标准摘要
[中文适用范围]: 本文件:—— 提供方法,用于在Open-edi建模技术及场景开发中,识别业务操作视图(BOV)规范中有关个人数据业务交易记录信息所应适用的额外外部约束的附加要求,这些要求由适用司法管辖区的法律和监管要求所规定;—— 整合现有规范性要素,支持隐私和数据保护要求,这些要求已经在ISO/IEC 14662和ISO/IEC 15944-1、ISO/IEC 15944-2、ISO/IEC 15944-4、ISO/IEC 15944-5、ISO/IEC 15944-8、ISO/IEC 15944-9和ISO/IEC 15944-10中识别;—— 提供总体的、操作层面的“最佳实践”声明,支持与实施和执行技术机制相关的(不一定自动化)流程、程序、做法和治理要求,这些机制有助于在Open-edi交易环境中实现必要的隐私/数据保护要求;—— 聚焦于个人信息生命周期管理,即通过EDI交换的业务交易中涉及的SPI(及其SRIs)的内容,以信息包(IBs)的形式及相关的语义组件(SCs)在业务交易各方之间进行交互。 注:本文件中所陈述的关于个人信息生命周期管理(ILCM)及个人信息EDI的隐私保护要求(PPR)主要是通过列举的规则形式进行说明,这些规则作为所有与业务交易相关的记录信息以及任何组织中ILCM实施的最低政策和操作要求。 本文件未规定具体的技术机制,即支持BOV识别要求所需的功能支持服务(FSV)。 本文件范围的详细排除内容见附录H。 [外文原描述]: This document: — provides method(s) for identifying, in Open-edi modelling technologies and development of scenarios, the additional requirements in business operational view (BOV) specifications for identifying the additional external constraints to be applied to recorded information in business transactions relating to personal information of an individual, as required by legal and regulatory requirements of applicable jurisdictional domains; — integrates existing normative elements in support of privacy and data protection requirements as are already identified in ISO/IEC 14662 and ISO/IEC 15944-1, ISO/IEC 15944-2, ISO/IEC 15944-4, ISO/IEC 15944-5, ISO/IEC 15944-8, ISO/IEC 15944-9 and ISO/IEC 15944-10; — provides overarching, operational ‘best practice’ statements for associated (and not necessarily automated) processes, procedures, practices and governance requirements that act in support of implementing and enforcing technical mechanisms which support the privacy/data protection requirements necessary for implementation in Open-edi transaction environments; — focuses on the life cycle management of personal information, i.e. the contents of SPIs (and their SRIs) related to the business transaction interchanged via EDI as Information Bundles (IBs) and their associated Semantic Components (SCs) among the parties to a business transaction. NOTE Privacy protection requirements (PPR) on information life cycle management (ILCM) and EDI of personal information as stated in this document primarily via enumerated rules which serve as a minimum set of ILCM policy and operational requirements for all recorded information pertaining to a business transaction in particular, as well as ILCM implementation in any organization in general. This document does not specify the technical mechanisms, i.e. functional support services (FSV) which are required to support BOV-identified requirements. Detailed exclusions to the scope of this document are provided in Annex H.
英文名称Information technology - Business operational view - Part 12: Privacy protection requirements (PPR) on information life cycle management (ILCM) and EDI of personal information (PI)