ISO/IEC 29134:2017 is an instrument to assess potential damage to the privacy of process, information system, program, software module, device, or other initiatives that process Personal Identifiable Information (PII) by consulting with stakeholders in order to take actions as required to manage privacy risks.