Draft
International Standard
ISO/IEC DIS 29151.2
Information security, cybersecurity and privacy protection – Controls and guidance for personally identifiable information protection
Reference number
ISO/IEC DIS 29151.2
Edition 2
© ISO 2025
Draft International Standard
Under development
This Draft International Standard is in the enquiry phase with ISO members.
Will replace ISO/IEC 29151:2017

Abstract

This Recommendation | International Standard establishes controls, purpose, and guidance for implementing controls, to meet the requirements identified by a risk and impact assessment related to the protection of personally identifiable information (PII).

In particular, this Recommendation | International Standard specifies guidance based on ISO/IEC 27002, taking into consideration the controls for processing PII that may be applicable within the context of an organization's information security risk environment(s).

This Recommendation | International Standard is applicable to all types and sizes of organizations acting as PII controllers (as defined in ISO/IEC 29100), including public and private companies, government entities and not-for-profit organizations that process PII, in particular, organizations that do not establish or operate a privacy information management system.

General information

Life cycle

Got a question?

Check out our Help and Support

  2. Store
  3. Store
  4. ICS
  5. 35
  6. 35.030
  7. ISO/IEC DIS 29151.2