ISO/IEC 29100

ISO/IEC 29100 specifies a privacy framework for the protection of Personally Identifiable Information (PII). It is a general framework that targets organisations and supports them for the definition of privacy requirements that should be considered complementary to legal ones, whenever personal information is processed. In addition, the standard specifies a common privacy terminology, defines the actors and their roles in processing personally identifiable information, and includes a set of eleven privacy principles for ICT systems.

ISO/IEC 29101

ISO/IEC 29101 defines a privacy architecture framework. It specifies important concerns that should be considered for the design of ICT systems that process personal identifiable information, lists the components of the system for the implementation of such systems, and provides architectural views contextualizing these components.

ISO/TS 25237

ISO/TS 25237 contains principles and requirements for privacy protection using pseudonymization of health records. The specification defines organisational and technical aspects for pseudonymization (reversible and irreversible) and gives a guide to risk assessment in case of re-identification. Furthermore, it specifies a policy framework and minimal requirements for pseudonymization.

​PbD-SE (Privacy by Design Documentation for Software Engineers)

PbD-SE (Privacy by Design Documentation for Software Engineers) is a technical committee of OASIS that provides guidelines that enable software organizations to embed privacy into the design and architecture of IT systems, without diminishing system functionality. The guidelines follow the foundational principles of privacy-by-design.

​PMRM (Privacy Management Reference Model)

PMRM (Privacy Management Reference Model) is a technical committee of OASIS that provides guidelines for developing operational solutions to privacy issues. The purpose of the standards is to define a methodology for the analysis of privacy policies and to serve as an evaluation framework of the different privacy management solutions, but it does not provide a specific implementation.