OASIS Works to Define Reference Model for Implementing Operational Privacy

CA Technologies, Jericho Systems, U.S. National Institutes of Health, U.S. National Institute of Standards and Technology, U.S. Veterans Health Administration, and Others Collaborate on 'Privacy by Design' Model

Boston, MA, USA; 12 January 2011 – The international open standards consortium, OASIS, has formed a new group to address the challenge of integrating privacy and security policies into systems and processes. The OASIS Privacy Management Reference Model (PMRM) Technical Committee will advance an open standards framework that will define rigorous and consistent ways to integrate 'privacy by design' into networked applications. PMRM will support emerging and complex cloud computing environments and help companies define architectures to support their privacy obligations, reduce the threat of policy breaches, and cope with the growing complexities of privacy risk management.

"The OASIS Policy Management Reference Model (PMRM) is a long-awaited tool for assessing the comparability of various online privacy protection policies and practices. Not a policy itself but rather a tool, the PMRM will find broad uptake in e-commerce and e-gov implementations," said Dr. Peter Alterman, senior advisor to the CIO, U.S. National Institutes of Health.

"PMRM picks up where broad privacy policies and control statements leave off," explained John Sabo of CA Technologies, co-chair of the OASIS PMRM Technical Committee. "Most policies describe fair information practices and principles but offer little insight to IT professionals who must build systems to support implementation. PMRM will provide a template for developing operational solutions to privacy issues and serve as a model for ensuring that privacy controls are in place across policy and enterprise boundaries in the growing cloud environment."

"Cloud computing and social networking are two of the drivers behind PMRM, which will target the needs of the Smart Grid, health care, finance, insurance, eDiscovery, geospatial, eGovernment, and other areas," added Michael Willett, OASIS PMRM Committee co-chair. "To ensure compliance with privacy policies in critical areas like these, you need a standards-based structured model that is developed through stakeholder consensus in an open process. It's absolutely essential to getting it right."

High-level support for PMRM is already in place. The International Security, Trust & Privacy Alliance (ISTPA) has contributed its Privacy Management Reference Model 2.0 as a starting point for the OASIS work.

"To maintain compliance with privacy mandates in increasingly complex, global cloud environments, organizations will need a standards-based, network- and system-agnostic model for implementing policies across highly dynamic and virtualized computing environments," said Donald F. Ferguson, CTO at CA Technologies. "As one of the industry's leading providers of IT management solutions for the cloud and the virtualized data center, CA Technologies sees the OASIS PMRM TC as an important step forward in enabling customers to implement this kind of unified and adaptable model to fulfill their new privacy management requirements."

Participation in the PMRM Technical Committee is open to all interested parties, including privacy policy makers, privacy and security consultants, auditors, IT systems architects, and designers of systems that process personal information. Archives of the Committee's work will be accessible to both members and non-members, and OASIS will invite public review and comment.

Additional information:
OASIS PMRM Technical Committee
PMRM recorded webinar, webinar overview

About OASIS:
OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence and adoption of open standards for the global information society. OASIS promotes industry consensus and produces worldwide standards for security, cloud computing, Web services, the Smart Grid, content technologies, business transactions, emergency management, and other applications. OASIS open standards offer the potential to lower cost, stimulate innovation, grow global markets, and protect the right of free choice of technology. OASIS members broadly represent the marketplace of public and private sector technology leaders, users, and influencers. The consortium has more than 5,000 participants representing over 600 organizations and individual members in 100 countries. http://www.oasis-open.org

Press contact:
Carol Geyer
Senior Director of Communications and Development
OASIS
carol.geyer@oasis-open.org
+1.781.425.5073 x209 (office)
+1.941.284.0403 (mobile)