Table of Contents - ITU-T Rec. Series X Supplement 32 (03/2018) ITU-T X.1058 – Code of practice for personally identifiable information protection for telecommunications organizations

1     Scope
2     References
3     Terms and Definitions
        3.1     Terms defined elsewhere
        3.2     Terms defined in this Supplement
        3.3     Abbreviations and acronyms
4     Overview
        4.1     Introduction
        4.2     Objective of this Supplement
        4.3     Structure and intent of this Supplement
5     Information security policies
        5.1     Management directions for information security
6     Organization of information security
        6.1     Internal organization
        6.2     Mobile devices and teleworking
7     Human resource security
        7.1     Prior to employment
        7.2     During employment
        7.3     Termination and change of employment
8     Asset management
        8.1     Responsibility for assets
        8.2     Information classification
        8.3     Media handling
9     Access control
        9.1     Business requirement of access control
        9.2     User access management
        9.3     User responsibilities
        9.4     System and application access control
10     Cryptography
       10.1     Cryptographic controls
11     Physical and environmental security
       11.1     Secure areas
       11.2     Equipment
12     Operations security
       12.1     Operational procedures and responsibilities
       12.2     Protection from malware
       12.3     Backup
       12.4     Logging and monitoring
       12.5     Control of operational software
       12.6     Technical vulnerability management
       12.7     Information systems audit considerations
13     Communications security
       13.1     Network security management
       13.2     Information transfer
14     System acquisition, development and maintenance
       14.1     Security requirements of information systems
       14.2     Security in development and support processes
       14.3     Test data
15     Supplier relationships
       15.1     Information security in supplier relationships
       15.2     Supplier service delivery management
16     Information security incident management
       16.1     Management of information security incidents and improvements
17     Information security aspects of business continuity management
       17.1     Information security continuity
       17.2     Redundancies
18     Compliance
       18.1     Compliance with legal and contractual requirements
       18.2     Information security reviews
Appendix I – Extended control set for PII protection
        I.1                    General policies for the use and protection of PII
        I.2                    Consent and choice
        I.3                    Purpose legitimacy and specification
        I.4                    Collection limitation
        I.5                    Data minimization
        I.6                    Use, retention and disclosure limitation
        I.7                    Accuracy and quality
        I.8                    Openness, transparency and notice
        I.9                    PII principal participation and access
       I.10     Accountability
       I.11     Information security
       I.12     Privacy compliance
Appendix II – Privacy principles in ISO/IEC 29100
Bibliography