Scribd
Upload
373 views38 pages

Iso TR 31700 2 2023

Uploaded by

ritirick
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
373 views38 pages

Iso TR 31700 2 2023

Uploaded by

ritirick
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 38

TECHNICAL ISO/TR

REPORT 31700-2

First edition
2023-01

Consumer protection — Privacy


by design for consumer goods and
services —
Part 2:
Use cases
Protection des consommateurs — Respect de la vie privée assuré
dès la conception des biens de consommation et services aux
consommateurs —
Partie 2: Cas d’usage

Reference number
ISO/TR 31700-2:2023(E)

Single user license for: Sammy Chowdhury © ISO 2023


Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

COPYRIGHT PROTECTED DOCUMENT


© ISO 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland

ii  for: Sammy Chowdhury © ISO 2023 – All rights reserved


Single user license
Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

Contents Page

Foreword......................................................................................................................................................................................................................................... iv
Introduction..................................................................................................................................................................................................................................v
1 Scope.................................................................................................................................................................................................................................. 1
2 Normative references...................................................................................................................................................................................... 1
3 Terms and definitions..................................................................................................................................................................................... 1
4 Abbreviated terms.............................................................................................................................................................................................. 2
5 Overview of ISO 31700-1 requirements and related concepts............................................................................ 2
5.1 ISO 31700-1 Requirements........................................................................................................................................................... 2
5.2 Related concepts.................................................................................................................................................................................... 3
5.3 Viewpoints in the use cases......................................................................................................................................................... 6
5.3.1 General......................................................................................................................................................................................... 6
5.3.2 Consumer product viewpoint.................................................................................................................................. 6
5.3.3 Engineering framework viewpoint.................................................................................................................... 7
5.3.4 Ecosystem viewpoint...................................................................................................................................................... 7
6 Use case analysis................................................................................................................................................................................................... 7
6.1 General............................................................................................................................................................................................................ 7
6.2 Use case template.................................................................................................................................................................................. 7
7 Use cases........................................................................................................................................................................................................................ 8
7.1 General............................................................................................................................................................................................................ 8
7.2 On-line retailing..................................................................................................................................................................................... 9
7.2.1 On-line retailing use case main description............................................................................................... 9
7.2.2 On-line retailing consumer communication............................................................................................ 11
7.2.3 On-line retailing summary...................................................................................................................................... 12
7.2.4 On-line retailing general requirements....................................................................................................... 13
7.2.5 On-line retailing risk management.................................................................................................................. 14
7.2.6 On-line retailing development, deployment and operation....................................................... 15
7.2.7 On-line retailing end of PII lifecycle................................................................................................................ 16
7.3 Fitness company.................................................................................................................................................................................. 17
7.3.1 Fitness company use case main description........................................................................................... 17
7.3.2 Fitness company risk management of health application........................................................... 19
7.3.3 Fitness company consumer communication........................................................................................... 20
7.4 Smart locks for homes front doors..................................................................................................................................... 21
7.4.1 Smart locks product line main description.............................................................................................. 21
7.4.2 Smart locks basic configuration......................................................................................................................... 24
7.4.3 Smart locks colocation configuration............................................................................................................ 25
7.4.4 Smart locks family configuration...................................................................................................................... 26
7.4.5 Smart locks risk management.............................................................................................................................. 27
7.4.6 Smart locks consumer communication........................................................................................................ 28
7.4.7 Smart locks development, deployment and operation................................................................... 29
Bibliography.............................................................................................................................................................................................................................. 31

© ISO 2023 – All rights reserved Single user license for: Sammy Chowdhury iii
Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html.
This document was prepared by Project Committee ISO/PC 317, Consumer Protection – privacy by design
for consumer goods and services.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.

iv  for: Sammy Chowdhury © ISO 2023 – All rights reserved


Single user license
 Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

Introduction
ISO 31700-1[1] provides high-level requirements and recommendations for organizations using privacy
by design in the development, maintenance and operation of consumer goods and services. These are
grounded in a consumer-focused approach, in which consumer privacy rights and preferences are
placed at the heart of product development and operation.
Use case help to identify, clarify and organize system requirements related to a set of goals, by
illustrating a series of possible sequences of interactions between stakeholder(s) and system(s) in a
particular ecosystem.
The use cases in this document use a template that is based on IEC 62559-2 [2] while enabling a focus on
privacy by design challenges and on the ISO 31700-1 requirements.
Although there are a wide range of use cases, this document provides three sample use cases to help
further understand the implementation of ISO 31700-1: on-line retailing, a fitness company and smart
locks.

© ISO 2023 – All rights reserved Single user license for: Sammy Chowdhury v
Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
Single user license for: Sammy Chowdhury
Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
TECHNICAL REPORT ISO/TR 31700-2:2023(E)

Consumer protection — Privacy by design for consumer


goods and services —
Part 2:
Use cases

1 Scope
This document provides illustrative use cases, with associated analysis, chosen to assist in
understanding the requirements of 31700-1.
The intended audience includes engineers and practitioners who are involved in the development,
implementation or operation of digitally enabled consumer goods and services.

2 Normative references
There are no normative references in this document.

3 Terms and definitions


For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https://​w ww​.iso​.org/​obp
— IEC Electropedia: available at http://​w ww​.electropedia​.org
3.1
privacy by design
design methodologies in which privacy is considered and integrated into the initial design stage
and throughout the complete lifecycle of products, processes or services that involve processing of
Personally Identifiable Information, including product retirement and the eventual deletion of any
associated personally identifiable information
Note 1 to entry: The lifecycle also includes changes or updates.

[SOURCE: ISO 31700-1:2023, 3.5]


3.2
use case
description of a sequence of interactions of a consumer and a consumer product used to help identify,
clarify, and organize requirements to support a specific business goal
Note 1 to entry: Consumers can be users, engineers, of systems.

Note 2 to entry: A system of interest in this document is a consumer goods or service.

[SOURCE: ISO 31700-1:2023, 3.22, modified — note 2 added]

© ISO 2023 – All rights reserved Single user license for: Sammy Chowdhury 1
Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

4 Abbreviated terms

NIST National Institute of Standards and Technology

PII Personally identifiable information

5 Overview of ISO 31700-1 requirements and related concepts

5.1 ISO 31700-1 Requirements


Table 1 lists ISO 31700-1:2023[1] requirements, categorised as:
— general (ISO 31700-1:2023, clause 4);
— consumer communication requirements (ISO 31700-1:2023, clause 5);
— risk management requirements (ISO 31700-1:2023, clause 6);
— develop, deploy and operated privacy controls (ISO 31700-1:2023, clause 7);
— end of PII lifecycle requirements (ISO 31700-1:2023, clause 8).

Table 1 — ISO 31700-1 requirements


Category ISO 31700-1 section number and requirement
4.2 Design capabilities to enable consumers to enforce their privacy rights
4.3 Develop capability to determine consumer privacy preferences
4.4 Design human computer interface (HCI) for privacy
4.5 Assign relevant roles and authorities
General
4.6 Establish multi-disciplinary responsibilities
4.7 Develop privacy knowledge, skill and ability
4.8 Ensure knowledge of privacy controls
4.9 Documented information management
5.2 Provision of privacy information
5.3 Accountability of responsible persons to providing privacy information
Consumer communica-
5.4 Responding to consumer inquiries and complaints
tion requirements
5.5 Communicating to diverse consumer population
5.6 Prepare data breach communications
6.2 Conduct a privacy risk assessment
6.3 Assess privacy capabilities of third parties
Risk management re-
6.4 Establish and document requirements for privacy controls
quirements
6.5 Monitor and update risk assessment
6.6 Include privacy risks in cybersecurity resilience design

2  for: Sammy Chowdhury © ISO 2023 – All rights reserved


Single user license

Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

Table 1 (continued)
Category ISO 31700-1 section number and requirement
7.2 Integrate the design and operation of privacy controls into the products develop-
ment and management lifecycles
7.3 Design privacy controls
7.4 Implement privacy controls
Develop, deploy and 7.5 Design privacy control testing
operate designed privacy
controls 7.6 Manage the transition of privacy controls
7.7 Manage the operation of privacy controls
7.8 Prepare breach management
7.9 Operate privacy controls for the processes and products that the product in
scope depends upon through the PII lifecycle
End of PII lifecycle re-
8.2 Design privacy controls for retirement and end of use
quirements

5.2 Related concepts


The tables in this clause illustrate the relationships between the requirements of ISO 31700-1 and
related privacy engineering concepts:
— lifecycle processes as shown in Table 2;
— privacy protection goals,[5] as shown in Table 3.
— NIST Privacy framework functions,[7] as shown in Table 4;
— NIST privacy engineering objectives as shown in Table 5.
The resulting relations are shown in Table 6.

Table 2 — Lifecycle processes


Activities carried out by the organisation to define and maintain policies related to
Organisation policies
privacy by design
Product design and Activities carried out by the organisation to design and develop consumer goods or
development services
Activities carried out by the organisation to manage privacy when consumer goods or
Product use
services are in use

Table 3 — Privacy protection goals


Property that privacy-relevant data cannot be linked across domains that are consti-
tuted by a common purpose and context
Unlinkability
NOTE It ensures that a PII principal can make multiple uses of resources or services
without others being able to link these uses together
Property that ensures that all privacy-relevant data processing including the legal,
Transparency
technical and organizational setting can be understood as documented or stated
Property that ensures that PII principals, PII controllers, PII processors and supervi-
Intervenability
sory authorities can intervene in all privacy-relevant data processing[12]

Table 4 — NIST Privacy Framework functions


Develop the organizational understanding to manage privacy risk for individuals aris-
Identify-P
ing from data processing

© ISO 2023 – All rights reserved Single user license for: Sammy Chowdhury 3
 Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

Table 4 (continued)
Develop and implement the organizational governance structure to enable an ongoing
Govern-P understanding of the organization’s risk management priorities that are informed by
privacy risk
Develop and implement appropriate activities to enable organizations or individuals
Control-P to manage data with sufficient granularity to manage privacy risks

Develop and implement appropriate activities to enable organizations and individuals


Communicate-P to have a reliable understanding and engage in a dialogue about how data are pro-
cessed and associated privacy risks
Protect-P Develop and implement appropriate data processing safeguards

Table 5 — NIST privacy engineering objectives


Enabling reliable assumptions by individuals, owners, and operators about data and
Predictability
their processing by a system, product, or service
Providing the capability for granular administration of data, including alteration, dele-
Manageability
tion, and selective disclosure
Enabling the processing of data or events without association to individuals or devices
Disassociability
beyond the operational requirements of the system

Table 6 — ISO 31700-1 requirements relationship with associated concepts


Privacy protec- NIST Privacy NIST privacy
Category of ISO 31700-1 Re- Lifecycle pro-
tion goals Framework engineering
requirement quirement cesses
functions objectives
4.2 Design capabil-
ities to enable con- Product design Intervenability Control-P, Com- Predictablity
sumers to enforce and development Transparency municate-P Manageability
their privacy rights
4.3 Develop capa-
bility to determine Product design Intervenability Control-P, Com-
Predictability
consumer privacy and development Transparency municate-P
preferences
4.4 Design human Predictablity
Product design
computer interface Transparency Communicate-P
and development Manageability
(HCI) for privacy
4.5 Assign relevant
Organisation
roles and authori- - Govern-p Manageability
General policies
ties
4.6 Establish
Organisation
multi-disciplinary - Govern-P Manageability
policies
responsibilities
4.7 Develop privacy
Organisation
knowledge, skill - Govern-P Manageability
policies
and ability
4.8 Ensure knowl- Manageability
Organisation
edge of privacy - Govern-P
policies Disassociability
controls
4.9 Documented
Organisation
information man- - Govern-P Manageability
policies
agement

4  for: Sammy Chowdhury © ISO 2023 – All rights reserved


Single user license

Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

Table 6 (continued)
Privacy protec- NIST Privacy NIST privacy
Category of ISO 31700-1 Re- Lifecycle pro-
tion goals Framework engineering
requirement quirement cesses
functions objectives
5.2 Provision of pri- Organisation
Transparency Communicate-P Predictability
vacy information policies
5.3 Accountability
of responsible per- Organisation Govern-P Com- Predictability
Transparency
sons to providing policies municate-P Manageability
privacy information
Consumer 5.4 Responding to Predictability
communication consumer inquiries Product use Transparency Communicate-P
requirements and complaints Manageability
5.5 Communicating
to diverse consumer Product use Transparency Communicate-P Predictability
population
5.6 Prepare data
breach communica- Product use Transparency Communicate-P Predictability
tions
Product design Predictability
6.2 Conduct a priva- and development
Unlinkability Identify-P Manageability
cy risk assessment
Disassociability
Product design Predictability
6.3 Assess privacy
and development Identify-P, Pro-
capabilities of third Unlinkability Manageability
tect-P
parties
Disassociability
6.4 Establish and Product design Unlinkability Predictability
Risk manage- Identify-P, Con-
document require- and development
ment require- Intervenability trol-P, Communi- Manageability
ments for privacy
ments cate-P
controls Transparency Disassociability
Product design Predictability
6.5 Monitor and Identify-P,
and development
update risk assess- Unlinkability Manageability
ment Govern-P
Disassociability
6.6 Include privacy
risks in cyberse- Organisation Identify-P, Pro-
Unlinkability -
curity resilience policies tect-P
design

© ISO 2023 – All rights reserved Single user license for: Sammy Chowdhury 5
 Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

Table 6 (continued)
Privacy protec- NIST Privacy NIST privacy
Category of ISO 31700-1 Re- Lifecycle pro-
tion goals Framework engineering
requirement quirement cesses
functions objectives
7.2 Integrate the de-
sign and operation
Unlinkability Predictability
of privacy controls
Organisation
into the products Intervenability Protect-P Manageability
policies
development and
Transparency Disassociability
management life-
cycles
Product design Unlinkability Predictability
7.3 Design privacy and development
Intervenability Protect-P Manageability
controls
Transparency Disassociability
Product design Unlinkability Predictability
7.4 Implement pri- and development
Intervenability Protect-P Manageability
vacy controls
Transparency Disassociability
Product design Unlinkability Predictability
Develop, deploy 7.5 Design privacy and development
Intervenability Protect-P Manageability
and operate control testing
designed privacy Transparency Disassociability
controls Predictability
7.6 Manage the Intervenability
Organisation Control-P, Com-
transition of priva- Manageability
policies Transparency municate-P
cy controls
Disassociability
Predictability
7.7 Manage the Intervenability
Organisation Control-P, Com-
operation of privacy Manageability
policies Transparency municate-P
controls
Disassociability
7.8 Prepare breach Organisation - Protect-P, Con-
-
management policies trol-P
7.9 Operate privacy
controls for the pro-
cesses and products
Control-P, Com-
that the product in Product use - -
municate-P
scope depends upon
through the PII
lifecycle
Predictability
8.2 Design privacy
End of PII lifecy- Product design Control-P, Com-
controls for retire- - Manageability
cle requirements and development municate-P
ment and end of use
Disassociability

5.3 Viewpoints in the use cases

5.3.1 General

The viewpoints presented here are shown in the sequence diagrams of the use cases in Clause 7.

5.3.2 Consumer product viewpoint

Consumer products and associated organisational practices protect consumers’ privacy when the
product is in use and throughout the PII lifecycle while the PII is under the organisation’s purview.
Considering how a product is likely to be used in practice, during product development, can require a
number of different contexts and situations to be evaluated. Different users with different capabilities

6  for: Sammy Chowdhury © ISO 2023 – All rights reserved


Single user license

Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

are catered for. This applies as the product, once in the possession of a consumer user, is operated in
unconstrained circumstances where the consumer’s understanding and abilities can, and often do, vary
considerably.
For each type of use the precise definition of use is coupled with an accurate description of how the
product and any associated organisational processes would operate so as to protect privacy.
Finally, consumer use can change over time and vary between cultures or demographic groups.

5.3.3 Engineering framework viewpoint

The development and management of privacy controls is an essential part of the engineering of
consumers products. The resulting engineering framework combines:
— processes based on standards such as ISO/IEC/IEEE 15288[3];
— extensions of such processes that integrate privacy engineering. These extensions can be based on
ISO/IEC TR 27550,[5] with the support of frameworks such as the NIST Privacy Framework,[7] the
use of OASIS PMRM[6] to operationalize privacy principles;
— the integration of the consumer product viewpoint, which is supported by ISO 31700-1[1].
NOTE An additional reference to OASIS PMRM is under development: ISO/IEC 27561, Information technology
— Privacy operationalisation model and method for engineers — POMME

5.3.4 Ecosystem viewpoint

Consumer products involve two ecosystems:


— the supply chain, i.e., the ecosystem associated with the system lifecycle process. This involves
organisation and contractual activities on the privacy capabilities provided by third parties;
— the data space, i.e., the ecosystem associated with users and providers of data. This involves
organisation and contractual activities on data sharing.

6 Use case analysis

6.1 General
A use case template was developed to help illustrate, in a consistent manner, the use case examples. The
template is structured to provide the information that illustrates the use of ISO 31700-1.
— The entries for the main narrative are general. They include ID: use case name; description of
product, service or process; privacy protection goal; ecosystem and systems of interest; users,
stakeholders; PII; purpose; and use case narrative.
— The entries for the extended narratives follow the requirements of ISO 31700-1: general requirements;
consumer communication requirements; risk management requirements; development, deployment
and operations of designed privacy controls; and end of PII lifecycle requirements.

6.2 Use case template


Table 7 provides a template for the main narrative of a use case.

Table 7 — Template for main narrative


Entry Entry description
ID Unique identification

© ISO 2023 – All rights reserved Single user license for: Sammy Chowdhury 7
 Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

Table 7 (continued)
Entry Entry description
Use case name Meaningful name
Description of product, ser- Short description of product
vice or process
Privacy protection goal Short description of privacy protection goals
Ecosystem and systems of Describe systems of interest
interest
Users Describe users
Stakeholders Describe stakeholders
PII Describe PII collected
Purpose Describe purpose of PII collection
Main narrative Short narrative on consumer goods and services (possibly with a sequence
diagram)

Table 8 provides a template for the extended narratives of a use case.

Table 8 — Template for extended narratives


Entry Entry description
ID Unique identification
Use case name Meaningful name
Narrative describing a specific variation, or focusing on the use of requirements
Additional narrative in a specific clause of ISO 31700-1. When possible, a sequence diagram is provid-
ed. Table 9 lists possible categories of narratives.

Table 9 lists proposed categories of extended narratives. They match categories of ISO 31700-1
requirements.

Table 9 — Categories of extended narratives


Category of extended narratives Relationship with ISO 31700-1
General requirements Focus on ISO 31700-1:2023, 4.2 to 4.9
Consumer communication requirements Focus on ISO 31700-1:2023, 5.2 to 5.6
Risk management requirements Focus on ISO 31700-1:2023, 6.2 to 6.6
Development, deployment and operation of
Focus on ISO 31700-1;2023, 7.2 to 7.9
designed privacy controls
End of PII lifecycle requirements Focus on ISO 31700-1:2023, 8.2

7 Use cases

7.1 General
Three use cases are described: on-line retailing, a fitness company and smart locks. These use cases
cover ISO 31700-1 requirements as shown in Table 10.
NOTE A sequence diagram is provided for each narrative. The codes for the sequence diagrams in Figure 1
to Figure 16 are available at: https://​standards​.iso​.org/​iso/​t r/​31700/​-2/​ed​-1/​en/​.

8  for: Sammy Chowdhury © ISO 2023 – All rights reserved


Single user license

Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

Table 10 — Use cases requirement coverage


Category of On-line Fitness Smart
ISO 31700-1 Requirement
requirement retailing compa-ny locks
Design capabilities to enable consumers to enforce
4.2 X
their privacy rights
Develop capability to determine consumer privacy
4.3 X
preferences
Design human computer interface (HCI) for priva-
4.4 X
cy
General
4.5 Assign relevant roles and authorities X
4.6 Establish multi-disciplinary responsibilities X
4.7 Develop privacy knowledge, skill and ability X
4.8 Ensure knowledge of privacy controls X
4.9 Documented information management X
5.2 Provision of privacy information X X
Accountability of responsible persons to providing
Consumer 5.3 X X
privacy information
communication
5.4 Responding to consumer inquiries and complaints X X X
requirements
5.5 Communicating to diverse consumer population X X X
5.6 Prepare data breach communications X X
6.2 Conduct a privacy risk assessment X X X
6.3 Assess privacy capabilities of third parties X X X
Risk manage- Establish and document requirements for privacy
6.4 X X X
ment require- controls
ments 6.5 Monitor and update risk assessment X X X
Include privacy risks in cybersecurity resilience
6.6 X
design
Integrate the design and operation of privacy con-
7.2 trols into the products development and manage- X
ment lifecycles
7.3 Design privacy controls X X
7.4 Implement privacy controls X X
Develop, deploy
and operate 7.5 Design privacy control testing X
designed privacy 7.6 Manage the transition of privacy controls X
controls
7.7 Manage the operation of privacy controls X X
7.8 Prepare breach management X X
Operate privacy controls for the processes and
7.9 products that the product in scope depends upon X X
through the PII lifecycle
End of PII lifecy- Design privacy controls for retirement and end of
8.2 X
cle requirements use

7.2 On-line retailing

7.2.1 On-line retailing use case main description

Unique identifi-
ID UC 31700-01a
cation
Use case name Meaningful name On line retailing

© ISO 2023 – All rights reserved Single user license for: Sammy Chowdhury 9
 Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

Description of
Short description A service that allows the customers to search, select and purchase
product, service
of product the products, services and information remotely over the Internet
or process
Data and PII provided to or collected by the retailer is limited to
Short description
Privacy protec- information used to complete the sale, delivery, provide a receipt,
of privacy protec-
tion goal enable product or service improvement, and provide customer
tion goals
support.
Customer Privacy Expectation
Customer post purchase privacy expectation
Ecosystem and
Describe systems Online retailers’ transaction system
systems of inter-
of interest Online retailers’ order fulfilment information system
est
Online retailers’ delivery system
Internet service provider information system
Any consumer placing order, including vulnerable persons (e.g.,
Users Describe users
seniors, minors, disabled)
Retailer fulfilment and delivery staff
Order processing system
Delivery system
Describe stake-
Stakeholders Payment system
holders
Return system
Marketing and tracking system
Consumer device (e.g., tablet, smart phone, laptop)
Describe PII pro- Client name, address, email and phone. Credit card information
PII
cessed for payment for processing of order.
Product use pur- Describe purpose The PII is collected by the seller to fulfil the order and enable
pose of PII processing product development and service improvement.
A consumer goes online to find toys for the grandchildren. The
consumer visits several websites, including initiating orders that
the consumer does not complete. The consumer finds an online
retailer and completes an order for 2 items. To fulfil the order,
the consumer provides contact information including delivery
Short narrative address and payment method.
on consumer For the purposes of shipping and order he provides his contact
Main narrative goods and servic- information and address. In order to process payment he enters
es (possibly with his credit card. The online retailer asks if he wants to set up an
a diagram) account. He declines. The online retailer asks if he wants them to
retain the contact information after delivery for future purchases
or returns. The client declines to allow this except related to the
right of return. The online retailer asks some questions regarding
family size, ages and income. The client declines to answer and
declines to receive any information related to new products.

10  for: Sammy Chowdhury © ISO 2023 – All rights reserved


Single user license

Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

Figure 1 — Sequence diagram of on-line retailing use case main description

7.2.2 On-line retailing consumer communication

Unique identifi-
ID UC 31700-01b
cation
Use case name Meaningful name On line retailing

© ISO 2023 – All rights reserved Single user license for: Sammy Chowdhury 11
 Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

The information system of the retailer company is subject to a


cybersecurity attack, causing the system to be stopped for sev-
Describe how eral hours.
requirements for
Narrative on con- The organisation activates its consumer support program. It
consumer com-
sumer communi- makes a privacy announcement on the web which confirms that
munication can
cation there has been no privacy breach.
help (possibly
with a diagram) The customer makes a specific inquiry on his purchase and gets
customised information reassuring the customer that their order
was not impacted nor their payment or other PII

Figure 2 — Sequence diagram of on-line retailing consumer communication

7.2.3 On-line retailing summary

Unique identifi-
ID UC 31700-01c
cation
Use case name Meaningful name On line retailing

12  for: Sammy Chowdhury © ISO 2023 – All rights reserved


Single user license

Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

Figure 3 — Sequence diagram of on-line retailing summary

7.2.4 On-line retailing general requirements

Unique identifi-
ID UC 31700-01d
cation
Use case name Meaningful name On line retailing

© ISO 2023 – All rights reserved Single user license for: Sammy Chowdhury 13
 Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

A company wants to create an online retail business. It establish-


es a governance structure to deal with privacy compliance and
consumer communication.
Describe how It further establishes a privacy competence program for employees
Narrative on general require- engaged throughout the data processing ecosystem. This includes
general require- ments can help knowledge on regulation and on privacy enhancing technologies.
ments (possibly with a
A consumer support program is created. This includes capabilities
diagram)
and communications for consumers to indicate privacy preferenc-
es, understand privacy controls available to them, and to enact
their privacy rights, as well as the planning for interactions with
consumers.

Figure 4 — Sequence diagram of on-line retailing general requirements

7.2.5 On-line retailing risk management

Unique identifi-
ID UC 31700-01e
cation
Use case name Meaningful name On line retailing
The product management team of the retailer performs an initial
consumer service privacy risk analysis which leads to require-
Describe how ments on consumer support, and requirements on protection of
requirements on data storage. An assessment of supplier providing data storage
Narrative on risk
risk management protection leads to a selected implementation.
management
can help (possibly A periodic privacy risk assessment is carried out. The impact
with a diagram) of the cybersecurity alert on data protection is evaluated. The
consumer support program is also evaluated. They lead to some
minor adjustments

14  for: Sammy Chowdhury © ISO 2023 – All rights reserved


Single user license

Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

Figure 5 — Sequence diagram of on-line retailing risk management

7.2.6 On-line retailing development, deployment and operation

Unique identifi-
ID UC 31700-01f
cation
Use case name Meaningful name On line retailing
Further to the consumer service privacy risk analysis, the de-
Describe how
Narrative on velopment team is mandated to implement a privacy control
requirements for
development, concerning consumer accounts which includes an access control
privacy controls
deployment and policy enforcement and monitoring mechanism, as well as associ-
can help (possibly
operation ated organisation measures concerning rules on which employees
with a diagram)
can access data.

© ISO 2023 – All rights reserved Single user license for: Sammy Chowdhury 15
 Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

Figure 6 — Sequence diagram of on-line retailing development, deployment and operation

7.2.7 On-line retailing end of PII lifecycle

Unique identifi-
ID UC 31700-01g
cation
Use case name Meaningful name On line retailing
Describe how Further to the consumer service privacy risk analysis, the de-
requirements velopment team is mandated to implement a privacy control for
Narrative on end for end of PII retirement of the service which includes a mechanism to keep
of PII lifecycle lifecycle can help track of all PII.
(possibly with a Upon retirement, the mechanism is used to securely delete all PII
diagram) that is no longer used or is at the end of the data retention lifecycle

16  for: Sammy Chowdhury © ISO 2023 – All rights reserved


Single user license

Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

Figure 7 — Sequence diagram of on-line retailing end of PII lifecycle

7.3 Fitness company

7.3.1 Fitness company use case main description

Unique identifi-
ID UC 31700-02a
cation
Use case name Meaningful name Fitness centre
Description of A combined service that allows customers to practice physical
Short description
product, service activities in an external place and track their health info on their
of product
or process mobile phone.
Short description
Privacy protec- Ensure security of health info access on a mobile phone through
of privacy protec-
tion goal biometric verification.
tion goals
Fitness centre information system.
Ecosystem and
Describe systems
systems of inter- Smart phone application.
of interest
est
Smart watch with sensors.

© ISO 2023 – All rights reserved Single user license for: Sammy Chowdhury 17
 Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

Users Describe users Clients


Describe stake- Fitness company (FC) as data controller
Stakeholders
holders Health application provider (HAP) as data processor
Health data in the smart phone
Access data
Describe PII pro-
PII Data on location and time
cessed
Client payment information
Client name, address, email and phone
Product use pur- Describe purpose Provide information on personal health (e.g., fitness, diet, health
pose of PII processing indicators).
A consumer goes to a fitness centre to get a membership. He pro-
vides his contact information and address. In order to process
payment, he enters his credit card. The fitness centre asks the
client if he wants to receive newsletters or become member of
loyalty program. He declines.
Short narrative
The fitness centre proposes the use of a smart health application
on consumer
with an additional subscription cost. The application can receive
Main narrative goods and servic-
information provided by various sensors used in the fitness centre.
es (possibly with
The data is only collected in a protected zone of the smart phone
a diagram)
and protected through a combination of password and biometric
authentication. He accepts.
The consumer can then practice activities in the fitness centre.
It can then access collected health info. The heath info is not ac-
cessible by the fitness company nor by any other organisations

18  for: Sammy Chowdhury © ISO 2023 – All rights reserved


Single user license

Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

Figure 8 — Sequence diagram of fitness company use case main description

7.3.2 Fitness company risk management of health application

Unique identifi-
ID UC 31700-02b
cation
Use case name Meaningful name Fitness company

© ISO 2023 – All rights reserved Single user license for: Sammy Chowdhury 19
 Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

The fitness company FC undertakes with the help of the data


protection officer, privacy consultants the development of an ap-
plication that collects information on fitness practice and health
data and helps consumers monitors their health.
They contact a health application provider HAP, and start to carry
out jointly a consumer service privacy risk analysis
Describe how It includes assessment of the privacy capabilities of HAP that
Narrative on risk requirements on determines that HAP has the experience and competence to act
management risk management as data processor.
requirements can help (possibly
FC and HAP then work jointly on the requirements for privacy
with a diagram)
controls and agree to mandate the processing and storing data
in a protected area in the smart phone. An assessment of the risk
or non-authorised access leads to the use of the smart phone bi-
ometrics authentication for access.
A periodic privacy risk assessment is carried out. The consumer
support program is also evaluated. They can lead to some ad-
justments

Figure 9 — Sequence diagram of fitness company risk management of health application

7.3.3 Fitness company consumer communication

Unique identifi-
ID UC 31700-02c
cation
Use case name Meaningful name Fitness company

20  for: Sammy Chowdhury © ISO 2023 – All rights reserved


Single user license

Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

The Fitness company communicates on the features it is making


available to ease access to its customers. With the help of the
company data protection officer, it nominates a privacy commu-
Describe how
nication manager who undertakes the creation of communication
requirements
Narrative on con- material on the privacy of the smart phone application.
on consumer
sumer commu-
communication A customer is interested to take a membership. Further to an
nication require-
management can exchange with the customer enquiry service, it selects the health
ments
help (possibly application option.
with a diagram)
A few months later, the press is reporting a privacy vulnerability
in another health tracking smart phone application. The Fitness
company undertakes an information campaign to its subscribers.

Figure 10 — Sequence diagram of fitness company consumer communication

7.4 Smart locks for homes front doors

7.4.1 Smart locks product line main description

Unique identifi-
ID UC 31700-03a
cation
Meaningful
Use case name Smart locks product line
name
The smart locks product line includes the following components
and functions:

© ISO 2023 – All rights reserved Single user license for: Sammy Chowdhury 21
 Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

Description of Short description — connected lock: home Wi-Fi and Internet connected lock with
product, service of product control software to remotely open and close lock on receiving
or process valid control instructions via Wi-Fi as well as opening and
closing under manual control with lock status monitoring
too;
— smart lock application: application on smartphone providing
ability to open and close the lock as well as monitor the
condition of the lock open, closed, deadlocked, and physical
integrity impacted;
— unique smart key: domestic users have a unique smart key
that they control, identified as an initial requirement from
known potential for abusive use;
— recording capability: household recording of smart lock use
by occupants only available for each individual and their
own records and no records access for other adult household
members;
— sharing data: option for householders to share their data re
use of the smart lock with the others in the household; and
— access to children record: the smart lock use record can be
accessible by parents or guardians.
Three use scenarios are considered in this use case:
— basic use: existing smart lock registered householder enters
home from outside using remote control facility;
— colocation use e.g., flat sharing: lock use records shared; and
— family use: data re children’s use of the lock available to
parents.
Short description Ensure privacy of access rights to the home.
Privacy protec-
of privacy pro-
tion goal Ensure privacy and security of any use logs and records.
tection goals
Other products that interwork with the smart lock are:
— smart phones;
Ecosystem and
Describe sys-
systems of inter- — home Wi-Fi routers; and
tems of interest
est
— internet service.
The ecosystem includes organisations in the associated supply
chain in order to ensure that the lifecycle of the used capabilities
is aligned with the smart lock product lifecycle.
— Consumer users
Users Describe users — Householder (entering home)
— Other householders (for lock status update)
Describe stake- Stakeholders who use the smart lock technology
Stakeholders
holders Stakeholders who develop the technology
Purpose 1 Basic use - Personal access control data: it is assumed
that the designers have used the smartphone security capability
to verify access to the phone itself. The data types are:

22  for: Sammy Chowdhury © ISO 2023 – All rights reserved


Single user license

Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

— touch screen digital code entry to smartphone;


— API data valid access to phone;
Describe PII pro-
PII — smart lock associated personal identification (e.g., Pat, Pete,
cessed
Phyllis, Petra); and
— unique smart key tokens.
Purpose 2 secure storage of smart key data
The data types are:
— cyber-protected smart lock associated personal identification;
and
— cyber-protected unique smart key tokens.
Purpose 3 Open lock remotely to enter the home: it ensures secure
transmission of ‘open’ instruction to smart lock. The instruction
is processed within the lock, resulting in the activation of the lock
to open. The data types are:
— smart lock IP address for routing instruction to the smart
lock;
— cyber-protected smart lock identification to link householders
use to the correct lock; and
— cyber-protected smart lock ‘open’ instruction data.
Purpose 4 status of lock update: when a user enters and closes the
door, the smart lock registers the change of status and communicates
that to the smart lock householders. The data types are:
— cyber-protected ’door closed’ status data; and
— smart lock App identification and IP addresses to route lock
status update data to householders.
Three scenarios:
— basic opening: entry to home by one of its occupants;
Describe pur-
Product use — co-location use: sharing of lock use information between
pose of PII pro-
purpose householders;
cessing
— family use: parental monitoring of children’s use of the lock.
Smart locks are an example of a consumer household product with
a number of different users in the household. Further locks can be
used by a number of different types of households.
As in this example, many consumers choose household products
that do not use cloud type services as part of their functionality, and
so their use of the product involves only processing undertaken on
consumer equipment. Even if not processed in the 'cloud', near field
communications (e.g., Bluetooth or WIFI enabled communications)
involving PII requires both privacy and therefore security of data
transmission, processing and storage.
Short narrative
on consumer Smart locks support a number of use scenarios to be examined for
goods and ser- determination of privacy and security requirements and risk as-
Main narrative vices (possibly sessment. The following illustrates some of the different household
on product line with a diagram) privacy contexts and use of the product.

© ISO 2023 – All rights reserved Single user license for: Sammy Chowdhury 23
 Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

— Adding a single occupant to smart lock use


— Removing a single occupant from smart lock use
— Child use of smart lock
— Parental monitoring of child use
— Known unknown (at this point in time ) adolescent circumvention
of children monitoring
— Change of whole household occupancy
— Landlord access to rented accommodation
— Change of ownership of dwelling
— Loss of ‘smart key’ assumed to be app on smartphone
— Unauthorised return of previous occupant who has retained
smart key
— Use of stolen smart key capability
— Malicious household Wi-Fi monitoring to gain smart lock
access control or use information
— Malicious use of smart lock in abusive relationships
— Temporary access for friends and family to ‘keep an eye on
the home’ while occupants away
— Software update of product
— Mechanical forcing or circumvention of lock
— Locksmith services – installation, forced opening and or
repair
— Product use when product manufacturer support no longer
available
— Disposal of smart lock typically after replacement by new lock
(several extra scenarios re second hand markets, recycling
and disposal as waste)
Security aspects: in addition to the security protection of stored
PII and transmitted data the use cases integrate careful consid-
eration of security access controls functionally designed into the
product. If the product is going to be offered for use generically,
then the security access controls for many types of household use
is typically considered.

7.4.2 Smart locks basic configuration

Unique identifi-
ID UC 31700-03b
cation
Meaningful
Use case name Smart locks opening basic
name

24  for: Sammy Chowdhury © ISO 2023 – All rights reserved


Single user license

Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

Short narrative
on consumer
Main narrative Basic use - Existing smart lock registered householder enters home
goods and ser-
on configuration from outside using the remote control facility
vices (possibly
with a diagram)

Figure 11 — Sequence diagram of smart locks basic configuration

7.4.3 Smart locks colocation configuration

Unique identifi-
ID UC 31700-03c
cation
Meaningful
Use case name Smart locks colocation
name
Short narrative
on consumer
Main narrative
goods and ser- Colocation use e.g., flat sharing – lock use records shared
on configuration
vices (possibly
with a diagram)

© ISO 2023 – All rights reserved Single user license for: Sammy Chowdhury 25
 Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

Figure 12 — Sequence diagram of smart locks colocation configuration

7.4.4 Smart locks family configuration

Unique identifi-
ID UC 31700-03d
cation
Meaningful
Use case name Smart locks family
name
Short narrative
on consumer
Main narrative Family use – data re children’s use of the lock available to par-
goods and ser-
on configuration ents
vices (possibly
with a diagram)

26  for: Sammy Chowdhury © ISO 2023 – All rights reserved


Single user license

Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

Figure 13 — Sequence diagram of smart locks family configuration

7.4.5 Smart locks risk management

Unique identifi-
ID UC 31700-03e
cation
Use case name Meaningful name Smart locks

© ISO 2023 – All rights reserved Single user license for: Sammy Chowdhury 27
 Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

The smart lock company privacy expert team undertakes a con-


sumer service privacy risk analysis for each option of its product
line. This includes privacy risks potentially created by data col-
lected on locking and unlocking, which is information that a smart
Describe how lock provider would likely want to keep for liability reasons. This
Narrative on risk requirements on leads to requirements on consumer support, and requirements on
management risk management protection of data storage. An assessment of supplier providing
requirements can help (possibly data storage protection leads to a selected implementation.
with a diagram)
A periodic privacy risk assessment is carried out. The impact of
each product option on privacy is re-evaluated. The consumer
support program is also evaluated. They lead to the identification
of possible adjustments

Figure 14 — Sequence diagram of smart locks risk management

7.4.6 Smart locks consumer communication

Unique identifi-
ID UC 31700-03f
cation
Use case name Meaningful name Smart locks

28  for: Sammy Chowdhury © ISO 2023 – All rights reserved


Single user license

Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

The smart lock company determines the communication require-


ments related to different options. It nominates a privacy commu-
nication manager who undertakes the creation of communication
program on the privacy of the smart lock options.
Describe how
requirements A customer is interested to select the family option. Further to
Narrative on con-
on consumer an exchange with the customer enquiry service, he decides to
sumer commu-
communication purchase it.
nication require-
management can
ments A complaint for privacy infringement is made. The smart lock com-
help (possibly
pany data breach communication team realises that a customer
with a diagram)
has used the family option and assigned the wrong smart keys.
It sends a notice to all consumers of the family option program,
and it then changes its systems so that the type of key (children
key) is always visible by its user.

Figure 15 — Sequence diagram of smart locks consumer communication

7.4.7 Smart locks development, deployment and operation

Unique identifi-
ID UC 31700-03g
cation
Use case name Meaningful name Smart locks

© ISO 2023 – All rights reserved Single user license for: Sammy Chowdhury 29
 Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

The smart lock company wishes to implement a product for fam-


ilies. It establishes a program to integrate privacy engineering
capabilities as well as customer privacy communication.
It then starts a development phase that includes representative
Describe how customers to identify privacy concerns concerning smart locks,
Narrative on risk requirements on to agree on smart lock and privacy features. The resulting imple-
management risk management mentation compliance is validated by the persons responsible and
requirements can help (possibly accountable for the privacy program in the company.
with a diagram)
During operation, a complaint for privacy infringement is made. The
smart lock company realises that a customer has used the family
option and assigned the wrong smart keys. It sends a notice to all
the owners of the family option program, changes its systems to
deploy warning features (the user of a children key is informed)

Figure 16 — Sequence diagram of smart locks development, deployment and operation

30  for: Sammy Chowdhury © ISO 2023 – All rights reserved


Single user license

Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

Bibliography

[1] ISO 31700-1, Privacy-by-design for consumer goods and services


[2] IEC 62559-2, Edition 1.0 2015-04 Use Case Methodology Part 2: definitions of the templates for use
cases, actor lists, and requirements list
[3] ISO/IEC/IEEE 15288, Systems and software engineering — System life cycle processes
[4] ISO/IEC 27701, Information technology — Security techniques — Extension to ISO/IEC 27001 and
to ISO/IEC 27002 for privacy management – Requirements and guidelines
[5] ISO/IEC TR 27550, Information technology — Security techniques — Privacy engineering for
system life cycle processes
[6] Organization for the advancement of structure information standards (OASIS) Privacy
Management Reference Model and Methodology (PMRM), May 2016. http://​docs​.oasis​-open​
.org/​pmrm/​PMRM/​v1​.0/​PMRM​-v1​.0​.pdf
[7] The NIST Privacy Framework, A Tool for Improving Privacy through Enterprise Risk
Management. Version 1.0 (January 2020), https://​doi​.org/​10​.6028/​NIST​.CSWP​.01162020
[8] ISO/IEC 29100, Information technology — Security techniques — Privacy framework, available at
1)

[9] ISO/IEC 29134, Information technology — Security techniques — Guidelines for privacy impact
assessment
[10] ISO/IEC/IEEE 29148, Systems and software engineering — Life cycle processes — Requirements
engineering
[11] ISO/IEC 29151, Information technology — Security techniques — Code of practice for personally
identifiable information protection
[12] Zwingelberg Harald, Hansen Marit, Privacy Protection Goals and Their Implications for
eID Systems. 7th PrimeLife International Summer School (PRIMELIFE), Sep 2011, Trento, Italy.
pp.245-260, ff10.1007/978-3-642-31668-5_19ff. ffhal-01517607f

1) https://​standards​.iso​.org/​ittf/​Publicl​yAvailable​Standards/​index​.html

© ISO 2023 – All rights reserved Single user license for: Sammy Chowdhury 31
 Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST
ISO/TR 31700-2:2023(E)

ICS 03.080.30; 03.100.01


Price based on 31 pages

© ISO 2023 – All rights reserved 


Single user license for: Sammy Chowdhury
Order:226083 | Date:11-Mar-2023 | Spring , 77379, United States
Copyright © SIST

You might also like