ДСТУ ISO/IEC 29101:2016 Інформаційні технології. Методи захисту. Основні положення архітектури забезпечення конфіденційності (ISO/IEC 29101:2013, IDT)

ПІДТВЕРДЖУВАЛЬНЕ ПОВІДОМЛЕННЯ

Державне підприємство
«Український науково-дослідний і навчальний центр
проблем стандартизації, сертифікації та якості»
(   
(ДП «УкрНДНЦ»))

Наказ від 07.10:2016 № 307

ISO/IEC 29101:2013

Information technology— Security techniques — Privacy architecture framework

прийнято як національний стандарт
методом «підтвердження» за позначенням
 

ДСТУ ISO/IEC 29101:2016
(ISO/IEC 29101:2013, IDT)

Інформаційні технологи. Методи захисту.
Основні положення архітектури забезпечення конфіденційності

З наданням чинності від 2016-10-10

Contents

Foreword

Introduction

1 Scope

2 Normative references

3 Terms and definitions

4 Symbols and abbreviated terms

5 Overview of the privacy architecture framework

5.1 Elements of the framework

5.2 Relationship with management systems

6 Actors and PII

6.1 Overview

6.2 Phases of the PII processing life cycle

6.2.1 Collection

6.2.2 Transfer

6.2.3 Use

6.2.4 Storage

6.2.5 Disposal

7 Concerns

7.1 Overview

7.2 The privacy principles of ISO/IEC 29100

7.3 Privacy safeguarding requirements

8 Architectural views

8.1 Introduction

8.2 Component view

8.2.1 Privacy settings layer

8.2.2 Identity management and access management layer

8.2.3 PII layer

8.3 Actor view

8.3.1 ICT system of the PII principal

8.3.2 ICT system of the PII controller

8.3.3 ICT system of the PII processor

8.4 Interaction view

8.4.1 Privacy settings layer

8.4.2 Identity and access management layer

8.4.3 PII layer

Annex A (informative) Examples of the PII-related concerns of an ICT system

Annex B (informative) A PII aggregation system with secure computation

Annex C (informative) A privacy-friendly, pseudonymous system for identity and access control management

Annex D (informative) Relating privacy principles to information security controls

Figures

Figure 1 — Elements of the privacy architecture framework in context

Figure 2 — The actors and their ICT systems according to ISO/IEC 29101

Figure 3 — The architecture of the ICT system of the PII principal

Figure 4 — The architecture of the ICT system of the PII controller

Figure 5 — The architecture of the ICT system of the PII processor

Figure 6 — The deployment of components in the privacy settings layer

Figure 7 — The deployment of components in the identity and access management layer

Figure 8 — The deployment of components in the PII layer

Figure B.1 — Deployment of the secure computation system

Figure B.2 — The architecture for the PII entry ICT system

Figure B.3 — The architecture for the study coordinator ICT system

Figure B.4 — The architecture for the secure data analysis application

Figure C.1 — An overview of the architecture – actors and their interactions

Figure C.2 — Architecture of the ICT system of the University Credential Issuer

Figure C.3 — Architecture of the ICT system of the student

Figure C.4 — Architecture of the Course Evaluation Application

Tables

Table 1 — Example of the relationship between privacy principles and the components in the privacy settings layer

Table 2 — Example of the relationship between privacy principles and the components in the identity and access management layer

Table 3 — Example of the relationship between privacy principles and the components in the PII layer

Table A.1 — Examples of the relationship between concerns and the components in the privacy settings layer

Table A.2 — Examples of the relationship between concerns and the components in the identity and access management layer

Table A.3 — Examples of the relationship between concerns and the components in the PII layer

Table A.4 — Examples of the relationship between privacy principles and the high-level concerns

Table D.1 — Privacy principles and their corresponding information security controls