RFID for a World on the Move

Volume 1, No. 4, April 2010, ISSN 1729-8709

forRFID a world on the move

• Guest Interview: UPU Director General

• Cornell ensures milk quality © ISO Focus+, www.iso.org/isofocus+ Contents

Comment

Steve Halliday, Chair, ISO/IEC JTC 1/SC 31/WG 4/SG 3, RFID air interfaces – RFID standards drive global adoption ...... 1 ISO Focus+ is published 10 times a year (single issues : July-August, World Scene December-January) It is available in English and French. International events and international standardization ...... 2

Annual subscription - 98 Swiss Francs Individual copies - 16 Swiss Francs Guest Interview Edouard Dayan, Director General of the UPU International Bureau ...... 3 Publisher ISO Central Secretariat (International Organization for Special Report Standardization) 1, chemin de la Voie-Creuse RFID standards – A diversity of applications...... 8 CH - 1211 Genève 20 Switzerland RFID standards – Opening a world of possibilities...... 10 Tel.: +41227490111 Fax: +41227333430 Fast forward – How ISO standards bolster the promising market...... 12 E-mail: [email protected] Web: www.iso.org Beyond the barcode – Next generation libraries...... 15

A new challenge – Plugging security gaps...... 18 Manager: Roger Frost Editor: Elizabeth Gasiorowski-Denis Advanced transponders – Animal identification to the next level...... 21 Assistant Editor: Maria Lazarte Communication Officer: Sandrine Tranchard Supply chain applications – A systematic approach to seamless Artwork: Pascal Krieger, Pierre Granier, and Alexane Rosa and secure tracking...... 26 ISO Update: Dominique Chevaux Translation: Translation Services, Cargo shipment tags – Making transport more transparent, efficient and safe ...... 29 ISO Central Secretariat Of paramount importance – Ensuring traceability of gas cylinders...... 31 Subscription enquiries: Sonia Rosas Friot ISO Central Secretariat Centre-fold Tel.: +41227490336 Fax: +41227490947 ISO’s RFID solutions ...... 22-23 E-mail: [email protected] Planet ISO © ISO, 2010. All rights reserved. News of the ISO system ...... 33 The contents of ISO Focus+ are copyrighted and may not, whether in whole Management Solutions or in part, be reproduced, stored in a retrieval system or transmitted in any ISO/IEC 20000 series – IT service management ...... 36 form or by any means, electronic, mechanical, photocopying or otherwise, Supply chains and ISO 9001 – What to expect, how to get it ...... 37 without written permission of the Editor. Standards in Action The articles in ISO Focus+ express the views of the authors, and do not Cornell ensures milk quality – 8 000 farms benefit from ISO/IEC 17025 ...... 40 necessarily reflect the views of ISO or of any of its members. New Releases ISSN 1729-8709 New handbook on conformity assessment – Building trust ...... 43 Printed in Switzerland “ Private ” standards – ISO’s clarifications ...... 44 Cover photo : ISO, 2010 Coming Up 45

RFID has a long history. It dates back to World War II when trans- ability of the technology makes com- ponders were used to identify aircraft, “identify friend or foe” (IFF). mercial use a reality. The return on Though still in use today, the technology is far from its original investment (ROI) of RFID has fall- en to between 6 to 12 months, with designs. Today, RFID exists in several frequency bands for many dif- more and more applications under six ferent applications, each with its own characteristics. months. ROI is at a level now where it makes sense to use the technology. The use of RFID has seen a major contactless payment systems. This RFID has come of age. The range kick start in the last 10 years enabling is expected to lead to the acceptance of applications using the technology more applications than simple access of handheld devices, such as smart- range from asset tracking to mobile control. In particular, the growth in phones enabled with RFID, to replace payments. The days when RFID was the supply chain has highlighted the the credit/debit cards currently on the only used as a standalone access con- need for numerous applications. Al- market, moving even further towards trol card to get into the office are long though RFID standards encompass a cashless society. gone. We are now looking at RFID many different frequency bands, the The development of RFID in the ul- applications that enable the complete main success for the technology has tra high frequency (UHF) bands offers supply chain across the globe. come from three areas : ticketing, a technology with the capability of a This ISO Focus+ issue takes a snap- payment systems and supply chain barcode, but without the limitations. shot of the technology’s capabilities tracking. The tags can be read without line of today. There are many new applica- The traditional use of high fre- sight, over distances of several me- tions being explored, from document quency (HF) devices has exploded tres (two – five is easily possible), and management to monitoring trees, to with the adoption of the technology with the capability of changing the tracking bicycles, to monitoring gam- for item identification. This has been data, or adding sensors (to the tags) ing chips in a casino, to tracking and especially noticeable in the areas of to monitor temperature, pressure etc. inventorying ISO containers as they ticketing and payment infrastructure. The mandates from Wal-Mart and the move around the world. The possi- The largest user of this technology, US Department of Defence requiring bilities are endless…  for example, comes from HF RFID on their suppliers to apply RFID labels train, bus, and event tickets. Systems to all shipments have increased the such as the Oyster card in the United take up of the technology. The under- Kingdom, have been adopted with lying driver for adoption has been the great success, improving the flow of availability of standards. passengers on the rail system. As of RFID technology’s capabili- 2007, over 10 million Oyster cards ties range from reading a simple ID have been issued. Another example is number at a few centimetres, to stor- the Octopus card in Hong Kong, Chi- ing the complete inventory of a con- na, with over 20 million cards issued. tainer, allowing it to be read at a dis- The acceptance of RFID by pay- tance approaching 100 metres. This ment systems and the development of broad range in capabilities has meant ISO/IEC 14443 for proximity cards that dissemination of RFID has in- and near field communications (NFC) creased in leaps and bounds. tags have led to the growth in payment Initial concerns about privacy seem systems using RFID type cards. Vi- to have been largely addressed. The sa’s payWave and MasterCard’s Pay- technology to manufacture both tags Steve Halliday Pass, which are being used by many and readers has taken giant steps for- Chair, ISO/IEC JTC 1/SC 31/WG 4/SG 3, stores, are well-known examples of ward and the reliability, price, and us- RFID air interfaces

ISO Focus+ April 2010 © ISO Focus+, www.iso.org/isofocus+ 1 World Scene

Fully Networked Car 2010 Better service at hotels and This year’s Fully Networked Car work- restaurants shop organized by the World Standards ISO Secretary-General Rob Steele at- Cooperation (WSC), a partnership between tended the 47th General Assembly of the ISO, IEC and ITU, was held in March at the International Hotel and Restaurant Asso- Geneva International Motor Show 2010. ciation (IHRA), held in Belgrade, Serbia, in The workshop brought together key play- January 2010. ers in standardization to present their per- He spoke about the work of ISO/TC 228, : ITU spectives and strategies on the current and Tourism and related services, of which Photo future role of information and communica- IHRA is a liaison organization. The com- tion technologies (ICT) in motor vehicles, mittee develops standards for improved in particular for electric cars. and safer services in the tourism industry. expectations of governments.” He explained Its areas of work currently include recrea- how ISO‘s international multi-stakeholder tion diving services, health tourism, tourist standards can complement public policies, information, golf services, beaches, natural and in many sectors, provide a basis for tech- protected areas and adventure tourism. nical regulations, but themselves do not set “ ISO/TC 228 aims to create transparency public policies. in the exchange of tourism products and Mr. McKinley called for new ways to services and raise consumer’s confidence. improve efficiency and confidence in food It supports fair competition, sustainable and safety implementations, rather than debate ethical practices, safety and security, and past approaches. In food safety, key contri- much more, ” said Mr. Steele. “ Its work butions from ISO include the well-known should help developing countries, many of ISO 22000 food safety management series, which rely principally on tourism, to better as well as the work of ISO’s Committee promote themselves.” on conformity assessment (ISO/CASCO) Mr. Steele also looked at other ISO stand- which develops the international benchmark ards contributing to tourism. Some of these standards for such activities as testing, certi- include work on public information sym- fication, accreditation and inspection. bols, food safety, fire safety, quality man- In his opening remarks, ISO Secretary- agement, service activities for water sys- Metrology at the nanoscale General Rob Steele (see photo above), said : tems, traffic and travel information, event “There is the need for standardization of es- sustainability and carbon footprints, among A workshop on metrology at the nanos- sential technologies to provide the solid base many others. cale, held in February 2010, in Paris, France, for further innovation and the economies of and organized by BIPM, brought together scale for commercialization of technologies, Private and public food safety efforts representatives from national metrology such as batteries. Most interestingly of all, institutes (NMIs) with other stakeholders, there is the urgent need to consider the inter- The shared accountability of govern- such as nanomaterial manufacturers, regula- operability of all of this technology not only ments and companies for food safety was tion authorities and standardization bodies in the car, but in the wider infrastructure that the theme of a panel session at the Global involved in nanotechnologies. is needed to support this revolution.” Food Safety Conference organized in Wash- Nanotechnologies are developing rapidly, ISO has developed more than 800 stand- ington D.C., USA, in February 2010, by the and associated documentary standards and ards for the automotive sector, including a Consumer Goods Forum. regulations are being adopted at national recently published standard giving safety Focusing on the interaction between pub- and international levels. There is increasing specifications for electrically propelled road lic and private food standards, the session pressure on metrologists to develop reli- vehicles (ISO 6469). included representatives from ISO, the Co- able and accurate measurement techniques The much anticipated ISO 39001, Road- dex Alimentarius, the World Trade Organi- and methods to underpin this. International traffic Safety management systems –Re- zation and academia. coordination among NMIs is required, with quirements with guidance for use, (currently ISO Deputy Secretary-General Kevin new approaches to overcome the complex- under development) will help improve the McKinley (see photo above right) spoke on ity of this area caused by its highly multi- migration process of traffic safety technol- ISO’s contribution, “ ISO can help provide a disciplinary nature. ogy into vehicles. bridge between industry approaches and the At the workshop, Dr. Peter Hatto, Chair of ISO/TC 229, Nanotechnologies, commented : “The role of ISO/TC 229 is to provide horizontal standards in critical areas to support stakeholders, including industry, regulators, other technical committees to help ensure the safe and responsible development of nanotechnologies.” The growth of, and interest in, ISO/TC 229 has created a need for the committee to maintain a nanotechnologies liaison coordination group to help ensure effective and active communication between technical committees and other organizations with a direct interest in nanotechnology standardization. Currently, ISO/TC 229 has 32 organizations in liaisons, in addition to the 43 member countries partici- Participants at the BIPM workshop on metrology at the nanoscale. pating in, or observing, its work. 

2 © ISO Focus+, www.iso.org/isofocus+ ISO Focus+ April 2010 Guest Interview Universal Postal Union Edouard Dayan

Photo : UPU

Edouard Dayan has been Director General of the UPU International ISO Focus+ : Within the globalization Bureau since January 2005. He was re-elected by acclamation in Au- and liberalization of trade, supported by global supply chains and the devel- gust 2008 at the Geneva Congress. opment of the Internet, the delivery of Under his leadership, the UPU has focused efforts on strengthening postal services has considerably im- its relations with the UN and international organizations, defining the proved during the last few years. How postal sector’s role in the information society, promoting the need do International Standards help postal service providers stay competitive in a and development for International Standards to improve the quality of market that is constantly evolving ? To postal services worldwide, maintaining the pace of technological in- what extent do standards contribute to novation, and using a regional approach to promote postal reform and improving quality ? close the development gap. Edouard Dayan : The international post- Before taking over as Director General, Edouard Dayan held various al service is based on a global postal sup- positions of a strategic, regulatory, commercial and operational nature ply chain. To be competitive, the postal at the French, European and international levels during a career span- supply chain must be fast and smart. The ning over 30 years. need for an efficient, interoperable supply chain forces all participants to adopt com- Edouard Dayan is a Knight of the National Order of Merit and Knight mon standards. These standards eliminate of the Order of the Legion of Honour (France). friction at borders, and, combined with

ISO Focus+ April 2010 © ISO Focus+, www.iso.org/isofocus+ 3 Guest Interview

already exist. The UPU wants to have our financial experts contribute to the Photo : UPU a voice in the future evolution of these second. standards. The UPU is also applying new We would like to see ISO standards in technology such as radio frequency iden- the area of e-commerce. This is an area tification (RFID) to core postal services, where many national postal services and needs to stay abreast of developments are active as deliverers of merchandise, in RFID standards. bought online or as providers of other lo- Work addressed by ISO and the UPU is gistics services for e-companies. also complementary. For example, participating in ISO technical committee ISO/ ISO Focus+ : E-commerce has revolu- TC 211, Geographic information/Geo- tionized postal services, contributing to matics, ensures coordination in this area. faster and easier delivery. How are In- By participating in the ISO standards ternational Standards facilitating this process, the UPU has a voice in the devel- evolution ? opment and evolution of ISO standards Edouard Dayan : E-commerce growth that impact the post office. Moreover, this has been good for national postal opera- ensures better coordination. tors, often the carrier of choice for last- mile delivery of parcels and packets to the ISO Focus+ : A cooperation agreement consumer. Also, postal operators already (memorandum of understanding) signed provide a wide range of financial servic- in 2008 between the UPU and ISO en- es, from remittances to banking services. sures that postal services increasingly Now postal operators are offering secure benefit from globally relevant Inter- and trusted payment services for e-com- national Standards developed by ISO. merce transactions. What do you expect from this collabora- E-commerce, along with financial serv- tion ? Can you provide some examples of ices, is a priority for us. We are focusing the fruitful cooperation ? In what other on parcels and packages because the ef- Globalization areas would you like to see ISO Interna- ficient delivery of e-commerce hinges on and growing tional Standards ? a totally reliable parcel service. Our cus- economic Edouard Dayan : Our cooperation agree- tomers want the ability to track what they integration ment allows seamless collaboration be- have posted. Developing such a system is possible tween the two organizations. Concrete that works all over the world is another only with benefits for the UPU include liaison with of our strategic objectives. And interop- ISO technical committee ISO/TC 211, erability is one of the three pillars of the standards. Geographic information/Geomatics, and world postal strategy our 191 member ISO technical committee ISO/TC 68, Fi- countries have adopted at our 2008 Con- other UPU initiatives, help make the sup- nancial services, working group WG 4, gress in Geneva, Switzerland. ply chain more visible. We are moving Management of ISO 20022. Our address- Globalization and growing economic in- towards our ultimate goal – paperless oping experts participate in the first, while tegration are possible only with standards. erations and accounting.

Photo : UPU ISO Focus+ : The UPU plays an active role in ISO contributing to eight technical committees including information technology, paper, board and pulps, freight containers, terminology, packaging, geographic information, processes, information and documentation. Why does the UPU participate in the ISO standards process ? What, in your view, are the concrete benefits of participation ? How do ISO standards complement those developed by the UPU ? Edouard Dayan : As part of its global business strategy, the UPU is diversifying into non-traditional areas such as financial services and e-commerce. These are areas in which non-postal actors have already been active, and in which standards

4 © ISO Focus+, www.iso.org/isofocus+ ISO Focus+ April 2010 Photo : UPU you like to see the UPU’s involvement in ISO’s technical committee for financial services (c.f. ISO/TC 68)? Edouard Dayan : Many postal services have traditionally offered financial services to the public – practically everyone has an account in a post office, and eve- rybody knows what a money order is. Postal services have been in the business of transferring money for generations. With the advent of technology, however, post offices, too, are getting involved with electronic funds transfer. Paper money orders are being transformed into electronic money orders. We have the ob- ligation to provide a low-cost means of funds transfer to the public. Given our vast network of post offices – a network that no bank or company can match – we are uniquely placed to provide this service at very competitive prices. Fi- nancial services are a very important part of our business strategy because we see them as providing a growing share of our revenues in the future. And since electronic funds transfer is based on ISO 20022 (universal financial industry message scheme), this standard is of fundamental importance to us as well. We have been granted liaison status with ISO/TC 68/WG 4 dealing with ISO 20022, and we look forward to participating in the work of this group.

ISO Focus+ : Several postal administrations have shown reduced revenues resulting from e-commerce proliferation. Does the UPU plan to introduce new services to offset the reduced revenue in letter mail ? Does the UPU plan to focus more on small package services ? What role will standards plan in UPU’s future ? So I see standards as becoming even more innovation and competition among RFID important for us in the future. suppliers to ensure the lowest prices for Edouard Dayan : As electronic com- this technology, and access to it by all our munication evolves, postal operators and ISO Focus+ : Can you please comment member countries. the UPU are not just standing by the side- on how ISO standards for bar code tech- Barcodes are another fundamental lines. Operators are exploiting the oppor- nology and RFID provide added value ? building block of the postal service. tunities the Internet provides to generate They are used on all items that need to new revenue streams and offset the drop Edouard Dayan : The UPU is imple- be tracked, and today, barcodes give them in letter-post volumes. menting an RFID-based Global Monitor- the unique identity necessary to track Hybrid mail, for example, has been ing System (GMS). The technology used them. around for years. The service enables is based on ISO standards. Whether we large-volume mailers to send bills, state- remain competitive, or not, depends on ISO Focus+ : Postal authorities are in- ments and advertising letters by giving the quality of service that we offer our cli- creasingly providing financial services their data files to the postal operator, ents. The GMS is the key tool to monitor to meet the needs of their stakeholders. who then routes the data to appropriate quality of service, and is thus a very stra- What is your view on ISO 20022 for locations for printing and mailing. It is tegic initiative. We have worked on this improving communication between fi- a fast, cost effective and an environ- project for the past few years, promoting nancial industry players ? How would mentally friendly way for letters to be

ISO Focus+ April 2010 © ISO Focus+, www.iso.org/isofocus+ 5 Guest Interview

UPU at a glance

Established in 1874, the Universal Postal Union (UPU) with its Headquarters in Berne, Switzerland, is the primary forum

Photo : UPU for cooperation between postal- sector players. It helps to ensure a truly universal network of up-to-date products and services. With 191 member countries, this specialized agency of the United Nations fulfils an advisory, mediating and liaison role, and renders technical assistance where needed. It sets the rules for international mail exchanges and makes recommendations to stimulate growth in mail volumes and to improve the quality of service for customers. Photo : UPU As a non-political organization, it does not interfere in matters that fall within the domestic domain of national postal services. For example, posts set their own of these. The UPU Postal Technology postage rates, decide which and how many postage stamps to issue, and how to Centre is providing development and de- ployment support for affordable access to manage their postal operations and staff. technologies for these services. The UPU’s objective is to develop social, cultural and commercial communication Additionally, the UPU has recently between people through the efficient operation of the postal service. As an inter- obtained an Internet top-level domain governmental institution, the UPU is called upon to play an important leadership role called .post (dot-post) to provide a plat- in promoting the continued revitalization of postal services. form for secure and trusted domestic and cross-border postal services, enhancing the possibilities for increased trust in e- sent. The UPU is studying the benefits email (PREM), electronic postal certifica- commerce transaction in all countries. of developing International Standards tion mark (EPCM) and pilot UPU certifi- The UPU is the first UN agency to enter to facilitate cross-border hybrid mail cation authority. such a contract with the Internet Corpora- exchanges. The UPU Standards Board has approved tion for Assigned Names and Numbers to In terms of trust-based services, there standards development activities for each oversee a top-level domain. The contract are still many problems with trust and is an important contribution to the further security of Internet communications and development of the Internet, especially in Internet-based transactions. We are look- underserved areas. ing at developing new electronic postal It is part of a goal to provide a single services to address some of these issues. Our interoperable network linking physical Examples include the postal registered cooperation and electronic postal services to enhance inclusion of all people around the agreement globe in the information society. The allows development of .post will be founded on seamless policies and standards developed within collaboration. the UPU working groups, one of which is the UPU Standards Board for technical standards. Finally, the UPU is looking at how it can contribute to solving the growing problem of illegal and counterfeit items originating from the e-commerce marketplace. The UPU believes that Internation- al Standards, enhanced technical infrastructure and industry policies, should be developed in cooperation with all stakeholders in the global supply chain. This cooperation should include customs, air- lines, law enforcement, postal operators and e-commerce merchants with a stake in this critical issue. With so many projects underway, you can understand why standards will be Photo : UPU very important for us in future. 

6 © ISO Focus+, www.iso.org/isofocus+ ISO Focus+ April 2010 Ad IUMSS-2008.indd C1 06.01.2010 15:45:05 Special Report

8 © ISO Focus+, www.iso.org/isofocus+ ISO Focus+ April 2010 Special Report RFID standards A diversity of applications

by Sandrine Tranchard

Shipping freight around the world ? Borrowing a book from the library ? Swiping your identification badge at the office ? Driving on a highway with an eToll ? Opening your car with a long-range access control ? Keeping track of your pet ?

A radio frequency identification Another use of RFID tags is (RFID) system tracks moving ob- seen on farms for tracing livestock jects. It enables data to be trans- throughout their lifetime to control, mitted by a mobile device or tag, for example, diseases and ensure which is read by an RFID reader product quality. In addition, they are and processed according to the also commonly used for identifying needs of a particular application. pets or tracking animals in the wild. The transmitted data may provide This month’s Special Report identification or location informa- showcases the diversity of ISO tion, or specifics about the tagged standards for RFID and the ben- product, like price, colour or date efits of their use, from facilitating of purchase. the circulation of books in librar- The RFID market has seen a ma- ies and improving the traceability jor kick start in the last 10 years. of gas cylinders to identifying ani- And its applications are constantly mals, and tracking cargo shipment. expanding. A recent report from More importantly, ISO standards the Electronic Communications provide a harmonized framework, Committees (EEC) estimates the improve transparency, efficiency future market size for RFID to be and safety in a complex, but grow- USD 27.59 billion. ing market, while optimizing busi- Today, RFID applications span ness processes and reducing opera- the entire supply chain, some of tional costs for companies. which are highlighted in this issue With so many areas of RFID in of ISO Focus+. For example, the our daily lives, the industry has to use of RFID tags on products, pack- deal with other matters, such as se- aging, freight containers, transport curity and privacy. Here again, the units and returnable transport items development of ISO standards will facilitates tracking of goods and no doubt be an important part of their management, allowing inven- the solution.  tory control, in-transit visibility Sandrine Tranchard is Communication Officer and loss prevention. at the ISO Central Secretariat.

ISO Focus+ April 2010 © ISO Focus+, www.iso.org/isofocus+ 9 Special Report

will be possible to harvest sufficient energy from the environment around an RF tag to generate a signal. The active RFID tag would remove the need for a battery. Some passive systems currently incorporate a battery to enable greater range and on-board tag functions. Battery-assisted standards passive devices also commonly support sensors. Opening a world Passive systems require significantly higher power to : of possibilities • Traverse the space between the interrogator and the tag • Provide enough power to drive the by Craig K. Harmon circuitry that modulates and reflects the signal adio frequency identification (RFID) is a relatively simple concept • Traverse the return space between the R tag and the interrogator. involving the combination of a wireless communications technique using radio frequencies with a unique identifier embedded within the In an active system, power loss is caused wireless communications. The International Telecommunications Union only by the space from the tag to the interrogator. Typically, the output power of Radiocommunications Sector (ITU-R) defines RFID as a “ short-range active tags is measured in MilliWatts and device ” subject to the rules imposed on such devices. The many ISO the output power for passive system inter- standards addressing RFID applications (see Box on page 11) show that rogators in measured in Watts. RFID is of significant interest to the international community. Active systems can generally transmit over distances from tens to hundreds of metres, while passive systems can com- A typical configuration Active versus passive systems municate over distances of only a few centimetres to a few metres. The principal All RFID systems have an interrogator, RFID systems are said to be either “ ac- drawback with active or battery-assisted two antennas, and one or more radio fre- tive ” or “ passive ”. Active systems actu- passive systems is the time and cost of quency (RF) tags, as shown in Figure 1 ally generate a signal. Passive systems battery maintenance with currently avail- (below). receive an incoming radio wave, modu- able active RF tags. Multiple interrogators may be incor- late the inbound wave according to the The signals from passive RF interroga- porated in locating systems. The signal data content of the RF tag, and return the tors or active RF tags operate in specific emitted by a tag is received by each of the modulated signal. This is often referred to parts of the electro-magnetic spectrum. interrogators. The location of the emit- as reflecting and modulating the incoming These frequencies are categorized as low ting tag can be determined based upon the signal. frequency, in the range of 30 to 300 Kil- time it takes the signal to reach each of With current technology, active sys- ohertz (kHz), high frequency of 3 to 30 the interrogators or by the strength of the tems incorporate a battery, while most Megahertz (MHz), or ultra high frequen- signal received at each interrogator. passive systems do not. In the future, it cy of 300 MHz to 3 Gigahertz (GHz). To avoid licensing requirements in publicly regulated frequency bands, the INTERROGATOR TAG popular RFID bands are industrial, scientific, and medical (ISM) bands, including 13.56 MHz, 433 MHz, 860-960 MHz, and 2.45 GHz. National radio regulations Micro Transmit/ determine the maximum power level per- Computer Receive CPU I/O RAM ROM mitted at these frequencies, as well as Radio Tx/Rx other characteristics of the transmission Pwr Supply such as the length of time a transmitter Antenna can be turned on before it must be turned Computer off (known as the duty cycle). Network CPU I/O RAM ROM Types of standards Radio Tx/Rx Several different types of standards are Pwr Supply required for RFID to be successful in the Figure 1 – A typical RFID configuration marketplace, including :

10 © ISO Focus+, www.iso.org/isofocus+ ISO Focus+ April 2010 Who is working on RFID ? • Technical standards, such as the air magnetic interference with implantable interface standards of the ISO/IEC cardioverter-defibrillators and implant- Radio-frequency identification (RFID) is 18000 series, ISO/IEC 15693 and ISO/ able cardiac pacemakers in a laboratory IEC 14443 setting. No occurrence of an RFID system addressed in the work of several ISO causing a problem with such devices im- committees, including ISO/IEC JTC 1 : • Data standards, such as ISO/IEC 15963 for tag identification, ISO/IEC planted in a human being has ever been • ISO/IEC JTC 1/SC 31, as an 15418 for data identifiers and appli- reported. automatic identification and data cation identifiers, the ISO/IEC 7816 Nonetheless, the RFID Experts Group capture (AIDC) technique to identify series for inter-industry data elements (REG), in cooperation with the US Food and locate physical objects and ISO/IEC 15434 for syntax and Drug Administration, Georgia Tech Research Institute, MET Labs, and the • Conformance standards, to enable • ISO/IEC JTC 1/SC 17, as a technique University of Hokkaido, is establishing interoperability between the products used in wireless integrated circuit test protocols that will ultimately ensure of various manufacturers, such as the cards to identify real persons in that RF emitters do not have an adverse ISO/IEC 18047 series and the ISO/IEC identity transactions, including effect on implantable devices, clinical 10373 series financial, medical, gaming, equipment, or biologics. This work is ex- • Application standards, such as the telecommunications, transport, and pected to conclude in 2011. ISO 1736x series, ISO 10374, ISO/TS physical identification Further harmonization is needed among 10891, and IATA 1740c ISO committees (as well as within ITU), • ISO/TC 122, as an AIDC technique to • Network standards, such as ITU- which often deal with similar issues. An identify supply chain items T Recommendation F.771, X.550, example is ISO 17363, Supply chain ap- • ISO/TC 104, as an AIDC technique X.660, and Y.2213. plications of RFID – Freight containers, to identify shipping containers (as developed by ISO/TC 122, Packaging, to opposed to the cargo within the Unresolved issues secure cargo of containers, independent container) of the container. Now ISO/TC 104 has The use of the industrial, scientific and initiated a similar work item. • ISO/IEC JTC 1/SC 6, as an medical bands for RFID is currently topic As with any “ new ” technology RFID is identification and communications of some contention within the ITU. Sev- experiencing growing pains as it matures. technique to identify physical eral countries contend that ITU radio reg- However, wireless identification technol- objects in identity transactions ulations clearly state that the ISM bands ogy holds great promise for improved ef- should not be used for radio communica- ficiencies and reduced costs. RFID and ISO/TC 23/SC 19, to identify • tion and that RFID is radio communica- sensors are recognized as two of the most production animals and companion tions. Resolution of this issue is expected promising technologies under develop- animals at the World Radio Conference in 2012 ment within ISO.  (WRC-12). • ISO/TC 204, to enable intelligent transportation systems About the author • ISO/TC 247, to facilitate anti- RFID is of significant counterfeiting interest to the Craig K. Harmon • Universal Postal Union (UPU) to international community. is President and identify postal items (see the Guest CEO of QED Interview on page 3) Systems. He is the Privacy advocates argue that RFID Convenor of the International Air Transport • may constitute a threat to personal pri- ISO working group Association (IATA) to identify vacy by enabling the tracking of indi- addressing RFID baggage and passengers. vidual purchases. This concern has led applications in the to a push for regulations requiring that supply chain (ISO/ RFID is also significant in the work of : RFID tags be permanently deactivated TC 122/WG 10), as well as the RFID • ISO/IEC/JTC 1/SC 27, applying the once the item to which the tag is attached Experts Group, and the group developing security techniques within SC 27 to has been purchased. This would deny the US positions for ISO RFID stan- RFID post-sales applications such as warranty dards. He is also the Chair of the ISO tracking, returned goods and recalls. The committee on mobile item identification • ISO/IEC/JTC 1/SC 27/WG 5 and recently formed ISO Technical Manage- and management, and the ISO committee ITU-T SG 17, addressing privacy ment Board Privacy Steering Committee responsible for the development of sensor in accordance with the ISO TMB is expected to address this topic in 2010 specifications. Mr. Harmon is the author Privacy Steering Committee and 2011. of four books on data collection tech- A second public policy issue associated nology, including Reading Between the ISO/IEC/JTC 1/WG 7, in the area of • with RFID is the safety of RF devices. Lines and Lines of Communications, and sensor networks. Low frequency and some high frequency he is a content contributor to the Website : devices have been found to cause electro- autoid.org.

ISO Focus+ April 2010 © ISO Focus+, www.iso.org/isofocus+ 11 Special Report

Fast forward 15 years. The same day that I was asked to write this article, a Fast forward contractor for our local water company in Colorado asked me if they could in- stall a radio communication device on How ISO standards bolster my water meter to more accurately and efficiently communicate water usage in- the promising market formation associated with my identified house. They described how the information would be automatically transmitted by Barba Pier Hickman to city vehicles as they drove past my home. I asked if they were hearing con- What is radio frequency identification (RFID)? In 1995, when I cern from citizens about this new pro- first started evaluating RFID as a career, very few people had ever gramme, and I was told, “ No, these days most people understand the benefits of heard the phrase or the acronym. I remember one person asking me if employing wireless, radio identification I was going to work for a company who builds the dials and displays and communication devices – they are on radios to identify the frequency for various radio stations. I knew actually more accurate than humans.” then that standards did not exist and were sorely needed. I was so proud ! Standards drive market adoption by spreading knowledge and awareness of the technology. They encourage entrepre- neurs to develop new solutions for new markets that unfold and explode to create our future. So has been the story of RFID, but the story has just begun… Embedded in this article are predictions of the future market size of RFID based on the technology and solution providers interviewed and, therefore, only an indication of its full potential. For every new technology, people underestimate the time required for both standards to drive market acceptance, and for end-user evaluations and solution implementation. Current estimates of 15 years are finally realistic.

Dynamic evolution

One of the best recent estimates of the future market size for RFID was published by the Electronic Communications Committee (ECC), in January 2010, with the subject line : Dynamic evolution of RFID market. The result is depicted in Table 1 showing market projections in USD billions. The ECC is the Committee for Euro- pean Conference of Postal and Telecom- munications Administrations (CEPT) in radio spectrum and telecommunications numbering/addressing. The intent of their research was to draw a detailed inventory of the actual RFID market and applications. Emphasis was given on the relevant part of the ultra high frequency (UHF) band and on comparing findings to the results of their planned evolution study.

12 © ISO Focus+, www.iso.org/isofocus+ ISO Focus+ April 2010 Total market USD billion 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 Tags – passive 2.18 2.49 2.88 3.31 3.90 4.81 5.98 6.72 7.83 9.27 10.81 Tags – active/batter 0.21 0.22 0.28 0.37 0.57 0.75 0.99 1.16 1.26 1.43 1.57 assisted passive (BAP) Interrogators 1.20 1.22 1.69 2.25 3.20 4.08 5.09 5.12 5.35 5.47 5.71 (incl. mobile phones) Networking, software, 1.97 2.28 2.68 3.38 5.17 6.85 8.38 8.97 9.03 9.33 9.50 services Total value USD billion 5.56 6.21 7.53 9.32 12.84 16.49 20.44 21.97 23.47 25.49 27.59

Table 1 – ECC RFID market projections in USD billions (2009-2019).

RFID applied Item flow control in processes tication include the tagging of drugs in For item flow control, RFID tags are the pharmaceutical sector and high-val- The ECC report derived their projec- attached to items, which move through a ue goods in the luxury sector to prevent tions by looking at a diverse range of ap- manufacturing process. This mainly aims counterfeiting. plications, some of which are highlighted to avoid costly errors during the produc- below. Although not all RFID application process. Payment systems tions use the same frequency bands, most RFID technology is used for pay- applications use currently-popular fre- Inventory audit ment systems to secure transactions. Se- quencies in high frequency (HF) or ultra A prominent application is the use curity requirements for tags are very high. high frequency (UHF). of RFID for inventory audit. Examples in- Public transportation system is a major clude retailers’ warehouses where pallets application, from car parks, to toll booths Logistics and materials handling and sometimes cases are tagged to im- to public transport cards. Mobile assets are tagged for their prove the speed, accuracy and efficiency Automatic display of information use along the supply chain. Typical ex- of stock control. amples are RFID-tagged cartons, contain- In the emerging field of automatic ers and pallets which are used at different display of information, items are tagged production stages. Other materials han- Standards drive market to provide additional information on products and services when read. dling applications include libraries, book adoption. stores, waste management and many other Medical applications applications in daily life. RFID has some very specific uses in Item level tagging Authentication healthcare. Most common uses of RFID This is used for theft control when For authentication purposes, RFID in healthcare are medication administra- combined with electronic article surveil- is used to provide secure identification tion, authentication and restocking, hospi- lance (EAS). mechanisms for persons and objects. tal equipment tracking, medical supplies Prominent examples of personal au- tracking, asset and substance tracking, Asset monitoring and maintenance thentication are company entry badges, medical waste tracking, patient tracking, Fixed and high-value assets are usu- transportation system cards, electronic blood banking, lab and pathology sample ally tagged to store information, e.g. for passports and identity cards. Current tracking, medical alert implants, self- maintenance purposes. fields of application for object authen- medication for seniors.

Frequency range Commonly associate applications ISO (and ISO/IEC) standards Animal identification, access control, ISO/IEC 18000-2 LF <135 kHz car ignition keys Smart card applications, access control, financial ISO/IEC 18000-3, ISO/IEC 14443, HF 13.553-13.567 MHz cards, national ID cards, passports, ticketing ISO/IEC 15963, ISO/IEC 18092, ISO/IEC 21481 Active RFID for cargo handling and military ISO/IEC 18000-7 UHF 433 MHz logistics in the USA & NATO countries Materials handling, asset tracking, logistics supply chain, item-level tracking, RFID/electronic article ISO/IEC 18000-6, ISO/IEC 29143 UHF 840 – 960 MHz surveillance (EAS) tags, cargo handling, airline baggage, transportation UHF 2.45 GHz Item management ISO 18000-4 UHF 2.45 GHz Real Time Locating Systems (RTLS) ISO/IEC 24730-2, ISO/IEC 24730-5

Table 2 – Common frequency ranges for RFID applications driven by ISO standards.

ISO Focus+ April 2010 © ISO Focus+, www.iso.org/isofocus+ 13 Base CAGR* Special Report Historical (Millions of USD) Year 2009 2013 2008- 2007 2008 2013 Supply chain experience a technology breakthrough 883.6 1 060.5 1 135.4 1 995.7 13.5 % management in the next fifteen years that reduces the cost of an RFID tag to less than one cent, Asset tracking & 363.0 450.8 514.5 1 241.5 22.5 % these numbers could increase dramati- Real-time locating system cally. In particular the number of tags Security/Access control 556.2 687.2 748.1 1 212.3 12.0 % on food items could grow to hundreds of billions.” Sensing/Monitoring 25.7 33.8 40.2 243.9 48.5 % Rental item tracking 29.5 38.8 45.6 142.9 29.8 % The way forward Shop-floor automation 99.2 133.9 156.8 369.8 22.5 % In today’s world, the vast majority of peo- Point of sale 122.2 158.3 178.9 355.9 17.6 % ple understand the acronym “ RFID.” Those who cannot instantly recall the phrase as- Animal tracking/ID 119.6 173.6 198.0 561.0 26.4 % sociated with the acronym absolutely rec- Baggage handling 25.9 36.7 47.5 197.0 40.0 % ognize it when prompted. They can even explain how they use radio frequency prod- Ticketing 148.8 204.2 232.4 692.8 27.7 % ucts to make their lives easier. Toll collection 180.1 184.8 193.8 271.7 8.0 % Naturally, there are certain hurdles to overcome. As with cell phones, we have Other 398.6 635.0 716.6 1 583.0 20.0 % to first show consumers the benefits of us- Total 2 952.4 3 797.6 4 207.8 8 867.4 18.5 % ing a new technology before asking them to put up with the potential drawbacks or * Compound annual growthrate. inevitable privacy issues. We have come Table 3 – VDC Research Group : Total global RFID shipments segmented by application. a long way, but it is only the beginning of what promises to make a huge impact in the coming years. Animal identification Market growth projections In another 15 years, and probably well The control of pets, livestock, the before 2025, RFID will be ubiquitous. food chain, farming, diseases, protection High frequency (HF) is a globally har- Thanks to ISO.  of endangered species using either im- monized range which operates between planted or external tags (e.g. ear tags). 13.553-13.567 MHz. The ECC believes The diversity of technically rigorous that the global market for HF RFID will ISO standards has bolstered this prom- triple from USD 2.9 billion in 2008 to ising market. Table 2 outlines the most USD 8.6 billion in 2018. common frequency ranges for RFID UHF is not harmonized, but thanks to the About the author along with a few of the applications and great work of regulatory agencies around standards commonly associated with each the world over the last decade, UHF RFID Barba Pier frequency. systems operate in a range between 865- Hickman is 915 MHz (but must meet the exact band- founder of Applied width and power levels approved in the Clarity, Inc., a We’ve come different regulatory regions). consulting firm that a long way. The ECC report states : “ It is predict- leads companies ed that, in five years, more than 170 000 to identify and RFID readers will be deployed in Europe overcome barriers Market explosion will only happen if at 30 000 locations. During this period to technology multiple ISO standards are used. This, in these readers will process a total of about adoption and market acceptance. She turn, will require the efforts of an interna- 3 billion tags. These numbers will grow has served as Chair and Secretary of a tional team of experts committed to their significantly, and by 2022, it is expected number of ISO, the American National development. Figure 1 on page 27 de- that more than 6 billion readers will be op- Standards Institute (ANSI) and EPC picts the complexity of tracking products erating at 450 000 locations, with about 86 Global standards committees, including that are moving through the supply chain, billion tags purchased annually. serving as the founding Chair for ISO/ and consequently, the complexity of ISO “It is believed that these numbers are IEC JTC 1/SC 31/WG 4/SG 3. Ms. Hick standards that are required for the expan- conservative, as they only represent a man has received an award from the sion of RFID through these channels. small percentage of the total potential InterNational Committee for Information But RFID growth is not limited to sup- number of objects that can be tagged. For Technology Standards (INCITS) “ for her ply chain or logistics applications. Predic- example, the forecast is based on the es- contributions to the worldwide advance- tions by the VDC Research Group (Oc- timate that in 2012 approximately 2 % of ment of automatic identification and data tober 2009) of global RFID shipments all items in retail will be tagged. capture through the use of radio fre- outline many applications that will add to “In 2022 the forecast is that roughly quency identification.” She is currently an the growth of RFID by 2013. Their ex- 25 % of all non-food items and 5 % of all RFID standards and strategy consultant pectations are outlined in Table 3. food items in retail will be tagged. If we for Intermec Technologies, Inc.

14 © ISO Focus+, www.iso.org/isofocus+ ISO Focus+ April 2010 Beyond the barcode Next generation libraries

by Leif Andresen How it works Passive RFID tags with antennas are A smooth and straightforward check-in/check-out process for books attached to books, CDs and other library is key to the library business, and RFID can make a significant contri- materials. When these assets are checked bution. The technology is revolutionizing data management in librar- into, or out of the library, an RFID reader sends a radio signal to retrieve the infor- ies by optimizing the communication and retrieval of item-specific mation on the RFID tag. information. The first experiments with RFID in libraries took place The first step is to validate the applica- in the 1990s. Since then, the use of RFID has expanded rapidly. tion family identifier (AFI) value to ensure ISO is working on a standard harmonizing international guidance to it is a library item (see Box on page 17). Two values are dedicated for library use, help libraries graduate from the old barcode to RFID tags, ISO 28560, distinguishing between items “ in-library ” Information and documentation – RFID in libraries. from those “ on loan ”. This information may also be used by security gates.

Service improvements A particular benefit of using RFID for library circulation is the ability to handle composite materials. Examples might be a multivolume book, a box set with three CDs, or an audio book with 15 tapes. A data element records the number of items in the entire set and their identity. The check-out function warns when items are missing. This function solves a major problem of barcode-based : Tagsys self-service. Photo RFID in libraries can provide functionality beyond circulation. Some libraries use RFID for stock control by scanning shelves and comparing the results with the library’s database to find “ lost ” or miss shelved items, as well as to take inventory. RFID may also support the acquisition process. An ISBN or equivalent number on the incoming book tag might identify itself to the library acquisition module, and provide a link to the supplier and or- Simultaneous identification of a 4 CD box set using an RFID reader. der number. The future ISO 28560 will

ISO Focus+ April 2010 © ISO Focus+, www.iso.org/isofocus+ 15 Special Report

created for this purpose within technical committee ISO/TC 46, Information and documentation, subcommittee SC 4, Technical interoperability. The result of their efforts is the three- part standard ISO 28560, RFID in libraries, which has now entered the final stages of development. Part 1 : General requirements and data elements, describes the overall data model. Encoding options are described in Part 2 : Encoding based on ISO/IEC 15962, and Part 3 : Fixed length encoding.

Another potential use for RFID is as an information tool.

The data model specified in Part 1 comprises 25 data elements. The only obliga- tory element is the primary item identifier, mandatory for items on the shelf. Experi- ence shows that data and description of data elements are more durable than hard- ware, software and encoding. Part 2 deals with encoding rules based on ISO/IEC 15962:2004, Information technology – Radio frequency identification (RFID) for item management – Data protocol : data encoding rules and logical memory functions, which uses an object identifier structure to identify data elements. According to these rules different optional data elements may be selected, : Tagsys including for RFID tags of items in the

Photo same library. The encoding rules also Scanning shelves for item identification using a portable RFID reader with WiFi connection to enable optional data to be organized on the library’s database. the RFID tag in any sequence. And they include data elements for this informa- deliver standardized products. A variety of provide for flexible encoding of variable tion. Privacy concerns require that this incompatible national specifications would length and variable format data. data be erased before library circulation. drive up the cost of these products. Part 3 defines a basic subset of data el- Another potential use for RFID ena- A common solution is also important ements, specifying how to encode these bles users to “ show ” a book to a screen to avoid libraries becoming dependent in a basic block on the RFID tag. Precise in the library to retrieve reviews and user upon specific vendors. RFID tags must specifications are given for encoding oth- comments. be available from a variety of sources. er data elements in additional blocks of Books and CDs from different library variable length. Global solution vendors should be supplied with RFID Both Part 2 and Part 3 use the 13.56 tags already inserted. MHz (Megahertz) frequency, which to Why the need for an International Stand- date has been most common for RFID ard ? Books and other assets are not only Attractive benefits applications in libraries. However, the di- used by the library that owns them. For ex- vision of ISO 28560 into multiple parts ample, interlibrary loans are a common way The growth of RFID use has resulted opens the possibility for the addition of for national and regional library systems to in several countries adopting national new parts defining tag encoding using meet user needs while minimizing duplica- processes that specify data models and other frequencies. tion of relatively low-demand materials. encoding. But at the same time there is At the international level, it is also im- widespread recognition of the need for Note : TAGSYS provides reliable RFID infra- portant to ensure that software and hard- international consensus. ISO working structure to ease the identification and manage- ware vendors of library RFID systems can group WG 11, RFID in libraries, was ment of all types of library media.

16 © ISO Focus+, www.iso.org/isofocus+ ISO Focus+ April 2010 The standard does not specify communication between RFID readers and an integrated library system (ILS). This is currently managed by the US Nation- al Information Standards Organization (NISO) Circulation Interchange Protocol Z39.83 (NCIP) and the standard interface protocol (version 2) SIP2. National and regional profiling may re- strict use of some data elements and make others mandatory. Managing privacy is also part of profiling. For relevant up-to-date information, WG 11 has established a Website : biblstandard.dk/rfid/.

Growing influence Tags encoded according to ISO 28560- 3 are used by national systems, such as DS/INF 163 (known as the Danish Data Model, or DDM). RFID interrogators capable of reading tags according to DS/ INF 163 can also read tags according to ISO 28560-3. This means that the in- stalled base of DDM, implemented in several countries, can easily be moved to the future ISO 28560. Most RFID vendors are aware of the Application family identifier upcoming ISO 28560. Committees in several countries are preparing to implement The application family identifier (AFI) is used as a mechanism to select tags across the new standard. the air interface, minimizing the extent of communication transaction time with tags Denmark has decided to publish ISO that do not carry the relevant AFI code. 28560 as a Danish standard DS/INF 28560. By the end of 2010, more than half of Den- AFI value C2 * has been assigned explicitly for library use under the soon-to-be HEX mark’s public libraries are expected to finalized ISO/IEC 15961-2, Information technology – Radio frequency identification have RFID systems in place. In the United (RFID) for item management : Data protocol – Part 2 : Registration of RFID data Kingdom, a technical committee from the constructs. ISO member body (BIS), has prepared a national profile based on ISO 28560-2. A library may use the AFI in one of two ways. It is expected that many more countries will soon follow.  A single AFI with the value C2HEX distinguishes library items from others products, and avoids the risk of an RFID reader for a different domain, reading the RFID tag on a loan item. It also enables a library system to reject items that carry a different AFI code. About the author The AFI may additionally be used as part of an “ item security system ”, where Leif Andresen is the value C2 is written to tags of items on loan to a client. When the books are HEX Chief Adviser at returned, an in-stock AFI is written to the tag (07 , according to the soon-to-be HEX the Danish Agency finalized ISO 15961-3, Information technology – Radio frequency identification (RFID) for Libraries and for item management : Data protocol – Part 3 : RFID data constructs). Media and Chair- The ISO 15961 series is being developed within ISO/IEC JTC 1, Information man of Danish Standards S24, technology, subcommittee SC 31, Automatic identification and data capture Information and techniques, working group WG 4, Radio frequency identification for item management. Documentation. He is the Convener of ISO/TC 46/SC 4/ WG 11, RFID in Libraries. Mr. Andresen * Hex (hexadecimal) is a positional numeral system with a base of 16. Each hexadecimal digit represents four binary digits. has worked on library standardization since the 1990s, focusing in particular on technical interoperability.

ISO Focus+ April 2010 © ISO Focus+, www.iso.org/isofocus+ 17 Special Report

A new challenge Plugging security gaps

by Matthew J. Harmon and Natascha E. Shawver

The number of RFID applications in everyday use has exploded over the last decade, with tiny radio frequency (RF) tags now tracking products, animals and assets all over the world. The benefits of the technology range from improved supply chain management to efficient inventory tracking.

Some of the largest organizations in the promised, but a successful “ drive-by clon- world, such as the US Department of De- ing ” of RFID tags in passports by a British fense and the retail giant Wal-Mart, use hacker (in which data was copied from RFID to track shipments. Cattle ranchers documents carried in the owners’ pockets tag livestock. Hospitals maintain chains- and purses) showed that the potential for of-custody for drugs and supplies. RF damage is real. The past history of compu- tags are found in passports, credit cards ter hacking makes it clear that new attack and library books – and they’re even used methods will evolve over time. RFID to track endangered species. Hacking poses a threat to the confiden- tiality, integrity and availability of RFID systems. It can disrupt business, cause No single serious privacy breaches, and undermine countermeasure trust in the technology itself. is 100 % effective. The RFID industry has recognized these challenges by actively working to add security measures such as encryption While RFID has proven its usefulness and authentication to the tags. Because in many areas of modern life, significant encryption reduces the available storage the prevention of unauthorized reading or challenges must be resolved before the space on a tag and authentication slows changing of RFID data. This means pro- technology’s full potential can be real- reading response times, the challenge is to tecting the data on the tag, and the data ized. With falling prices and enhanced strike a balance among the requirements transmitted between the tag and reader to capabilities eliminating many obstacles, for efficiency, the demand for low-cost ensure it is accurate and safe from unau- attention has shifted to the security com- RFID solutions, and the privacy require- thorized access. ponent of RFID deployments. ments of a concerned public. International In broad terms, RF tags are small wire- Standards are the solution. less devices, consisting of a microchip and Hacking evolves an antenna, which emit information when Data protection at every step interrogated by RFID readers. Hundreds Breaches in RFID security – both real of models of commercially available tags and potential – have been well publicized A security breach can happen at the fall into two basic categories : active and in the media, creating unease among con- tag, at the reader (also referred to as an passive tags. sumers, companies, policy makers and interrogator) or, less often, at the network Passive tags, currently the most com- other RFID security stakeholders. Most level. ISO/IEC TR 24729-4:2009, Infor- monly used devices, require higher power RF tags do not encode personally identifi- mation technology – Radio frequency interrogators that create a continuous ra- able information (PII). identification for item management – Im- dio wave. The passive RF tag receives the So far, there have been only a few in- plementation guidelines – Part 4 : Tag radio wave and reflects (or modulates) a stances of RFID applications being com- data security, defines RFID security as return signal to the interrogator consistent

18 © ISO Focus+, www.iso.org/isofocus+ ISO Focus+ April 2010 through the use of radio receiving equipment of an authorized transmission); data tampering (unauthorized erasing of data to render the tag useless or altering of the data, for instance to change the price of a tagged item in a store). Denial of service attacks occur when multiple tags or specially designed tags are used to overwhelm a reader’s capacity to differentiate tags, rendering the system inoperative. Readers can also be jammed and tags can be physically blocked to disrupt reading. The tag can be mechanically or electronically “ killed ” to prevent it from being read.

Standards for application security As RFID technology and security threats evolve, so does the need for standards. In 2009, the technical report ISO/IEC TR 24729-4 giving guidelines on RFID tag data security was published. The report was based on the work developed by the RFID Experts Group (REG) set up by the Association for Automatic Identification and Mobility (AIM) – the global trade association for the automatic identification and data capture (AIDC) industry.

RFID The challenge is to strike a balance.

The ISO/IEC report assesses risks according to the Open Web Application Security Project’s (OWASP) “ DREAD ” model by looking at : • The potential damage a threat represents with the data programmed into the pas- Mimicking encompasses spoofing, • The chance of reproducibility sive tag. cloning and applying malicious code. To • What is needed to exploit a threat Active tags have an embedded trans- spoof tag data, the data is duplicated and • How many users would be affected mitter and generally transmit at far less transmitted to a reader. Cloning involves • How easy it is to discover a threat. power than passive tags. Most active tags duplicating the data from one tag onto an- currently in use incorporate batteries, other tag. An example would be exchang- The group analyzed the probability of a though future energy-harvesting tech- ing a container seal with a cloned tag after threat and its potential impact in various niques may change that. a thief breaks into the container to steal or scenarios by looking at supply chain tags, The basic difference between active and tamper with its contents. smart cards, customer loyalty cards, con- passive tags is that the active tags transmit Malicious code put on the tag could tactless payment cards and other RFID and passive tags reflect a received signal. hypothetically compromise an entire en- applications to discern the security impli- terprise system and disrupt a business, al- cations for each scenario. Vulnerabilities though the risk of such damage is current- The guidelines recommend a number ly limited due to the memory and range of countermeasures to safeguard security, Tags, readers and the air interface be- restrictions of most tags. such as the use of a unique tag identifica- tween them are susceptible to a number of Gathering information from the tag tion as defined in ISO/IEC 15963:2009, possible attacks that fall into three main takes place through skimming (unauthor- Information technology – Radio frequen- categories : mimicking, gathering and de- ized reading of data on a tag); eavesdrop- cy identification for item management – nial of service. ping (unauthorized listening/intercepting Unique identification for RF tags.

ISO Focus+ April 2010 © ISO Focus+, www.iso.org/isofocus+ 19 Special Report

This may include password protection, encryption, and various authentication measures. No single countermeasure is 100 % effective in all situations. Combi- nations of countermeasures can be used to increase RFID data access security. Existing RFID standards that already have specific security components built in to them include the following : • ISO/IEC 7501 series for machine read- able travel documents • ISO 13181 series on Communications Access for Land Mobiles (CALM) • ISO/IEC 15693 series for vicinity cards (i.e. cards which can be read from a greater distance as compared to proximity cards) • ISO/IEC 15963:2009 for RF tags • ISO/IEC 18000 series for item management fication and data capture techniques, will becomes slower when security features “ provide standards and a framework for are added. And there is also the need for • ISO/IEC 21451-7 for transducers to security of automatic identification and interoperability, which is already an issue RFID systems communication pro- data capture systems, particularly the air due to the conflicting needs of proprietary tocols and transducer electronic data interface and other SC 31 wireless com- solutions and supply chains. sheet formats.1) munications components.” Basic framework standards for secu- It has also set goals to define appropri- Building on existing standards rity are being or have been developed by ate secure file management techniques for Challenges arise from RFID’s perva- ISO/IEC JTC 1, Information technology, various memory sizes and configurations, sive use in highly disparate areas, includ- subcommittee SC 27, IT Security tech- to identify risks and potential controls and ing ports, health care, financial services, niques, and ISO/TC 8, Ships and marine to deliver a suite of solutions that enable networks, audio-visual, biometrics, per- technology. the implementation of various tiers of security for item management. sonal identification, databases, home electronics, printing, intelligent trans- In the pipeline ISO/IEC JTC 1/SC 31/WG 7 will have to deal with some important requirements. portation systems, industrial automation, The recently created working group One is the demand for low prices – se- anti-counterfeiting and what is commonly WG 7, Security for item management, of curity features add to the cost of the tag. referred to as “ the ” supply chain (where, ISO/IEC JTC 1/SC 31, Automatic identi- Another is efficiency, since reading tags in truth, there are many). A search of the ISO database reveals some 240 standards that include “ securi- About the authors ty ” in their title. We clearly need to build on existing security standards to provide : Matthew J. Natascha E. • A common, harmonized framework Harmon is the Shawver is a for a more secure supply chain, for ex- Vice President of freelance journalist ample in health care and port security Security and Risk with a focus on the where the risks are too high to ignore Management at societal effects of • A base of transparency and privacy for QED Systems, and information tech- consumers he serves as the US nology. She holds • Technical guidance for policy makers Technical Advisory a Masters Degree addressing these issues. Group Chair for in political sci- ISO/IEC JTC 1, Information technology, ence from the University of Heidelberg, If the technology is to become as ubiq- subcommittee SC 31, Automatic iden- Germany and a journalism diploma from uitous as the promise appears today, it tification and data capture techniques, the Free Journalism School in Berlin, is imperative for the RFID community working group WG 7, Security for item Germany. to develop comprehensive solutions for management. He is also the SC 31 liaison both security and privacy. SC 27 and to ISO/IEC JTC 1/SC 27, IT Security SC 31 are working hard to provide those techniques, and a member of the ISO solutions.  Technical Management Board Privacy Steering Committee. 1) Currently under development.

20 © ISO Focus+, www.iso.org/isofocus+ ISO Focus+ April 2010 RFID tags for animals come as eartag transponders, bolus transponders (for livestock) or injectable transponders (for pets). In farms, RFID tags can be used for individualized treatment of animals in computerized milking routines, feeding equipment and sensor systems for measuring health. RFID tags are also widely used for identifying companion animals. This allows veterinarians to give adequate treat- ments, facilitates customs clearing and helps animal protection societies looking for owners of lost pets. RFID can also be used to track animals in the wild.

14 years ago Advanced It is now 14 years since the first ISO standards for RFID identification of animals were published. These include : transponders • ISO 11784:1996, Radiofrequency identification of animals – Code structure Animal identification • ISO 11785:1996, Radiofrequency identification of animals – Technical to the next level concept.

These standards are based on low- frequency communication in the 134.2 kHz (kilohertz) band. This communication path works very well for boluses and injectable transponder applications where the signal passes through aqueous tissue. Transponders (tags) conforming to ISO 11784 and ISO 11785 carry identification information as a 15-digit worldwide unique identification code. The first three digits refer to the country of origin of the animal (conforming to ISO 3166-1:2006, Codes for the representation of names of countries and their subdivisions – Part 1 : Country codes). The remaining 12 digits comprise the actual ID code. ISO 11785 allows both the use of full duplex transponder communication by Pieter Hogewerf and Kees van‘t Klooster (FDX-B) as well as half duplex transponder communication (HDX). In the racing livestock throughout their lifetime is key to controlling FDX-B system, data is transmitted when T the reader’s magnetic field is activated. diseases and ensuring product quality. For this purpose, animals are In the HDX system, data is transmitted connected to a permanent identification device and their details kept after the magnetic reader field has been in databases (e.g. at farm, breeding association or national levels). deactivated. Although traditionally the devices consisted of visual ear tags, the use ISO 11785 is based on a sequential reading of transponders. Although it is of radiofrequency identification (RFID) is nowadays more common. feasible to read an FDX-B and an HDX In response to the latest market trends, ISO is currently working on a transponder within one reader activation standard that will take RFID identification of animals to the next level. cycle, it is impossible to read more than

ISO Focus+ April 2010 © ISO Focus+, www.iso.org/isofocus+ 21 ISO’s RFID solutions Today’s radio-frequency identification (RFID) systems identify and track products, animals or people using radio waves – regardless of their location or distance – for uses as diverse as paying for public transport to tracking freight containers. This technology is made possible by ISO standards which enable interoperability for tracking items throughout the supply chain, from creation to consumption, as well as recyclability and re-use.

Toll payment

Identification

Animal tags Paying for public transport

Medicine authentication

Tracking medical equipment

Check in/ out books

22 © ISO Focus+, www.iso.org/isofocus+ ISO Focus+ April 2010 Passport authentication Item flow Item security control Toll payment

Luggage identification

Product inventory and monitoring

Helping the Pallets blind identify traceability Book data buses, clothing, etc.

ISO Focus+ April 2010 © ISO Focus+, www.iso.org/isofocus+ 23 Special Report

Tricky collisions and how to Latest gadget for avoid them avid shoppers As previously mentioned, under the ISO 11785 protocol, communication is If you abhor aimless strolls at shopping not possible when multiple transponders malls, are short on time, or have a specific using the same technology are in the field purchase in mind, chances are you’ll of the reader. The explanation is simple. welcome a new navigational tool that ISO 11785 FDX-B transponders transmit applies RFID technology to help shoppers data (ISO 11784 code) when they come in find their way. contact with the magnetic field of a reader. If two (or more) FDX-B transponders The system uses a hand-held device enter the magnetic field at the same time, which maps the fastest route for both transponders will be activated, re- completing purchases, and shows the best sulting in mixed signals (collisions) that bargains in the process. make demodulation impossible. Similarly, ISO 11785 HDX transpond- A pilot test carried out with 2 400 people ers transmit ISO 11784 code after the at the Tormes shopping mall in Salamanca, magnetic field of a reader is switched Spain, which has more than 80 stores, off (the transponder is charged when showed the system to be successful the magnetic field is present). If two (or amongst both shoppers and retailers alike more) HDX transponders are charged and (Applied Soft Computing, Nov. 2008). the field switches off, both will be activated, thereby resulting in collisions. Evidence of the versatility of RFID applications, the tag used in the pilot conformed In comes ISO 14223. Its anti-collision to ISO standards for animal identification, ISO 11784:1996, Radio frequency protocol specifies a mechanism to be ac- identification of animals – Code structure and ISO 11785:1996, Radio frequency tivated by the reader when collisions are identification of animals – Technical concept. detected. Transponders in anti-collision mode must then randomly select a time Shoppers would enter their preferences, the amount of time they had, and their frame (among 16 available) for sending allocated budget, and the device would use RFID to identify where they are and send data. information about stores, their location and special offers. And for users that were just looking to hang out, the device would suggest coffee shops, restaurants or even films Remember this currently playing, based on the individual’s interests. The memory of the ISO 14223 trans- Sales managers involved in the pilot believed the device helped their business attract ponder is split into three different sec- more customers and increase sales. tions. The first section is for the ISO 11784 code. The second section has a fixed allo- cation for predefined information, and the one transponder of the same technol- WG 3, Identification, started working on third section is used in combination with ogy at the same time (i.e. two FDX-B a standard for advanced 134.2 kHz animal object identifiers for maximum flexibility transponders), since the signal would be radiofrequency identification technology. (e.g. for future requirements). scrambled. Consequently, there are three different Tracing livestock is key to levels of communication with advanced Market needs transponders (described below). controlling diseases and Today’s RFID animal market is calling ensuring quality. ID reading access for transponders capable of carrying (and writing) additional information about the This method is ideal for ID readings animal (e.g. the possibility to add data The result is ISO 14223 for advanced that have to be performed in the shortest collected by sensors into the advanced transponders (see Box), which enables possible time when the animals are mov- transponder memory and/or insert details both adding information into a transpon- ing. This is the case, for example, when of the animal’s owner). The market is also der’s memory during the life of the animal, animals are passing an antenna in a race- requesting the capability to read data de- as well as the ability to simultaneously read way, or when the animals’ identity has to spite the presence of more than one tran- more than one transponder of the same be checked. In either situation, the ISO sponder of the same technology. type (via an anti-collision protocol). 11784 code – packed in an ISO 11785 Because of this market development, The base for ISO 14223 transponders data telegramme – will be “ read only ”. ISO technical committee ISO/TC 23, uses the ISO 11784 code structure. These In a raceway, no guarantees can be Tractors and machinery for agriculture transponders are thus fully compatible given that anti-collision mechanisms will and forestry, subcommittee SC 19, Ag- with readers complying to ISO 14223 as lead to high identification percentages, ricultural electronics, working group well as ISO 11784 and ISO 11785. especially if the animals are passing the

24 © ISO Focus+, www.iso.org/isofocus+ ISO Focus+ April 2010 antenna in a shorter period of time than The reader commands that the content of the electronics needs to read all the anti- a specific memory block be retransmitted. collision slots. In this case, not all animals The contents of memory blocks are defined will be identified. in ISO 14223-3. Data may include : date of During the reading process, ISO 11784 birth, sex, registration database and/or tel- trailer information will also be transmit- ephone number of owner or contact. ted. This trailer may contain additional SAM is limited to 16 memory blocks, data (e.g. body temperature). with 32 bits of data each. The reader can access the blocks individually and either : • Read the 32 bits data • Write 32 bits into that block • Lock the block, which means its content cannot be altered anymore.

These functions can be protected by a password.

All encompassing and Fast data access Data directory driven memory access compatible This procedure requires that an animal This procedure allows for both read- be in a more or less fixed position. It is ISO 14223 is divided into three parts. ing and writing information. It requires ideal when limited time (approximately the animal to be in a fixed position, and one second) is available for communica- Air interface sufficient time for communication. Any tion, and it allows for both reading and type of information may be stored as Part 1 : Air interface originally writing information. long as the community of users defines published in 2003 is currently being a key (known as an object identifier), revised. It specifies the air interface which specifies the kind and format of between the transceiver and the ISO 14223 responds data to be included (e.g. vaccinations, advanced transponder. It is fully to a market need for animal movement between different compatible with ISO 11784 and ISO additional information. properties, etc.). 11785. Almost here Code and command structure The procedure is known as single block access (SAM). Fast access to the desired ISO 14223-1 (latest revision) and ISO Part 2 : Code and command structure data is necessary. This is realized by hav- 14223-2 are expected to be published end (currently under development) ing specific data at a fixed location in the of 2010. ISO 14223-3 should become specifies the code and command transponder memory. available early 2012.  structure. It ensures full compatibility with ISO 11784 and ISO 11785.

Part 2 can be considered an extension About the authors of, and should be used in conjunction with, ISO 11785. It enables application Dr. Kees van’t Pieter Hogewerf of advanced technologies, and Klooster is Di- is Director of facilitates storage and retrieval of rector of Inno- Innovative Modern additional information (integrated vative Modern Agriculture – Wa- database), reading of integrated Agriculture at geningen b.v. (IMA sensors, and much more. Wageningen b.v. (a –Wageningen). He company active in is responsible for Applications the field of animal the ICAR-approved Part 3, Applications (currently under identification). His animal identifica- research covers international agricul- tion test laboratory and is Project Leader development) describes the memory tural, land and water engineering in a of several ISO animal identification stan- use, its format and how to access broad sense including animal identifi- dardization projects within ISO/TC 23/ information. cation. Dr. van‘t Klooster is Convenor SC 19/WG 3. He is involved as Project of ISO/TC 23/SC 19/WG 3 on animal Leader in several international and natio- identification. nal animal identification projects.

ISO Focus+ April 2010 © ISO Focus+, www.iso.org/isofocus+ 25 Special Report Supply chain applications A systematic approach to seamless and secure tracking

These include many entities, such as producers of the goods, logistics management firms, consolidators, truckers, railroads, air carriers, marine terminal operators, ocean carriers, cargo/mode/ customs agents, financial and information services, and buyers.

Technology only getting better Twenty years ago, tracking products in their movement was difficult, at best, and largely impractical due to the requirements for data entry : completion of forms, key-entry of source documents, and subsequent communications to trading partners. These manual processes were slow and error-prone ; so much so that the value of the results often did not equal the cost of the effort. In the early 1990s, we were able to aug- ment the manual processes with the application of the quick and accurate bar code technology. Today, we are taking the next step. Whereas bar codes require line of sight and can only be scanned one at a time, radio frequency identification (RFID) enables potentially hundreds of tagged by Craig K. Harmon items to be read within seconds. Further – depending upon the materials – tags can There are significant benefits be embedded within the product packag- in being able to track products as ing and read without ever having to open the transport unit. This “ transparency ” of goods move through the supply identification provides both an opportu- chain, including loss prevention, nity and a challenge. inventory control, and in-transit Since multiple items can be read – both visibility. within the package and the package itself – it becomes necessary to distinguish “ Supply chain ” designates an which of the two levels of packaging are overall process that results in being read. Today’s RFID systems enable goods being transported from the reading of all tags : product tags, transport point of origin to a final destina- unit tags or any combination of packaging levels, between or above. tion. It includes the movement of the goods, the shipping data and Standards at work the associated processes, includ- ISO technical committee ISO/TC 122, ing the dynamic links between Packaging, has taken the lead in defin- the different participants. ing the use of RFID throughout the sup-

26 © ISO Focus+, www.iso.org/isofocus+ ISO Focus+ April 2010 ply chain. Within ISO/TC 122, working group WG 10 has developed a suite of standards to ensure compatibility at the physical, command and data level, with five International Standards under the general title : Supply chain applications of RFID (see Figure 1). Where possible, this compatibility takes the form of interchangeability. Where interchangeability is not feasible, the Inter- national Standards within this suite are interoperable and non-interfering. The International Standards within the complete series of supply chain applications of RFID include : • ISO 17363:2007, Supply chain applications of RFID – Freight containers • ISO 17364:2009, Supply chain applications of RFID – Returnable transport items • ISO 17365:2009, Supply chain applications of RFID – Transport units

Movement vehicle Layer 6 (truck, ship, train, airplane) Movement vehicle

Layer 5 ISO 17363 Container Freight containers 20/40 Foot marine and multi-modal container

Layer 4 (860-960 MHz) (Other 18000 with TPA*) Transport unit Transport unit ISO 17364 Transport units

Layer 3 (860-960MHz) (Other 18000 with TPA*) Returnable Returnable Returnable Returnable (MHz with TPA*) ISO 17365 transport transport transport transport Returnable transport item (RTI) item (RTI) item (RTI) item (RTI) items Layer 2 (860-960 MHz) Prod Prod Prod Prod Prod Prod Prod Prod (13.56 MHz with TPA*) pkg pkg pkg pkg pkg pkg pkg pkg ISO 17366 Product packaging Layer 1 (860-960 MHz with TPA*) (13.56 MHz with TPA*) ISO 17367 Item Item Item Item Item Item Item Item Item Item Item Item Item Item Item Item Product tagging

Returnable packaging item

Components, Parts, Materials, Subassemblies, etc.

* TPA : Trading Partner Agreement Figure 1 – Supply chain applications of RFID.

ISO Focus+ April 2010 © ISO Focus+, www.iso.org/isofocus+ 27 Special Report

and data capture (AIDC) media share a Parts Posts common data structure. The bar code and two-dimensional (2D) symbol standards needed to be brought over to RFID and other AIDC media. This permits the bar code and 2D standards of ISO/TC 122 – ISO 28219 for products, ISO 22742 for product packaging, and ISO 15394 for transport units and pallets (returnable transport items) – to share the data structures of ISO 17367, ISO 17366, ISO 17365, and ISO 17364, respectively. This data format issue requires coordination with other coding schemes to ensure no ambiguity over how RF tags are read, as well as the format of their contents. This technique further needs to enable compressed encoding so that only the required number of bits is encoded. For supply chain applications of RFID, only uppercase alphabetic characters, numer- als, and a handful of special characters are needed. This is easily limited to 64 Pallets Packing materials possible characters to be encoded in six binary digits. Figure 2 – Pallet (RTI) and returnable packaging items (RPI). The revisions of ISO 17367, ISO 17366, ISO 17365, ISO 17364, and ISO 17363 • ISO 17366:2009, Supply chain appli- These assets are sent to the customer currently underway address all these is- cations of RFID – Product packaging with the full expectation that they will sues. They will provide considerable added functionality, enhanced tracking of • ISO 17367:2009, Supply chain appli- be returned in the same quantity as was associated items (RPIs), security through cations of RFID – Product tagging. sent. This then leads to a need for a technique to associate the returnable packag- sensor technology, and data structures These International Standards define ing items (RPI) with the base returnable compatible with the bar codes and two- the technical aspects and data hierarchy transport item (RTI) pallet. dimensional symbols that came before.  of information required in each layer of The second issue requiring additional the supply chain. The air-interface and clarity was the interface among sensors, communications protocol standards (sup- the RF tag and the infrastructure. There About the author ported within the supply chain applica- has been substantial advancement in the tions of RFID International Standards) standardization of sensor interfaces be- Craig K. Harmon are ISO/IEC 18000, ISO/IEC 24730 and tween the publication of the ISO 1736x is President and ISO/IEC/IEEE 8802-15-4. Commands series and today. CEO of QED and messages utilize ISO/IEC 15961 and Two important standards from the Systems. He is the ISO/IEC 15962, semantics are defined in IEEE under the ISO/IEEE the Partnership Convenor of the ISO/IEC 15418, and syntax is defined in Standards Development Organization ISO working group ISO/IEC 15434. (PSDO) have been submitted for publica- addressing RFID tion as ISO International Standards : the applications in the Overcoming issues IEEE 1451 series and the wireless sensor supply chain (ISO/ interface of IEEE 802.15.4. Rather than TC 122/WG 10), as well as the RFID ISO periodically reviews its standards reinventing the wheel by developing new Experts Group, and the group developing to ensure that they retain their useful- (and overlapping standards), these IEEE the US positions for ISO RFID stan- ness as state-of-the-art tools for business, standards will serve as the basis for sen- dards. He is also the Chair of the ISO government and society. With a similar sors communicating to RF tags, sensors committee on mobile item identification intention, ISO/TC 122 will be reviewing communicating to infrastructure, and sen- and management, and the ISO committee the 2007 and 2009 standards with special sors communicating to networks (e.g. the responsible for the development of sensor attention given to three issues. new work of the ISO/IEC JTC 1, Infor- specifications. Mr. Harmon is the author The first deals with assets that might mation technology, working group WG 7 of four books on data collection tech- be associated with a pallet or packaging on sensor networks). nology, including Reading Between The (returnable packaging items), such as in The third issue is the data format of Lines and Lines of Communications, and Figure 2, specifically the posts and pack- the RF tags. It has become increasingly he is a content contributor to the Website : aging materials. important that all automatic identification autoid.org.

28 © ISO Focus+, www.iso.org/isofocus+ ISO Focus+ April 2010 Keeping track of the location of these containers is a never-ending concern for senders and receivers alike. But in the ab- sence of containers that automatically an- nounce their position, the shipping industry still relies on conventional artificial or semi-artificial tracking methods. This makes it difficult to control cargo status during physical distribution, and shippers often have to extend promised delivery times to avoid violating agreements. All this adds to logistics costs.

Unified International Standards are essential.

The solution is increased transparency in container logistics, meaning that information is available for transmission to a network platform automatically when containers arrive at a key node in the con- veying chain, such as a warehouse, port or deconsolidation point. Shippers and other personnel can then receive clear, reliable information on the location of containers using an Internet application.

Location reporting Modern information technology provides an effective way to achieve this transparency. An Internet-based network is created to cover containers, with the Cargo help of RFID (radio frequency identification), wireless data communication and other technologies. Containers are able to actively “ inform ” the network of their shipment tags location, while shippers take the initiative to “ perceive ” containers. Maritime transport is an important commercial activity across any number of Making transport more countries. This global nature of the industry makes unified International Standards transparent, efficient and safe for RFID applications in container transport absolutely essential. A new standard is being developed to improve transparency and efficiency in by Qifan Bao the freight container transportation process. The future International Standard Growth in international freight volumes directly reflects the emer- (ISO 18186, Freight containers – RFID – gence of a truly global economy, and it’s safe to say that container- Cargo shipment tag) will ultimately benefit many stakeholders, including forward- ized shipping has become the most important element in the mod- ers, insurance companies and carriers, ernization of the transport sector. At any given time, there are some but shippers will likely see the greatest 40 000 large cargo ships plying the world’s waterways, not to men- advantages. Access to real-time information countless smaller merchant craft, all pulling in and out of ports, tion on the precise location of shipments will enable shippers to adjust production loading, unloading, changing out crews and cargos, and travelling schedules and maximize return on capital from one location to the next. employed.

Transparency and efficiency • ISO/TS 10891:2009, Freight con- containers – Radio frequency identifica- tainers – RFID – Licence plate tag, tion (RFID) – Licence plate tag, and the ISO technical committee ISO/TC 104, which enables electronic information ISO 18185 series on electronic seals. The Freight containers, subcommittee SC 4, transfer from containers to automatic RFID cargo shipment tag defined in this Identification and communication, is de- processing systems. This optimizes the standard can be used separately or with voted to developing standards for auto- efficiency of equipment control sys- e-seals and license plate tags. matic identification, interconnection and tems and assists in container security Related International Standards are ex- information sharing, as well as intelligent initiatives. pected to promote RFID applications for management of freight containers. The freight container transportation. They are scope of the subcommittee includes : also envisaged to help users select prod- • Visual marks (location, encoding, Keeping track of ucts that make container logistics more design and size) the location of transparent, efficient and safe.  • Identification of freight containers these containers is (identity codes and marks) a never-ending concern. • Automatic container identification systems (identification messages and About the author related communication) The future ISO 18186 will complement • Other container communications the framework of standards developed by Qifan Bao, a (definitions, data elements, codes and ISO/TC 104/SC 4. It will describe how Professional Senior qualifiers). transparency and efficiency in freight Engineer and Vice container logistics can be improved using President of Shan- The future ISO 18186 is being devel- RFID cargo shipment tags and Internet- ghai International oped by working group WG 2, AEI for based software. The cargo shipment tag Port (Group) Co. containers and container related equip- system records container transportation Ltd, is project lea- ment, within SC 4. The working group processes and enables online tracking by der of ISO 18186, has published some important stand- security authorities. Freight container ards regarding automatic equipment The RFID cargo shipment tag system – RFID – Cargo shipment tag. He has identification for containers and related would be separate from other container led several demonstrations of RFID in equipment : security and identification RFID frame- international container pilot projects, • The ISO 18185 series of standards works, such as the container ‘license including the China-USA e-tag pilot for freight containers electronic seals plate’ tags described in ISO 10374:1991, sailing between Shanghai and Savannah, which aim to enhance cargo security in Freight containers – Automatic identi- Georgia, and a China-Canada pilot for container transportation fication, and ISO 10891:2009, Freight food defence.

30 © ISO Focus+, www.iso.org/isofocus+ ISO Focus+ April 2010 filling station, batch and date of fill. A variety of strategies are used to physically identify cylinder characteristics, such as stamp marking (ISO 13769:2007), colour coding with paint (ISO 32:1977), paper labelling (ISO 7225:2005), card, metal and plastic labelling and bar coding. Radio frequency identification (RFID) provides an innovative and practical technology for reliably identifying gas cylinders.

Requirements

RFID requires a reader station (also known as an interrogator) that transmits a predetermined signal of inductive, radio or microwave energy to one or many transponders located within a read zone. The signal is then returned in a modified form to the interrogator and the data is decoded. Of paramount The encoded data enables unambiguous identification of the transponder. It may also provide a medium for a bi-directional importance interactive exchange of data between the host and transponder. The signal may be modulated or unmodulated according to Ensuring traceability the architecture of the system. In many cases, it will be necessary to of gas cylinders use one air carrier frequency and protocol, but this will not be possible, or even desirable, in all situations. It is sometimes by Hervé Barthélémy useful to separate fundamentally different cylinders by the response frequency. However, benefits may be found in the Gas cylinders enable local use of gases and liquids without the need use of a common core data structure that is for costly permanent pressure vessel installations. They are essential capable of upwards integration. It should be to providing complex gas mixes for a wide range of medical, indus- expandable from the simplest low-cost cylinder identification system to more complex trial and research uses. These cylinders are manufactured in a variety functions. Such a structure must be flexible of shapes and sizes, with the most common configurations providing and enabling, rather than prescriptive, to capacities ranging from 1 to 50 litres. All are controlled by interna- allow different degrees of interoperability, tional, regional or national safety regulations requiring clear markings within and between host systems. and periodic safety checks and maintenance. Pressure testing require- Maximizing interoperability ments vary according to the design of the cylinder and its contents. Two widely used standards still gaining A long and changing lifespan in popularity are : • ISO/IEC 8824-1:2008, Information Although manufactured to specific de- As gas cylinders may store a wide vari- technology – Abstract Syntax Notation signs for different contents, gas cylinders ety of gases, identification is of paramount One (ASN.1) : Specification of basic have a very long lifespan, often exceed- importance. In fact, more often than not, notation ing 50 years. During that time, cylinders it is mandatory to uniquely identify each • ISO/IEC 8825-5:2008, Information may contain various gases at different fill cylinder. Because contents may have a technology – ASN.1 encoding rules : pressures. Consequently, the amount of limited shelf life – and to meet product Mapping W3C XML schema defini- gas held in the cylinders may also vary. quality and liability tracking require- tions into ASN.1. It is possible that during their lifetime the ments – it may be necessary in some cir- regulatory framework controlling their cumstances to identify not only the type Standard notation ASN.1 is used for the use may also change. of gas or liquid, but also details such as definition of data types, values, and con-

ISO Focus+ April 2010 © ISO Focus+, www.iso.org/isofocus+ 31 Special Report straints on data types. It provides maxi- technology – Part 2 : Numbering schemes mum interoperability and conformance to for radio frequency identification, es- existing standards. Furthermore, ASN.1 tablishes a common framework for data meets the specifically defined require- structure that enables unambiguous iden- ments for a generic standard model for tification in gas cylinder applications, and portable gas container identification. It : for other common data elements. • Enables and uses existing standard coding As gas cylinders may • Is adaptable and expandable contain a wide variety of • Does not include unnecessary informa- gases, identification is of tion for a specific application paramount importance. • Has a minimum of overhead in storage UHF Tag – Read collectively from a long distance. and transmission. Part 2 also facilitates harmonization Accessories information among different systems. It does not • prescribe any one system, and has been • Acetylene specifics (porous mass written in a non-mandatory style so as characteristics). to avoid becoming obsolete as tech- ISO 21007-2 contains a list of gas nology changes. Data elements cylinder manufacturers codes for iden- forming part of transmission tification (as part of Annex C). or storage protocols such as headers and check- Barcode vs RFID sums are excluded. Today, 2D (two-dimensional) bar Identification codes compete with RFID technology for data schemes gas cylinder identification. Acquisition time, writing time as well as ease of use ISO 21007 re- are some of the criteria considered when quires that RFID gas choosing between the two solutions. Har- cylinder systems monized best practice would benefit the are built around a end-users of gas cylinders. ISO 21007-1 fixed core or un- and ISO 21007-2 are key tools for achiev- ambiguous identifi- ing this harmonization.  cation element. This core element will form the first data set of one (or many) data sets in a About the author RFID tags store information specific to each gas cylinder environment, gas cylinder. using data structures comply- Dr. Hervé ing with ISO 21007-1. Barthélémy is an Fixed data schemes covered : International Fel- • Numbering (binary) low at Air Liquide • Numbering (ASCII). of France, where he has worked Harmonizing and defining Optional/additional data schemes for 31 years. He included : ISO technical committee ISO/TC 58, is responsible for Gas cylinders, subcommittee SC 4, Op- • Cylinder manufacturer information materials, gas cy- erational requirements for gas cylinders, • Cylinder approval information linders, pressure vessels and hydrogen has developed a key multi-part standard • Cylinder package information (wa- activities. Dr. Barthélémy is Convenor enabling RFID application. ter capacity, working pressure, tare of ISO/TC 58/SC 4/WG 6 responsible The first part, ISO 21007-1:2005, Gas weight, last test date) for the identification of gas cylinders. cylinders – Identification and marking He is also Chair of ISO/TC 58/SC 2 • Cylinder content information (content using radio frequency identification tech- which deals with cylinder valves and code, fill date) nology – Part 1 : Reference architecture accessories, and Convenor of working and terminology, includes definitions of • Commercial product information group ISO/TC 58/WG 7, Gas/materials more than 60 terms. (quantity, quantity unit code, product compatibility and WG 10, Fitment of The second part ISO 21007-2:2005, ID) valves on gas cylinders. Dr. Barthélémy Gas cylinders – Identification and mark- • Product lot information (expiration is Chair of ISO/TC 220, Cryogenic ing using radio frequency identification date, lot ID) vessels.

ISO 33rd General Assembly for developing countries. It is named after Professor Helmut Reihlen, former Direc- At the invitation of the ISO member for tor of DIN, in recognition of his significant Norway, Standards Norway (SN), ISO will contribution to ISO’s capacity-building ac- rd hold its 33 General Assembly from 15 to tivities in developing countries. 17 September 2010 in Oslo. The contest is open to permanent employ- As part of the General Assembly, there ees of standardization institutions in devel- will be one full-day open session on 16 oping countries and economies in transition, September on the theme of applied informa- members of ISO. Delegates and experts in- tion technologies (IT) for which the need volved in ISO technical work, duly author- for globally relevant solutions has been ized by the ISO member in his/her country, recognized. may also participate in the contest. Associated meetings of the ISO Commit- To take part in the contest, candidates tee for developing country matters (ISO/ must be under 35 years old and write an es- DEVCO), the ISO Technical Management say on the proposed theme and complete the Board and ISO Council, will take place contest entry form. Entries must be submit- in parallel during the week of the General ted to the CEO of the candidate’s national Assembly. standards body by 10 May 2010. The winner Participation is reserved for representa- of the first prize (3 000 Swiss francs) will tives of ISO members and invited interna- receive the award at the ISO 33rd General tional organizations. Assembly, to be held in Norway in Septem- An interview with Trine Tveter, Manag- ber 2010. Second and third place prizes will ing Director of Standards Norway, giving also be awarded. ISO 2010-A5.indd 2 an overview of SN and the goals for hosting For more information : [email protected] 19.03.2010 15:17:42 the ISO GA, will appear in the May 2010 actively participated in the committee’s first ISO Focus+ issue. International language for energy plenary meeting. Held in January 2010, the efficiency and renewables event was hosted by AFNOR (ISO member for France), which holds the Secretariat for International dialogue on energy will be ISO/IEC JPC 2. facilitated by a future International Standard At the meeting, participants confirmed the harmonizing energy efficiency and renew- scope and title of the committee. Special- able sources terminology. ized working groups were then established The standard will be developed by ISO and to efficiently tackle the different concepts, the International Electrotechnical Commission focusing either on renewables or energy (IEC), within the joint project committee ISO/ efficiency. IEC JPC 2, Energy efficiency and renewable Chair of ISO/IEC JPC 2, Hervé Lefebvre, energy sources – Common terminology . commented : “ It is clear today that both en- The International Standard will identify ergy efficiency and the need for renewable and define terms used in the field of energy energy sources are at the top of the world’s efficiency and renewable energy sources. policy agenda. Not only are they important It will support the metrics, calculation and to ensure energy security, but also to reduce assessment methods, methodologies and greenhouse gas emissions, while enhancing best practice needed by policy makers, in- economic development objectives. dustry, standards writers and many other “ This has drawn a plurality of actors stakeholders. from different sectors : energy, building, Currently, 40 countries are involved as industry, transport, agriculture, equipment participants and observers, eight of which and network design, services, etc., as well as

23.03.2010 15:54:10

Programme AG 2009 - E.indd 1 Contest for young standardizers ISO is holding a contest for young standardizers in developing countries and economies in transition. The purpose of this contest is to encourage young professionals to engage in international standardization and to raise awareness of the importance of standards in promoting safe and sustainable economic development. The theme for the 2010 award is, “Can In- ternational Standards help fight climate change ?”. The award is cosponsored by ISO and the Deutsches Institut für Normung (DIN), ISO member for Germany. The award is held every other year under the ISO Action Plan Participants at the first meeting of ISO/IEC JPC 2.

ISO Focus+ April 2010 © ISO Focus+, www.iso.org/isofocus+ 33 Planet ISO public authorities, NGOs, and other stake- Austrian Standards Institute (ASI), a holders. Harmonized definitions are in this member of ISO since 1947, participates context a prerequisite to enable the different in ISO’s policy development committees stakeholders to work together and develop (ISO/CASCO, ISO/DEVCO and ISO/CO- shared tools. POLCO, and in 71 % of the active ISO tech- “ A globally harmonized standard for ter- nical committees and subcommittees. minology in this area is indispensable for progress, ” concluded Mr. Lefebvre. ISO President talks business The International Standard is expected to support and facilitate global understanding Standards mean business, was the mes- of energy efficiency and renewable energy sage of ISO President Alan Morrison during sources and contribute to : his visits to ISO members DIN (Germany), • The elaboration of regional and national JISC (Japan) and SNV (Switzerland). regulations The President emphasized that standards are important now more than ever to bolster • Clarification of relations between provid- From left : recovery as the world emerges from a global Deputy Director of SNV Urs Fischer, ers and clients (procurement, contracts, financial crisis and recession. President of CEN Juan Carlos Lopez Agüi, services) ISO President Dr. Alan Morrison and • Standards writing ; coordination between Managing Director of SNV Dr. Hans-Peter the different standardization technical Homberger. committees working in related subjects ; users’ understanding of the standards and While in Japan, Dr. Morrison had the their application. opportunity to address some 200 Japanese The next ISO/IEC JPC 2 meeting will be business leaders and further highlight the held on 22-24 September 2010. economic importance of standards. “ ISO standards provide confidence, reduce uncertainty and manage risk in a glo- ISO Secretary-General balized world… Just as a lever dramatically visits Austria increases the amount of force you can exert, “Standards support economic develop- so International Standards increase desir- ment,” underlined ISO Secretary-General able characteristics such as quality, envi- Rob Steele during a visit to the Austrian ronmental friendliness, safety, reliability, Standards Institute (ASI) in February 2010. efficiency, interchangeability and interoper- ISO President Dr. Alan Morrison (right) “In business, there are many things a man- ability – at an economical cost.” with JISC President Dr. Tamotsu He called on CEOs to get their companies ager must consider. What and where are the Tomakuchi. risks/opportunities ? In all these areas, ISO involved in standardization. “ CEOs must standards can assist,” said Rob Steele, as he look beyond their boardrooms, beyond their went on to explain how standards support nation’s borders, and participate in an activ- and enhance business throughout the busi- ity that makes business and strategic sense : ness value chain. the development of International Standards.” During his visit, the ISO Secretary-Gen- eral met with senior staff of ASI and Austri- Sustainable business districts an Standards plus GmbH (AS+). Among the More and more business districts like La subjects discussed were current standards Défense in Paris, or the Central Business topics and developments in international District in Beijing, are being built every- standardization, as well as cooperation in where in the world, while existing ones are education and training activities. being drastically refurbished. No longer considered isolated precincts exclusively From left : DIN Director Dr. Torsten Bahke, devoted to business and distant from sur- ISO President Dr. Alan Morrison, rounding urban areas, they are increasingly DIN Director International Cooperation embracing mixed-use planning, social di- Ernst- Peter Ziethen. versity and sustainable development. ISO standards promote business efficien- However, in their quest for a more sus- cy and directly impact a company’s culture tainable, responsible and cost-effective to give a competitive edge, he said. They blueprint, they have been left largely in the bridge the knowledge gap and enhance in- dark. There is currently no guidance on ur- novation, and are a necessary link in the ban planning in International Standards. global supply chains. International Stand- Some “ clues ” may be captured from ards are key for reducing technical barriers private declarations, codes of conduct or to trade and promoting economic recovery. records of best practice. But often, these fail The President also addressed other key glo- to take into account the specific characteris- bal challenges to which ISO is making a con- tics of business districts : tribution such as climate change, energy, food, • Dense occupancy with a concentration of From left : ASI Deputy Managing high-rise buildings Director Dr. Elisabeth Stampfl-Blaha, water and social responsibility. He explained Large traffic of people during office ISO Secretary-General Rob Steele, that as the world aspires to sustainable devel- • Director Publishing Wilhelm Takats, opment, there is also a need for new more ef- hours Director Development Dr. Karl Grün, ficient technologies and ethical business prac- • Complex management due to mixed-use and Director Consulting Joanna Gajdek. tices, and ISO standards provide solutions. and multi-layer structures

34 © ISO Focus+, www.iso.org/isofocus+ ISO Focus+ April 2010 addressing the 2 650 comments received during the course of the vote from ISO members and liaison organizations in order to increase the level of consensus and the quality of the document even further. With this objective in mind, the group’s drafting task force will look into all comments received and prepare proposed ways forward on key topics identified for discus- sion among the ISO/WG SR experts at its next meeting to be held in Copenhagen, Denmark, in May 2010. After the meeting, a new revised document will be finalized based on the agreements reached in Copenhagen. This document will be circulated as an FDIS for a two-month ballot and, if approved on the FDIS vote, ISO 26000 could be published as an International Standard by the end of this year. Business district of La défense in Paris, France. The ISO/WG SR leadership thanked liaison organizations and members for their par- • Deserted areas at evening and weekends ISO 26000 moves forward ticipation and assured them that all comments will be given a fair and equitable treatment. • Exacerbated security issues, etc. The future ISO 26000 standard giving ISO 26000 will provide harmonized, glo- Many business districts do engage in guidance on social responsibility has just bally relevant guidance based on interna- sustainable development. But there is little, passed another important development stage tional consensus among expert representa- if any, communication between them and with confirmation that support by ISO’s na- tives of the main stakeholder groups and with stakeholders. There are no organized tional members and by participating liaison so encourage the implementation of social schemes to share information, experiences organizations is strong enough for it to be responsibility worldwide. The guidance in and best practice, follow common princi- progressed to a Final Draft International ISO 26000 draws on best practice devel- ples, elaborate guidelines or assess perform- Standard (FDIS). This is the final stage in oped by existing public and private sector ance at the district level. That is, until now. the development of an ISO standard before SR initiatives and is intended to be useful to Given this situation, ISO is developing an it is published as a fully fledged ISO Inter- organizations large and small in both these international workshop agreement (IWA) at national Standard. sectors. the request of Sustainable Network – a France- based non-profit association bringing together business district managers, companies, uni- versities and national standards bodies from the ISO community (such as Canada, China, Czech Republic, France, Italy, Namibia, Po- land, Russia and the United Kingdom). The IWA will provide holistic guidance on how to apply and assess sustainable de- In mid-February, ISO’s national stand- The ISO/WG SR is made up of experts velopment principles for the entire business ards body (NSB) members voted in favour from ISO members (NSBs) and from liaison district rather than to each of its individual of moving the Draft International Standard organizations. Membership is limited to a components – buildings or civil engineering (DIS) version to FDIS status. However, in maximum of six experts per NSB and two works. It will establish a basis for bench- order to also assess support from the 42 inter- experts per liaison organisation. In total, the marking best practice. The IWA is expected national liaison organizations participating in group comprises 436 participating experts to be completed early 2011. the ISO Working Group on Social Responsi- and 195 observers from 94 ISO member The IWA will help save energy and mon- bility (ISO/WG SR), its leadership reviewed countries and 42 liaison organizations. ey. Business districts will no longer need to the views and comments of these organiza- For more information on ISO 26000 and reinvent solutions that may have proved un- tions before formally proceeding to FDIS. the ISO Working Group on Social Respon- successful elsewhere. The IWA will enable The liaison organizations include asso- sibility, see the dedicated Website: www. innovative actions to better enter the mar- ciations representing business, civil society iso.org/sr. This Website includes docu- ket. By promoting sustainability the IWA NGOs, consumers or labour, and include ments giving the background to ISO’s SR will help address pressing environmental groupings of both inter-governmental and initiative, documents and press releases on issues, such as climate change, that require non-governmental origin. They do not have the progress of the work and how it is being a collective effort from all of us. voting rights, but have actively and directly carried out, the membership and structure of The initiative was launched in Paris, participated in developing ISO 26000 and the WG SR, how to participate in the de- Untitled-1 1 13.10.2008 15:19:16 France, in the business district of La Défense commenting on the document. velopment of ISO 26000, a newsletter, de- in January 2010. The next meetings will Following the positive mid-February velopment timeframe, FAQs, contacts and take place in Montreal, Canada (May 2010) vote, the leaders of the ISO/WG SR have other information. Many are available in and Beijing, China (end 2010). concluded that there is the requisite support several languages. To join the workshop or obtain more for registering the current document as ISO/ Working documents including the DIS information on its work, contact : Bernard FDIS 26000. can be accessed at www.iso.org/wgsr. A Leservoisier, Secretary at With this decision now formally con- compilation of the comments received on [email protected] firmed, the ISO/WG SR will next focus on the DIS is being added to this site. 

continue, with refinements, through all ISO/IEC 20000 series stages. The plan has been designed to be useful for organizations with no formal service management, or those already IT service close to meeting the requirements of ISO/IEC 20000-1. Part 5 includes useful checklists and example documents, such as policies. management The fourth part of the series, ISO/ IEC TR 20000-4, Process reference model for service management, known as by Jenny Dugmore a PRM, is expected to be published late 2010. It will provide the basis for ISO/ ith up to 80 % of information technology (IT) budgets of most or- IEC 15504-8, Process assessment model W for service management, (known as a ganizations directly linked to service management processes, the ISO/ PAM). IEC 20000 series provides a benchmark for IT service management In view of the increasing proportion that should result in cost savings for users, whether large or small of organizations going for combined enterprises, as well as increased productivity and improved customer audits against ISO/IEC 20000-1 and ISO/ IEC 27001, which gives the requirements service. for an information security management system, the working group responsible The ISO/IEC 20000 series enables The implementation of ISO/IEC 20000 for IT service management is working organizations to benchmark their capa- will ensure proactive working practices closely with joint technical committee bility in delivering managed services, able to deliver high levels of customer ISO/IEC JTC 1, Information technology, measuring service levels and assessing service to meet their business needs. subcomittee SC 27 on information performance. The ISO/IEC 20000 series was security, to produce ISO/IEC 27013, Today, IT service providers are under launched with the publication of two Guidance on the integrated implementa- sustained pressure to deliver high quality parts in December 2005. Part 1 provides tion of ISO/IEC 20000-1 and ISO/IEC service at minimum cost. Concerns have the requirements for an IT service man- 27001. This is still at an early stage. been raised that IT services, whether pro- agement system and Part 2 gives guid- In addition, ISO/IEC JTC 1/SC 7, Soft- vided by an in-house IT department or ance on understanding and achieving the ware and systems engineering, working an external organization, are not aligned requirements. group WG 23, System quality manage- with the needs of the business and its cus- ment, is developing ISO/IEC TR 90006, tomers. The ISO/IEC 20000 series helps Practical advice Guidelines for the application of to reduce operational exposure to risk, ISO 9001 to IT service management. This meet contractual and tendering require- The third part of the series, a technical will be based on the second edition of ments, demonstrate service quality and report (TR) was published in October ISO/IEC 20000-1, which is expected to deliver best value. 2009. ISO/IEC TR 20000-3 was developed because many organizations find be published in 2011.  it difficult to define the limits of their IT service management activities, de- Organization X spite this being a necessary first step for any implementation project. Part 3 gives practical advice on defining the scope and About the author Customer P applicability of ISO/IEC 20000-1 and on (location 1) conformity assessment. Jenny Dugmore It includes realistic, scenario-based is Convenor of examples to explain how the scope may the joint technical be defined. Many scenarios are based on a committee ISO/ wide variety of supply chains, such as the IEC JTC 1, Infor- External service provider C one depicted in Figure 1. mation techno- Next due for publication is ISO/ logy, subcommittee IEC 20000-5, which provides an SC 7, Software and Supplier Supplier Supplier exemplar implementation plan for ISO/ systems enginee- IEC 20000-1. The generic plan divides ring, working group WG 25, IT service Supplier Supplier the implementation into what to do management, the group responsible for first, second and third, finishing with the ISO/IEC 20000 series. For more Figure 1 – An example of an IT service consolidation of all the improvements. information on the series, contact : scenario. Some activities start in the first stage and [email protected].

36 © ISO Focus+, www.iso.org/isofocus+ ISO Focus+ April 2010 Supply chains and ISO 9001 agement system (QMS) that meets ISO What to expect, how to get it 9001 requirements and that is relevant to the products it is providing ? What other forms of conformity assessment may be appropriate, other than ac- by Nigel H. Croft credited third party certification ? Where does product certification fit in ? ne of the primary objectives of ISO 9001, as clearly described in What should customers do if they are O not happy with the performance of their Clause 1.1 of the ISO 9001:2008 standard is “ to specify requirements suppliers ? for a quality management system where an organization…needs to demonstrate its ability to consistently provide product that meets customer and applicable statutory and regulatory requirements…” How can a purchaser be sure that its supplier In an effort to shift the incorrect focus primarily at emphasizing this point to ac- really does have an of some organizations, consultants, audi- credited certification bodies and their au- ISO 9001 QMS? tors and others from concentrating only ditors, and the mantra, Output matters !, on the documentation and administrative is now part of the everyday lexicon of requirements of ISO 9001, recent strate- those involved in conformity assessment gic initiatives by ISO and the Internation- of management systems. With this in mind, ISO has recently al Accreditation Forum (IAF) have placed But what does this mean to those who updated its informative document, ISO a much greater emphasis on the effective- purchase goods and services from “ ISO 9001 – What does it mean in the sup- ness of the quality management system in 9001-certified ” suppliers ? Does it mean ply chain ?, which is available free of achieving this objective of “ consistent, there is an absolute guarantee that the charge on the ISO Website www.iso.org/ conforming products ”. goods and services provided will always managementstandards. A recent ISO/IAF joint communiqué meet the customers’ requirements ? The objective of this document is not on the expected outcomes from accred- How can a purchaser be sure that its only to generate greater awareness among ited certification to ISO 9001 was aimed supplier really does have a quality man- purchasers about what ISO 9001 can and

cannot achieve, but also to stimulate con- International Accreditation Forum The IAF is an association of structive feedback to those concerned (IAF) accreditation bodies and other when things do not go according to plan. interested parties from around The informative brochure was written the world who work together to for an intended audience of purchasers in promote confidence and consistency a business-to-business environment, who are not necessarily certified to or even in the ISO 9001 accreditation and familiar with ISO 9001. It addresses the certification process. main topics outlined below. • What is ISO 9001 ? Accreditation body The accreditation process provides • The concept of a quality management additional confidence that the system certification body is competent and • Relationship between ISO 9001 and has the necessary integrity to issue ISO 9000 an ISO 9001 certificate. Accreditation • Main issues addressed by ISO 9001. is usually carried out by national or regional accreditation bodies and What does “ conformity to their accreditation mark will appear ISO 9001 ” mean ? on the certificate. • How the quality management system relates to supplier performance Certification body/Registrar A common way for a supplier to • Relationship between conformity to demonstrate conformity to ISO 9001 ISO 9001 and declarations of product is via an independent – “third party” conformity. – certification process. A certification body (sometimes known as a “registrar”) conducts an audit of the The brochure was written supplier and if all is okay, it will issue for purchasers. a certificate of conformity. How does ISO 9001 help you in The organization If you know your supplier selecting a supplier ? (Your supplier) organization well and have confidence in it, it may be sufficient • Important factors for the purchaser to to accept a “Supplier’s declaration consider of conformity” to ISO 9001 issued • The purchasing information that should by your supplier. Alternatively, you be provided so that suppliers clearly may choose to audit your supplier understand their customers’ needs yourself, or rely on audits that have • The ways in which supplied products been carried out by other reputable can be verified as meeting the require- customers. These are known as ments of the customer. “second party” audits. How can purchasers be sure that the products they receive The customer Your are the one who is buying the will meet their requirements ? ( Yo u !) goods or the services from your supplier. You need to make sure you • Level of confidence needed in the supplier’s ability to provide conforming tell the supplier exactly what you product on a consistent basis want. Depending on how well you know your supplier, the confidence • Reputation and historical performance of the supplier you have in its products, and the importance of its products for your • How to be sure the supplier actually own business, you might not even does have a quality management system that meets ISO 9001 requirements need the supplier to demonstrate ISO 9001 conformity at all. • Need to check that the goods and services being provided are covered within the scope of the supplier’s quality Figure 1 – Some ways of demonstrating conformity to ISO 9001. management system.

38 © ISO Focus+, www.iso.org/isofocus+ ISO Focus+ April 2010 conforming goods or services, but should Full potential not be taken to imply a guarantee of the products themselves. The informative brochure that is now available on the ISO Website provides What to do if things go wrong purchasers with the information needed to ensure that the ISO 9001 standard is This part of the brochure is intended to used to its full potential in the business- stimulate the appropriate feedback chan- to-business supply chain.  nels from customers to their suppliers and, if necessary, to the certification body How can you have confidence and accreditation body responsible for the About the author that your supplier meets certification. ISO 9001 ? Dr. Nigel H. Croft has been involved This section of the document guides What should customers in many aspects of the purchaser through the many ways in do if they are not happy quality manage- which a supplier can legitimately claim ment and confor- to have a quality management system that with their suppliers? mity assessment meets the requirements of ISO 9001, and during a career of the characteristics of each. They include It stresses that the first line of commu- over 35 years. He (see also Figure 1) : nication should be between the customer is currently a lead • Supplier’s declaration of conformity and the supplier, using the normal chan- consultant for the United Nations Indus- • Second party assessment nels that have been established. trial Development Organization (UNIDO) • Non-accredited third party assessment If, however, there are repetitive prob- and also serves as a director and/or non- lems with the overall performance of the executive board member of a number of • Accredited third party assessment. supplier – for example, if it continues to commercial and non-profit organizations provide non-conforming products, does in Europe, the Middle East, Asia and Can suppliers claim that not address customer complaints, or is South America. their goods or services meet not taking appropriate corrective actions Dr. Croft was the founding Co-chair of ISO 9001 ? – then this is an indication of problems the ISO 9000 Advisory Group, which in the supplier’s quality management developed the original version of the This part of the document explains that system. informative document, that this article ISO 9001 refers to quality management In such cases, it may be appropriate to describes. He has recently been appointed systems, and not directly to goods and escalate the complaint to the supplier’s Chair of subcommittee SC 2, which is services supplied. A quality management management representative, to the certi- responsible for developing the ISO 9001 system meeting the requirements of ISO fication body, or in extreme cases to the and ISO 9004 standards, of ISO/TC 176, 9001 should provide confidence in the relevant accreditation body, or even the Quality management and quality assu- supplier’s ability to provide consistent, IAF. rance.

Quality Milk Production Services (QMPS) at Cornell University’s College of Veterinary Medicine, Ithaca, New York State, USA, has become the first milk quality laboratory in North Amer- ica to achieve accreditation to ISO/IEC 17025:2005, General requirements for the competence of testing and calibration laboratories. “ New York enjoys the best quality milk among all the large dairy states in the nation, and is very proactive in having animal health and animal welfare

Photo : Cornell University.

Clearing feed spill is not everyone’s first mental image of what being a professor at the prestigious Cornell University entails.

programmes in place. QMPS and the Cornell ensures entire Animal Health Diagnostic Center (AHDC) at Cornell play a crucial role in safeguarding the health and welfare of all dairy cows in New York, ” said Patrick milk quality Hooker, Commissioner of the New York State Department of Agriculture and Markets, speaking at an event in Ithaca 8 000 farms benefit to celebrate the ISO/IEC 17025:2005 accreditation of Cornell’s milk quality from ISO/IEC 17025 programme. Cornells milk quality programme – the largest in the USA – makes sure that by Ynte Schukken milk-based dairy products are safe to consume and that they are of the highest pos- Cornell University’s milk qual- sible quality. The Quality Milk laboratory ity programme is now claimed is operated by QMPS, a science-based organization that uses the most effective to be the most qualified in North methods and technology to help produc- America following successful ers improve dairy product quality and ISO/IEC 17025 accreditation of safety. its testing laboratory serving the Our work contributes to consumer confidence in the dairy industry and touches milk safety and quality needs of everyone’s table – whether it’s the milk some 8 000 farms in the states on their cereal, yogurt for lunch or the of California, Maine, Massa- Parmesan cheese sprinkled over their chusetts, New Hampshire, New spaghetti. At QMPS, we educate individuals York, Ohio, Pennsylvania and working in many aspects of the dairy in- Vermont. Photo : Cornell University. dustry, from milking crews, veterinarians

40 © ISO Focus+, www.iso.org/isofocus+ ISO Focus+ April 2010 Patrick Hooker, Commissioner of the Department of New York State Agriculture and

Markets, speaks at an : Cornell University. event to celebrate the Photo ISO/IEC 17025:2005 accreditation of Cornell’s milk quality programme. Photo : Cornell University. and milk inspectors to its most important customer, the consumer. The 63-year-old lab employs a staff of 40 veterinarians, microbiologists, technicians and office staff serving the needs of about 8 000 farms.

Why accredit ? There were several reasons be- hind our decision to implement ISO/ IEC 17025:2005. First of all, we want to be recognized among the best milk Natasha Belomestnykh, microbiologist at ISO/IEC 17025:2005-accredited Quality Milk quality laboratories in North America. Production Services (QMPS) at Cornell University’s College of Veterinary Medicine, uses a microscope to detect the presence of Mycoplasma colonies in milk samples. Secondly, it quickly became clear that implementation of a stringent quality ISO/IEC 17025:2005 implementation He was supported by the Milk Pro- assurance system had many unexpect- and accreditation was a five-year proc- gramme Director, the Associate Director/ ed benefits for managing a complex ess. As a starting point, we assembled an Quality Manager, the Laboratory Super- organization. implementation and review team headed visor, QA Assistant, Project Manager, by the AHDC Quality Assurance Man- and the Administrative Manager to pro- The ultimate benefits ager who is a qualified assessor for the mote the quality system management phi- outweigh the costs. American Association for Laboratory Ac- losophy and methodology. We also hired creditation (A2LA), and performs labora- an external quality systems consultant to tory assessments according to ISO/IEC provide ISO/IEC 17025:2005 internal au- Finally, performing such an involved 17025:2005 and Good Laboratory Prac- ditor training for team members. task turned out to be a great team-builder tice (CFR21 Part 58) Food and Drug Ad- in our organization. ministration (FDA) requirements. Five stages Photo : Cornell University. Once the team was in place and trained, the implementation and accreditation process followed five key stages : • Training of laboratory personnel in background information on ISO quality management standards, why and how to promote quality, and familiarity with ISO/IEC 17025:2005 requirements • Developing the QMPS Quality Manual and quality, operating and work area procedures • Implementing the quality system through internal audits, management reviews and the use of corrective and preventive actions to drive continual improvement • Hiring a consultant to perform an objective assessment • Continuing the process of self- monitoring to achieve continual Stakeholders of Cornell University’s milk quality programme. improvement.

Photo : Cornell University. About ISO/IEC 17025

As of January 2010, some 34 234 testing and calibration laboratories worldwide had become accredited to ISO/IEC 17025:2005, General requirements for the competence of testing and calibration laboratories. However, its influence is even greater than this figure suggests since many countries make its use a legal requirement. This standard has become the international benchmark counted on by business and governments worldwide to provide assurance of the technical competence of laboratories that play a vital role in trade, product development and manufacturing, and Dr. Carlos Santisteban inspects blood agar plates for mastitis pathogens in Cornell’s milk consumer protection. quality programme, aimed at ensuring that milk-based dairy products are of the highest quality and safe to consume. In addition, documents derived from it are used by laboratories in specific We made only minimal changes in pro- In our experience, day-to-day operating sectors, such as medicine and cedures, equipment or staff qualifications costs of our facility have not increased during the implementation period to meet discernibly. The extra cost of running a microbiology. ISO/IEC 17025:2005 requirements. How- tight quality assurance system is balanced ever, innumerable work forms were devel- by fewer errors and by the virtual elimi- oped, tried, corrected and adapted to fa- nation of unexpected events.  cilitate recording of laboratory procedures. At the same time, corrective action reports and preventive action reports were created to drive and facilitate improvement. About the author

Benefits Prof. Ynte We have seen numerous early ben- Schukken is efits from ISO/IEC 17025 accreditation, Director of Quality particularly in the recognition of our Milk Production programme within Cornell University, Services and Pro- the State of New York, and the country. fessor of Epide- Many individuals have provided feedback miology and Herd about obtaining ISO/IEC 17025:2005 ac- Health, Depart- creditation, and all the input has been uni- ment of Population formly positive. Medicine and Diagnostic Sciences, College of Veterinary Medicine, Cornell University. He graduated from the ISO/IEC 17025:2005 contains all We have seen numerous University of Utrecht, The Netherlands, of the requirements that testing early benefits from ISO/ in 1990, with a Ph.D in epidemiologi- and calibration laboratories need IEC 17025 accreditation. cal studies and joined Cornell in 1999. His current research interests concern to meet in order to demonstrate to infectious diseases in animal popula- customers and regulators that they When we started, many scare stories tions, udder health in dairy herds, and operate a sound management system surfaced about quality assurance, includ- the application of epidemiological, which puts them in full control of ing predictions of increased costs and statistical and mathematical methods their processes, they are technically staffing. Even though the process of im- to animal disease research. A list a list competent and are able to generate plementing ISO/IEC 17025:2005 is ex- of published papers authored by Prof. technically valid results. tensive and time-consuming, the ultimate Schukken can be found on benefits outweigh the costs. www.ncbi.nlm.nih.gov.

cal Commission (IEC) in harmonizing New handbook conformity assessment practices and as benchmarks for the technical competence on conformity assessment of assessment bodies. The use of these standards and guides therefore helps to overcome trade barriers. UNIDO, meanwhile, has acquired Building trust more than 40 years of experience in supporting the establishment and upgrading of standards and conformity assessment structures worldwide. by Roger Frost Building trust covers the following aspects of conformity assessment : The fruitful partnership between ISO and UNIDO (United Nations • Basic concepts Industrial Development Organization) has just produced a new hand- • Conformity assessment techniques book, Building trust – The Conformity Assessment Toolbox. • Conformity assessment schemes and systems la, who write : “ Busi- • Conformity assessment bodies nessmen, consumers • How UNIDO can help with setting up and public officials a quality infrastructure have certain expecta- • Case studies tions about the quality, safety, reliabil- • ISO Committee on conformity asssess- ity, interoperability, ment, ISO/CASCO efficiency, effec- • Coordination of accreditation bodies tiveness and envi- • Conformity assessment and the WTO ronmental sustain- Agreement on Technical Barriers to ability of products Trade. and services. “ Conformity as- The handbook is the latest in a series of sessment provides joint publications issued by ISO and UN- the means for test- IDO, and is the result of the long-standing ing the compli- and fruitful partnership between the two ance of such prod- organizations to strengthen the stand- ucts and services ardization and quality infrastructures of with these expec- developing countries and countries with tations, in accord- economies in transition. Although aimed ance with rele- specifically at this group of countries, vant standards, these publications are also intended to regulations and serve as handy reference tools for all who other specifica- are involved or interested in conformity tions. It helps to assessment and trade. ensure that prod- Building trust – The Conformity As- ucts and services sessment Toolbox is available in English deliver on their (189 pages, ISBN 978-92-67-10511-6) promises. In and French (211 pages, ISBN 978-92- other words, 67-20511-3) editions. It is available free conformity as- of charge (fee for postage and handling) sessment builds from the ISO Central Secretariat through trust.” the ISO Store or by contacting the Mar- 18.11.2009 15:33:38 Building trust is a comprehensive, us- However, non-acceptance of test re- keting, Communication and Information Building Trust - Cover.indd 1 er-friendly handbook covering all aspects ports and certificates of conformity con- department ([email protected]). It can also of conformity assessment and its role in tinues to be an obstacle to international be obtained from ISO national mem- international trade, and will be useful for trade. Successive reviews of the World ber institutes. The handbook can also be business managers, regulators and con- Trade Organization’s Agreement on downloaded as a PDF file free of charge sumer representatives. Technical Barriers to Trade have noted from the ISO (www.iso.org) and UNIDO The book’s Preface is contributed by ISO the usefulness of the conformity assess- (www.unido.org) Websites.  Secretary-General, Rob Steele, and UNI- ment standards and guides developed by Roger Frost is Head, Communication Services, DO Director-General, Kandeh K. Yumkel- ISO and the International Electrotechni- ISO Central Secretariat.

• Openness • Impartiality and consensus “ Private ” • Effectiveness and relevance • Coherence • Addressing the concerns of developing standards countries. Other standards developed to meet the needs of specific sectors, or segments of ISO’s clarifications the population, may be perfectly valid and relevant for their purpose, but should not be considered as equivalent to ISO standards by Roger Frost because they do not adhere to the above criteria, nor do they share all of the other at- Any organization may claim to have developed a “ standard ”, but tributes of formal international standards. “ not all standards are created equal ”, states ISO in a new brochure However, because ISO’s voluntary standards do meet these criteria, as do clarifying the distinctions between International Standards of the type those of its partner organization the In- developed by the ISO system, using well described and accepted prin- ternational Electrotechnical Commission ciples and disciplines, and “ private ” standards developed by industry (IEC), their standards can, for example, consortia and potentially other groupings. be used by governments as technical support for public policy and regulations, particularly in such fields as health, safety The context for the brochure, Inter- and the environment. national Standards and “ private stand- “ Coherence, harmonization and a clos- ards ”, is the concern over the potential er level of cooperation between the devel- of increasing numbers of “ private stand- opers of private standards and the formal ards ” for creating technical bar- International Standards system needs riers to trade and confusion to occur, ” ISO states in in the market-place as to the brochure, concluding, which standards should be “ Ultimately, the goal of used. one International Standard, ISO warns that the exist- one test and one certificate ence of a growing multi- should be pursued in these tude of private standards in domains in order to achieve such fields as information global acceptance, as well and communication tech- as their intended impacts.” nologies, agri-food, and on International Standards social and environmental is- and “ private standards ”, sues, may ultimately confuse eight pages, A4 format, is users and consumers, thereby published in English (ISBN diminishing their important 978-92-67-10518-5) and market, safety, social or en- French editions (ISBN 978- vironmental effect. 18.02.2010 15:48:08 Private standards brochure E.indd 1 92-67-20518-2). It is available “ In addition, ” states ISO, free of charge (fee for postage “ claims of conformance, us- and handling of bulk orders) ing potentially inconsistent from the ISO Central Secre- methodologies for their as- 18.02.2010 15:48:39 tariat through the ISO Store or sessment, may also undermine Private standards brochure E.indd 1 Private standards brochure E.indd 4 by contacting the Marketing, the intended impacts of such 18.02.2010 15:49:00 Communication and Informa- private standards.” tion department ([email protected]). It can ISO is a nongovernmental organiza- sectors and countries on its International also be obtained from ISO national member tion and its membership comprises the Standards. institutes. The brochure can also be down- national standards institutes of 159 coun- ISO points out in the brochure that its loaded as PDF file free of charge from the tries who, in turn have strong links with International Standards are developed ISO Website (www.iso.org).  stakeholders from industry, government according to principles stipulated by and consumers. Such a broad range of the World Trade Organization’s Techni- stakeholders, along with the robust proc- cal Barriers to Trade Committee (WTO/ esses ISO uses for developing standards, TBT) : Roger Frost is Head, Communication Services, provides the basis for consensus across • Transparency ISO Central Secretariat.

Guest interview In an exclusive interview, Pieter Burghout, CEO of the Building Re- search Association of New Zealand (BRANZ) tells ISO Focus+ about the challenges faced by the industry and the role of International Standards in promoting the economic development of the building and construction sector. He explains why participation in the standardization process is important to his company, “ BRANZ participation in ISO/TC 92/SC 4, and its associated working groups helps to ensure that information developed for the New Zea- land building sector will be relevant to our industry. “ It also provides an important opportunity for the New Zealand industry, via BRANZ, to benefit from international linkages by working closely with other international experts in this field, as well as providing an opportunity to Forestry learn from and influence international directions in fire safety engineering,” he says. To learn more, don’t miss the May and fisheries issue of ISO Focus+. 

As the use of fish and wood products Standards for the sector, which we will (including as energy sources) continues to learn about in the next issue of ISO grow, they are fast becoming the world’s Focus+. most traded commodities in their respec- Today, businesses looking to improve tive fields. At the same time, both sec- the environmental impact of their prod- tors, crucial to biodiversity, are facing the ucts and services must take account of pressing threat of climate change. globally recognized standards. ISO has Consensus-based International Stand- been a very active player, developing, ards are powerful tools for taking ac- among others, standards for environmen- tion. The May issue of ISO Focus+ will tal or “green” labelling. Its work in this highlight the contribution they can make area covers self-declared environmental to supporting the three pillars of sustain- claims, eco-labelling schemes and life cy- able development – economic, social and cle labelling. Because ISO standards take environmental – in the forestry, fisheries the views of all stakeholders on board, and aquaculture sectors. they are internationally recognized as rep- ISO’s contribution to timber structures, resenting objectively agreed benchmarks. for instance, has already lead to a globally The May issue of ISO Focus+ show- harmonized testing methodology. It has cases stories from companies benefiting driven international cooperation for the from ISO standards. Among them, a Na- development and implementation of strat- mibian fish processor that gained greater egies optimizing the sound utilization of customer confidence in global market- forest resources. places by implementing management sys- In contrast, seafood is the number tems standards for environment and food one traded food in the world and most safety as well as occupational health and countries are, to some degree, active in safety. the fisheries and aquaculture sectors. Similarly, a large Brazilian company ISO technical committee ISO/TC 234, on the paperboard market tells us the key Fisheries and aquaculture, is currently role ISO quality and environmental stand- Photo : BRANZ developing much needed International ards play in its success story.  Pieter Burghout, CEO of BRANZ