ISO/IEC 29100:2024
Information technology - Security techniques - Privacy framework. Establishes a comprehensive privacy framework including privacy principles, terminology, and concepts for the protection of personally identifiable information (PII). Applicable to organizations involved in specifying, procuring, designing, developing, or operating ICT systems that process PII. Second edition, substantially updated from 2011.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (9)
Application
| Code | Title |
|---|---|
| ISO29100-6.1 | Privacy Safeguarding Requirements Identification |
| ISO29100-6.2 | Privacy Risk Factors |
| ISO29100-6.3 | Controls Selection and Implementation |
| ISO29100-6.4 | Privacy by Design and Default |
| ISO29100-6.5 | Cross Border PII Transfer Controls |
| ISO29100-6.6 | Breach Management |
| ISO29100-6.7 | Third Party Privacy Governance |
Clause 1-3: Framework Introduction
| Code | Title |
|---|---|
| 29100-1 | Scope |
| 29100-2 | Normative references |
| 29100-3 | Terms and definitions |
Clause 4: Privacy Framework Components
| Code | Title |
|---|---|
| 29100-4.1 | Actors and roles |
| 29100-4.2 | Interactions between actors |
| 29100-4.3 | Privacy safeguarding requirements |
Clause 5: Privacy Safeguarding Considerations
| Code | Title |
|---|---|
| 29100-5.1 | Recognizing PII |
| 29100-5.2 | Regulatory factors |
| 29100-5.3 | Privacy risk factors |
Clause 6: Privacy Principles - Foundational (Principles 1-4)
| Code | Title |
|---|---|
| 29100-6.1 | Consent and choice |
| 29100-6.2 | Purpose legitimacy and specification |
| 29100-6.3 | Collection limitation |
| 29100-6.4 | Data minimization |
Clause 6: Privacy Principles - Governance (Principles 9-11)
| Code | Title |
|---|---|
| 29100-6.10 | Information security |
| 29100-6.11 | Privacy compliance |
| 29100-6.9 | Accountability |
Clause 6: Privacy Principles - Operational (Principles 5-8)
| Code | Title |
|---|---|
| 29100-6.5 | Use, retention and disclosure limitation |
| 29100-6.6 | Accuracy and quality |
| 29100-6.7 | Openness, transparency and notice |
| 29100-6.8 | Individual participation and access |
Foundation
| Code | Title |
|---|---|
| ISO29100-5.1 | PII Actor Identification |
| ISO29100-5.2 | PII and Sensitive PII Categorisation |
Principles
| Code | Title |
|---|---|
| ISO29100-5.10.1 | Consent and Choice Principle |
| ISO29100-5.10.10 | Information Security |
| ISO29100-5.10.11 | Privacy Compliance |
| ISO29100-5.10.2 | Purpose Legitimacy and Specification |
| ISO29100-5.10.3 | Collection Limitation |
| ISO29100-5.10.4 | Data Minimisation |
| ISO29100-5.10.5 | Use, Retention, and Disclosure Limitation |
| ISO29100-5.10.6 | Accuracy and Quality |
| ISO29100-5.10.7 | Openness, Transparency, and Notice |
| ISO29100-5.10.8 | Individual Participation and Access |
| ISO29100-5.10.9 | Accountability |
Your Compliance Coverage
If you comply with ISO/IEC 29100:2024, you already cover:
ISO/IEC 27400:2022
15%
6 controls mapped
Compare →Vietnam Law on Cybersecurity (No. 24/2018/QH14)
15%
6 controls mapped
Compare →USMCA Chapter 19 - Digital Trade (United States-Mexico-Canada Agreement)
15%
6 controls mapped
Compare →+ 241 more: UK GDPR (UK General Data Protection Regulation) (15%), Regional Comprehensive Economic Partnership (RCEP) - E-Commerce Chapter (15%)
See all 244 mapped frameworks ↓Maps to 244 other frameworks
Frequently Asked Questions
What is ISO/IEC 29100:2024?
ISO/IEC 29100:2024 is a compliance framework from International with 9 domains and 40 controls. Information technology - Security techniques - Privacy framework. Establishes a comprehensive privacy framework including privacy principles, terminology, and concepts for the protection of personally identifiable information (PII). Applicable to organizations involved in specifying, procuring, designing, developing, or operating ICT systems that process PII. Second edition, substantially updated from 2011. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does ISO/IEC 29100:2024 have?
ISO/IEC 29100:2024 has 40 controls organised across 9 domains. The largest domains are Principles (11 controls), Application (7 controls), Clause 6: Privacy Principles - Foundational (Principles 1-4) (4 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does ISO/IEC 29100:2024 map to?
ISO/IEC 29100:2024 maps to 244 other compliance frameworks. The top mapping partners are ISO/IEC 27400:2022 (15% coverage), Vietnam Law on Cybersecurity (No. 24/2018/QH14) (15% coverage), USMCA Chapter 19 - Digital Trade (United States-Mexico-Canada Agreement) (15% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with ISO/IEC 29100:2024 compliance?
Start your ISO/IEC 29100:2024 compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about ISO/IEC 29100:2024 requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 40 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 723 frameworks.
Get Started Free →Free forever — no credit card required