ISO INTERNATIONAL STANDARD 22307 First edition 2008-05-01 FinancialservicesPrivacyimpact assessment Services financiers-Evaluationde limpact prive Reference number ISO 22307:2008(E) @ISO2008 ISO22307:2008(E) PDFdisclaimer accepts no liability in this area. AdobeisatrademarkofAdobeSystemsIncorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by IsO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariatat the address given below COPYRIGHTPROTECTEDDOCUMENT C ISO2008 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either isO at the address below or isO'smemberbody in the country of the requester. ISO copyright office Casepostale56.CH-1211Geneva20 Tel. + 4122749 0111 Fax + 41 22 749 09 47 E-mail [email protected] Web www.iso.org @ ISO 2008 -All rights reserved ISO22307:2008(E) Contents Page ImperialCollegeLondon,Versioncorrectasof24/12/2019 Foreword. Introductior 1 Scope 2 Normativereferences 3 Terms and definitions 4 Abbreviatedterms 5 PIA requirements... 5.1 OverviewofPIArequirements 5.2 GeneralPIAprocessrequirements 5.3 SpecificPiAprocessrequirements. AnnexA(informative)FrequentlyaskedquestionsrelatedtoPIA 8 AnnexB(informative)General questionnairetodeterminewhentobeginaPIA. 16 AnnexC(informative)QuestionnaireforPIAobjectives. 17 AnnexD(informative)QuestionnaireonPIAinitial procedures AnnexE(informative)Questionnaireonadequacyof internalcontrolsandprocedures 19 AnnexF(informative)PiAquestionnaireforassessingprivacyimpactsforretailfinancial systems.. .20 Bibliography 28 @ ISO 2008 - All rights reserved ili