ISO/IEC DIS 29151.2

Information security, cybersecurity and privacy protection – Controls and guidance for personally identifiable information protection

General information

Current stage: 40.60 Effective date: Jun 26, 2025

Originator: ISO/IEC

Owner: ISO/IEC JTC 1/SC 27

Type: International Standard

Scope

This Recommendation | International Standard establishes controls, purpose, and guidance for implementing controls, to meet the requirements identified by a risk and impact assessment related to the protection of personally identifiable information (PII).
In particular, this Recommendation | International Standard specifies guidance based on ISO/IEC 27002, taking into consideration the controls for processing PII that may be applicable within the context of an organization's information security risk environment(s).
This Recommendation | International Standard is applicable to all types and sizes of organizations acting as PII controllers (as defined in ISO/IEC 29100), including public and private companies, government entities and not-for-profit organizations that process PII, in particular, organizations that do not establish or operate a privacy information management system.

Life cycle

PREVIOUSLY

PUBLISHED
ISO/IEC 29151:2017

NOW

PROJECT
ISO/IEC DIS 29151.2
40.60 Close of voting
Jun 26, 2025

Related project

Adopted from X.1058 (2025) - Common Text

National adoptions

naSRPS EN ISO/IEC 29151:2025

ISS

Information security, cybersecurity and privacy protection - Controls and guidance for personally identifiable information protection (ISO/IEC DIS 29151:2025)

40.60 Close of voting

I224 more