ISO IEC 27038:2014 pdf free
ISO IEC 27038:2014 pdf free.Information technology一Security techniques一Specification for digital redaction
Redaction is carried out in order to permanently remove particular information from a copy of a document. It should be used when, for example, one or two individual words, a sentence or paragraph,an image, a name, address and/or signature needs to be removed from a document prior to it being disclosed to individuals who are not authorized to view the removed information.
The process of digital redaction is not simply to remove information but also to indicate where necessary that some information has been removed, so that the reader knows that the document has been redacted.
For example, there can be a need to know that some words or some paragraphs have been deleted in order to maintain the semantics of the non-redacted information.
As an example, one of the purposes of redaction is to remove personally identifiable information (PII) from a document (anonymization). Where such a purpose is applicable, then redaction processes shall be so designed such that the identity of the individual about whose information is being redacted is protected.
It can be, for example, that even though a name has been redacted from a document, the identity of the individual is evident from the remaining information. Where anonymization is required, all information that could be used to identify the individual shall be redacted. This shall include all information that could be used in conjunction with other information (which can be obtained from other sources) to identify the individual.
When identifying information that needs to be redacted prior to release, whole sentences or paragraphs should not be identified if only one or two words in that sentence or paragraph are to be redacted, unless the release would enable the identification of the redacted information by context.
Where necessary, information relating to the effect that a digital document has been redacted shall be linked with the digital document. To identify the fact that a redaction process has been undertaken,redacted information may be replaced by a sentence stating that some information has been redacted.ISO IEC 27038 pdf download.