Glossary definition: ISO/IEC 27102

ISO/IEC 27102: Cybersecurity Standard for Data Protection

ISO/IEC 27102 is an international standard for privacy information management systems (PIMS) developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). This standard is designed to provide organizations with a framework for developing and implementing a comprehensive privacy program that will protect personal data. The standard provides guidance on the collection, processing, storage, use, disclosure, and disposal of personal data. It also provides guidance on the development of policies and procedures to ensure that organizations are compliant with applicable privacy laws and regulations. The standard includes requirements for the protection of personal data, such as the establishment of a privacy impact assessment (PIA) process, the development of privacy policies and procedures, and the implementation of privacy management systems. In addition, it provides guidance on the use of privacy enhancing technologies (PETs) and the development of privacy education and awareness programs.