ISO/IEC 29100:2011 is applicable to individuals and organizations involved in the defining, creating, designing, developing, testing, maintaining, managing, and operating information and communication technology systems or services where privacy controls are required for PII processing