标准摘要
[中文适用范围]: 本部分ISO/IEC 15944: - 提供了在Open-edi建模技术和场景开发中识别额外需求的方法,这些需求用于在业务交易相关的个人信息的记录信息上应用外部约束,这些约束是适用法律和监管要求,适用于对业务交易各方交换的个人信息拥有管辖权的管辖域; - 整合了现有规范要素,以支持隐私和数据保护需求,这些需求已在当前版本的ISO/IEC 14662和ISO/IEC 15944-1、ISO/IEC 15944-2、ISO/IEC 15944-4和ISO/IEC 15944-5中识别,适用于作为业务交易买方或交易中使用其个人信息的可识别的活体个人; - 提供了相关的(不一定自动化的)流程、程序、实践和治理要求的总体操作“最佳实践”声明,这些要求必须支持实施和执行技术机制,以支持在Open-edi交易环境中实现隐私/数据保护需求; - 识别并提供了一个示例场景和实施(用例),用于业务交易中隐私/数据保护的一个或多个用例; - 提供了关于在必须实施交易信息强制披露规则时程序机制需求的指南。 本部分ISO/IEC 15944是一项与业务操作视图(BOV)相关的标准,它解决了作为通过管辖域表示的法律要求的基本(或原始)隐私保护环境需求,以及业务交易,并整合了信息技术和电信环境的需求。 本部分ISO/IEC 15944包含一种方法和工具,用于通过“管辖域”的构建来指定公共类的外部约束。它通过使用明确陈述的规则、模板和形式描述技术(FDTs)满足ISO/IEC 15944-1和ISO/IEC 15944-2中设定的要求。 [外文原描述]: ISO/IEC 15944-8:2012 has been developed to support modelling generic international requirements for identifying and providing privacy protection of personal information throughout any kind of information and communications technology (ICT) based business transaction where the individual has the role of a buyer. It provides users and designers with a methodology and tools addressing requirements imposed by jurisdictional domains. ISO/IEC 15944-8:2012 takes the "business operational view" (BOV) aspects developed in ISO/IEC 14662, together with, in particular, ISO/IEC 15944-1 and ISO/IEC 15944-5 as well as many other international references. ISO/IEC 15944 models the requirements of jurisdictional domains as external constraints upon the creation, use, interchange, and information life-cycle management of data. ISO/IEC 15944-8:2012 addresses the wider context of the public policy requirements of jurisdictional domains controlling the use of personal information (PI). These include regulations for consumer protection, privacy protection, individual accessibility, etc. ISO/IEC 15944-8:2012 identifies and expands upon eleven generic, primitive, international principles that have been associated with privacy protection by international, regional, and UN member states' requirements. It models them with respect to the "collaboration space" of a business transaction and commitment exchange involving an individual acting in the role of a "buyer". It provides principles and rules governing the establishment, management and use of identifiers of that individual, including the use of legally recognized names (LRNs), recognized individual identity (rii), and methods of non-identification such as the use of anonymization and pseudonymization of personal information. ISO/IEC 15944-8:2012 also sets out principles governing information life-cycle management (ILCM) as well as the rules and associated coded domains for obtaining informed consent for collection, specifying state changes, records retention, record deletion and related matters in support of privacy protection requirements.
英文名称Information technology - Business operational view - Part 8: Identification of privacy protection requirements as external constraints on business transactions