Topic-specific policies
ISO/IEC TR 27550

Search this site

ISMS templates

< Previous standard      ^ Up a level ^      Next standard >


ISO/IEC TR 27550:2019 — Information technology — Security techniques — Privacy engineering for system life cycle processes (first edition)



“This document provides privacy engineering guidelines that are  intended to help organisations integrate recent advances in privacy  engineering into system life cycle processes. ...”
[Source: ISO/IEC TR 27550:2019]


‘Privacy engineering’ involves taking account of privacy during the entire cradle-to-grave lifecycle of IT systems and the associated processes, such that privacy is and remains an integral part of their function.


Scope of the standard

This is an IT security standard about engineering IT systems to satisfy privacy requirements relating to the protection of personal data.


Content of the standard

The standard:

  • Discusses how privacy engineering supports system and security engineering, information risk management, knowledge management etc.
  • Elaborates on conceptual principles such as privacy-by-design and privacy-by-default, important design goals noted in GDPR and elsewhere;
  • Elaborates on the processes for identifying, evaluating and treating privacy risks in the course of IT systems design;
  • Explains how IT systems can be engineered to support and satisfy the OECD privacy principles which form the basis of most privacy laws and regulations.



The standard was first published as a Technical Report in 2019.


Personal comments

The procedures for operating, using, monitoring, managing and maintaining IT systems and their privacy controls are just as important as the technical controls themselves, and also benefit from being systematically developed (specified, designed, documented, mandated, operated, monitored, maintained ...): it is a good thing this standard is not myopically focused on the technology.


< Previous standard      ^ Up a level ^      Next standard >

Copyright © 2024 IsecT Ltd. Contact us re Intellectual Property Rights