DANSK DSF/ISO/IEC FDIS 29151 PDF

This document establishes control objectives, controls and guidelines for implementing controls, to meet the requirements identified by a risk and impact assessment related to the protection of Personally Identifiable Information (PII). In particular, this document specifies guidelines based on ISO/IEC 27002, taking into consideration the requirements for processing PII which may be applicable within the context of an organization's information security risk environment(s). This document is applicable to all types and sizes of organizations acting as PII controllers (as defined in ISO/IEC 29100), including public and private companies, government entities, and not-for-profit organizations, which process PII.