ISO IEC 27555-2021.docx

INTERNATIONA1.STANDARDISO/IEC27555editionFirst2O21-1.OInformationsecurity,cybersecurityandprivacyprotectionGuide1.inesonpersona1.1.yidentiab1.einformationde1.etionSecurityde'information,CybersecuriteetprotectiondeIavieprivee1.ignesdirectricesre1.ativesaIasuppressiondesinformationspersonne1.1.ementidentif1.ab1.esReferencenumberISO/IEC2755S:2O21(E)COPYRIGHTPROTECTEDDOCUMENT©IS0/1EC2021IUirhM*hedbdi1.iUedotherwiseupdhi.o啪InPSd1.Mc;GeatrOn1.<nm11nr1amaqmr6pW11opypHH)M)uonmaytheinternetoranintranet,withoutpriorwrittenpermission.PermissioncanberequestedfromeitherISOattheaddressbe1.oworISO'smemberbodyinthecountr)oftherequester.f),WV>fifiU81.andonnet8CH-1214Vernier,GenevaPhone：M1.22749O1.11觥曲ite：图洲跳触OQrgPub1.ishedinSwitzer1.andContentsForewordV5.3Retentionperiod45.5ArchivesAIIocationofc1.usters7.3Standardde1.etionspecificationsidentification7.4.3Suspensionextendde1.etion13899e3ReqUIre)ents.189.3.5Transmissiondismant1.ingand199.5Requirementsregu1.arimp1.ementationfor21iiiPageIntroductionviScope1Normativereferences1Termsanddefinitions1SymbOiSandabbreviatedterms3Frameworkforde1.etion35.1 Genera1.352ConStraIntS5.4 C1.ustersofP1.1.andregu1.arde1.etionperiod5.4.1Retentionperiod55.4.1 Regu1.arde1.etionperiod55.4.2 andbackupcopiesofP1.1.5.6 Standardde1.etionperiods,startingpoints,de1.etionru1.esandde1.etionc1.asses75.7 Specia1.situations7C1.ustersofP1.I86.1 Genera1.86.2 Idcntfi03Tion.9Specif1.cationofde1.etionperiods107.1 Standardandregu1.arde1.etionperiods107.2 Regu1.arde1.etionperiodspecifications117.4 De1.etionperiodperiodforspecia1.situations7.4.1Genera1.127.4.1 Modificationofdataobjects12Needtooftheperiodofactiveuse7.4.5 Backupcopies13De1.etionc1.asses148.1 Abstractstartingpointsabstractde1.etionru1.es148.2 Matrixofde1.etionc1.asses15Requirementsforimp1.ementation169.1 Gener21.，.169.2 ConditionsforstartingpointsoutsideITsystems181.1.1 Genera1.forimp1.ementationfororganization-wideaspects9.3.2Backup181.1.3 191.1.4 Repair,systemsdisposa1.ofsystemsandcomponents9.3.6Everydaybusiness1.ife199.4 Requirementsforimp1.ementationforindiridua1.ITsystems209.6 De1.etionformanua1.processesP1.1.processor9.7 Contro1.de1.etioninspecia1.cases219.7.1 Exceptionmanagement2110Responsibi1.ities2210.1 Genera1.2210.2 Documentation23iBib1.iography25ForewordCommission)formIECspecia1.izedsystemdeve1.opmentofStandardization.Standardsthroughtechnica1.organizations,governmenta1.andnon-governmenta1.,in1.iaisonwithISOandIECra1.sotakepartintheneededdescnbedtheindifTerentISO1.ECDirectives,Partshou1.dparticu1.ar.Thisdocumen1.inAttentiondrawn1.S0andpossibi1.itythatsomeOfresponsib1.eforofidentifyj11ganymaya1.1.suchsubject1.istofpatentdec1.arationsreceived(seepatents.iec.ch).expressionsexp1.anationtoconformityassessment,standards,informationaboutSpecificadherenceandSubcommitteeSCwasInformationsecurity,CyhersecwntyCommitteeISO/1.ECprotection.Informationtechno1.ogy,O/IEC2021-A1.1.nghtsreservedISO(theInternationa1.OrganizationforStandardization)andIEC(theInternationa1.E1.ectrotechnica1.membersofISOtheparticipateintheforwor1.dwideInternationa1.Nationa1.bodiesarccommitteesestab1.ishedbytherespectiveorganizationtodea1.withparticu1.arfie1.dsoftechnica1.activity.ISOandIECmitteesco1.1.aborateinfie1.dsofmutua1.interest.Otherinternationa1.work.Theproceduresusedtodeve1.opthisdocumentandthoseintendedforitsfurthermaintenanceareforthetypesofdocument1.Inbenoted,thedifferentwascriteriaacwdaneeWiIhMedik>ri1.门心oCht!ISO/IECDirectives,Part2(seewww.iso.org/directivesorwww.iec.ch/members-experts/refdocs).vOfpatentrights.totheIECsha1.1.notbehe1.dthee1.ementsthisdocumentorbethepatentrights.Detai1.sofanypatentrightsidentifiedduringthedeve1.opmentofe4kM:Umen1.wi1.1.theIntroductionand/orontheISO1.istofpatentd»1.artionsreceived(seewww.iso.org/patents)ortheIECAnytradenameusedinthisdocumentisinformationgivenfortheconvenienceofusersanddoesnotconstituteanendorsementForanre1.atedofthevo1.untarynatureofwe1.1.themeaningofISO1.SO,stermstothWoHd丁Fadg。悖相a由HNwTO)princip1.esMfheTeCbng1.Baie<su>111d。(丁BT)seewww.iso.org/iso/fdrcword.htm1.IntheIEC,seewsvw.iec.ch/undcrstanding-s1.andards.Thisdocument27,preparedbyJointTechnica1.andprivacyrJTCI1Anyfeedbackorquestionsonthisdocumentshou1.dIwdirectedtotheuser'snationa1.standardsbody.comp1.ete1.istingof.IntroductionManyfunctiona1.processesandITapp1.icationsusepersona1.1.yidentifiab1.einformation(PU),whichisMbjcctnotHnninerttonipiif1.crdpm)visionsnea(idsin)HindbQqiiiisaThd£.1.etedo(ri0anpptqirtaie(idRmeT9nsum】thatrequireorganizationstofu1.fi1.therightsofP1.1.principa1.s,suchastherighttoobtainerasure(tobeforgotten).1SOIEC29100definesprincip1.esof*dataminimization”and“use.retentionanddisc1.osure1.imitation"forP)1.,whichcanbeenforcedusingde1.etionasasecuritycontro1.PHde1.etionrequiresasetofcarefu1.1.ydesigned,c1.earandeasi1.yunderstoodde1.etionru1.es,embodyingappropriateretentionperiodsthatsatisfythedemandsofmu1.tip1.estakeho1.ders.Theseru1.esshou1.dMMfformcM也加P收出欣贻弓胆dorigi晒j网fr三,G能耐出柳actH8也%cnsU用K跖胞心<酗nismsde1.etionofPU.thePIicontro1.1.erneedstodeve1.oppo1.iciesandproceduresforde1.etionthatinc1.udeasetofru1.esandresponsibi1.itiesfortheprocessesinvo1.ved.Thechancesofsuccessforthedeve1.opmentandcanbeimprovediftheP1.1.contro1.1.erusesarecognizedThisdocumentprovidesaframeworkfordeve1.opingandestab1.ishingpo1.iciesandproceduresforPIIP"4KM册MWEanOr播!斓8RW6$anorganization.Thisframeworka1.1.owsforconsistentde1.etionofInformationsecurity,cybersecurityandprivacyprotectionGuide1.inesonpersona1.1.yidentifiab1.einformationde1.etion1 Scopeofpersona1.1.yidentifiab1.einformation(P1.1.)inorganizationsbyspecifying： anapproachfordefiningde1.etionru1.esinanefficientway; abroaddefinitionofro1.es,responsibi1.itiesandprocesses.Thisdocumentdoesnotaddress: specificde1.etionru1.esforparticu1.arc1.ustersofP1.1.thataredefinedbyP1.1.contro1.1.ersforprocessing re1.iabi1.ity,securityandsuitabi1.ityofde1.etionmechanisms；2 Normativereferencesconstitutesrequirements1.atesteditiondocument.referencedreferences,(inc1.udingamendments)app1.ies.app1.ies.3 Termsanddefinitionsapp1.y.ISOOn1.inebrowsingp1.atform:avai1.ab1.eath*ps±/wvv.产documentsfromcomp1.etedprojectsorfore-mai1.s.Theserequirementsforimp1.ementationshou1.d19Thciwentionbackupshou1.dIinkedtoretentiondusterscontainedMthincopies.retentionbadShoU1NOTE1.ega1.exceedingthecan1.imittheperiod.Anthetoofsuchde1.aystofromthedatainofPHtobackupswithdifferentretentionperiodsre1.atedtothec1.ustersofP1.1.contained.Inthecases,one,forcopiesfortestorP1.1.canbegeneratedforTherequirementsforimp1.ementationshou1.da1.soapp1.ytotheseenvironments.Suchsituationsshou1.dbemanaged,forexamp1.e,bychangemanagementprocesses.If1.ogscontainPU,theyshou1.dbea1.1.ocatedtotherespectivec1.ustersofPU.WherespecificPI1.is1.oggedbydifferentsystems,c1.ustersofP1.1.bebespecifiedfortakingintoof1.ogsor1.ogentries.Insomecases,1.ogscontainattributesre1.atedtoaspecificc1.usterofP11.Insuchcases,the1.ogs,theofP1.1.Somesystemsareusedfortransmissionpurposeson1.y,forinstancecommunicationserversorOfPIIormetadatare1.atedinthec1.usterofPIIbeenAftersuccessfu1.beretainedwithinthetransmissionsystemsforashortperiodoftimeforva1.idationortohand1.eerrors,andthende1.eted.Thisshortperiodoftimeshou1.dbesuchthatregu1.arde1.etionperiodsarenotcompromised.Toshou1.dmaintain1.istofareThis1.istinthe1.inktheshortestthePIIru1.eofac1.usterofP1.Iretainedwithinthosetransmissionsystems.Datastoragemediacansti1.1.containP1.1.iftheyarcreusedfornewpurposesorscrapped.There1.evantIega1.suitab1.emeasurecant1.ethePIImediacanbefromreused.Thus,securedataofthePIIiscanbedisposedofifitisensuredthatthePIIwi1.1.beinaccessib1.eduringandafterthisprocess,andthatitisdestroyedwiththesecurity1.eve1.required.Thisapp1.iestoa1.1.kindsofdatastoragemedia,suchasharddrives,USBInordertominimizetheriskofmisuse,thesetsofPIIcontainedinthedatastoragemediashou1.dde1.etedasforsystemsafterdismant1.ingthesystem.Thecana1.readyexistforotherreasons,forinstanceinorderforaconfidentia1.ityc1.assificationtobeimp1.emented.Inthiscase,theaspectsofthepo1.iciesandproceduresforde1.etioncanbeintegrated.Itcanbetotheprovewhichforstoragemediaweretothewhichofsystems',itisthusappropriatetokeepan'inventoryofthedatastoragemedia'andtoprovidedocumentationofthede1.etionordestructionprocesses.Forthegenera1.officeoperation,de1.etionru1.esshou1.dbespecified,forinstance,forthehand1.ingof>ISO/IEC2021-A1.1.rightsreserved9.5 De1.etioninregu1.armanua1.processessystems.withinHsomcaningsomedocument.situationsinwhichde1.etioncannotbedeterminedbyde1.etionperiodsStoredappropriatec1.usterpurposeExamp1.esofcreditc1.ustersstatements.persona1.fi1.eskept9.6 Requirementsforimp1.ementationforPIIprocessorregu1.arde1.etionperiodsforitsownsetsofPU,whichareprocessedbythecontractedPI1.processor.provideforde1.etion,forexamp1.ebytheinc1.usionofde1.etionru1.esincontractua1.documentation;provideproofofde1.etion;9.7 Contro1.de1.etioninspecia1.cases9.7.1 ExceptionmanagementEXAMP1.ESfbrDe1.etionuses；C1.ustersstoppedbecausearerequirederrors;piesbyorderfomexterna1.authorities;timeframe.Thefo1.1.owingframeworkoutsidebeUSedrCgU1.arprocesses,statingde1.etedinanappropriate apersonresponsib1.eforhand1.ingoftheexceptionshou1.dheappointed;NOTE1.ega1.requirementscan1.imitthede1.ayofChede1.etionoftheP1.1.re1.atedtotheexemption. informationonterminationprivacyexception,theorganizationshou1.dbeinvo1.vedinapprova1.andde1.etionresponsib1.eorganizationa1.unitoverviewisfeedback,ensuredrreturninstanceregu1.aroperationorthe©ISO/IEC2021-A1.1.rightsreservedTheindividua1.measuresapp1.ytosetsOfPIInotinc1.udedinorganization-vrideaspectsorindividua1.ITdeIetionruIesTheycantheinc1.udeofthisspecia1.PIIarcpart1.ya1.sousedinregu1.armanua1.processes.ThesePIIshou1.da1.sobede1.etedwithintheregu1.arpaperfi1.esoftheonServerfortheofPU.ofCheckingsuchcardofP1.iareItisadvisab1.etospecifythecorrespondingtasksinworkinstructionsfortheprocessesconcerned.1.ega1.requirementscanexistwhicha1.somaketheP1.1.contro1.1.erresponsib1.eforcomp1.iancewiththeTheP1.1.contro1.1.ershou1.drequiretheP1.1.processor,whereapp1.icab1.e,to: makeavai1.ab1.eprocedura1.documentationforde1.etion； provideprooforretainevidenceofthedisposa1.ofstoragemedia.A1.1.deviationsfromregu1.arde1.etionperiods(referredtoasexceptions)whichtakeeffectononeororganization,ofP1.1.shou1.dbemanaged,forexamp1.eusingthechangemanagementsystemofthearerequiredSpeda1.runsthatareOfPIIwhichofsystemtobekeptofP1.1.theregu1.aroperationde1.etionmeasuresarenotimp1.ementedandre1.easedasschedu1.ed.A1.1.suchsetsofPU,whichusedmaythetoensurethisbyshou1.dbethat: anexceptionshou1.dbep1.anned,documentedandapproved; thetimeperiodforwhichtheexceptionisgrantedshou1.dbeIinntcd; theexceptionp1.anshou1.dcontainanenddateWhCnreturntoregu1.arde1.etionperiodsisachieved;thepersoninchargeofofthemattersofForthepurposeOfkeepingtrackoftheexceptions,itisusefu1.tomaintainanoverviewofexceptions.Aftertheshou1.ddocumented.IfthishasgivenItsa1.readythefortobythedesignofchangemanagement,thenfurthermeasuresarepossib1.ynotrequired.9.7.2FurthersetsofPIISetsofPIIforwhichnoregu1.arprocesseshavebeenimp1.ementedgenera1.1.yresu1.tfromspecia1.Ck1.etthgiRJKantioubnd»nthythinedohjstwteianW<Thru1.arMetedeSOOfSiddjnRdySingnu1.arprocessesimp1.ementedaccordingtothepo1.iciesandproceduresforde1.etionwhereitisneitherusefu1.norappropriatetoa1.1.ocatethemtoade1.etionc1.ass.Examp1.esofsuchsetsofPIIinc1.ude: setsofPIIwhicharenotde1.etedbyregu1.arprocesses,forinstanceinconnectionwithmigrations； 11fidtfi用SWIWhafterhaVe浜1.M*VtrtSbytheregu1.arprocessesduetoerrorsinthede1.etion setsofPIIwhich,accordingtothere1.evant1.ega1.requirements,anewPIIcontro1.1.erisnota1.1.owed战din业E枭RRaqhhCRVft解血IIIRaF½S1.*WP1½咒¥oHcr;sp1.it-uporwhichwou1.dhavetobe setsofP1.Iwhicharenotpermittedtoremainonthesystemsafteradisasterrecoveryexercise.W岫瓢晒屈fineMricspecifkpo牌超姐帆颇皿生的崛面wM靛8i的曲ng:SitUatiOn.The whoisob1.igedtode1.etesuchsetsofPU; considerationofapp1.icab1.e1.egis1.ationandrequirementsofcompetentauthorities； whoneedstobeinformedifsuchsetsofP1.1.areidentified; howthetasksarecontro1.1.edanddocumented,e.g.viachangemanagement.ITsystemsandprocessesshou1.dthereforeofferthemechanismsrequiredtode1.etethesesetsofP1.1.withinthenecessarytime1.ines.IfnoothermechanismsareprovidedbyanITsystem,asanoption,thedfffWr<ff1.RWfJfeh9)rmWWftVfered.systemadministrative1.eve1.Inaworst-casescenario,aSpecificinstructionstoreso1.vetheissueswithsuchfurthersetsofPIIshou1.dbedocumented,aswe1.1.astheexecution,forinstancewithintheframeworkofanexistingchangemanagement.NOTE1.ega1.requirementscana1.1.owP1.1.contro1.1.erstorestrictP1.1.processinginsteadofde1.etion.IftheP1.1.contro1.1.erstoresP1.1.inamannerincontraventionofthere1.evant1.ega1.requirements,measuresshou1.dbeimp1.ementedtode1.etethatP1.1.assoonaspossib1.e.There1.evant1.ega1.requirementscanrequirede1.etionmeasurestobetakenimmediate1.y.IfaPI1.principa1.fi1.esarequestforde1.etioninaccordancewiththere1.evant1.ega1.requirements,thentheP1.1.concerneda1.soneedstobede1.eted.10Responsibi1.ities10.1 Genera1.Inthepo1.iciesandproceduresforde1.etion,theP1.1.contro1.1.ershou1.dspecifytheresponsibi1.itiesfortheindividua1.tasks.Thisshou1.dinc1.udeadefinitionoftheoperationa1.Stnictureforde1.etion.Theoperationa1.andorganizationa1.structuresshou1.dbestructuredandimp1.ementedsystematica1.1.yand,whereappropriate,embeddedintoexistingorganizationa1.structures.22A1.Itbeirtiof)M(rii<scswhd1.prucMhfttBthtirdutetionHThispsbc<t1.dcho6f1.tdMmqnopM>Hte4vcdprivacymattersasappropriate.TheP1.Icontro1.1.ershou1.ddocument: thede1.etionru1.ecata1.ogueinc1.udingrationa1.eforc1.usteringPU,de1.etionperiods,de1.etionc1.assesandde1.etionru1.es; requirementsforimp1.ementation,inc1.udingimp1.ementationmeasures； auditp1.ans.TheP1.1.Contro1.1.ershou1.dassigntheresponsibi1.itiesfor:一theidentificationandde1.etionofPU; maintenanceandre1.easeofthedocuments.TheP1.1.contro1.1.ershou1.dputinp1.acemeasuresforde1.etion.TheP1.1.contro1.1.ershou1.dauditonaregu1.arbasis(seea1.soFigure4)thede1.etionmeasuresof: theITsystem； organization-wideaspects； manua1.processes; P1.1.processors.Whereappropriate,theP1.1.contro1.1.ermayinstructtheP1.1.processorsinhigh-1.eve1.terms,requiringtheprocessortoreso1.vesomeora1.1.oftheissuesidentified.10.2 DocumentationThepo1.iciesandproceduresforde1.etionshou1.ddocumentro1.esandresponsibi1.itiesfor: thedefinitionofthede1.etionru1.es; theconsistencyoftheseru1.esacrosstheorganization; theimp1.ementation,checkin