PMRM TC Members,
I am happy to announce that a new ISO international standard, ISO/IEC 27561:2024 - Privacy operationalisation model and method for engineering (POMME) has been published. It is based on the OASIS Privacy Management Reference Model and Methodology (PMRM) Version 1.0 and provides a structured methodology to operationalize both privacy and security control requirements in networked, interdependent applications and systems and throughout application development lifecycles.
PMRM TC members John Sabo, Michele Drgon, Gershon Janssen, and Gail Magnuson contributed to the development and publication of the new standard as liaison members to ISO/IEC JTC1/SC27/WG5 for the past three+ years.
Because the ISO POMME and the PMRM are so closely aligned, we have an opportunity to renew focus and activity in the PMRM TC and OASIS - particularly projects that will leverage interest in privacy engineering and lead to valuable TC initiatives and deliverables. We plan to schedule a PMRM TC meeting on May 22 to discuss the ISO standard, its relationship to the PMRM specification, and a possible work plan.
Links to the PMRM and POMME are included below.
I will post a PMRM TC meeting announcement shortly and hope you will be able to participate. In the meantime, we hope you will review the ISO overview of the POMME available at the ISO Online Browsing Platform using the link below. I’m also including below a link to our PMRM v1.0 cs02.
Best regards,
John Sabo
Chair, PMRM TC
OASIS PMRM —
http://docs.oasis-open.org/pmrm/PMRM/v1.0/cs02/PMRM-v1.0-cs02.htmlISO/IEC 27561:2024 — https://www.iso.org/obp/ui/en/#iso:std:iso-iec:27561:ed-1:v1:en