<p class="MsoBodyText" style="margin-right: 55.55pt;">This Recommendation | International Standard establishes controls, purpose, and guidance for implementing controls, to meet the requirements identified by a risk and impact assessment related to the protection of personally identifiable information (PII).</p>
<p class="MsoBodyText" style="text-align: justify; margin: .05pt 79.45pt .0001pt 20.0pt;">In particular, this Recommendation | International Standard specifies guidance based on ISO/IEC 27002, taking into consideration the controls for processing PII that may be applicable within the context of an organization's <span style="color: black; mso-color-alt: windowtext; background: yellow;">information security</span> risk environment(s).</p>
<p><span style="font-size: 11.0pt; font-family: 'Times New Roman',serif; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA;">This Recommendation | International Standard is applicable to all types and sizes of organizations acting as PII controllers (as defined in ISO/IEC 29100), including public and private companies, government entities and not-for-profit organizations that process PII, in particular, organizations that do not establish or operate a privacy information management system.</span></p>
Registration number (WIID)
88151
Scope
<p class="MsoBodyText" style="margin-right: 55.55pt;">This Recommendation | International Standard establishes controls, purpose, and guidance for implementing controls, to meet the requirements identified by a risk and impact assessment related to the protection of personally identifiable information (PII).</p>
<p class="MsoBodyText" style="text-align: justify; margin: .05pt 79.45pt .0001pt 20.0pt;">In particular, this Recommendation | International Standard specifies guidance based on ISO/IEC 27002, taking into consideration the controls for processing PII that may be applicable within the context of an organization's <span style="color: black; mso-color-alt: windowtext; background: yellow;">information security</span> risk environment(s).</p>
<p><span style="font-size: 11.0pt; font-family: 'Times New Roman',serif; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA;">This Recommendation | International Standard is applicable to all types and sizes of organizations acting as PII controllers (as defined in ISO/IEC 29100), including public and private companies, government entities and not-for-profit organizations that process PII, in particular, organizations that do not establish or operate a privacy information management system.</span></p>
