Privacy Management Reference Model and Methodology (#PMRM) V1.0 published by the PMRM TC

OASIS is pleased to announce the approval and publication of a new Committee Specification by the members of the OASIS Privacy Management Reference Model (PMRM) TC:

Privacy Management Reference Model and Methodology (PMRM) Version 1.0
Committee Specification 02
17 May 2016

What is PMRM and why is it important?

The Privacy Management Reference Model and Methodology (PMRM, pronounced "pim-rim") provides a model and a methodology for:

- understanding and analyzing privacy policies and their privacy management requirements in defined use cases; and

- selecting the technical services which must be implemented to support privacy controls.

It is particularly relevant for use cases in which personal information (PI) flows across regulatory, policy, jurisdictional, and system boundaries. PMRM picks up where broad privacy policies leave off. Most policies describe fair information practices and principles but offer little insight into actual implementation. PMRM provides a guideline or template for developing operational solutions to privacy issues. It also serves as an analytical tool for assessing the completeness of proposed solutions and as the basis for establishing categories and groupings of privacy management controls.

Committee Specification 02 incorporates extensive improvements and clarifications to the previous Committee Specification.

For more information, see this introductory webinar with John Sabo and Dr. Michael Willett:

About the TC:

The OASIS PMRM TC works to provide a standards-based framework that will help business process engineers, IT analysts, architects, and developers implement privacy and security policies in their operations.

The prose specifications and related files are available here:

PDF (Authoritative):


Editable source:

Distribution ZIP file

For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here:

Members of the OASIS Privacy Management Reference Model (PMRM) TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

========== Additional references:

[1] OASIS Privacy Management Reference Model (PMRM) TC

[2] Public reviews:
- 15-day public review, 22 April 2016:
- Comment resolution log:

- 15-day public review, 26 April 2013:
- Comment resolution log:

- 15-day public review, 04 January 2013:
- Comment resolution log:

- 30-day public review, 02 June 2012:
- Comment resolution log:

[3] Approval ballot:

Associated TC: 
Privacy Management Reference Model (PMRM)
Associated MS: