Customer Service:
Mon - Fri: 8:30 am - 6 pm EST


Privacy IT security standards are published by ISO and IEC. They include the ISO/IEC 29100 series, which covers framework and architecture.

ISO/IEC 29100:2011

Information technology - Security techniques - Privacy framework

ISO/IEC 29100:2011 provides a privacy framework which specifies a common privacy terminology; defines the actors and their roles in processing personally identifiable information (PII); describes privacy safeguarding considerations; and provides references to known privacy principles for information technology. ISO/IEC 29100:2011 is applicable to natural persons and organizations involved in specifying, procuring, architecting, designing, developing, testing, maintaining, administering, and operating information and communication technology systems or services where privacy controls are required for the processing of PII.

ISO/IEC 29101:2018

Information technology - Security techniques - Privacy architecture framework

This document defines a privacy architecture framework that: specifies concerns for ICT systems that process PII; lists components for the implementation of such systems; and provides architectural views contextualizing these components. This document is applicable to entities involved in specifying, procuring, architecting, designing, testing, maintaining, administering and operating ICT systems that process PII. It focuses primarily on ICT systems that are designed to interact with PII principals.


As the voice of the U.S. standards and conformity assessment system, the American National Standards Institute (ANSI) empowers its members and constituents to strengthen the U.S. marketplace position in the global economy while helping to assure the safety and health of consumers and the protection of the environment.