Knowledge Hub
Privacy standards & frameworks
The international standards and recognised frameworks most relevant to privacy governance, assurance and AI. Curated to the essentials and growing — with links to the authoritative source for each.
| Reference | What it is | Source |
|---|---|---|
| ISO/IEC 27701 | Privacy Information Management System (PIMS) — extends ISO 27001 to privacy. The leading certifiable privacy standard. | iso.org |
| ISO/IEC 29100 | Privacy framework — terminology and principles for protecting PII. | iso.org |
| NIST Privacy Framework | Voluntary US framework for managing privacy risk; maps to the NIST CSF. | nist.gov |
| BS 10012 | British Standard for a personal information management system, aligned to UK GDPR. | bsigroup.com |
| Reference | What it is | Source |
|---|---|---|
| ISO/IEC 27001 | Information Security Management System (ISMS) — the foundational certifiable security standard. | iso.org |
| ISO/IEC 27002 | Information security controls — implementation guidance for 27001. | iso.org |
| ISO/IEC 27018 | Code of practice for protecting PII in public clouds acting as processors. | iso.org |
| SOC 2 (AICPA TSC) | Trust Services Criteria — assurance reporting on security, availability, confidentiality & privacy. | aicpa-cima.com |
| NIST SP 800-53 | Security & privacy controls for information systems and organisations. | csrc.nist.gov |
| CSA CCM / STAR | Cloud Security Alliance Cloud Controls Matrix and STAR assurance programme. | cloudsecurityalliance.org |
| PCI DSS | Payment Card Industry Data Security Standard for cardholder data. | pcisecuritystandards.org |
| Reference | What it is | Source |
|---|---|---|
| ISO/IEC 42001 | AI Management System (AIMS) — the first certifiable AI governance standard. | iso.org |
| NIST AI RMF | AI Risk Management Framework for trustworthy AI. | nist.gov |
| EU AI Act | Regulation (EU) 2024/1689 — risk-based regulation of AI systems. | eur-lex.europa.eu |
| Reference | What it is | Source |
|---|---|---|
| ISO 31000 | Risk management — principles and guidelines. | iso.org |
| ISO 22301 | Business continuity management systems. | iso.org |
| NIST CSF 2.0 | Cybersecurity Framework — govern, identify, protect, detect, respond, recover. | nist.gov |
| COBIT | ISACA framework for governance and management of enterprise IT. | isaca.org |
Sponsor slot
Reach privacy & assurance professionals researching standards. Sponsorship enquiries.
This directory is curated to the essentials and expanding. Suggest a standard we should add — get in touch.