An operation or set of operations performed upon personally identifiable information that can include, but is not limited to, the collection, retention, logging, generation, transformation, use, disclosure, transfer, and disposal of personally identifiable information.
Sources:
NIST SP 800-53 Rev. 5
from
ISO/IEC 29100:2011 (E) - Adapted
NIST SP 800-53A Rev. 5
from
ISO/IEC 29100:2011 (E)