prSRPS EN ISO/IEC 24760-3:2025

Information security, cybersecurity and privacy protection — A framework for identity management — Part 3: Practice

Scope

- provides requirements and guidance for the management of identity information and for ensuring that an identity management system conforms to ISO/IEC 24760-1 and ISO/IEC 24760-2;
- is applicable to any information system where information relating to identity is processed or stored;
- is considered to be a horizontal document for the following reasons:
- it applies concepts such as distinguishing the term “identity” from the term “identifier” on the implementation of systems for the management of identity information and on the requirements for the implementation and operation of a framework for identity management,
- it provides an important contribution to assess identity management systems with regard to their privacy-friendliness and their ability to assure the relevant attributes of an identity, and consequently it provides a foundation and a common understanding for any other standard addressing identity, identity information, and identity management.