ISO/IEC DIS 15944-12

Description / Abstract: Project Co-Editors’ Notes

Clause 1.1 of the Scope statement has remained stable from its WD through CD version and draft DIS ballot document reviewed at the November, 2015 Beijing interim SC32.WG1 meeting.

The minor changes to the text in this Clause 1.1 below are of an editorial nature only and done to improve readability.

Like other parts of ISO/IEC 15944 this Part 12 is based on the ISO/IEC 14662 “Information technology - Open-edi Reference Model” as well as existing Parts of ISO/IEC 15944 “Information technology – Business Operational View” which serve as its key Normative References and overall boundaries for the Scope of Part 12. Further, Part 5 and Part 8, in particular, serve as the basis for this Part 12 as they both focus on external constraints.

In this context, this Part 12 of ISO/IEC 15944:

• provides method(s) for identifying, in Open-edi modelling technologies and development of scenarios, the additional requirements in Business Operational View (BOV) specifications for identifying the additional external constraints to be applied to recorded information in business transactions relating to personal information of an individual, as required by legal and regulatory requirements of applicable jurisdictional domains as external constraints. having governance over any processing of personal information including that exchanged among parties to a business transaction and doing so from an “Information life cycle management (ILCM) requirements perspective;

• integrates existing normative elements in support of privacy and data protection requirements as are already identified in the current editions of ISO/IEC 14662 and ISO/IEC 15944-1, ISO/IEC 15944-2, ISO/IEC 15944-4, ISO/IEC 15944-5, ISO/IEC 15944-8, ISO/IEC 15944-9, and ISO/IEC 15944-10 which apply to any kind of business information concerning identifiable living individuals as buyers ¹⁹ in a business transaction or whose personal information is used in transaction or any type of commitment exchange;

• provides overarching operational ‘best practice’ statements for associated (and not necessarily automated) processes, procedures, practices and governance requirements that must act in support of implementing and enforcing technical mechanisms needed to support privacy/data protection requirements necessary for the implementation in Open-edi transaction environments;

• identifies and provides a sample scenario and implementation (use case) for one or more ILCM use cases of privacy/data protection in business transactions;

• provides guidelines on the need for procedural mechanisms in the event that mandatory disclosure rules of transactional information must be implemented; and,

• focuses on the life cycle management of the personal information i.e., the contents of SPIs (and their SRIs) related to the business transaction interchanged via EDI as information bundles and their associated semantic components among the parties to a business transaction.<sup>20

19</sup> As stated in Clauses 6.2.4 – 6.2.8, and Figure 18 of ISO/IEC 15944-1:2011, a natural person who provides a good, service and/or right is deemed to be an organization. Most jurisdictional domains also view an unincorporated activity providing a good, service and/or right to be an organization. {See further ISO/IEC 6523}

²⁰ It is noted that privacy protection requirements on information life cycle management (ILCM) and EDI of personal information as stated in this document do serve as a minimum set of ILCM policy and operational requirements for all recorded information pertaining to a business transaction in particular, as well as ILCM implementation in any organization in general.