IEEE 7002:2022

Scope:

This standard defines requirements for a systems/software engineering process for privacy oriented considerations regarding products, services, and systems utilizing employee, customer or other external user's personal data. It extends across the life cycle from policy through development, quality assurance, and value realization. It includes a use case and data model (including metadata). It applies to organizations and projects that are developing and deploying products, systems, processes, and applications that involve personal information. By providing specific procedures, diagrams, and checklists, users of this standard will be able to perform a conformity assessment on their specific privacy practices. Privacy impact assessments (PIAs) are described as a tool for both identifying where privacy controls and measures are needed and for confirming they are in place.

Purpose:

The purpose of this standard is to have one overall methodological approach that specifies practices to manage privacy issues within the systems/software engineering life cycle processes.

Targets:

Stakeholders include any employee, customer, or member of the public whose personal data is utilized in the creation or manufacture of the products, services and systems created by organizations utilizing this process. Organization based stakeholders include senior leadership, designers, engineers, producers, suppliers and marketers who design products, services and systems in a way to honor end user privacy and personal data. Furthermore, stakeholders include local, national, and international governing bodies responsible for the transfer, storage, (potential) sale, or dissemination of said personal data.