OASIS

Privacy Management Reference Model and Methodology (PMRM) Version 1.0 was approved as an Committee Specification Draft on 26 March 2012

The OASIS PMRM TC works to provide a standards-based framework that will help business process engineers, IT analysts, architects, and developers implement privacy and security policies in their operations. PMRM picks up where broad privacy policies leave off. Most policies describe fair information practices and principles but offer little insight into actual implementation. PMRM provides a guideline or template for developing operational solutions to privacy issues. It also serves as an analytical tool for assessing the completeness of proposed solutions and as the basis for establishing categories and groupings of privacy management controls.

• Official page: https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=pmrm
• TC Members page: https://www.oasis-open.org/apps/org/workgroup/pmrm/

• Committee Specification Draft V1.0 26 March 2012. http://docs.oasis-open.org/pmrm/PMRM/v1.0/csd01/PMRM-v1.0-csd01.pdf
• Slides prepared by John Sabo during IPEN workshop (June 5th 2015)http://ipen.trialog.com/wiki/File:PMRM_Overview-_Short_IPEN_5_June_2015.pdf
• Version 1.0, OASIS Committee Specification 02, incorporating numerous enhancements and clarifications to CS01, was approved by the TC on 17 May 2016 and is available athttp://docs.oasis-open.org/pmrm/PMRM/v1.0/cs02/PMRM-v1.0-cs02.html

[Antonio Kung]

• use case based process
• integrates concept of touch points (supporting systems developed by several organisations)

The OASIS PbD-SE TC provides privacy governance and documentation standards for software engineers. It enables software organizations to embed privacy into the design and architecture of IT systems, without diminishing system functionality.

The PbD-SE TC work follows the Seven Foundational Principles of Privacy by Design:

1. Proactive not Reactive; Preventative Not Remedial
2. Privacy as the Default Setting
3. Privacy Embedded into Design
4. Full Functionality - Positive-Sum, Not Zero-Sum
5. End-to-End Security - Full Lifecycle Protection
6. Visibility and Transparency - Keep It Open
7. Respect for User Privacy - Keep It User-Centric

PbD-SE offers a privacy extension/complement to OMG’s Unified Modeling Language (UML) and serves as a complement to OASIS’ eXtensible Access Control Mark-up Language (XACML) and Privacy Management Reference Model (PMRM).

• Official page: https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=pbd-se
• TC members page: https://www.oasis-open.org/apps/org/workgroup/pbd-se/index.php