BS ISO/IEC 24745:2022

What is ISO/IEC 24745 – Guidelines for cybersecurity about?  

ISO/IEC 24745 is an International Standard that focuses on information security, cybersecurity, and privacy protection. It gives the best guidelines for biometric information protection. 

ISO/IEC 24745 covers the protection of biometric information under various requirements for confidentiality, integrity, and renewability/revocability during storage and transfer.  

ISO/IEC 24745 also provides requirements and recommendations for the secure and privacy-compliant management and processing of biometric information. 

ISO/IEC 24745 specifies the following: 

• Analysis of the threats to and countermeasures inherent to biometrics and biometric system application models 
• Security requirements for securely binding between a biometric reference (BR) and an identity reference (IR) 
• Biometric system application models with different scenarios for the storage and comparison of BRs 
• Guidance on the protection of an individual's privacy during the processing of biometric information. 

Who is ISO/IEC 24745 - Guidelines for cybersecurity for? 

ISO/IEC 24745 on information security, cybersecurity, and privacy protection is useful for: 

• IT Engineers 
• Cyber security professionals 
• Financial institutions 
• High tech companies tasked with protecting intellectual property  
• Consulting companies seeking the right methodology to resolve their clients’ security issues 

Why should you use ISO/IEC 24745 - Guidelines for cybersecurity?  

As the Internet becomes a more pervasive part of daily life, various services are being provided via the Internet, e.g., Internet banking, and remote healthcare. In order to provide these services in a secure manner, the need for authentication mechanisms between subjects and the service being provided becomes even more critical.  

ISO/IEC 24745 provides for the credible provision of effective and secure information/IT services. ISO/IEC 24745 can help the users to lower the cost of implementing, maintaining, and auditing an integrated management system, where effective and efficient management of both services and information security are part of an organization’s strategy. ISO/IEC 24745 enables the users to reduce implementation time due to the integrated development of processes common to both standards.  

ISO/IEC 24745 guides to support better communication, increased reliability, and improved operational efficiency through the elimination of unnecessary duplication. ISO/IEC 24745 aids in strengthening the understanding by service management and information security personnel of each other’s viewpoints.  

Thus, the guidelines of ISO/IEC 24745 prove very helpful to the users as they contribute to strengthening organizational risk management.  

What’s changed since the last update?  

BS ISO/IEC 24745:2022 supersedes BS ISO/IEC 24745:2011.

BS ISO/IEC 24745:2022 includes some technical changes with respect to BS ISO/IEC 24745:2022. These include: 

• Correction of terms 
• Removal of non-compliant requirements related to jurisdictions 
• Clarification of various explanations 
• Improvements on the requirements for protection of biometric information, with more explicit enforcement of irreversibility and unlinkability 
• Introduction of new application models based on recent technologies 
• Addition of examples in annexes