BS ISO/IEC 29151:2017确立了控制目标、控制措施和实施指南 控制措施，以满足与个人保护相关的风险和影响评估确定的要求 可识别信息（PII）。特别是，本建议|国际标准规定了基于ISO/IEC 27002的指南，考虑到 考虑处理PII的要求，这些要求可能适用于组织的 信息安全风险环境。本建议|国际标准适用于充当PII控制器的所有类型和规模的组织 （定义见ISO/IEC 29100），包括公共和私营公司、政府实体和非营利组织 处理PII的组织。交叉引用:ISO/IEC 27002:2013ISO/IEC 29100:2011NIST特别出版物800-122NIST特别出版物800-53ISO/IEC 27001:2013ISO/IEC 27009:2016ISO/IEC 29134:2017BS 10012:2017ISO/IEC 27018:2014 ED1ISO/IEC 27000:2016ISO/IEC 27005:2011购买本文件时提供的所有当前修订版均包括在内。

BS ISO/IEC 29151:2017 establishes control objectives, controls and guidelines for implementing controls, to meet the requirements identified by a risk and impact assessment related to the protection of personally identifiable information (PII).In particular, this Recommendation | International Standard specifies guidelines based on ISO/IEC 27002, taking into consideration the requirements for processing PII that may be applicable within the context of an organization's information security risk environment(s).This Recommendation | International Standard is applicable to all types and sizes of organizations acting as PII controllers (as defined in ISO/IEC 29100), including public and private companies, government entities and not-for-profit organizations that process PII.Cross References:ISO/IEC 27002:2013ISO/IEC 29100:2011NIST Special Publication 800-122NIST Special Publication 800-53ISO/IEC 27001:2013ISO/IEC 27009:2016ISO/IEC 29134:2017BS 10012:2017ISO/IEC 27018:2014 ED1ISO/IEC 27000:2016ISO/IEC 27005:2011All current amendments available at time of purchase are included with the purchase of this document.