GDPR

projektai-lsd Lithuanian Standards Board
Portal for draft standards

Extended search

till

Results

Showing:
ISO/IEC DIS 27007 Public enquiry
Comment end date 2026-09-01
Information security, cybersecurity and privacy protection — Guidelines for information security management systems auditing
prEN ISO/IEC 27018 Public enquiry
Comment end date 2026-09-04
Information security, cybersecurity and privacy protection - Guidelines for protection of personally identifiable information (PII) in public clouds acting as PII processors (ISO/IEC 27018:2025)

This document establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect personally identifiable information (PII) in line with the privacy principles in ISO/IEC 29100 for the public cloud computing environment. In particular, this document specifies guidelines based on ISO/IEC 27002:2022, taking into consideration the regulatory requirements for the protection of PII which can be applicable within the context of the information security risk environment(s) of a provider of public cloud services. This document is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations, which provide information processing services as PII processors via cloud computing under contract to other organizations. The guidelines in this document can also be relevant to organizations acting as PII controllers.

prEN ISO/IEC 29100 Public enquiry
Comment end date 2026-09-04
Information technology - Security techniques - Privacy framework (ISO/IEC 29100:2024)

This document provides a privacy framework which: — specifies a common privacy terminology; — defines the actors and their roles in processing personally identifiable information (PII); — describes privacy safeguarding considerations; — provides references to known privacy principles for information technology. This document is applicable to natural persons and organizations involved in specifying, procuring, architecting, designing, developing, testing, maintaining, administering, and operating information and communication technology systems or services where privacy controls are required for the processing of PII

prEN ISO/IEC 27007 Public enquiry
Comment end date 2026-09-01
Information security, cybersecurity and privacy protection - Guidelines for information security management systems auditing (ISO/IEC DIS 27007:2026)

This document provides guidance on managing an information security management system (ISMS) audit programme, on conducting audits, and on the competence of ISMS auditors, in addition to the guidance contained in ISO 19011. This document is applicable to those needing to understand or conduct internal or external audits of an ISMS or to manage an ISMS audit programme.

ISO/IEC DIS 27004 Public enquiry
Comment end date 2026-09-01
Information technology — Security techniques — Information security management — Monitoring, measurement, analysis and evaluation
ISO/IEC DIS 25093-1 Public enquiry
Comment end date 2026-08-17
Cybersecurity — Confidential computing — Part 1: Overview and concepts
ISO/IEC DIS 27045.2 Public enquiry
Comment end date 2026-07-24
Information security, cybersecurity and privacy protection — Big data security and privacy — Guidelines for managing big data risks
ISO/IEC DIS 10267 Public enquiry
Comment end date 2026-08-16
Information technology — Data usage — Methods to quantify the amount of personal information in a dataset
ISO/IEC DIS 25330-1 Public enquiry
Comment end date 2026-08-07
Information security — Oblivious transfer — Part 1: General
ISO/IEC DIS 27555 Public enquiry
Comment end date 2026-08-05
Information security, cybersecurity and privacy protection — Guidelines on personally identifiable information deletion
prEN ISO/IEC 27555 Public enquiry
Comment end date 2026-08-04
Information security, cybersecurity and privacy protection - Guidelines on personally identifiable information deletion (ISO/IEC DIS 27555:2026)

This document contains guidelines for developing and establishing policies and procedures for deletion of personally identifiable information (PII) in organizations by specifying: —    a harmonized terminology for PII deletion; —    an approach for defining deletion rules in an efficient way; —    a description of required documentation; —    a broad definition of roles, responsibilities and processes. This document is intended to be used by organizations where PII is stored or processed. This document does not address: —    specific legal provision, as given by national law or specified in contracts; —    specific deletion rules for particular clusters of PII that are defined by PII controllers for processing PII; —    deletion mechanisms; —    reliability, security and suitability of deletion mechanisms; —    specific techniques for de-identification of data.

prEN 18235-3 Public enquiry
Comment end date 2026-08-04
Trusted data transactions - Part 3: Interoperability requirements

This document specifies requirements and guidance for the interoperability of data, data sharing mechanisms, and services within data spaces. It covers requirements, criteria and implementation guidance on: - dataset content, use restrictions, licences, data collection methodology, data quality and uncertainty, and on machine-readable formats to find, access and use of data; - data structures, data formats, vocabularies, classification schemes, taxonomies and code lists, and how to describe these elements a publicly available and consistent manner; - technical means to access the data, such as application programming interfaces, and their terms of use and quality of service to enable automatic access and transmission of data between parties; - where applicable, the means to enable the interoperability of tools for automating the execution of data sharing contracts. This document is applicable to all organizations participating in dataspaces, regardless of their size or type.

prEN 18229-1 Public enquiry
Comment end date 2026-08-02
AI trustworthiness framework - Part 1: Logging

This document provides terminology, concepts, requirements, and guidance for logging of AI systems. It is primarily intended for organizations placing on the market or putting into service AI systems and is not specific to any particular sector.

prEN 40000-11 Public enquiry
Comment end date 2026-07-28
Essential cybersecurity requirements for products - Part 11: Hardware Devices with Security Boxes incorporating a hardware physical envelope and designed to provide security functions such as secure storage and cryptographic operations in an open environment

This document defines cyber security requirements for products with digital elements belonging to product category “Hardware Device with Security Boxes” (hereinafter called “Product” or “HWSB product”). The technical description of “Hardware Devices with Security Boxes” can be found in Annex II of [CRA]. The Hardware Devices with Security Boxes in scope are designed for deployment in a range of environments and where the threat landscape includes attackers with various attack potential. HWSB are hardware-based systems intended to provide secure storage, processing and use of sensitive data, including cryptographic assets, within a protected hardware boundary (envelope). This document applies to the HWSB part of the product. The applicability of this document to specific products is determined based on their intended purpose, use case and risk assessment.

prEN ISO/IEC 24760-1 Public enquiry
Comment end date 2026-07-21
Information security, cybersecurity and privacy protection - A framework for identity management - Part 1: Core concepts and terminology (ISO/IEC 24760-1:2025)

This document: defines terms for identity management and specifies core concepts of identity and identity management, and their relationships; is applicable to any information system where information relating to identity is processed or stored; is considered to be a horizontal document for the following reasons: it applies concepts such as distinguishing the term “identity” from the term “identifier” on the implementation of systems for the management of identity information and on the requirements for the implementation and operation of a framework for identity management,  it provides an important contribution to assess identity management systems with regard to their privacy-friendliness and their ability to assure the relevant attributes of an identity, and consequently it provides a foundation and a common understanding for any other standard addressing identity, identity information, and identity management.

prEN ISO/IEC 24760-3 Public enquiry
Comment end date 2026-07-21
Information security, cybersecurity and privacy protection - A framework for identity management - Part 3: Practice (ISO/IEC 24760-3:2025)

This document: provides requirements and guidance for the management of identity information and for ensuring that an identity management system conforms to ISO/IEC 24760-1 and ISO/IEC 24760-2; is applicable to any information system where information relating to identity is processed or stored; is considered to be a horizontal document for the following reasons: it applies concepts such as distinguishing the term “identity” from the term “identifier” on the implementation of systems for the management of identity information and on the requirements for the implementation and operation of a framework for identity management, it provides an important contribution to assess identity management systems with regard to their privacy-friendliness and their ability to assure the relevant attributes of an identity, and consequently it provides a foundation and a common understanding for any other standard addressing identity, identity information, and identity management.

prEN ISO/IEC 24760-2 Public enquiry
Comment end date 2026-07-21
Information security, cybersecurity and privacy protection - A framework for identity management - Part 2: Reference architecture and requirements (ISO/IEC 24760-2:2025)

This document: provides guidelines for the implementation of systems for the management of identity information; specifies requirements for the implementation and operation of a framework for identity management; is applicable to any information system where information relating to identity is processed or stored; is considered to be a horizontal document for the following reasons: it applies concepts such as distinguishing the term “identity” from the term “identifier” on the implementation of systems for the management of identity information and on the requirements for the implementation and operation of a framework for identity management, it provides an important contribution to assess identity management systems with regard to their privacy-friendliness and their ability to assure the relevant attributes of an identity, and consequently it provides a foundation and a common understanding for any other standard addressing identity, identity information, and identity management.

prEN 17926 Public enquiry
Comment end date 2026-07-14
Privacy information management system per EN ISO/IEC 27701 – Refinements in European context

This document specifies refinements for an application of EN ISO/IEC 27701 in a European context. This document is applicable to the same entities as is ISO/IEC 27701: all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations, which are PII controllers and/or PII processors. An organization can use this document for the implementation of the generic requirements and controls of EN ISO/IEC 27701 according to its context and its applicable obligations. Certification criteria based on these refinements can provide a certification model under ISO/IEC 17065 for processing operations performed within the scope of a privacy information management system according to EN ISO/IEC 27701, which can be combined with certification requirements for EN ISO/IEC 27701 under ISO/IEC 17021.

prEN 18282 Public enquiry
Comment end date 2026-07-14
Artificial intelligence - Cybersecurity specifications for AI Systems

This document addresses organizational and technical solutions aimed at ensuring the cybersecurity of high-risk AI systems over the life cycle, appropriate to the relevant circumstances and the risks. The technical solutions to address AI-specific vulnerabilities include, where appropriate, measures to prevent, detect, respond to, resolve and control for attacks trying to manipulate the training dataset (data poisoning), or pre-trained components used in training (model poisoning), inputs designed to cause the model to make a mistake (adversarial examples or model evasion), confidentiality attacks or model flaws. This document provides objective criteria to enable decisions on whether a given technical or organizational solution adequately achieves a given vulnerability-related goal.

Quick filters

Technical Committee
TK 1 Electronics (9) TK 4 Information technology (7) TK 5 Electrical engineering (36) TK 6 Fruit and vegetables products (2) TK 12 Motor - roads (2) TK 13 Agricultural engineering (5) TK 15 Cereals, cereal products, bread and animal feeding stuffs (1) TK 18 Telecommunications (4) TK 20 Toys, child use articles, sports and other recreational equipment (2) TK 22 Fire safety (5) TK 23 Ceramic tiles, masonry and natural stones (3) TK 24 Quality management and quality assurance (2) TK 28 Gas systems (2) TK 29 Water supply (1) TK 31 Acoustics (1) TK 32 Health (10) TK 35 Safety of machinery (3) TK 36 Environmental protection (4) TK 38 Building constructions (19) TK 39 Protection (1) TK 40 Petroleuml, petroleum products, lubricants and alternative fuels (1) TK 41 Welding (5) TK 42 Packaging (2) TK 43 Railway traffic (1) TK 45 Electric power (4) TK 46 Roofs and building waterproof isolation (1) TK 49 Metallic materials (2) TK 50 Heating and Ventilation Systems (2) TK 51 Food analysis- Horizontal methods (2) TK 52 Ophthalmic optics and lasers (4) TK 54 Assistive products for persons with disability (2) TK 57 Fertilizers (1) TK 59 Geotechnics (1) TK 60 Windows and doors (2) TK 63 Gas cylinders and cryogenic vessels (1) TK 66 Non-destructive testing (1) TK 68 Plastics (7) TK 70 Pulp, paper, board, adhesives (4) TK 76 Explosive atmospheres (1) TK 79 IT security techniques (15) TK 80 Road transport and traffic telematics (2) TK 82 Safety of trackless overground vehicles (2) TK 87 Biotechnology (1) TK 88 Building Information Modelling (BIM) (1) TK 89 Risk management and organizational governance (2) TK 99 Health Informatics (1)
ICS
Biologinės dirvožemio savybės (1) Plonasis popierius (1) Advanced ceramics (5) Aerospace electric equipment and systems (1) Alarm and warning systems (1) Alkaline secondary cells and batteries (1) Aluminium products (1) Application of information technology in general (2) Binders. Sealing materials (2) Biology. Botany. Zoology (1) Bolts, screws, studs (3) Bolts, screws, studs (1) Bridge construction (1) Building accessories (2) Buildings in general (1) Cans. Tins. Tubes (2) Cement. Gypsum. Lime. Mortar (3) Cereals, pulses and derived products (1) Chemical laboratories. Laboratory equipment (1) Company organization and management in general (1) Concrete structures (2) Cooking ranges, working tables, ovens and similar appliances (14) Dental instruments (1) Dental materials (2) Dishwashers (2) Domestic electrical appliances in general (3) Earth-moving machinery (1) Earthworks. Excavations. Foundation construction. Underground works (2) Electric tools (1) Electric traction equipment (1) Electrical accessories in general (1) Electrical and electronic equipment (1) Electrical apparatus for explosive atmospheres (1) Electricity supply systems (2) Electronics (Vocabularies) (2) Emission (4) Environmental testing (1) Equipment for children (1) Examination of physical properties of water (1) Explosives. Pyrotechnics and fireworks (2) Fibre optic interconnecting devices (4) Fibre optic systems in general (1) Fire protection (3) Fire-resistance of building materials and elements (2) First aid (3) Fixed capacitors (1) Flat steel products and semi-products (2) Gas cylinders (1) Generators (1) Health care services in general (1) High voltage switchgear and controlgear (1) Hospital equipment (1) Identification cards. Chip cards. Biometrics (1) Immunity (2) Implants for surgery, prosthetics and orthotics (1) In vitro diagnostic test systems (3) Indoor sports equipment (1) Industrial robots. Manipulators (1) Industrial trucks (1) Inland navigation vessels (1) Insulating materials in general (2) Iron and steel forgings (1) IT applications in education (1) IT applications in health care technology (1) IT applications in office work (1) IT applications in transport (2) IT Security (19) Laundry appliances (1) Management of human resources (1) Management systems (2) Measurement of electrical and magnetic quantities (5) Mechanical testing of metals (1) Medical equipment in general (1) Metallic coatings (1) Natural gas (1) Networking (2) Non-destructive testing (1) Oilseeds (1) Open systems interconnection in general (1) Optoelectronics. Laser equipment (2) Other fasteners (2) Other lifting equipment (1) Other medical equipment (1) Other semiconductor devices (1) Other services (1) Other standards related to aids for disabled and handicapped people (1) Other switchgear and controlgear (1) Paint coating equipment (1) Paper and board (3) Passenger cars. Caravans and light trailers (1) Pipeline components and pipelines in general (1) Plastics in general (1) Plug-and-socket devices. Connectors (2) Pollution, pollution control and conservation (1) Potentiometers, variable resistors (1) Power transmission and distribution lines (1) Pressure regulators (1) Properties of surfaces (1) Protection against falling and slipping (1) Quantities and units (1) Radiation measurements (1) Radiographic equipment (1) Railway rolling stock in general (1) Road construction materials (1) Seismic and vibration protection (1) Small kitchen appliances (9) Spices and condiments (2) Stationary source emissions (1) Steel pipes and tubes for specific use (1) Sterilization and disinfection in general (1) Street lighting and related equipment (2) Surgical instruments and materials (1) Technical aspects (12) Technical product documentation (1) TELECOMMUNICATIONS. AUDIO AND VIDEO ENGINEERING (4) Therapy equipment (1) Thermoplastic materials (4) Valves in general (2) Ventilation and air-conditioning systems (1) Ventilators. Fans. Air-conditioners (1) Vibration and shock with respect to human beings (1) Waxes, bituminous materials and other petroleum products (1) Welded joints and welds (3) Welding, brazing and soldering in general (1) Woodworking machines (3)