ISO/IEC 27557:2022 信息安全、网络安全和隐私保护 ISO 31000：2018在组织隐私风险管理中的应用

标准编号：ISO/IEC 27557:2022

中文名称：信息安全、网络安全和隐私保护 ISO 31000：2018在组织隐私风险管理中的应用

英文名称：Information security, cybersecurity and privacy protection — Application of ISO 31000:2018 for organizational privacy risk management

发布日期：2022-11

标准范围

This document provides guidelines for organizational privacy risk management, extended from ISO 31000:2018. This document provides guidance to organizations for integrating risks related to the processing of personally identifiable information (PII) as part of an organizational privacy risk management programme. It distinguishes between the impact that processing PII can have on an individual with consequences for organizations (e.g. reputational damage). It also provides guidance for incorporating the following into the overall organizational risk assessment: — organizational consequences of adverse privacy impacts on individuals; and — organizational consequences of privacy events that damage the organization (e.g. by harming its reputation) without causing any adverse privacy impacts to individuals.

标准预览图