ISO/IEC FDIS 29151

Information security, cybersecurity and privacy protection — Controls, requirements, and guidance for personally identifiable information protection

General information

Current stage: 50.20 Effective date: Nov 7, 2025

Originator: ISO/IEC

Owner: ISO/IEC JTC 1/SC 27

Type: International Standard

Scope

This document specifies controls, purpose, and guidance for implementing controls, to meet the requirements identified by a risk and impact assessment related to the protection of personally identifiable information (PII).
In particular, this document specifies requirements and guidance based on ISO/IEC 27002, taking into consideration the controls for processing PII that can be applicable within the context of an organization's information security risk environment(s).
This document is applicable to all types and sizes of organizations acting as PII controllers (as defined in ISO/IEC 29100), including public and private companies, government entities and not-for-profit organizations that process PII, in particular, organizations that do not establish or operate a privacy information management system.

Life cycle

PREVIOUSLY

PUBLISHED
ISO/IEC 29151:2017

NOW

PROJECT
ISO/IEC FDIS 29151
50.20 Proof sent to secretariat or FDIS ballot initiated: 8 weeks
Nov 7, 2025

National adoptions

dnaSRPS EN ISO/IEC 29151:2025

ISS

Information security, cybersecurity and privacy protection - Controls, requirements, and guidance for personally identifiable information protection (ISO/IEC FDIS 29151:2025)

50.20 Proof sent to secretariat or FDIS ballot initiated: 8 weeks

I224 more

Preview

To view the full content, you need to register or to log in to your account by clicking on the "Log in" button