EN ISO/IEC 29151:2022

ISO/IEC 29151:2017 establishes control objectives, controls and guidelines for implementing controls, to meet therequirements identified by a risk and impact assessment related to the protection of personally identifiable information(PII).In particular, this Recommendation | International Standard specifies guidelines based on ISO/IEC 27002, taking intoconsideration the requirements for processing PII that may be applicable within the context of an organization'sinformation security risk environment(s).ISO/IEC 29151:2017 is applicable to all types and sizes of organizations acting as PII controllers (as defined in ISO/IEC 29100),including public and private companies, government entities and not-for-profit organizations that process PII.