are assigned to Open-edi scenarios and scenario components. In order to accomplish this purpose, ISO/IEC 15944-2:2015 specifies elements of information that are necessary to provide identification and meaning to the registered items and to manage the registration of these items. ISO/IEC 15944-2:2015 defines the procedures to be applied by qualified JTC1 Registration Authority(ies) appointed by the ISO and IEC council to maintain a register(s) of Open-edi scenarios and/or scenario components for the purpose of their reusability.

  • Standard
    107 pages
    English language
    sale 15% off