Please be advised that a New Work Item Proposal has been loaded to the BSI Standards Development Portal for comment.

Any comments received will be submitted to the national committee IST/33 – “Information security, cybersecurity and privacy protection” for consideration when deciding the UK response to the associated Standards Development Organisation.

Proposal: ISO/IEC NP TS 27564 – Reserve WG5 project

Please visit: ISO/IEC NP TS 27564

Comment period end date:21/05/2024


This document provides guidance on how to use modelling in privacy engineering. It describes categories of models that can be used, the use of modelling to support engineering, and the relationships with other references and standards for privacy engineering and for modelling. It provides high-level use cases describing how models are used.


Systems that process PII (personal identifiable information) have and continue to become more complex, not to mention the growth in volume of data involved. This complexity introduces greater privacy risks to the individuals to whom this data belongs. Embedding privacy controls into these complex systems provides an approach that helps to treat these risks through system design. It is also one that, at times requires innovation.

Understanding system privacy properties through models:
Model based systems and software-based engineering (MBSSE) provides such an approach to the discipline of privacy engineering. Adding privacy engineering modelling to the roster of tools to identify and assess privacy risks and to support potential risk treatment strategies will help to connect a concept to reality.

Privacy Models will help drive adoption of Privacy Controls:
Privacy models will help simply and demystify requirements, and in turn, make the value of making privacy and data protection a priority more accessible and achievable. Privacy models can demonstrate in an easy-to-understand manner how a complex system can achieve both privacy and functionality.
Examples of such models can be privacy threat models, de-identification models, privacy preservation computing models, usage enforcement models.

Supporting usage enforcement through models:
One of the challenges in addressing privacy is usage enforcement, i.e. ensuring that an implemented system usage of PII corresponds to what is intended in terms of privacy (e.g., the intended PII deletion approach is effectively implemented). The use of models can be used to enhance usage enforcement, e.g., a behavior model is published, shared and verified.

Engineering through models:
MBSSE practice follows ISO/IEC/IEEE 24641:2023 – Methods and tools for model-based systems and software engineering. Model-based engineering is supported by a wealth of practice (see Applied to privacy engineering, MBSSE will contribute to privacy-by-design support through model-driven engineering tools.

Reusability of models:
Resulting privacy models can be reused thus supporting faster adoptions of good solutions.

If you have any comment or need more information, please contact Sami Ortiz at [email protected]

To top