ISO Fo c u s The Magazine of the International Organization for Volume 2, No. 2, February 2005, ISSN 1729-8709

IT : Success and progress

• Intel’s CEO : “ We need global standards ”

• Designing symbols for consumers Contents

1 Comment Scott Jameson, Chair, ISO/IEC JTC 1, Serving an expanding customer base 2 World Scene Highlights of events from around the world 3 ISO Scene Highlights of news and developments from ISO members 4 Guest View Craig R. Barrett, Intel, Chief Executive Officer 7 Main Focus ISO Focus is published 11 times a year (single issue : July-August). It is available in English. IT : Success and progress Annual subscription 158 Swiss Francs Individual copies 16 Swiss Francs

Publisher Central Secretariat of ISO (International Organization for Standardization) 1, rue de Varembé CH-1211 Genève 20 Switzerland Telephone + 41 22 749 01 11 Fax + 41 22 733 34 30 E-mail [email protected] Web www.iso.org • World Summit on the Information Society and International Manager : Anke Varcin Standards for ICTs Editor : Giles Allen • STEP : Growing capabilities in the global market Assistant Editor : Elizabeth Gasiorowski-Denis • Digital audio and video for all Artwork : Pascal Krieger and • Being prepared to tackle threats to your business Pierre Granier • Global harmonization in ICT standardization ISO Update : Dominique Chevaux • Data semantics and metadata standards Subscription enquiries : Sonia Rosas • Automatic identification and data capture technologies ISO Central Secretariat • Huge potential user base for ISO/IEC 90003 Telephone + 41 22 749 03 36 Fax + 41 22 749 09 47 • Collaboration for the common good : Ecma and ISO a well E-mail [email protected] matched pair of actors • UNIFI, the ISO standard for all future financial messages © ISO, 2005. All rights reserved. • ISO guidelines for healthcare facilities offer benefits The contents of ISO Focus are copyright and may not, whether in whole or in of mobile wireless technology part, be reproduced, stored in a retrieval system or transmitted in any form or 34 Developments and Initiatives by any means, electronic, mechanical, • ISO Networking Conference photocopying or otherwise, without written permission of the Editor. 39 New this month ISSN 1729-8709 • Details released of 18-month ISO 14001:2004 transition plan Printed in Switzerland • ISO/IEC Guide 74 for designing symbols that get the right Cover photo : ISO. message across to consumers worldwide 41 Coming up

ISO Focus February 2005 Comment Serving an expanding customer base

he information technology ly are made in conformance with JTC zations to develop accessibility stand- industry has developed Inter- 1/SC 17, Cards and personal identifi- ards that enable everyone to benefit T national Standards in ISO and cation, standards. from the advancement of IT technol- IEC for more than forty years. Dur- ogy. ing this time, ISO/IEC Joint Technical Over the past few years, JTC Committee 1, Information Technolo- 1’s customer base has expanded JTC 1’s work in radio-frequen- gy (JTC 1) and its predecessors (for beyond the IT manufacturer. Gov- cy identification (RFID) is also attract- example, ISO/TC 97) have published ernments, at the national and interna- ing the interest of consumer and user more than fourteen hundred standards tional level, have a heightened inter- organizations. The broad deployment and related documents. These vol- est in JTC 1’s work in areas related of RFID throughout the retail products untary standards initially had been to security. JTC 1/SC 27, IT Securi- supply chain has raised issues regard- developed by the IT industry to build ty techniques has long been known ing privacy and personal data protec- reliable, interoperable products that for the standard but tion. JTC 1/SC 31, Automatic identi- expand the industry’s reach. Recent- JTC 1 established SC 37, Biomet- fication and data capture techniques, ly, however, standards development rics in response to increased demand will need to be taking these concerns has increasingly attracted many more for International Standards follow- into account as it continues its devel- types of participant. ing the events of September 2001. opment of the RFID standards. JTC 1 While JTC 1 had some biomet- encourages contributions from these ric work in progress, it was gener- additional stakeholders. “ JTC 1’s engagements ally related to specific technologies, with consumers and such as ID cards. JTC 1 agreed there While JTC 1 will strive to con- was an urgent need to take a broad- tinue to serve its historical customer governmental entities er view of biometrics standardization base, the IT industry, it welcomes the extend beyond to accelerate the deployment of sig- increased interest and participation of the security arena. ” nificantly better security solutions for this expanded set of stakeholders in its purposes such as homeland security, development of globally relevant Inter- banking/financial services, healthcare national Standards. The earlier, successful lines and the prevention of identity theft. of standards include computer media More recently, SC 37 and two other (magnetic tape, CD, DVD), program- JTC 1 subcommittees have partnered ming languages (COBOL, Fortran, with the International Labour Organ- C, C++), databases (SQL), systems ization, a United Nations agency, to and device interconnection (SCSI develop a seafarers’ identity docu- and FibreChannel), to identify only ment incorporating the subcommit- a few. While the technical details of tee’s standards. these standards were often of inter- est only to those building or incor- JTC 1’s engagements with porating a particular technology into consumers and governmental entities a product, many have benefited from extend beyond the security arena. The the interoperability offered by JTC committee recently initiated an activ- 1’s suite of standards. For example, ity designed to address accessibility the DVD player, found in millions of to assure all persons, including those homes around the world, relies on the with disabilities, easy use of informa- Scott Jameson, MPEG standards developed by JTC 1/ tion technology products. Public Chair, ISO/IEC Joint Technical SC 29, Coding of audio, picture, and authorities around the world have Committee 1, Information multimedia and hypermedia informa- begun defining regulations in this Technology tion, and the generations of CDs and area. JTC 1 and its constituents DVDs developed by JTC1/SC 23, believe it is essential that any regula- Digital storage media for informa- tions be based on widely accepted tion interchange. Similarly, the cred- voluntary standards. JTC 1 will coop- it and banking cards that facilitate bil- erate with other standards developers, lions of financial transactions annual- consumer advocates and user organi-

ISO Focus February 2005 1 World Scene

New IEC President The Dutch Ministry of Health “ Sustainability takes office (VWS), the Dutch Institute of strategies ” enhance ICT in Healthcare (NICTIZ) Renzo Tani, a former CEO of stock performance, and the Dutch Standardization study shows Siemens SpA in Italy, began his Institute (NEN) organized the three-year term as IEC President conference in collaboration A recent analysis of the stock on 1 January 2005 with the aim with the European Commission market performance of members of developing closer ties to and CEN/ISSS. of the World Business Council industry, organizations and for Sustainable Development For more information : governments. (WBCSD), conducted by Kom- http://ehealth.nen.nl Tani says the IEC is an organi- munalkredit Dexia Asset Man- zation with a big task and a UN conference on agement, shows that “ firms large commitment working in a engaging in sustainable devel- difficult environment. Because disaster reduction opment, with a few exceptions, there is a growing number of The World Conference on Dis- show in all market segments a countries participating in elec- aster Reduction concluded with better performance than the trotechnology and telecommu- countries pledging to reduce the respective benchmark indices. nications around the world, e-Health risks facing millions of people The results confirm the outper- harmonizing all points of view “ Establish a platform with a who are exposed to natural dis- formance of sustainable enter- is increasingly difficult. Yester- mandate and the necessary asters. prises in comparison with the day’s leaders, Tani says, now resources to facilitate coopera- The “ Hyogo Framework for total stock market. Therefore, have to share with new players. tion between European Member Action : 2005-2015 ”, which these firms should be clearly over-weighted in security “ Every inter- States to promote e-Health was adopted by 168 delegations portfolios ”. national interoperability for the modern in Kobe, Jyogo, Japan, will organization mobile citizen.” strengthen the capacity of disas- faces similar Such was the main new rec- ter-prone countries to address risk and invest heavily in disas- challenges to ommendation of the report by ter preparedness. The confer- those facing the Standardization Focus ence also adopted a declaration the IEC : to Group, presented on 15 Decem- recommending, among other harmonize ber 2004 at the e-Health Con- things, that a “ culture of disas- possible con- ference ‘ Interoperability in ter prevention and resilience ” flicts between Europe ’ in Amsterdam, the must be fostered at all levels, a growing Netherlands. number of recognizing the relationship players,” Tani The aim of the conference was between disaster reduction, sus- affirms. He to realize a discussion between tainable development and pov- erty reduction. compares the policy makers from the Euro- World Trade pean Commission, the Member These non-binding documents Organization States and standardization will serve as a blueprint to to the IEC in experts about the necessity of guide nations and individuals to the way that interoperability between the build disaster-resilient commu- both organizations are increasing European countries, each with nities. Building on the commit- the number of active members. its own unique IT systems, to ments forged in Yokohama, Since there is a relation, he facilitate the sharing of patient Japan, ten years ago, the declares, between standards on records and information. renewed plan calls on the inter- the one hand and world trade on The conference ended with the national community to pursue The analysis covers 1-year, 3- the other, WTO objectives inter- vision of Professor Jeremy an integrated multi-hazard year and 5-year time periods. sect at certain points with those Wyatt, Associate Director R&D approach for sustainable devel- Overall, the 141 companies of of the IEC. In these cases, he of the NHS National Institute opment to reduce the incidents the WBCSD, many of them says, the IEC needs to increase for Clinical Excellence. He and severity of disasters. Global Compact participants, its cooperation with these emphasized that while stand- ISO has made an inventory of registered the following returns, organizations to see where ards were necessary, they alone standards related to security, compared with a general global possible relations lie and how were not sufficient. “ We need among which a number might market index : to coordinate points of view – good standards, certainly, but be applicable to natural disas- an experience he saw from they’re only a first step. The ters. 1-Year : 13.5 % vs. 9.2 % close to as President of ANIE next step will be a working sys- For more information : (the Italian Federation of tem that does embed those www.unisdr.org/wcdr/ 3-Year : 20.7 % vs. -7.8 % Electrotechnical and Electronic standards, and can be understood Companies), where coordinat- by the people who use it. 5-Year : 24.5 % vs. -19.6 % ing multiple viewpoints is a Because, in the end, information required skill. is about and between people. The analysis also includes It’s not for computers, but for regional breakouts. For more information : the people who have to work For more information : www.iec.ch with it.” www.unglobalcompact.org

2 ISO Focus February 2005 ISO Scene Photo : P. Photo : Granier P.

Caroline Warne honoured The “ Conference on US Lead- an overview of ISO’s main Caroline Warne, Chair of ISO’s ership in ISO and IEC Techni- electronic service ; to increase Committee on consumer policy, cal Committees ” provided US the understanding of the inter- has been awarded an OBE officers of ISO and IEC techni- national standards development (Order of the British Empire) in cal committees and subcommit- process and learn successful the New Year’s Honours. tees, along with US technical ongoing interest within management of ISO technical advisory group (TAG) officer COPOLCO. It will refer to the committees and subcommittees ; and US heads of delegations of ISO/TMB Advisory Group on to provide hands-on practical to ISO and IEC meetings, with Security and cover current training in the electronic com- the opportunity to discuss inter- standardization gaps in the mittee environment and the use national standardization issues area of safety and security for of ISO’s electronic balloting and related US strategies and vulnerable populations such as application. tactics. children, the elderly and per- The course was hosted by Over the course of four separate sons with disabilities. ABNT, the ISO member for sessions, some 80 participants Breakout groups will provide a Brazil, in cooperation with discussed ANSI and USNC framework for discussion on COPANT (The Pan American (United States National Com- topics such as providing securi- Standards Commission) and mittee) perspectives and posi- ty of essential public services, with support from ANSI Train- tions on both technical and pol- promoting safety of vulnerable ing and Education Services. icy discussions within ISO and populations and balancing pub- The international guests were IEC. During another session, lic safety needs and personal sponsored under the ISO Action participants reviewed best prac- interests. The recent Tsunami in Plan for Developing Countries. tices for effective committee Mrs. Warne received the deco- Asia has reinforced the topical For more information, contact leadership, maintaining market ration in recognition of a life- nature of these issues for con- Sari Rajakoski : and societal relevance, consen- time’s services to consumers sumers worldwide. The one-day [email protected] sus-building and effective coop- and consumer affairs, including workshop, which is open to the eration and collaboration with her tenure as Chair of ISO’s public, will provide consider- other committees and liaisons. Committee on consumer policy able scope for dialogue and Additional panel discussions ISO conference for (COPOLCO) since 2002. information-sharing and the TC/SC Chairs and presentations focused on a development of recommenda- Also mentioned in the citation range of fundamental issues tions from the consumer and ISO committee officers from for the decoration are her roles including global relevance, ISO, public interest perspective. throughout the world will be as past Chair of the Consumer IEC and European relation- attending the 3rd ISO confer- Policy Committee of the British ships, committee performance For more information : ence for technical committee Standards Institution (BSI- and performance indicators, www.copolco2005.ca/ and subcommittee chairs on 16 CPC) and past Chair of the BSI timely development of stand- and 17 June 2005, in Geneva, consumer coordination commit- ards, the role of horizontal ISO ISO/COPANT training Switzerland. tee for household products, and IEC standards, as well as a While the thousands of ISO furniture and textiles. range of US TAG operational seminar in Brazil standards provide benefits to “ I was surprised and delighted issues. Some 30 participants from Bra- zil, Bolivia, Botswana, Colom- business, government and to be awarded the OBE – it is ANSI is planning a follow-up bia, Jamaica, Paraguay and society, the people actually always very rewarding to have conference with this audience Saint Lucia attended the third responsible for their develop- what one has striven for recog- for November 2005. ment largely remain in the nized in this way. An apprecia- regional training seminar for For more information : background. This conference, tion of – and commitment to – technical committee and sub- www.ansi.org in the wake of the highly suc- the importance of standards as committee secretariats on standards development in ISO, cessful conferences of 2000 a tool in consumer protection and 2003, will provide the caused me to become one of in São Paulo, Brazil, in Consumers to explore November 2004. right forum for them to bring BSI’s consumer volunteers safety and security into the open the challenges some 20 years ago. Over these Building on the success of and successes of their work. years there have been many ISO’s Committee on consumer training courses organized in At the same time, it will pro- achievements, but there is still policy (COPOLCO) is bringing Beijing in 2002 and New Delhi vide a good opportunity for a a great deal to do! ” together government and busi- in 2003, the third regional train- lively exchange of views on ness experts as well as consum- Caroline Warne is also a Magis- ing seminar was held to provide the recent strategic initiatives ers to explore the theme of how trate and a Trustee of the Child undertaken by the organiza- standards can contribute to the Accident Prevention Trust. tion’s Council and Technical safety and security of consum- Management Board (TMB), ers at its workshop on 24 May US participation in ISO including the ISO Strategic 2005 in Toronto, Canada. Plan 2005-2010 and the glo- and IEC The workshop aims to explore bal relevance policy. It will An ANSI-organized conference the wide range of personal as also be a chance to reinforce to facilitate collaboration and well as collective safety and the synergies between the dif- effectiveness among US leaders security issues, including ferent components of the sys- in committees of ISO and IEC accessibility and home and tem (policy setting bodies, was held in December 2004. product safety, which are of TCs/SCs, ISO/CS).

ISO Focus February 2005 3 Guest View Craig R. Barrett

raig R. Barrett is Intel’s standard that competes with an

Chief Executive Officer. © Intel accepted global standard, they are COn 10 November 2004 headed down a path that makes it Barrett was elected to serve as extremely hard for them to be suc- chairman of the Intel Board of cessful and that often locks them Directors, effective May 2005. into an incompatible direction. Standards that have been Craig Barrett, who received his adopted globally free companies to Bachelor of Science, Master of compete in various markets around Science and Ph D degrees in the world without having to devel- Materials Science from Stanford op multiple versions of a product. University, joined Intel Corporation Finally, global stand- in 1974 as a technology development ards bring a great many bene- manager. He was named a vice fits to consumers. They lead to a president of the corporation in higher number of product offer- 1984, promoted to senior vice ings for consumers, and introduce president in 1987 and executive vice more competition and lower costs. president in 1990. Dr. Barrett was Consumers are more willing to buy elected to Intel Corporation’s products when they are based on Board of Directors in 1992 and was named the company’s Chief Oper- such standards because it is a saf- ating Officer in 1993. He became er choice. Intel’s fourth President in May 1997 “ Intel seeks to conform and Chief Executive Officer in 1998. to international standards ISO Focus : What concrete benefits Dr. Barrett is the author of more than to promote product have ISO International Standards 40 technical papers dealing with the harmonization and to brought Intel and does the company influence of microstructure on the facilitate trade.” participate in their development ? properties of materials, and a textbook Craig R. Barrett : Intel is a leader in on materials science, principles of semiconductor fabrication and tech- engineering materials. nology, so manufacturing excellence is important to us. Standards devel- Dr. Barrett is a member of the Board ISO Focus : How do you see the role oped by internationally recognized of Trustees for the US Council for of International Standards versus organizations, such as ISO, are asso- International Business. He is also national, regional or industry stand- ciated with worldwide consensus and a member of the boards of directors ards as a key to competing in global world-class . Use of ISO stand- for Intel Corporation, the US Semi- markets ? conductor Industry Association, the ards in areas of management systems National Forest Foundation, Achieve, Craig R. Barrett : Companies that (ISO 9000 and ISO 14000) and sup- and the Silicon Valley Manufacturing embrace standards that have been plier’s declaration of conformity (ISO/ Group. He was recently elected Chair globally adopted and reflect world- IEC 17050) have helped us maintain of the National Academy of Engineering, wide consensus are in the best posi- our world-class manufacturing excel- where he will promote the academy tion to succeed because they are able lence. For example, we will likely use and its policies to the engineering to create world-class products based ISO/IEC 17050 for making our dec- community and the public. He is also on high quality standards. These larations of conformity for lead-free Co-Chairman of the Business Coalition products have the benefit of being products in 2006 and beyond. Meeting for Excellence in Education and developed with broad participation, these requirements will inspire high Chairman of the Computer Systems incorporating global perspectives confidence among governments, regu- Policy Project. and requirements. When a compa- latory bodies, and consumers because ny chooses to embrace a regional the standard represents a world-class

4 ISO Focus February 2005 benchmark that can be applied glo- 21 IPMP for Multimedia Content

bally across all businesses. Addition- © Intel protection/distribution/consumption, ally, common approaches such as MPEG-7 based Descriptor technology these have enabled wide acceptance for Video/Audio/Multimedia Content of our products among our customers browsing, etc. because they were developed based on Intel remains a committed world-class specifications. contributor to the development of Intel has also utilized ISO ISO specifications, whether develop- standards to help set electronics indus- ing ISO standards in its committees try-specific standards in the area of or transposing existing standards into Intel® TXN 13600 10 Gbps C-band tunable design for environment (DfE). For optical transceiver and Intel® TTX 11500 full ISO standards. example, ISO technical report ISO/TR C-band tunable laser. © Intel 14062, which describes concepts and current practices relating to the inte- Digital TV (SDTV/HDTV) and DVD gration of environmental aspects into (HD/SD) decoders will be based on product design and development, was the Audio/Video Codec standards used as a framework for establishing that are being developed by the ISO/ ECMA 341, the first international DfE MPEG standardization process. Some standard for the electronics industry. of the standards to be implemented are As a building blocks supplier, MPEG-2 Transport Streams demux we use ISO standards in our own prod- for Broadcasting, MPEG-2 Program ucts as well. Intel seeks to conform Streams demux for SD-DVD/HD- to international standards to promote DVD/Blu-ray Disc, MPEG-2 / MPEG- A technician checks individual wafers, which 4 Video (Part 2 and Part 10) decod- can contain hundreds of individual chips, to er, MPEG Audio decoder, MPEG- make sure they are perfect. Intel® CentrinoTM mobile technology components.

ISO Focus : In a company like Intel whose survival depends on developing next-generation products and services, how do International Standards allow the industry to move forward ? Craig R. Barrett : As the comput- ing and communications industries become more horizontal, there’s an increased need for interoperability among vendors and for application flexibility. For these reasons, end-users are looking at standards even more critically than they have in the past. The result for us is great opportunity to move the platform forward for the industry, whether that be a PC or a cell © Intel phone or a personal digital assistant. product harmonization and to facilitate By establishing standardized interfac- trade, which in turn makes it easier for es, we can deliver our building blocks our adopters and customers to market underneath them, which allow others their products and compete in more to innovate on top of them. We’ve done markets around the world. this for many generations now. So it is In the consumer electronics a benefit for end-users but also a unique arena, Intel participates in the devel- opportunity for Intel. opment of audio/video and graphics ISO/IEC MPEG standards. All of our

System-On-Chip (SOC) products for © Intel Intel® Pentium® 4 processor die.

ISO Focus February 2005 5 Guest View

ISO Focus : What new International Standards would Intel like to see com- ing out of ISO ? Are there areas for which Intel would like to see more or different standards ? Craig R. Barrett : The world is get- ting smaller as people and coun- tries become more interconnected, so the need for global standards has grown. Intel provides building blocks to the computing, telecommunications and consumer electronics industries and the convergence of these indus- tries brings new opportunities and requirements for standardization. We look forward to ISO’s continued leadership, in cooperation with IEC and ITU as well as with other stand- ards organizations and special inter- est groups that are developing global standards. © Intel

ISO Focus : Can you describe the use agement and recognition processes, made by Intel of ISO’s management enabling us to keep pace with increas- system standards – ISO 9001:2000 and ing expectations of supply chain per- ISO 14001:2004 – and what value they formance. More recently, we have have added? been able to reduce programme costs by combining ISO 14001 with Craig R. Barrett : Both of these TM those for ISO 9001. Next-generation Intel® Centrino mobile standards are fully integrated in our technology launch photos. Corporate Quality Network and Envi- ronmental, Health and Safety organ- izations worldwide. Intel achieved company-wide ISO 14001 certifica- tion for all of our fabrication plant and assembly test operations in 2002. We had a solid world-class environmen- tal in place prior to our certification ; however, the ISO 14001 certification and ongoing requirements help ensure that our sys- tems are thorough, up-to-date and meet customer requirements. ISO 9001, on the other hand, provides a framework for many business processes tied to our systems. We have been able to use the standard and its revisions as a means of driving con- tinuous improvement in many areas. In addition, we have leveraged the frame-

work in our supplier selection, man- © Intel

6 ISO Focus February 2005 Main Focus

World Summit on the Information Society and International Standards for ICTs

IT: by Daniele Gerundino, Strategic Adviser to the ISO Secretary-General

Technology has given birth to the Information Age. Now, it is up to all of us to build an Information Success Society from trade to tele- medicine, from educa- and tion to envi- ronmental protection. We have in our hands, on our desk- progress tops and in the skies above, the ability to improve standards of living for millions upon mil- lions of people. United Nations Secretary-General Kofi Annan

chieving the Information Soci- ety evoked by the UN Secre- A tary-General requires the will and commitment of policy makers to set information and communication technologies (ICT) as a top priority. It also requires a dialogue between pub- lic and private sectors that includes all stakeholders and places their common interest at its core. To reach these goals, the UN has organized the World Summit on the Information Society (WSIS), which

ISO Focus February 2005 7 Main Focus aims to be the first global, multi-stake- “ International Tunis phase and reaffirm and enhance holder effort to shape and share ICT the commitments undertaken in the for a better world. standardization is one Geneva phase. Acknowledgement of the strate- of the key enablers for the ISO, IEC and ITU-T are active- gic role of International Standards for development of a global ly monitoring the development of the development and trade, and for oper- WSIS second phase in order to identi- ationalizing this global Information Information Society. ” fy opportunities for promoting aware- Society was one of the achievements ness of the importance of Internation- of the first phase of WSIS, held in addition, a constructive dialogue was al Standards and their usefulness in Geneva on 10-12 December 2003. established with many government achieving the summit’s goals. In this The resulting summit Declara- delegations during the WSIS prepara- context, International Standards offer tion of Principles, entitled “ Building tory meetings in Geneva (notably Prep benefits such as the following : they the Information Society : a global chal- Com 2 in February 2003, Prep Com 3 • simplify the utilization of exist- lenge in the new Millennium ”, recog- in September 2003 and its follow-up in nizes that international standardization ing and new technologies, focus- November and December 2003). ing on interfaces and interopera- is one of the key enablers for the devel- The first phase of the summit opment of a global Information Soci- bility, reducing costs and complex- itself attracted 11 000 participants, ity, opening markets and foster- ety (item 44 of the declaration, under including heads of state and ministers section 6, Enabling environment). It ing broader access to products and from 176 countries, and representa- services ; states : tives of 50 international organizations, 50 UN bodies and agencies, 98 busi- • favour the emergence of rules Standardization is one of the ness associations and 481 non-govern- and agreements on best practic- essential building blocks of the mental organizations. es (shared and adopted on a glo- bal scale) that will greatly help to Information Society. There should In addition to endorsing the guarantee security and to develop be particular emphasis on the devel- Declaration of Principles – which con- stitutes a common vision of the val- consumer confidence and protec- opment and adoption of International ues of an Information Society – the tion, while respecting the legiti- Standards. The development and use first phase drew up a Plan of Action to mate interests of all stakeholders ; of open, interoperable, non-discrimi- achieve that vision. and natory and demand-driven standards • offer the highest level of insti- that take into account needs of users tutional recognition and global and consumers is a basic element for The second phase acceptance because they result the development and greater diffusion The vision will be brought from a process that fully imple- of ICTs and more affordable access closer during the second phase of the ments the six fundamental princi- to them, particularly in developing WSIS, which will take place in Tunis ples affirmed by the WTO – open- countries. International Standards on 16-18 November 2005. It will ness, transparency, impartiality and aim to create an environment where • follow-up and implement the Gene- consensus, effectiveness and rele- consumers can access services va Declaration of Principles and vance, coherence and the develop- worldwide regardless of underlying Plan of Action by stakeholders at ment dimension. technology. national, regional and internation- al levels, with particular attention To sum up, ISO, IEC and ITU-T to the challenges faced by the least are convinced that International Stand- To achieve this result, a joint developed countries ; ards will play an essential role in the project team was set up by the World implementation of the WSIS Decla- Standards Cooperation (WSC) part- • consider and act upon the report of ration of Principles – and, indeed, in ners, ISO, the IEC and the ITU-T, col- the Task Force on Financial Mech- bringing about the Information Socie- laborating too with the United Nations anisms (TFFM), and ty evoked by Kofi Annan. Economic Commission for Europe • consider and act upon the report (UN/ECE). This team followed the of the Working Group on Internet whole summit preparatory process. Governance (WGIG). With the support of the ISO President and due to the efforts of The output of the Tunis phase many of ISO’s national member insti- should be a final document or docu- tutes, the standardization message ments, comprising a concise political was circulated during the five WSIS part and an operational part, both of regional preparation conferences. In which reflect the areas of focus of the

8 ISO Focus February 2005 IT: Success and progress

information model that supports multi- ple views of product data for different applications. For each application area covered by the standard, a standard- ized Application Protocol (AP) is defined which describes the scope of the information requirement in terms that are familiar to domain experts. This may be illustrated by an activity model which shows the business proc- esses that are covered. The AP then defines the map- ping between the users’ view of the information and the integrated STEP information model. The resulting standardized definition of informa- tion can then be used to develop and validate translation software to allow different computer systems to commu- nicate using agreed semantics.

Exploiting the standard In addition, the life cycle of a STEP : Growing product is often measured in decades, STEP has been in use for nearly capabilities in the far longer than the software tools, a decade to provide open communica- operating systems and equipment used tion in the engineering industry. The global market to create the information in the first aerospace industry makes extensive place. use of the standard to exchange design and configuration information on projects such as the Eurofighter “ ISO 10303 – usually Typhoon and C-17 as well as by Howard Mason, Chair, known as STEP – provides civil programmes like the Airbus fami- ISO/TC 184, Industrial automation a common data ly of commercial airliners. Automotive and shipbuilding applications are systems and integration, ‘ backbone ’ for linking growing in many countries, and the use SC 4, Industrial data systems that create or use of STEP for printed circuit assemblies product information.” is also gathering momentum. ajor industrial products, such The continuing development of as aircraft, ships, buildings APs to support different business infor- Using information standards M and industrial plants, are mation exchange and sharing require- to communicate between different now created and maintained through ments has revealed an increasing computer systems offers a common their life using information held in range of common packages of product solution to these two problems. digital form by alliances of enterprises information, or modules, which can be working in a long and complex sup- reused as building blocks in multiple ply chain. This is intended to increase The technical approach applications. More than 150 modules speed and accuracy, reduce costs and have been published as Technical improve quality. Individual enter- ISO 10303 – usually known as Specifications and the EXPRESS data prises, however, use different software STEP (Standard for the Exchange of definition language that underpins ISO tools to undertake their work, with the Product data) – provides a common 10303 has been extended to allow data held in different forms, and this data “ backbone ” for linking systems modules to be assembled to meet spe- can lead to barriers in communica- that create or use product information. cific information exchange and sharing tion. The standard defines an integrated requirements.

ISO Focus February 2005 9 Main Focus

Extending the STEP repaired through life. PLCS has been Future development model designed to store the identities of indi- and exploitation vidual components, which can be read The first AP to make use of the using the full range of automated data Major developments continue modular structure is PLCS (Product capture format options provided by the to support the information needs of Life Cycle Support, ISO 10303-239). generic ISO 15418 and 15434 stand- systems engineering, building on the This AP extends the STEP model to ards as well as the new ISO TS 21849 available suite of modules, and to support all the information required application standard for the aerospace cover new application areas such as to design maintenance solutions for a industry. furniture as well as additional printed product through life, to track planned circuit assembly functions, again using and unplanned maintenance based on existing modules wherever possible. the actual state of the product, and to “ The STEP standards Other standards groups, such track the changing configuration of the and data modules are as ISO TC 29/WG 34 on cutting product as components are replaced available to help in the tools, have made use of STEP technol- and repaired. The modular approach ogy to develop their own information means that the same configuration generation of consistent standards. The STEP standards and model is used for the design and for product information data modules are available to help in the actual product. models through the entire the generation of consistent product The development of PLCS information models through the entire combined the best of all worlds of range of products range of products covered by ISO. standardization, using a consortium covered by ISO.” The information models cre- assembled from industry, government ated by STEP represent an investment and vendors to develop and test the This capability neatly links the of hundreds of millions of dollars and standards against a requirement agreed product model to initiatives such as they are used to store billions of dollars’ through ISO, and providing the results the US Defense Department’s Unique worth of information. The architecture to ISO for endorsement. PLCS imple- Asset Identification programme, where of the standard has been designed to mentations are now in production use PLCS can provide the information support changes in information technol- in Norway and many more are under content for communicating product ogy, such as the progress from simple development or pilot testing. data between the supplier and a range text files through databases to XML Industry use of this life-cycle of customer systems. files and schemas. capability depends on collecting The PLCS standard is being This was demonstrated recently accurate information about changes used by the OASIS consortium to when one of the first STEP models, to a product as it is maintained and develop a range of consistent data from 1995, was recovered from an exchange sets (DEX) to support dif- archive, along with the original CAD ferent business processes during the model from which it had been created. entire life cycle. Due to the changes in the CAD system used to create the model, the system About the author was no longer able to read the original file, but it did successfully import the Howard Mason Taking the drawings out is Chair of ISO/ of manufacturing STEP model. TC 184, Indus- STEP has therefore started to trial automation In the manufacturing field, in demonstrate its value in protecting systems and inte- co-operation with TC 184/SC 1, the industry’s investment in product infor- gration, SC 4, new STEP-NC standards allow fully mation for the future. Industrial data. defined digital models to be manu- He works for factured automatically, creating proc- BAE Systems in ess plans without intervention which the UK and is are then used to drive machine tools responsible for directly. This revolutionary procedure, information standards in the IT and eBusi- using tolerance and finishing informa- ness organization. He has been involved in tion stored as part of the design model industrial automation standards for more to create the final component, will than 20 years and has chaired TC 184/SC 4 since 2000. He also chairs the OASIS eliminate drawings from the manufac- consortium technical committee exploiting turing process. the STEP standard and the management A suite of application protocols group of the MoU on eBusiness between to support the needs of shipbuilding is ISO, IEC, ITU and UN/CEFACT. also now available.

10 ISO Focus February 2005 IT: Success and progress

programmes on VHF/UHF, telephone lines, cables, satellites, DVD and the Internet, for example. The information has a single form and it is always the same set of bits, but they are different- ly “ wrapped ” for carriage by different transmission systems.

Timely decision MPEG was initially estab- lished in 1988 as an “ Experts Group on Moving Pictures ” within ISO/IEC JTC 1/SC 2, WG 8, but three years later it became SC 29/WG 11. It was a timely decision because for more than 20 years there had been world- wide investment in finding algorithms capable of reducing (“ compressing ”) the huge volumes of bits per second (bit/s) generated by the bulk digiti- Digital audio zation of audio and video to much smaller values, but without signifi- cant quality impairment.

. Granier and video for all As an indication, say 1,41 Mbit/s (million bits per second) are required Photo P for stereo audio on a compact disc and 216 Mbit/s for digital television in the by Leonardo Chiariglione, Secondly, it needed transistors studio. Convenor, ISO/IEC JTC 1/SC 29, and integrated circuits (IC) to be invent- Until the late 1980s the conun- drum was that the more efficient the WG 11, MPEG ed. And thirdly, yes, it needed the Mov- ing Picture Experts Group (MPEG), compression algorithm – and there- because when it comes to deploying fore the more promising the exploita- hen the Bell Labs engineer new forms of communication – audio tion potential – the more difficult its Harry Nyquist was buil- and video in this case – standards are implementation in an IC. This, how- Wding his “ telephotography ” required. ever, was the time when compression machine in 1918 and performing his Why did ISO and IEC engage algorithm complexity and IC capabili- seminal work on sampling analogue in setting communication standards ty were converging. What was missing signals in 1928, he probably could not when there was already an interna- was a standard “ Coded Representation have anticipated where his early inves- tional body, the ITU, in charge of of Audio and Video Information ”, the tigation would lead. them ? Because MPEG does not deal original title of MPEG. First and foremost this was with communication systems per se, because, to go from the “ Nyquist the- it deals “ only ” with the abstract form From hundreds orem ” to the ubiquitous digital audio in which audio and video information of millions to and video of today, there was a need is efficiently represented with bits that hundreds of billions for the electronic computer to be can be utilized in different communi- invented, specifically in today’s form cation systems. The creation of this standard as a personal computer, with a host One of the most successful is what MPEG set out to do. The first of researchers devising smart ways MPEG standards – though possibly standard – MPEG-1 – is used in hun- to reduce the number of binary dig- least known to the general public – dreds of millions of video CD players. its (bits) required to represent high- is MPEG-2, which is used through- Billions of videos are stored on CDs quality audio and video. out the world to send digital television around the world.

ISO Focus February 2005 11 Main Focus

MP3, a special case of MPEG-1 cameras and supported by new mobile standard elements taken from MPEG-1, Audio and now a household name, has handsets. A third result is the MPEG MPEG-4, MPEG-7 and MPEG-21. changed the music experience and is File Format, a broadly used format for In the audio and video compres- being used in hundreds of millions of carrying audio and video files. sion field MPEG has recently released PCs and MP3 players. The number of (AVC), with MP3 files can probably be counted in better than twice the compression the hundreds of billions. efficiency of MPEG-2 and which is The second standard – “ MPEG did not miss planned to be deployed in a broad MPEG-2 – has already been men- the importance of range of application domains. The new tioned above and the number of devic- implementing audio High Efficiency AAC provides a com- es and items of content can again be pression factor double that of AAC. measured in the hundreds of millions and video compression At the same time MPEG is and billions, respectively with thou- standards in software.” already investigating or developing sands of hours of content continuous- standards in such fields as : ly generated every day. As a result an • scalable video coding, achieving industry that did not exist before – the From compression to description the same compression as AVC but digital audio and video industry – was with scalability ; created. to management • spatial audio coding, recreating In more recent years MPEG has full 5.1 multichannel audio with a been engaged in a new type of stand- handful of bits added to the stereo ard – MPEG-7. Unlike its predeces- version ; sors, MPEG-7 is not about compres- • scalable audio and speech coding, sion but about “ description ” of what efficiently compressing both music is in a video or audio signal. and speech signals ; In parallel, MPEG also has • 3D AV, representing a set of video developed a suite of standards under signals from a number of video the title MPEG-21 Multimedia Frame- cameras shooting the same scene ; work. Worthy of mention are Dig- and ital Item Declaration (DID, part 2) • addressing the problem of representing multimedia middleware, which is a multiple digital objects ; Digital Item set of APIs to execute middleware Identification (DII, part 3) addressing functions. the problem of how to assign unique Today MPEG continues to pro- Implementing identifiers to the composite objects duce standards to satisfy the needs of its compression standards defined in part 2 ; Intellectual Proper- broad constituency as well as exploring in software ty Management and Protection Com- several new opportunities. ponents (part 4) addressing the issue Today ICs continue to play an of interoperability of Digital Rights important role, but the audio and video Management (DRM) systems ; Rights experience of many people comes more Expression Language (REL, part 5) and more from the PC. MPEG did not specifying a computer-processable About the author miss the importance of implementing language capable of expressing rights audio and video compression standards to digital objects ; and Rights Data Leonardo in software as opposed to IC hardware. Dictionary (RDD, part 6) defining the Chiariglione MPEG-4 – in fact the third MPEG semantics of the terms used by part 5 obtained his standard, despite its name – extended and many more. Ph D degree the scope of interest of the series exact- The latest entry in the MPEG from the Univer- ly to that type of application domain. family of standards is MPEG-A (A sity of Tokyo in One of the results of this effort for Application). Unlike other MPEG 1973. During his is Advanced Audio Coding (AAC), an standards conceived for use in a stand- professional career he has audio compression standard that out- alone fashion, the MPEG-A project performs MP3 by a factor of two. AAC launched several aims at creating standards for sys- initiatives, e.g. is used by two of the best known Inter- tems that incorporate a suite of stand- MPEG in 1988 and – his latest – the Dig- net music services. Another result is ards drawn from the MPEG “ toolkit ”. ital Media Project in 2003. He currently MPEG-4 Visual that is widely used on The first element of MPEG-A is Music advises a number of companies in the area the Web, is loaded in almost all digital Player Application Format, built with of digital media.

12 ISO Focus February 2005 IT: Success and progress

grown rapidly, with nearly a quarter of small businesses and nearly two thirds of large businesses suffering an inci- dent involving staff misuse of systems. In addition, those businesses affected tended to have several such incidents during the year, in fact one per week on average. Other similar surveys point to a comparable trend of incidents faced by businesses around the globe. It is clear from an everyday operational perspective that, without adequate management controls in place, incidents such as those mentioned above can disrupt the proper functioning of a Being prepared to tackle business, resulting in loss of services, productivity, revenue, customer confi- threats to your business dence and trust. They can also damage the market position of a business, result in a failure to meet contractual and legal obligations, or harm the image and rep- by Ted Humphreys, Convenor, included are the risks related to virus utation of a business. ISO/IEC JTC 1/SC 27, WG 1 infection, disruptive software, staff misuse of internet and email services, Appropriate response rganizations in every market or system failure. sector face a growing range of The UK Department of Trade An organization needs to be O threats and risks to their busi- & Industry (DTI ) Information Secu- prepared, therefore, to respond appro- ness. These include attacks coming rity Breaches Survey, which is carried priately to incidents that could affect from outside the organization, such as out every two years, provides a snap- its well-being and continuation of its hackers trying to break into networks, shot of a growing trend in the inci- business operations. Two International or breaches of security due to insid- dents that businesses are faced with Standards – ISO/IEC 17799 and ISO/ ers using their knowledge and internal (see Figure 1). The 2004 issue of this IEC 18044 – support an organization access rights for personal gain. Also survey shows that staff misuse has in managing its incidents. Figure 1 : DTI Breaches Survey 2004

68 % ISBS 2004 - large businesses 64 % ISBS 2004 – overall 50 % 49 % ISBS 2002 – overall 41 % 39 % 42 % 27 % 22 % The DTI Information 17 % Security Breaches Survey 14 % 11 % 11 % 2004 is available from 6 % http://www.dti.gov.uk/ industries/information_ N/A security/downloads. Virus infection and Staff misuse Unauthorized Theft or fraud Systems failure or disruptive software of information access by outsiders involving computers data corruption systems (including hacking attempts)

ISO Focus February 2005 13 Main Focus

ISO/IEC 17799, Code of • responding to information securi- practice for information security ty incidents, including the activa- Markus Soland of UBS says the bank recognizes that 100% securi- management tion of appropriate controls for the prevention and reduction of, and ty can never be achieved and that This code of practice has been recovery from, impacts ; and reactive as well as protective meas- the subject of previous ISO Focus ures are therefore crucial in provid- articles. Its importance lies in the • learning from information securi- ing appropriate information securi- fact that it provides an overall man- ty incidents, the institution of pre- ty based on . One agement framework for dealing with ventive safeguards and, over time, of the most important pillars sup- information security. This standard making improvements to the over- porting reactive measures is certain- defines several management controls all approach to information securi- ly a well prepared and functioning for dealing with incidents, in particu- ty incident management. incident management process. The lar regarding the reporting of incidents information security incident man- and the general procedures for manag- agement standard ISO/IEC 18044: ing them. There are also best practice “ Two International 2004 provides very valuable infor- controls that deal with specific types of mation on how to plan and set up incident such as viruses and other mali- Standards – this process so that the organization cious software, staff misuse, risks from ISO/IEC 17799 and is well prepared to handle incidents. external parties and data corruption. In UBS, the processes outlined have ISO/IEC 18044 – support been demonstrated to be effective, ISO/IEC 18044, Information an organization in especially in dealing with virus- security incident management managing its incidents.” related incidents. This is a recently published technical report that is entirely devoted pened to identify lessons and poten- to the management of information secu- ISO/IEC 18044 has adopted a tial improvements to the organiza- rity incidents. It provides greater detail process model similar to the PDCA tion’s overall information security of how to implement the control proce- (Plan-Do-Check-Act) model found in and also to the information security dures described in ISO/IEC 17799. ISO 9001. This provides the basis for incident management scheme. In particular, ISO/IEC 18044 establishing, implementing and main- taining a managed approach to dealing gives advice and guidance with respect • The Improve Phase implements the with information security incidents. to : recommendations for improvements The four phases of this model include • the detection, reporting and assess- identified in the Review Phase. the following activities : ing of information security inci- dents ; • The Plan and Prepare Phase includes the preparation of an incident report- ing and handling policy and pro- About the author cedures, as well as the establish- ment of an organizational structure Ted Humphreys is the Robin Moses from BT (British Tel- for incident management, alloca- Convenor of ISO/IEC ecom) says that his organization tion of personnel with appropriate- JTC 1/SC 27, WG 1, welcomes the introduction of ISO/ ly assigned roles and responsibili- which is responsible for IEC 18044:2004, fully recogniz- ties, and an awareness briefing and managing projects such ing its importance to today’s digital training programme. as ISO/IEC 17799, networked economy. The informa- SO/IEC 13555 and tion security incident management • The Use Phase covers the actual ISO/IEC 18044. Ted Humphreys is schemes devised by the OneBT day-to-day execution and use of the Director of XiSEC Consultants Ltd, a UK company providing information security Security Practice for customers in policy and procedures to detect and report incidents, assess the situa- management consultancy services around both government and private sec- the world. He has been an expert in the tion, make a management decision tors around the world are fully com- field of IT and telecommunications secu- patible with the new standard. They on what to do and then respond rity, information security and risk man- provide excellent guidance on, and appropriately. agement for more than 27 years. During ‘template’ material for, the estab- this time he has worked for major inter- • Once an information security inci- lishment and maintenance of effec- national companies (in Europe, North dent has been resolved and closure tive information security incident America and Asia), as well organizations agreed, the Review Phase recon- management schemes. and institutions such as the European siders the results of what has hap- Commission and the OECD.

14 ISO Focus February 2005 IT: Success Factors for success and There are several success fac- progress tors identified in ISO/IEC 18044 that need to be addressed to ensure that the incident management scheme in place Global harmonization is effective and efficient in managing the risks the organization faces. in ICT standardization Having management commit- ment and support is critical to any scheme, as are awareness of and train- ing in use of the scheme. It is impor- tant to take due care of any legal, con- tractual and regulatory aspects that might apply, e.g. collection of appro- priate evidence, suitable record keep- ing, satisfying any contractual obliga- tions, maintaining protection or priva- cy of personal data. Also identified as important is maintaining operational efficiency and processing with respect to the report- ing of incidents, the quality of notifi- cation and content, the ease of use of the scheme, and the speed in detecting, reporting, assessing and responding to incidents. Finally it is necessary to maintain, where appropriate, the ano- nymity or confidentiality of users and information in the process. by Joon N. Kim, Chair of ISO/ networks (LANs). While such advances IEC JTC 1/SC 6, Telecommuni- can certainly enhance the quality of our Be prepared cations and information exchange daily life, they can also make it miser- between systems able for standardizers trying to develop Information security incidents globally agreed standards. can hit any organization at any time. An organization that is prepared has hen we celebrated the begin- Promoting harmonious a better chance of surviving than one ning of the new millennium, ICT standardization that is not. Being prepared means hav- W the global information era ing an effective incident management also took a big step forward. Many Of course Joint Technical Com- scheme in place for detecting, report- new information and communication mittee 1 of ISO and IEC (ISO/IEC ing, assessing and responding to inci- technologies (ICT) have emerged to JTC 1) has been working very hard to dents. change the world very rapidly. These lead and promote ICT standardization Attack and response times are can be categorized into several are- in a harmonious way ever since it was getting shorter, the attacks are getting as : next-generation networks, digit- established in 1987. But sometimes it more sophisticated and the impact and al homes, mobile communications, has been an uphill battle for JTC 1 to damage are increasing. In some cases, digital broadcasting, network securi- standardize fast-changing ICT technol- no sooner are software vulnerabilities ty and application services. Each area ogies and to gain some well deserved identified than attacks are launched to covers hundreds of technologies never respect as the global ICT standards exploit these vulnerabilities – before seen before and represents a huge glo- developer. an organization has a chance to down- bal market potentially worth billions Among the many subcommit- load and install a patch, assuming that of dollars. tees within JTC 1, SC 6 (as its single- one has been produced. Let’s take some examples from digit number indicates) has for a long Time is therefore of the essence. next-generation networks. In a future time been doing the homework in the Being prepared and responding effec- ubiquitous network we will enjoy on- area of telecommunication and infor- tively in a timely way can make the line multimedia services, voice over mation exchange between systems. difference between survival and a busi- version 6 of the Internet Protocol (IPv6), This forms the core of standardization ness disaster. mobile Internet and 10 Gb/s local area work for next-generation networks.

ISO Focus February 2005 15 Main Focus

SC 6 also maintains good liai- with standardization initiatives to get a around the ITU. Active coordination son relationships with ISO/IEC JTC 1/ potentially bigger piece of the market work by the Global Standards Collab- SC 25, ITU-T SG 17, IEEE 802 LMSC pie. Many ICT standards organizations oration (GSC) has set a good exam- and Ecma International for its work are involved at various levels with the ple of harmonization among various covering high-speed LANs, network/ apparent intention of increasing their organizations, even if it focuses heav- transport protocols, abstract syntax market share. ily on public-domain telecommunica- notation, directory and private inte- To make things worse, the old- tions rather than ICT in general. GSC grated-services networks. established international standards was formed by ITU-T, ITU-R and organizations – ISO, the IEC and ITU many national standardization organi- – which have been producing Interna- zations, such as TIA, ARIB, T1, TTC, “ The area of tional Standards and Recommendations TSACC and ACIF. telecommunication and for decades, still suffer from a chronic information exchange disease : the general pace of internation- A worldwide independent al consensus-based standardization lags organization ? between systems forms behind fast-moving technical develop- the core of standardization ment in the ICT industries. While there A similar approach could be have been some efforts to improve this, adopted for ICT in order to achieve work for next-generation they have not so far turned out to be global interoperability, arbitration of networks.” very effective. intellectual property rights and coor- In contrast, many worldwide dination of areas for standardization, fora and consortia develop up-to-date as well as to avoid at an early stage all The co-operation between SC 6 de facto standards in a timely fashion unnecessary duplication in the work. and ITU-T SG 17 may in fact be one in order to increase their market share One feasible solution might of the best examples of harmonization and build barriers to would-be new mar- be to make JTC 1, which was solely among international standards devel- ket entrants. In between, we have some intended to develop standards in the opment organizations. We develop regional standardization bodies such as ICT field and is doing just that, a world- many network standards together in ETSI and Ecma International that deal wide organization for ICT harmoniza- a common text format and collocate with ICT standards that could be either tion and standardization independent of the joint meetings to align progress. regional or global in application. ISO or IEC. If the idea were support- Both organizations are currently work- ed by general consensus, JTC 1 could ing on enhanced communication serv- become a World ICT Council responsi- ices and protocols, ASN.1 and directo- Political and economic ble for actively seeking global harmoni- ry standards. barriers zation on ICT standardization. SC 6 also has long co-operated with IEEE 802 LMSC in the field of In addition to this variety of local and metropolitan area networks standards development organizations, to internationalize IEEE high-speed there are political and economic bar- LANs and wireless LANs. Ecma Inter- riers that make global harmonization national, meanwhile, has provided val- difficult. Perhaps surprisingly, some uable resources to produce private inte- people seem to believe such blocking tactics are an effective way of protect- grated-services network and near-field About the author communications-related standards. ing their interests. Recently, with the economy in Professor Kim Effort and patience China booming, a new regional move- received a BSc ment has been gaining momentum in in electronic Collaboration of this kind East Asia to build a so-called CJK engineering at requires much effort and patience (China-Japan-Korea) industrial bloc, Seoul National from all organizations involved. And it including regional ICT standardiza- University and is crucial to maintain a certain level of tion, to follow in the footsteps of the MSc and PhD harmonization in the standards if ICT European Union and North American degrees in com- industries are to be cost-effective and Free Trade Agreements (NAFTA). So puter engineer- interoperable through their products. in reality it is a mixture of local inter- ing at Iowa State University. Cur- But at the higher level of glo- est, the desire for market initiatives and rently he is with the Chung-Ang Universi- bal standardization, things are quite some politics that hinders harmonious ty in Seoul studying performance analysis different. It is a well known fact that international standardization. of network protocols, wireless LANs and companies, interest groups, countries On the positive side, there have mobile ad hoc networks. He has served as and regional bodies are all competing been some collaborative activities Chair of ISO/IEC JTC 1/SC 6 since 2000.

16 ISO Focus February 2005 IT: Success Data semantics and and metadata standards progress

Traditionally, the metadata for databases and files are developed indi- vidually, without reference to simi- lar data in other sources. Even when metadata exist, they are often incom- plete or incompatible across systems. As a result, the data contained in these databases and files are poorly under- stood. In addition, the metadata often disappear after the data reach the end of the business life-cycle. There are now techniques for representing the semantics of data independently of the system in which they are stored, the model used to organize them, the source from which they came and the time when they were created. These semantics and oth- er descriptors are stored as metadata.

Managing metadata The International Standard ISO/ IEC 11179, Metadata registries (MDR) addresses the management of meta- data needed to understand, locate and manipulate data. The purposes of the standard are to : • establish standard descriptors for data ; • promote shared understanding of data across organizational elements and among organizations ; by Dan Gillman, information a study through which some data are • facilitate interchange, re-use, har- scientist, Bureau of Labor collected does not describe the data, monization and standardization of Statistics, USA strictly speaking, although it is use- data and components of data over ful for locating the data of interest. On time, space and applications, both lmost every organization man- the other hand, the definition of a code within and across organizations ; ages data. No matter wheth- used to represent some data is very and descriptive. Both are metadata. A er the organization is public • support management of the compo- or private, for or not for profit, data nents of data. are a major corporate resource and the The meaning of data ISO/IEC 11179 is a six-part problems of describing those data are standard as follows : similar. Descriptions are essential for Semantics is the study of mean- locating, understanding and using data, ing, so the term “ semantics of data ” Part 1 : Framework – presents an whether the users are inside or outside refers to the meaning of the data. With- overview of the entire standard and a the organization. out getting into a deep philosphical dis- description of the basic concepts and Metadata are the descriptions cussion, meanings are part of the infor- principles. of data or other resources. Here, we mation that data convey. Information is Part 2 : Classification – describes how use the term “ description ” in a gen- represented by (other) data, and this oth- to manage a classification scheme in a eral sense. For example, the name of er data is metadata for the original data. metadata registry.

ISO Focus February 2005 17 Main Focus

Part 3 : Registry metamodel and An MDR manages the seman- sponding to one of the categories in the basic attributes – provides the basic tics of data. Understanding data is fun- CD. The set of these permitted values is framework, in the form of a conceptu- damental to all aspects of its use so called a value domain (VD). In the case al model, for a metadata registry. the underlying model for an MDR is of marital status, for example, the val- Part 4 : Formulation of data defini- designed to capture all the basic com- ues S, M, D and W correspond to the tions – establishes rules for forming ponents of the semantics of data, inde- categories defined above. quality definitions for data elements pendent of any application or area of The semantic and represen- and their components. subject matter. tational components are described through attributes contained in the con- Part 5 : Naming and identification ceptual model of a metadata registry as principles – explains how to docu- specified in Part 3 of ISO/IEC 11179. ment naming conventions for data ele- “ ISO/IEC 11179 defines A metadata registry that conforms to ments and their components. the attributes which ISO/IEC 11179 can describe a wide Part 6 : Registration – specifies the guarantee that both users variety of data. The attributes and rela- roles and basic procedures for the reg- and owners of data have tionships associated with a particu- istration process in an ISO/IEC 11179 a common understanding lar object in an MDR give that object metadata registry. meaning, although the depth of this of the meaning and meaning is limited because it is impos- The goals of registration descriptive characteristics sible to describe an object fully. of that data.” In addition, since ISO/IEC A metadata registry that con- 11179 is subject-matter area independ- forms to ISO/IEC 11179 is denoted ent, an MDR does not contain specif- MDR, this being a database of meta- In ISO/IEC 11179 the basic con- ic subject-matter attributes that could data that supports the functionality of tainer for data is called a data element. add meaning to an object. For instance, registration. Registration accomplishes It may exist purely as an abstraction or a data element is further described by three main goals : identification, prov- in some application system. In either knowing the data collection procedure, enance and monitoring quality. Identi- case the description of a data element is if one exists. This information, however, fication is accomplished by assigning the same in ISO/IEC 11179. Data ele- is beyond the scope of ISO/IEC 11179. a unique identifier (within the registry) ment descriptions have both semantic to each object registered there. Prove- and representational components, and A descriptive framework nance addresses the source of the meta- the semantics are further divided into data for the object described. Monitor- contextual and symbolic types. for a shared view ing quality ensures that the metadata Contextual semantics are describ- Interestingly, the attributes does the job it is designed to do. ed by the data element concept (DEC). described in Part 3 are themselves data The DEC describes the set of objects for elements and they can be registered which data are collected and a charac- in an ISO/IEC 11179 metadata regis- About the author teristic of those objects being measured, try. There are two main consequences Dan Gillman is an for example the marital status (charac- to this : first, the metadata registry can nformation scientist teristic) of US adults (set of objects). describe itself ; but secondly, metadata employed by the US layers or levels are not defined in ISO/ Bureau of Labor Symbolic semantics IEC 11179, which is a general descrip- Statistics in its tive framework for any kind of data but Office of Survey Symbolic semantics are describ- does not address other data manage- Methods Research. ed by the conceptual domain (CD), ment needs that are beyond its scope His main research which is a set of categories, not nec- and should be addressed elsewhere. nterests are metada- essarily finite. Each category has a The increased use of data a, metadata stand- definition and these correspond to processing and electronic data inter- ards and automatic text classification. At the classes of a partition of the set of the Bureau of Labor Statistics, he is respon- change relies heavily on quality data. objects determined by a characteristic One of the prerequisites for this is sible for instituting metadata management of those objects. For instance, com- principles throughout the agency. that both users and owners of data monly recognized categories for the Gillman has published and presented have a common understanding of marital status of US adults are single, numerous papers on metadata and metadata the meaning and descriptive charac- standards in professional forums, he chairs married, divorced and widowed. Each teristics of that data. ISO/IEC 11179 the UNECE/Eurostat/OECD Work Group adult belongs to one category. defines the attributes that guarantee on Statistical Metadata, and he chairs the The representational component this shared view. US ANSI-accredited metadata standards is about the permitted values that a data committee, INCITS/L8. element may use, with each value corre-

18 ISO Focus February 2005 IT: Success and progress

In Singapore today, AIDC tech- nologies have been widely adopted by the retail and health-care industries, by the public library system and, in the form of Electronic Road Pricing (ERP), for road traffic volume man- agement. The next wave of the major thrust in AIDC is development and deployment of the Electronic Product Code (EPC), which was developed by the Auto-ID Centre with the Massa- Automatic identification chusetts Institute of Technology (MIT) and data capture technologies in the USA. Bar coding and the EAN standards by Tan Jin Soon policies. SANC has on 1 January 2005, Perhaps the oldest of the AIDC changed its name to GS1 Singapore technologies, bar coding is also the echnologies such as bar cod- Council to be in line with the change best known and probably the most suc- ing and radio-frequency iden- of name of its parent body from EAN cessful to date. We are all familiar with T tification (RFID) provide quick, International to GS1. This will more the basic bar code on a box of cereal or accurate and cost-effective ways to fully reflect the organization’s global jar of honey that we buy in the super- identify, track, acquire and manage reach since November 2002, when the market. data and information about items, Uniform Code Council, Inc (UCC), personnel, transactions and resourc- together with the Electronic Com- es. These are known as the Automat- merce Council of Canada, joined EAN ic Identification and Data Capture International as members. (AIDC) technologies. Singapore has been a forerunner in some AIDC tech- Identification and nology applications and this article tracking gives an overview of these as well as a AIDC is an industry term which look at new developments in this area. describes the identification and/or The information and commu- direct collection of data into a micro- nication technologies (ICT) industry processor-controlled device, such as a is a substantial and increasing compo- computer system or a programmable nent of Singapore’s economy, account- logic controller (PLC), without the use ing for 7 % of GDP and 100 000 jobs. of a keyboard. AIDC technologies pro- It provides the systems that under- In Singapore, the EAN (Euro- vide a reliable means not only to iden- pin the productivity of Singapore’s pean Article Numbering) bar coding tify but also to track items. It is possi- manufacturing, logistics and service standards were adopted as Singapore ble to encode a wide range of informa- businesses. According to Gartner, the national standards in 1993, endorsed, tion, from basic item or person identi- ICT industry in Singapore is expect- published and released on 6 March that fication to comprehensive details about ed to grow by 2,9 % in 2004 to reach year by the Singapore Standards Coun- the item or person, e.g. item descrip- USD 10,9 billion. cil under the umbrella of SPRING Sin- tion, size, weight, colour, etc. At their Singapore began to implement gapore. The full titles of these stand- core, all AIDC technologies support its National IT Plan, integrating com- ards are : two common goals : puting and communications, in 1986 • Singapore Standard 362 : Part 1 : and the following year established the • to eliminate errors associated with 1993 – Specification for EAN Bar Singapore Article Number Council identification and/or data collec- Coding System Part 1 : EAN – An (SANC), which is the national body tion ; and Unambiguous International Prod- that formulates and implements AIDC • to accelerate the throughput process. uct Identification System ; and

ISO Focus February 2005 19 Main Focus

• Singapore Standard 362 : Part 2 : 1993 – Specification for EAN Bar Coding System Part 2 : EAN Code 128 and Application Identifier Standard. Both Part 1 and Part 2 as above are currently being reviewed and revised by the Automatic Data Cap- ture Technical Committee (ADC TC) of the IT Standards Committee (ITSC) with the aim of migrating them to three ISO/IEC joint International Standards, namely ISO/IEC 15420 – EAN/UPC, ISO/IEC 15417 – Code 128 and ISO/ IEC 15418 – EAN/UCC Application marts, post offices and drug stores, UPC-12 and UPC-E symbologies are Identifier and FACT Data Identifiers using EAN/UCC symbologies. Logis- widely used in supply-chain manage- and Maintenance. tics service providers also use EAN/ ment, including in the retail, logistics This migration is in line with UCC symbologies in supply-chain and transport sectors. Singapore’s standardization policy of management. In Singapore, the application of aligning national standards with Inter- 2D carriers is limited to the registra- national Standards to promote the Different types tion of delegates attending exhibitions growth of Singapore as an internation- of bar code and conferences. Some printed circuit al trading, manufacturing and logis- board manufacturers are beginning tics hub. In the case of SS 362, it will There are two major types of to use Quick Response (QR) code, contribute to the promotion of Singa- bar code : the linear carriers and the which is a 2D code, on their products. pore as an IT hub and as a launch pad two-dimensional (2D) carriers. This has been specially developed to for new AIDC techniques in the Asian When a linear code is scanned, include all the benefits of 2D symbol- region. it will show the numeric numbers rep- ogy, such as the high data capacity of In addition to the EAN bar cod- resenting the bars and spaces. When PDF417, the reduced-space printing of ing standards, the other bar code sys- a scanner is connected to the data- data matrix, and the high-speed read- tems used in Singapore are Code 39 base, all stored information can be ing of maxi code. and ITF-14 (Interleaved Two of Five), retrieved. As ISO/IEC 18004, QR is an although neither of these is a Singa- The application of EAN-13, International Standard. Its unique fea- pore Standard (see Table 1). EAN-8, UPC-12 and UPC-E symbol- ture is its special ability to encode Applications of EAN bar cod- ogies in the Singapore retail trade was Kanji, Chinese characters, Korean ing standards in Singapore are current- spearheaded in 1990 by Esso Mini- characters and other Asian language ly concentrated in the grocery industry, mart at Esso petrol kiosks. Today in characters more effectively. supermarkets, hypermarkets, depart- Singapore, linear carriers with EAN- 13, EAN-8, EAN-14, EAN/UCC-128, ment and convenience stores, petrol Radio-frequency identification (RFID) The hot technology in the Table 1 : Brief description of Code 39 and ITF-14 AIDC arena is RFID, which provides a means of obtaining information on Code 39 Code 39 is commonly used for various bar coding an item in real time and without mak- (also known as labels such as name badges, inventory and industrial ing direct contact. On 6 December the 3 of 9 Code applications. The Code 39 system is the easiest to use 2004 at Oracle Open World in San or Code 3 of 9) of alphanumeric bar codes and is designed for character Francisco, USA, Ms Carly Fiorina, self-checking, eliminating the requirement for check- the Chairperson of Hewlett Packard, character calculations. told 25,000 delegates in her keynote address that the next big tech boom will be in RFID. ITF-14 ITF-14 is also known as Interleaved Two of Five. It is With RFID, reading and writ- commonly used to identify a logistic unit, for example ing distances can vary from a few mil- a shipping carton. The shipping carton may contain a limetres to several metres, depending single type or several different types of retail item. on the technology variant used. Sev-

20 ISO Focus February 2005 IT: Success eral RFID applications have already array of cameras at control points rather and been developed and implemented in than RFID readers in cars so it is true to progress Singapore, with the Singapore Info- say that Singapore was the first country comm Development Authority (IDA) in the world to implement an ERP sys- and industry players having commit- tem using RFID technology on such a zero minutes’ queuing for book returns ted S$12 million (USD 7.3 million) to wide scale for effective road traffic vol- – in other words, this RFID system implementing the technology. The Sin- ume management. More than 600,000 allows a reader returning a book to gapore Government is offering finan- cars in Singapore are equipped with an have it checked in immediately. cial support via a S$10 million (USD RFID-based in-vehicle unit. All 23 branches of Singapore 6 million) master plan announced in Regional and Community Libraries, May 2004 to transform Singapore into i.e. the public libraries, use RFID tech- an RFID-based logistics hub by 2006. nology for the circulation of books, Some of the RFID applications already “ The information magazines, videos and DVDs. The in place in Singapore are described and communication frequency employed by the system is below. 13.56MHz and, as of December 2004, technologies (ICT) industry more than 10 million books, videos The Electronic Road Pricing is a substantial and and DVDs had been RFID-tagged. (ERP) system increasing component The ERP system has been Sin- of Singapore’s economy, Other RFID applications gapore’s main traffic management tool accounting for 7 % of GDP With the price of RFID tags since 1998. It is an electronic toll sys- and 100 000 jobs.” falling and with RFID technology tem that, as motorists drive past a gantry being further refined and developed, during its operating hours from 07:30 applications have been expanded to to 19:00 on weekdays, deducts the pre- Electronic Library materials petrol stations and car parks, for exam- scribed price from a store-valued smart Management System (EliMS) ple, as well as to tagging the endan- card inserted in an ERP unit inside the gered Arowana fish for domestic as vehicle. The deduction is made via The Singapore National Library well as export trade. radio signals and the amount is depend- Board (NLB) is probably the world’s RFID applications were even ent on location, vehicle type and time of first nation-wide application of RFID extended to hospitals during the SARS day. It is therefore a system designed to technology for public use in a library outbreak in 2003. In order to trace the manage the volume of vehicles on the environment. Deployed in April 2002, movements of health-care workers, road at different times of the day. the system is known as the Electronic patients and hospital visitors, a Hos- In Europe, London implement- Library Management System (EliMS) pital Movement and Tracking System ed its road pricing system, the so-called and it offers a service level that includes Congestion Charge, on 17 February less than five minutes’ queuing to bor- 2003. This system, however, uses an row materials during peak periods and About the author

Tan Jin Soon is Executive Direc- or of the Singa- pore Article Number Coun- cil, now known as GS1 Singa- pore, and Chair- man, Automatic Data Capture Technical Com- mittee of the IT Standards Committee, a partnership between the Infocomm Authority of Singapore and SPRING Sin- gapore. He also is a member of the Stand- ardization Advisory Group of SPRING Singapore and a member of the GS1 Advi- sory Council.

ISO Focus February 2005 21 Main Focus

(HMTS) was developed. This com- replace line- prises sensor cards that emit radio sig- ar bar codes in nals which are captured by receivers the foreseeable and forwarded via the local area net- future since the work (LAN) to computers. Visitors latter will remain and patients exchange their identity a cost-effective and cards (ICs) for the sensor cards. Con- dominant applica- tact details on the IC are scanned, input tion within the sup- to a computer and can then be matched ply chain. with the information from the sensor cards. RFID licensing issues Photo : P. Photo : Granier P. The Singapore Info- “ Migration of Singapore comm Development Authority Standard 362 to (IDA) is the national body that regu- ISO/IEC joint International lates and manages the radio frequen- Standards will contribute cy spectrum. Several applications are to the promotion of exempted from licensing, including : Singapore as an IT hub • low-power radio communication • Part 3 (13.56 MHz) equipment ; • Part 4 (2.45 GHz) and as a launch pad for • localised on-site or in-building • Part 6 (860-930 MHz Passive) new AIDC techniques in usage ; the Asian region.” • Part 7 (433 MHz Active) • operation on an approved frequency on a shared and non-exclusive basis At the time of writing of this While this is a useful tool when (hence users cannot claim protec- article, the EPCglobal G2 specifica- visitors need to be identified and quar- tion and must not cause interfer- tion had been finalized in December antined in the event the patients they ence to other systems authorized 2004 and submitted to ISO/IEC JTC 1/ visited are identified as infected by by IDA) ; SC 31 for inclusion in ISO 18000-6 SARS, RFID tags are not likely to part C. • generally <100 m EIRP (Effective Isotropic Radiated Power) or with- EPCglobal Singapore in other defined power limits spec- ified by IDA ; and EPCglobal Singapore was estab- • if transmitter output power is with- lished on 27 April 2004 to promote in the limits specified by IDA. implementation of the EPCglobal sys- tem and Singapore. As described in Dealers need to seek type more detail below, its unique feature approval. is the combination of RFID technol- ogy and the Internet, which allows Promotion of RFID the size and capacity of the EPCglobal The Singapore RFID Working tag to be reduced to encode only prod- Group was established under the ADC uct identification and serial number. TC on 25 January 2000 to promote the The remainder of the product data are awareness and applications of RFID. stored in a database accessible via the Quarterly meetings are held and work- Internet. In this way, the unit cost of ing group members are briefed on the the EPCglobal chip can be reduced to standards development work carried five US cents at most, or even as little out by ISO/IEC JTC 1/SC 31 WG 4, as one US cent. which is responsible for Radio Fre- quency for Item Management stand- Card technologies ards. The following RFID standards in The term card technology nor- the ISO/IEC 18000 series, developed mally refers to any technology employ- by JTC 1/SC 31, cover the Air Inter- ing some form of AIDC that can be face for Item Management : placed on a card to provide access to • Part 1 (Generic parameters) something. Among such technologies • Part 2 (< 135 kHz) are smart cards and magnetic stripes,

22 ISO Focus February 2005 IT: Success which statistics show are both widely a single-application card to a mul- and used in Singapore : ti-application co-branded card, func- progress • magnetic stripes were implement- tioning for example as a bank (ATM) ed over 20 years ago and more than card, civil service card, armed forces five million cards are in use ; card, loyalty card, student card, vehi- To speed up immigration clear- • smart cards were implemented six cle-entry permit card (Customs clear- ance at checkpoints, Singapore Immi- years ago and six million contact ance) and/or staff ID card (with secu- gration and Registration introduced cards as well as five million con- rity access). the Immigration Automated Clearance tactless cards for public transport CashCard can be used at points- System (IACS) in 1996. The IACS are in use. of-sale, self-service kiosks and vend- ing machines, as well as for the ERP harnesses biometrics and smart card system described earlier and for car technologies to allow frequent travel- park payments. It can also be used over lers carrying personalized smart cards the Internet for online cash sales, time- to clear immigration quickly through “ The objective based access charges and low-value the automated lanes at checkpoints, of EPCglobal is payments. There are now more than thereby reducing immigration man- to create a universal, 26 000 CashCard acceptance points power costs and making frequent trav- open standard for in Singapore, not including in-vehicle el easier. identifying individual units and smart card readers. In 2003, the ITSC established a objects and sharing There is a Cards & Person- Biometrics Protem Committee which al Identification Technical Commit- is currently an observer member (O- information as those tee within the Singapore IT Stand- member) of JTC 1/SC 37, Biometrics. objects traverse ards Committee (ITSC) that monitors the supply chain.” the activities of ISO/IEC JTC 1/SC 17, of which Singapore is a participating New opportunities member (P-member). Contactless smart cards With the successful applica- tion of RF tags in the ERP system, In January 2002, the Singapore Biometrics petrol kiosk management, car park Land Transport Authority (LTA) invit- Biometrics is ideal for appli- management, hospital visitor track- ed some 45 000 commuters to test its cations that require unique and secure ing and library management, aware- contactless smart card system, called user identification, such as access con- ness of RFID is on the increase, ez-link, on the public transport net- trol, time and attendance, banking, and stimulating more people to investi- work. The ez-link system was official- personal computer and network securi- gate applications in other sectors of ly launched on 13 April 2002 and the ty. Biometrics is an area that is receiv- industry. entire transfer from the previous mag- ing increasing attention in Singapore. netic fare-card system to ez-link was Biometrics and digital/public completed by the end of 2002. Cur- key signatures are new AIDC tech- rently, the estimated number of cards nologies that are currently under study sold, excluding standard tickets, is and trial. There is also interest in using 4,5 million. an electronic recognition system to In non-transport applications, automate the monitoring and tracking pilot trials to explore ez-link as a con- of containers via electronic data inter- venient micro-payment alternative to change or RFID. cash are ongoing and include areas such as student attendance tracking, RFID for freight container canteen food purchases and collec- electronic seals tion of fees in selected schools, book loans and fines in libraries, public pay- ISO TC 104/SC 4, WG 2 is now phones, taxis, car parks, etc. developing a standard entitled Freight Containers – Radio Frequency Com- Contact cards munication Protocol for Electronic Seals. This working group is chaired More than six million Cash- by Singapore and comprises experts Cards, the national e-purse launched in from Denmark, Germany, Israel, the 1996, are now in circulation. CashCard Netherlands, Singapore, Sweden, the is gradually moving away from being UK and USA.

ISO Focus February 2005 23 Main Focus

Image 1 : EPCglobal tag

The proposed standard, ISO two other parts for DIS voting by the • Savant™ (the software that acts as 18185, provides a system for the iden- end of this year. the network’s nervous system) tification and presentation of informa- • Object Naming Service (ONS) tion about freight container electronic • Physical Markup Language (PML seals. A Draft International Standard EPCglobal, the Electronic Standard for Data Interchange) (DIS) was circulated for voting during Product Code (see Image 1) 2002 but there was unanimous agree- EPCglobal is considered to be ment at that time to revisit the draft to the next generation of automatic prod- Judging by interest in the global address increased security concerns in uct identification system to facilitate marketplace, the EPCglobal system has the post-9/11 environment as well as object tracking and tracing in real strong potential to become the next gen- increased user needs. time throughout the supply chain. eration of product identification system, The various concerns have been The objective is to create a universal, similar to the EAN and UPC bar codes. taken into consideration through the open standard for identifying indi- Like a bar code, EPCglobal uses a string inclusion of several parts in the stand- vidual objects and sharing informa- of numbers to identify the manufacturer ard. Following the most recent meeting tion as those objects traverse the sup- and product. Unlike a bar code, howev- in December 2004, four parts of the ply chain. er, it adds a third set of digits – a serial standard are expected to be complet- The EPCglobal network is com- number – that is unique to each object, ed for DIS voting in June 2005, with posed of six main elements : making it possible to identify and track the remaining two parts to be ready for a specific object as it moves through the • EPCglobal tags (96 bits) Committee Draft (CD) voting in May supply chain. The EPCglobal number is 2005. The four parts are expected to be • Electronic Product Code (EPC) the only information stored on the RFID completed for Final DIS voting and the • Radio-frequency readers and tags tag’s microchip.

24 ISO Focus February 2005 IT: Success Readers send out electromagnet- Leading the world and ic waves that power up the RFID tag, Singapore is now well devel- progress enabling it to transmit back the infor- oped in the applications of AIDC tech- mation stored on the microchip. The nology, particularly in the field of Savant software receives the EPCglo- radio frequency for item management. US Department of Defense also has bal code from the reader, queries ONS In the identification of library books, indicated its adoption of EPCglobal, on where to find information about that the city state leads the world with more which is therefore rapidly becoming product and then retrieves the PML data than nine million books RFID-tagged the new-generation system for product about that product from the network, as and the number growing by approxi- identification to facilitate the tracking defined by ONS (see Figure 1). mately one million books a year. and tracing of objects. The EPCglobal system can The Asia Pacific EPCglobal incorporate the Global Trade Item Roadshow was held for the first time Number (EAN-13) and, as a result, in Singapore on 5 May 2004 and was Acknowledgement will co-exist in the supply chain with attended by more than 300 delegates the EAN.UCC system for the fore- The author would like to thank who saw presentations on EPCglobal seeable future. EAN International and the following organizations for specifications and pilot trials with the UCC will co-manage AutoID, Inc, their inputs to this article : system. which is a 50:50 joint venture between the Cards & Personal This roadshow has ignited a the two. In Singapore, SANC 1) will Identification Technical Committee great deal of interest in implementing facilitate application of the EPCglo- of ITSC ; EPCglobal in the Asia Pacific region. bal system. Such enthusiasm is further enhanced the Infocomm Development by news of major retailers – including Authority of Singapore ; Wal-Mart, Target, Tesco and Metro – the Land Transport Authority ; requesting their suppliers to implement the National Library Board ; and 1) For EPC, contact Mr. Tan Jin Soon at email : EPCglobal tags on pallets and shipping SPRING Singapore. [email protected]. cartons effective January 2005. The

Figure 1 : EPCglobal system diagram

Basic EPC Network Communication Flow Retailer ONS Service 3 1 epc:3.037000.12345.0000678900000 Retailer ONS 2 I don’t have product information from ONS 4 Registry 3.037000.12345. Find out who does. 2 7 3 Find PML server for 3.037000 5 4 Authoritative ONS server for 3.037000 is located at ons.mfg.net 6 Manufacturer 5 Where is the PML server for 3.037000 ? 6 PML server for 3.037000 is Reader 8 Manufacturer at pmI.mfg.net 1 ONS 7 PML server for 3.037000 is 9 at pmI.mfg.net 8 Give me product data (PML) Manufacturer for 3.037000.12345 PML Product Data 9 Here is the data (PML) for 3.037000.12345

ISO Focus February 2005 25 Main Focus

greed with the structure of ISO 9001: 1987 because it did not reflect a soft- ware life cycle. They therefore decided to create a document which mirrored the processes that should be followed when creating quality software. They recognized early on that for quality to be built into software, the necessary processes that were part of the software life cycle had to be identified and developed. At that time, ISO/IEC 12207:1995, Software life cycle process- es, had yet to be written, so the authors of the earliest version of ISO 9000-3 were somewhat ahead of their time.

“ Guidance is provided in the core process areas of software realization and in measurement, analysis and improvement” Huge potential user base for ISO/IEC 90003 Unfortunately, users of the ear- ly ISO 9000-3 had a difficult time the state of the art for improving quality matching up to the requirements of in ISO 9001/2/3:1987 and so the struc- ture became a contentious issue when ISO 9001 was revised in 1994. In 1997, to the development and the applica- by Witold Suryn, ISO 9000-3 was revised to align it with tion of software engineering standards. Victoria A. Hailey and ISO 9001:1994 and was subsequently In recent years, the adoption of such Andy Coster published as ISO 9000-3, Quality man- an approach has become crucial due to agement and stand- the multitude of standards developed ards – Part 3 : Guidelines for the appli- that were becoming more willingly SO/IEC 90003:2004, Software cation of ISO 9001:1994 to the devel- embraced by both the industry and the engineering – Guidelines for the opment, supply and maintenance of users of its products. I application of ISO 9001:2000 to computer software. computer software, is a new ISO/IEC Notice the addition of “ compu- standard that has a huge worldwide Background to ter ” as a descriptor of software. Soft- potential due to the penetration of just ISO/IEC 90003 ware had evolved to a degree signifi- about every business sector, as well as cant enough to need this clarification. many aspects of social life, by infor- The first ISO 9000 standards With this 1997 revision, the guidance mation technology. were published in 1987, but it was contained in ISO 9000-3 was struc- ISO/IEC 90003:2004 covers not until 1991 that a software guid- tured to match each and every require- all aspects of software quality, from ance document was created for the ment of ISO 9001:1994. acquisition to supply, including devel- industry. ISO/IEC 90003’s history opment, operation and maintenance of is a colourful one, starting in 1991. computer software, and provides guid- At that time, there were few software ance on how to implement the high- engineering standards documents ly successful ISO 9001:2000 process and even fewer documents related to 1) ISO/IEC 90003:2004 was developed by the approach in a software environment. software quality. joint technical committee established by ISO and The publication of ISO/IEC The creators of what was then the IEC (International Electrotechnical Commis- 1) sion) ISO/IEC JTC 1, Information technology, 90003 heralds an important era for ISO 9000-3, part of the ISO 9000 fam- subcommittee SC 7, Software and system engi- the software engineering community ily and under the wing of ISO tech- neering, working group WG 18, Quality man- by bringing a consolidated approach nical committee ISO/TC 176, disa- agement.

26 ISO Focus February 2005 IT: Success By this time, ISO/IEC 12207: community. New standards have been and 1995 had been published and since it developed to support various aspects of progress was generally accepted internationally quality, such as ISO/IEC 15504 (proc- as the baseline for software processes, ess assessment), ISO/IEC 9126 (product the guidance information in ISO 9000- quality), ISO/IEC 14598 (product qual- 3 was based heavily on ISO/IEC 12207 ity evaluation), ISO/IEC 15939 (meas- Content and structure content. Users were happier with the urement process), ISO/IEC 14764 (soft- The best description of the con- usability of the revised ISO 9000-3 ware maintenance), ISO/IEC 12119 tent of ISO/IEC 90003 is a direct quote since they could relate each ISO 9001: (software packages requirements and from its “ Scope ” clause : 1994 requirement to ISO/IEC 12207 testing) and ISO/IEC 14143 (functional and their own needs. size measurement), among others. This International Standard When ISO 9001:2000 was pub- With the revision of ISO 9000-3 specifies requirements for a quality lished in December 2000, the software and the adoption of its own ISO/IEC management system where an organ- engineering standards community had number, 90003, this software guid- ization progressed significantly, with addi- ance has became an independent • needs to demonstrate its ability to tional core standards being available software engineering document able consistently provide product that to support ISO 9001:2000’s require- to direct the user to rich sources of meets customer and applicable ments. ISO then took the decision to advice. ISO/IEC 90003 makes exten- regulatory requirements, and transfer ISO 9000-3 to the joint techni- sive use of these other documents by • aims to enhance customer satis- cal committee ISO/IEC JTC 1, Infor- cross-referencing, where available, faction through the effective appli- mation technology, in which the spe- the applicable supporting standards, cation of the system, including cific expertise of subcommittee SC 7 rather than repeating these software processes for continual improve- is software engineering. best practices. This approach provides ment of the system and the assur- This has permitted the guidance guidance where needed and offers ance of conformity to customer to be synchronized with the most cur- detailed sources from which to incor- and applicable regulatory require- rent developments within the software porate better quality practices. ments.

Figure 1 : The structure of ISO/IEC 90003

ISO/IEC 90003

Quality Management Resource Product Measurement, Management Responsibility Management Realization Analysis and System Improvement

• General • Management • Provision of • Planning of • General requirements commitment resources product • Monitoring and (for quality • Customer focus • Human resources realization measurement system) • Quality policy • Infrastructure • Customer related • Control of • Documentation processes • Planning • Work nonconforming requirements • Design and product • Responsibility, environment development communication • Analysis of data • Purchasing • Management • Improvement review • Production and service provision • Control of monitoring and measuring devices

ISO Focus February 2005 27 Main Focus

From the perspective of the the planning and management of Figure 2 shows how the stand- user, both the content and structure of the realization process, the relation- ards interrelate : ISO/IEC 12207 soft- this standard offer practical guidance ship with the customer and the pro- ware life cycle processes are the core for the implementation of an ISO 9001: duction and post-delivery support. of the software engineering model 2000 quality system that is dedicated to 5. Finally, the improvement perspec- since they typify the processes and best software engineering. This particular tive (Measurement, Analysis and practices that should be used to devel- approach has well founded merit : soft- Improvement) helps identify the op good software. ISO/IEC 12207 ware engineering rapidly gains its val- monitoring, measurement and anal- processes are then supported by the ue as a socially critical engineering dis- ysis activities required to maintain best practice guidance in the available cipline and, as such, requires appropri- and improve the quality of products. standards, such as ISO/IEC 15939, ate guidance and support in the form of The above five perspectives ISO/IEC 14143 and ISO/IEC 15504. dedicated standards. give the user a complete and relatively A measurement programme can simple analysis mechanism allowing be established for ongoing monitoring for rather precise definition of qual- of products, processes and services “ ISO/IEC 90003 heralds ity-related process requirements that, to ensure that each process is achiev- an important era when satisfied, should result in an ing its objectives. The ISO/IEC 15504 for the software effective corporate quality system for process assessment model provides a high-quality software products. repeatable framework for determining engineering community.” For each of these perspectives, the maturity or capability of the entire ISO/IEC 90003 provides guidelines on set, or of individual processes. the topics that are important to software ISO/IEC 90003 in turn provides A first glance at the structure engineers, including planning, configu- the overall software guidance needed of the standard (see Figure 1) dem- ration management and , to “ interpret ” and meet the require- onstrates the comprehensiveness of the supported by cross references to other ments of ISO 9001:2000 as the overall five perspectives from which the appli- ISO/IEC standards (see Figure 2). generic quality model. cation of quality in software engineer- ing is addressed. Figure 2 : Model showing the relationships between 1. The systemic perspective (Quali- ISO/IEC software engineering standards and ISO 9001:2000. ty Management System) helps the (© Victoria A. Hailey, reprinted with permission) user in verifying and/or establish- ing the structure and type of proc- ISO 9001:2000 esses, together with necessary doc- umentation, required and appropri- ISO/IEC 90003, Software ate for the organization to build an Process assessment effective quality system. are m 2. The management perspective (Man- oftw eas , S ure agement Responsibility) allows for 39 m 9 Available guidance : en identifying, defining and setting up 5 t the corporate policy and culture that 1 supports the overall objective of 9126, Product quality 14143, Functional size measurement producing quality products. 16326, 3. The resource perspective (Resource 14102, Evaluation and Management) focuses on dedicated 12207, selection of case tools 15504, Supplier quality resources (a very pioneer- selection/management Software ing approach) indicating to users life cycle 15026, Systems and soft- of the standard those specific issues 15846/10007, processes ware integrity levels that should be taken into consider- ation when building a professional 14764, Software 15504, Process maintenance team of quality specialists. improvement 4. The product perspective (Product Realization) goes into exhaustive 14598, Software product 15910, Software user detail on establishing the matrix of evaluation documentation process processes that support the creation of the software product (generic development process, purchasing),

28 ISO Focus February 2005 IT: Success Applicability, uses and For software embedded in a and benefits hardware product, ISO/IEC 90003 can progress be used for the ISO/IEC 90003 is applicable since the relationship to ISO 9001: to software that forms part of either a 2000 is strong and provides linkages Among the many uses for ISO/ commercial contract or part of a prod- to the system in which the software IEC 90003, the following should be uct’s development (including where it may be embedded. recognized as the most important : Additionally, ISO/IEC 90003 is embedded in systems), as well as • guidance in the interpretation of may be used to support, develop and being useful as guidance for process ISO 9001:2000, particularly to sup- improve the processes of an organiza- improvement and service delivery. port the certification process for an For software that is part of a tion, especially since the requirements organization ; commercial contract with anoth- of ISO 9001:2000 place such a heavy er organization, ISO/IEC 90003 is focus on these aspects of a quality • process improvement programme : clearly applicable, since ISO 9001: management system. as a model to compare the organ- 2000 was originally conceived to fit Guidance is provided in the ization’s processes against organ- this requirement. This was one of the core process areas of software realiza- izational development (similar to main intended applications of ISO/ tion and in measurement, analysis and improvement but for organization- IEC 12207 as well. Both ISO/IEC improvement, together with the soft- al aspects such as resources and 12207 and ISO/IEC 90003 are orient- ware aspects of human and infrastruc- infrastructure) ; and ed toward (software) projects. ISO/ ture resources, which should all be of • professional development : to gain benefit in defining or refining business IEC 90003 helps the software organi- an appreciation of good practice processes. zation focus on software requirements and the factors affecting quality and customer satisfaction by provid- ISO/IEC 90003 has some software development, operation ing detailed guidance on the require- applicability to service delivery in and maintenance. ments of ISO 9001:2000. providing the guidance about soft- For software being developed ware development useful in the provi- The benefits of both using and as a product available for a market sec- sion of software services and also spe- applying ISO/IEC 90003 are multiple, tor, since ISO/IEC 90003 is life cycle cific advice on operation and mainte- with some being of special importance. independent, it is equally applicable to nance services. Service development The following examples should be tre- projects and product acquisition, devel- and delivery aspects are not specifi- mendously appreciated by the stand- opment, operation and maintenance. cally covered. ard’s users :

About the authors

Andy Coster Victoria A. Dr. Witold was international Hailey was the Suryn is Secre- project editor for Convenor of tary of ISO/IEC the ISO/IEC ISO/IEC JTC 1/ JTC 1/SC 7, 90003 project SC 7 Working Software engi- and has partici- Group 18, Qual- neering. He is a pated in interna- ity management, Professor at the tional software that developed École de techno- and systems ISO/IEC 90003. logie supérieure, standards for the She is a certified Montreal, Cana- past 15 years. management da (engineering He is Managing Director of CosterA Con- consultant and Senior Consultant of VHG, school of the Université du Québec net- sulting Ltd., a United Kingdom organiza- The Victoria Hailey Group Corporation, work of institutions), where he teaches tion specializing in quality management which focuses on helping the software, graduate and undergraduate software engi- and related consultancy. systems and service industries manage neering courses and conducts research in their own and their supplier risk, as well the domain of software quality engineer- E-mail [email protected] as improving their processes via standards ing, software engineering body of knowl- such as SPICE (ISO/IEC 15504), edge and software engineering fundamen- ISO 9000 and CMM. tal principles. Tel. + 1 416 410 3400. Tel. + 1 514 396 8652. E-mail [email protected] E-mail [email protected] Web www.ele.etsmtl.ca/prof/wsuryn/

ISO Focus February 2005 29 Main Focus

• the interpretation of ISO 9001: 2000 for software that is in the lan- guage of software specialists ;

• a process framework that can be tai- Photo : Krieger P. lored to suit business needs, while fitting all kinds of organization ; • a basis for communication and coordination of software develop- ment, operation and maintenance that reduces development risk. This world-class approach to software engineering and software Collaboration for quality management, integrated with ISO/IEC 12207’s software life cycle the common good : management and other ISO/IEC JTC Ecma and ISO 1/SC 7 software standards, offers the mechanisms to improve the processes a well matched of quality for , devel- opment, operations and maintenance pair of actors and helps an organization to improve customer focus and satisfaction. by Jan W. van den Beld, Secretary-General, Ecma International Conclusions The publication of ISO/IEC 90003 heralds an important and new n 1961, when computer stand- Time to market era of development in software engi- ardization lacked true notions of neering since it is the first document to I collaboration between bodies and The Information and Communi- integrate the various aspects that must even common goals, three European cation Technology & Consumer Elec- be considered in order to build quality computer manufacturers came togeth- tronics (ICT & CE) industry decides into software products. The complexi- er and created Ecma to prevent further on the type of publication, the organ- ty of software demands both more rig- confusion. ization and the process to use for their our in the approach to its development Over 40 years later, its members standards. As a rule, a mix of techni- and a higher benchmark toward which are still making Ecma thrive by devel- cal, commercial/economic and politi- organizations must strive as they oper- oping a variety of standards in new cal justifications exists in addition to ate its processes. work areas, for subsequent submission time, money and quality constraints. As users of software become to ISO/IEC Joint Technical Committee Specifications from consortia and de more demanding, more sophisticat- JTC 1, Information Technology. Among jure International Standards represent ed and less forgiving of defects, the these new work areas are : the Univer- two extremes. benchmarks will continually be raised, sal 3D file format for the manipulation ICT & CE standardization has as reflected in the increasingly mature of data from the engineering world for special needs. Take, for instance, the demands that ISO 9001:2000 places on training, marketing, maintenance and short life cycles of products for mag- adherents to its philosophy. simulation ; the 6 cm DVD-like optical netic and optical storage like DVD, The evolution of software qual- disk, for the distribution of games for which dictate the development times of ity is evident throughout ISO/IEC (portable) game machines/play stations ; standards. Less than a year is perfectly 90003 as more emphasis is placed on and, last but not least, the holographic common in Ecma. In addition, software the determination and satisfaction of versatile disks and cards (HVD & HVC). standardization requires an iterative customers’ requirements. Moreover, HVD’s initial capacity of 200 gigabytes process, much akin to that of the release it is no longer acceptable to maintain (due to grow to 1 terabyte), together with of software products ; it is impossible to the status quo. The quality of software the high transfer speed – growing from develop a complete and long-standing products and software processes must 100 megabits per second to 1 gigabits standard “ in a single run ”. continually improve. That is the ever- per second – represent a quantum leap in Truly global ISO and IEC stand- advancing benchmark that the soft- storage possibilities. ards – when timely – are not only impor- ware organization seeks to surpass. Ecma’s single purpose remains tant for industry and manufacturing, but With ISO/IEC 90003 as a guide, the to develop and to publish internation- also for users, such as in public purchas- task becomes easier. al standards. ing, and for conformance testing.

30 ISO Focus February 2005 IT: Success Mutually beneficial and Although ISO, IEC, JTC 1 (and Membership and progress its predecessor, ISO/TC 97) and Ecma structure have always enjoyed a natural sym- biosis to mutual benefit, their field of Ecma has four categories of com- action, structure and working methods pany members with annual fees of ISO and IEC, only one of which failed. are very different: 100, 50, 25 and 5 % of unit value To facilitate publication, the structure Ecma focuses on ICT & CE, (70 000 Swiss Francs) which pay given to the ISO and Ecma standards is while ISO and IEC have far broader for the budget, while a reserve fund very similar. scopes, with many very different work absorbs unexpected changes. areas. Although ISO/IEC JTC 1’s work Its structure consists of two levels : area is information technology, its the General Assembly (GA) and “ Better a good standard scope is broader than Ecma’s. the Technical Committees (TCs). today than a perfect one ISO technical committees work The GA is responsible for publi- tomorrow ! ” through national bodies, whilst Ecma cations, IPR (Intellectual Proper- works directly with industrial compa- ty Rights), relationships with oth- nies and not-for-profit organizations er organizations, political lobbying Thus, Ecma acts as a “ subcon- such as universities and governmental with respect to standards (related to tractor ” to ISO and IEC, in particu- institutes. The ISO five-stage process environmental issues and product lar to ISO/IEC JTC 1. Ecma’s A-liai- first uses national and then internation- safety), public relations, financing, son with JTC 1 is based upon the long- al consensus building, whereas Ecma’s membership, by-laws and rules. standing trust relationship and mutu- members enjoy direct participation in a The GA uses both qualified votes, al recognition between them so that, despite differences in methods and three-stage process. such as for approval of publications structures, industry values both JTC 1 In the mid-1980s, ISO and IEC (which amount to 450 as of today), and Ecma to attain the goal of timely created the fast-track procedure based and simple majority votes, such as International Standards. on a proposal by Ecma. After being vet- for creation of a TC. The TCs, on ted in Ecma, the standards go through a the other hand, are responsible for meticulous international process within the development of standards and Value added JTC 1 ( “ more eyes always see more ”) technical reports. The creation of more than 400 to ensure quality. Ecma submitted over Ecma’s process ensures quality and consortia proves that high-tech indus- 80 % of the 250 fast-track proposals to speed. Its members and its five- try needs control. Ecma and consor- person secretariat proactively pursue tia, often sharing several members, are acquisition of new work. The Ecma complementary. About the author process consists of three stages : Ecma allies the agility of con- • The GA approves and allocates sortia with the quality of the de jure Jan van den new areas of work to new TCs, standardization organizations. By com- Beld, born in the while TCs approve work items bining its efficient infrastructure and Netherlands in within their scopes directly. proven flexible working methods with 1938, worked well established interfaces to ISO, IEC • almost 25 years The development of final drafts and ITU-T as well as to CEN (Euro- for Philips, after is under the full responsibility pean Committee for Standardization), having graduat- of a TC, which balances quality CENELEC (European Committee ed in physics at with speed, using Ecma’s prin- for Electrotechnical Standardization) the University of ciple of “ better a good standard and ETSI (the European Telecommu- Delft. He today than a perfect one tomor- worked in six nications Standards Institute), Ecma row ! ”. The TCs almost always different positions, including the develop- ensures its strong position in the area of ment and design of system software, fol- work on the principle of con- ICT & CE standardization. lowed by consulting and promoting soft- sensus, but they can use a sim- ware solutions within Philips on a global ple majority vote. Each member scale. In later years he became the princi- has one vote, regardless of the For more information : pal representative of Philips in Ecma and size of the organization. URL: http//www.ecma- in ISO/IEC JTC 1 via NNI. After having • The GA approves the final drafts become President of Ecma in 1990, he international.org ; e-mail : for publication as a standard or a became its second Secretary General, in [email protected] ; Geneva, at the beginning of 1992. technical report. [email protected] ; Tel : +41 22 849 60 00.

ISO Focus February 2005 31 Main Focus

of messages were kept outside ISO publication of ISO 20022 the pre- UNIFI 15022 though maintained according to ferred syntax for all electronic doc- the ISO standard it. They were made available by a reg- uments, including the subset of istration authority, which updated them electronic STP-messages, is XML for all future as necessary upon the request of indus- (as defined by the World Wide Web try participants. Consortium, W3C). On request of financial messages The early 2000s saw the wide- the financial industry, the design spread growth of IP (Internet Proto- rules can later be extended to cover col) networking and the emergence other future open syntaxes. by Elizabeth Gasiorowski-Denis, of XML (eXtensible Mark-up Lan- Under this approach, which is guage) as the de facto open technical Journalist, ISO Central in line with the messaging develop- standard for electronic communica- ments undertaken by other industries, Secretariat tions. It was felt that ISO 15022 need- the complete models and the derived ed to be extended to offer the whole syntax output are stored in a central n the mid-1990s, it was felt strong- financial industry a common platform repository (the ISO 20022 Reposi- ly that the International Standard for the development of messages in a tory), serviced by the Registration I for communication between secu- standardized XML syntax. At the same Authority. rities industry participants required an time, to shield the platform from fur- ISO 20022, which consists of urgent review aiming at reducing the ther syntax changes, it was felt neces- five parts under the general title Finan- time taken to deliver new standardized sary to better split messaging into its cial services – UNIversal Financial message sets to the market place and business dimension, on one hand, and Industry message scheme, contains : its technical representation, on the oth- improving “ straight-through process- • the overall description of the mod- er hand. Therefore, while capitalizing ing ” capabilities. elling approach (Part 1) ; on the original ISO 15022 tool set, ISO ISO 15022 set the principles • 20022 proposes : the overall description of the ISO necessary to provide the different 20022 Repository contents (Part 1) ; communities of users with the tools to • to use a modelling methodolo- • a high-level description of the design message definitions to support gy (e.g. based on formal notation input to be accepted by the Reg- their specific information flows. These such as UML – Unified Modelling istration Authority to feed/modi- tools consisted of : Language) to capture, analyse and fy the Repository’s data diction- • describe in a syntax-independent a set of syntax and message design ary and business process catalogue rules ; way the business areas, processes, transactions, actors, roles, infor- (Part 1) ; • a data field dictionary uniquely mation and associated message • a high-level description of the identifying business elements to be flow diagrams and message defi- Repository output to be made pub- communicated and their technical nitions which allow the industry to licly available by the Registration representation ; exchange the information required Authority (Part 1) ; • a catalogue of messages built by to achieve its business objectives ; • the responsibilities, service levels the industry with the above-men- • to define the design rules to be used and procedures for the registration tioned fields and rules. to convert message definitions bodies, including the role of stan- To address the evolving needs described in a modelling notation dards management groups and the of the industry as they emerged, the into a standardized syntax repre- supervision by a registration man- data field dictionary and the catalogue sentation. At the moment of the agement group and ISO (Part 2) ;

32 ISO Focus February 2005 IT: Success • the detailed modelling guidelines ISO guidelines and to be used to construct ISO 20022- progress compliant business transactions for healthcare and message sets (Part 3) ; • the syntax design rules applied by facilities offer the ISO 20022 Registration Author- benefits of cial technology. At the other extreme, ity to translate an ISO 20022 com- policies sometimes allow unmanaged pliant message definition into an mobile wireless use of wireless transmitters that can ISO 20022 syntax solution. The technology place patients at risk in certain circum- actual document shall specify a stances.” particular syntax such as “ XML ISO/TR 21730:2004, Health design rules ” for the production of informatics — Use of mobile wireless ISO 20022 XML message schemes by Elizabeth Gasiorowski-Denis communication and computing technol- and ISO 20022 XML message ogy in healthcare facilities — Recom- he potential benefits of using instances (Part 4). mendations for electromagnetic com- mobile wireless technology with- • the reverse engineering guidelines patibility with medical devices, offers in healthcare facilities while at T a balanced approach to ensure that all explaining how to extract relevant the same time safeguarding patient information from existing industry the benefits of mobile wireless technol- safety are furthered by a new technical message sets in order to prepare the ogy are made available, while provid- report from ISO. submission to the ISO 20022 Regis- ing sufficient safeguards against elec- Wireless communication and tration Authority of equivalent ISO tromagnetic interference through prop- computing technologies such as mobile 20022-compliant business transac- er deployment, use and management. phones and handheld computers have the tions and message sets (Part 5). “ The new technical report will potential to offer significant advances to help eliminate the range of inconsist- healthcare communication and health The ISO 20022 Registration ent policies among healthcare organi- informatics exchange. In addition, vis- Authority keeps a set of submission zations currently in existence,” notes itors and patients are finding the tech- templates to the data dictionary and Morrissey. “ It has been developed with nology increasingly indispensable, business process catalogue available direct comment and general agreement especially in times of crisis. Without outside of ISO 20022. These templates from several international government their managed use, however, patients are to be used when submitting requests regulatory agencies, including the US may be put at risk due to electromag- to the Registration Authority for inclu- Food and Drug Agency, Health Cana- netic interference with life-critical med- sion in the ISO 20022 Repository. da, and the UK Medicines and Health- ical devices. According to Cindy Fuller, Sec- care Products Regulatory Agency.” Joe Morrissey, editor of the tech- retary of ISO/TC 68, Financial servic- The new guidelines recognize nical report, explains : “ At one extreme, es, the recently held inaugural meeting the different resources, needs, con- overly restrictive policies have been put of the registration management group cerns and environments of health- in place acting as obstacles to benefi- of the ISO 20020 Registration Author- care facilities around the world and ity outlined its organizational role in provide a flexible set of management carrying out its work and mission. guidelines designed to accommodate a “ Fourteen countries from TC 68 variety of situations ranging from full and eight liaison organizations partic- deployment of mobile wireless com- ipated in the event. Sandy Throne of munication and computing technol- DDTC/USA (Depository Trust and ogy throughout the facility to selec- Clearing Corporation) was elected tive restrictions where comprehensive Chair and Gerard Hartsink of ABN management procedures are not feasi- Ambro/Netherlands as Vice Convenor. ble, practical or desirable at the present Two critical standards evaluation teams time. were organized and efforts to converge The guidelines also distinguish with United Nations CEFACT will be between controlled systems used by stepped up. The two key initial areas of doctors and staff for healthcare-spe- focus are investment funds distribution cific communication and health infor- and corporate-to-bank payments.” matics transport versus non-controlled (personal) mobile wireless equipment randomly brought into the facility by visitors, patients and the healthcare organization workforce.

ISO Focus February 2005 33 Developments and Initiatives ISO Networking Conference

Sound bytes from Sydney by Felicity Pontoni, Editor of Secretary-General of ISO, Alan heard from Stacey Leister, Director of The Global Standard Bryden, kicked off the discussions Communications and Education at the with an overview of the ISO Strate- American National Standards Insti- n 29 and 30 November 2004 as gic Plan 2005-2010, focusing on are- tute (ANSI), that editorial in the media Sydney-siders sought respite as relating to information, marketing, has 11 times the impact of advertising. Ofrom sweltering 40°C tempera- training and communication. While in Australia, Alan Bryden met tures, a group of standardizers was Alan Bryden is a seasoned com- with the Federal Minister for Industry, gathered in a nearby hotel to hammer municator who, in his short time at the Tourism and Resources, Ian Macfarlane, out the complexities of marketing and helm of ISO, has moved well beyond to discuss the vital role ISO plays in the selling standards. an ambassadorial role. He has made international community. Undeterred by the prospect of it his personal mission to spread the The networking conference was spending up to 30 hours in a space ISO word far and wide, reaching out moderated by Peter Thompson, senior the size of a small cupboard, some 70 to business and industry, government journalist with the Australian Broad- communications, marketing, training and key international agencies such as casting Corporation (ABC), who also and information specialists from 25 WTO, UNIDO and the like. interviewed Alan Bryden on his Radio countries jetted into Sydney to attend Alan Bryden maintains a pun- National Breakfast programme before the third ISO Networking Conference. ishing schedule of talks, forums, meet- day two of the conference. The conference was hosted by ings and conferences in a bid to raise Meanwhile, SAI Global’s Direc- , the ISO member ISO’s profile and espouse the benefits tor of Public Affairs and Investor Rela- body for Australia, with sponsorship and strategic importance of internation- tions Tom Godfrey, decided to surf on from SAI Global Limited, the inter- al standardization for business and trade. actuality using the overage man and national business improvement organ- He has an amazing capacity to work a woman on the street as a starting point ization and publisher of Australian crowd, press the flesh and he loves the for his exploration of communication Standards. media! A good thing given that we later and getting the message across to the

34 ISO Focus February 2005 public at large. Godfrey’s one-on-one interviews of beachgoers underscored one of the major challenges of com- munication in standardization : the aver- age person really does not know what a standard is or how it benefits them. God- frey’s enthusiasm as a communicator and impressive use of available media tools and techniques, such as using visu- al triggers and popular cultural referenc- John Tucker (left) , Chief Executive Officer of Standards Australia and Alan Bryden es within a news story, gave delegates (right), Secretary-General of ISO, open the Networking Conference. plenty to think about. In their presenta- tions, Godfrey and his fellow communi- Other sessions covered edu- nicators and, fittingly, this was evident cations specialists, ANSI’s Stacy Leist- cation and training : increasing the at the closing session of the conference ner and ISO’s Head of Public Relations involvement of ISO and its mem- led by moderator Peter Thompson. Pas- Anke Varcin, certainly showed that a PR bers ; information : adding value to sionate about communication, Thomp- team can offer much more than simple standards ; and resources for the ISO son formed his own company in 1988 to press releases… so be aggressive in the system : ensuring sustainability. The consult to managers on how to get their pursuit of media opportunities. price of standards and the impact of messages across. To develop his own “ CEOs must be chief promoters electronic distribution are always hot thinking, he produced a series for ABC of standardization,” said Ross Wraight, topics of debate in any forum. In his called The Secrets of the Great Com- Chief Executive of SAI. “ They must review of practices and trends in stand- municators. He also wrote the book, talk about productivity, profitability, glo- ards pricing, Keith Moyes, Internation- Persuading Aristotle : the timeless art balization, risk, governance and innova- al Commercial Policy Manager, Brit- of persuasion in business, negotiation tion, and be able to tell stories.” ish Standards Institution (BSI), noted and the media (Allen & Unwin, 1998), that standards are important and their which has been widely translated. Howard Paul, SAI Global Business and benefits are disproportionate to their Thompson emphasized the need cost. for standards organizations to connect “ Don’t underestimate the value with their audiences and the impor- of what you are selling or the price peo- tance of presenting complex informa- ple are willing to pay for it,” he said. tion in a clear and concise manner. He Digital rights management demonstrated a simple, five-step proc- (DRM) is another hot button for the ess for developing persuasive presenta- standards community and one which tions which delegates were able to use prompted lively discussion among del- and take away. egates. General Manager, SAI Global Among his communication tips Business Publishing, Howard Paul, was a warning against the overuse raised the issue of copyright abuse, of PowerPoint software. PowerPoint which is estimated to have cost the should support a presentation visually, standards industry around USD 1 bil- said Thompson, that’s where it’s power- lion annually. While there are many ways of protecting digitized intellec- Felicity Pontoni, Editor of The Global Standard Motonobu Kuroda, JSA, were wholly persua- tual property, the issues and challeng- sive, using examples and metaphors in their es surrounding DRM are sure to keep presentations. it high on the global standards agenda for quite some time. “ Education and global com- munication at all levels is essential for copyright protection and the ISO Cen- tral Secretariat should take a proactive approach vis-à-vis its members and other partners,” emphasized Motonobu Kuroda, Managing Director, Standards Promotion, Japanese Standards Asso- ciation. Great leaders are great commu-

ISO Focus February 2005 35 It’s about teaching and it’s about time

by Anke Varcin, Head of Public Relations, ISO Central Secretariat

he panel session, “ It’s about teach- Stacy Leistner (ANSI) (left) and Tom Godfrey (SAI Global) (right) ing and it’s about time ”, was have a wonderful way to communicate when they need to get the message across. Tdevoted to education and training within university faculties and of stu- ful – but it should not dominate. ality, international bonhomie and occa- dents, of experts in technical committees In his final tip for persuasive sional provocativeness, all agreed that and of staff in general. communication, Thompson urged del- the opportunity such a forum present- Lee Kyung Han, Manager, Stand- egates to talk in terms of word pic- ed for strategic networking was well ards Planning Team, Korean Standards tures. Martin Luther King was a master worthwhile. Association (KSA), told the audience of this style of communicating which Happily no one was bitten by that, traditionally, in his country, there was never more evident than in his “ I anything venomous or dragged away had always been a passion for educa- have a dream ” speech delivered dur- in a treacherous ocean current, as is tion and that employers recognize the ing the largest ever civil rights march wont to happen when foreigners vis- importance of training their staff. Con- in Washington on 28 August 1963. it Australian shores. So what if biki- tinuous government support was also Thompson wrapped up the ses- ni-clad beauties on the beach don’t yet provided for educating engineering sion by showing film footage of King’s know about sunscreen standards. Some college students and industrial work- epoch-making speech that positively things, like human nature, just can’t be ers on quality management and the leaps and flashes with stirring, ach- standardized. Clearly, there’s still lots economic benefits of standardization. ingly poignant word pictures including of work to be done and plenty of ideas A textbook, Future Society and Stand- the unforgettable : to get started on. ards, was given out free by KSA. “ … I have a dream that my four Yongping Jiang, Deputy Direc- children will one day live in a nation tor, Department of Planning & Infor- where they will not be judged by the mation, Standardization Administra- colour of their skin but by the content tion of China (SAC), said that “ the of their character…” demand for training in standardization After two solid days of exchang- has risen since China’s accession to ing ideas and views in a spirit of collegi- WTO in 2001 and the country’s social

Keith Moyes, BSI, (left) and networking colleagues in action. Anke Varcin, ISO’s Head of Public Relations

36 ISO Focus February 2005 From left to right : Avelino Brito Maquino, AENOR, Spain ; Claudia Michalski, DIN Publishing House ; Grant Thomas, Standards New Zealand ; Magne J. Kalstad, Standards Norway ; Claude Merle, AFNOR ; and, Peter Thompson, Conference Moderator. and economic boom. ” The ambitious specific standards (fire doors, pollution Claudia Michalski, Managing SAC programme includes training control or design life of assets). Director, Beuth Publishing House, courses in standardization for techni- Alan Bryden, Secretary-Gen- discussed the increased need to know cal committee experts, local adminis- eral of ISO, reviewed the initiatives, what the customer wants : what is the trative personnel, staff in enterprises, support and services that the ISO Cen- standard about, for whom is it intend- as well as high-level courses for stand- tral Secretariat offers to ISO mem- ed, how can it be used, how does one ardization management, run jointly bers. These range from conferences update what a customer needs, how with universities. and seminars explaining standardiza- does one compare standards at nation- Abdul Rahman Mohd, Man- tion and raising awareness of the role al and international levels? Claudia ager, Information Resource Section, standards play in economic develop- Michalski emphasized that external Standards and Industrial Research Insti- ment to the training of staff involved authors, having the relevant expertise tute of Malaysia (SIRIM), explained the in ISO processes, e-learning modules in a given field, can no doubt provide extensive training services offered on – with and without tutoring and man- added value to the user of the stand- behalf of the Department of Standards agement courses organized in collabo- ard. Examples include dictionaries or Malaysia (DSM), Ministry of Science, ration with IEC and ITU-T. commentaries related to topics such Technology and Innovation, ISO mem- as quality management, metrology, ber for the country. Each year, SIRIM Capturing value for fasteners, mechanical engineering or organizes hundreds of training cours- the customer services. es, seminars and in-house training ses- Avelino Brito Marquino, Dep- sions for organizations. These training The objective of the session on uty Director-General, Asociación services cover numerous subjects, such “ Capturing value for the customer ” Española de Normalización y Certifi- as management and skill development, was to review current developments cación (AENOR), described the Span- intellectual property, quality and envi- and future trends about information ish added-value products as being pub- ronmental management and various applied to standards application. lications, IT products, information and

From left to right : Lee Kyung Han, KSA ; Yongping Jian, SAC ; Abdul Rahman Mohd, SIRIM ; Ross Wraight, SAI Global ; Magne Kalstad, SN.

ISO Focus February 2005 37 sory service. The really big challenge is how they (the marketeers) influence what ‘pictures’ are developed by com- mittees,” says Grant Thomas. Claude Merle, Director, Infor- mation, Association française de nor- malisation (AFNOR), commented on professional trends among the world- leading publishers. “ Shorten drastical- ly the final user’s connection to infor- mation in databases,” said Ms. Merle. “ Target the needs of your users to the plug-and-play concept by using Goog- le-like research tools that give one-stop access to multiple sources whatever the languages, databases or platforms. ” In describing the different needs of retail sales, Claude Merle developed the Jacques-Olivier Chabot, Director, Marketing and Promotion at the ISO Central Secretariat, characteristics of a subscriber compa- presented the new Marketing Web site for ISO members. He has been instrumental in ny and the many combined needs when maintaining ISO policies and procedures for copyright, copyright exploitation rights and sales identifying the behaviour of the cus- of ISO publications. Jacques-Olivier will be retiring in the first half of 2005, after working at the ISO Central Secretariat since 1966, during which time ISO witnessed growth tomer. At AFNOR, the marketing and in scope, membership, communication and information technologies. commercial policy is oriented towards ISO Focus sends its best wishes to Jacque-Olivier for his future endeavours. the regular customer, combined with an evolution of a business model with an aim to quench the “ real thirst ” of the customer. training. He emphasized the need to Magne J. Kalstad, Managing develop customized products using Director, Pronorm AS, Standards Nor- IT technologies. “ If we don’t do so, way, also reviewed the trends in sub- somebody else will take our place,” scription systems as a business model. he said. Avelino Brito Marquino rec- A Norwegian customer survey shows ommends the exchange of informa- that e-mail and Web shopping are now tion between national standards bod- used more than the telephone, fax or ies, and envisages the participation of post for ordering standards. Customers consortia in the development of added- are referring increasingly frequently to value products. the Pronorm Web site to find standards- Grant Thomas, General Man- related information. There is also an ager, Marketing, Standards New Zea- increase in customers who want to be land, concurred but went on to say notified when a standard they bought is “ Right so far, but who are custom- updated or to receive a personal e-mail ers, and what do they really want? A about new or revised standards – New Zealand market research, targeted hence, the importance of matching the to various focus groups, Internet sur- service to individual business needs. Evgueni Patrikeev, Director, veys, individual interviews and con- Information Services at the ISO sumers, revealed what users liked and Central Secretariat, explained the what they didn’t like. So, what is the numerous actions taken to protect ideal standard for the users? The wish All presentations delivered at the the name of ISO. The policy is clear, guidelines have been developed list is long. The users would like, for third ISO Networking Conference and a Web site “ Intellectual Property example, standards that are accessible as well as photographs are Rights in ISO ” has been created. at low cost on the Internet, searchable, available at This password-protected site for well indexed, easy to navigate, easy to http://www.iso.org/iso/en/ ISO members contains information read and cross-referenced, accompa- networking/conferences/ and support material for ISO trade- marks. “ To protect ISO’s intellectual nied by commentaries and interpreta- conferencehome.html property, ISO members need to work tions, supported by seminars and tuto- Photos : Evgueni Patrikeev, together in the same orchestra,” said rials, inexpensive or government fund- Conference Coordinator. Patrikeev. ed and supported by a personal advi-

38 ISO Focus February 2005 New this month

improving environmental performance. IAF Chairman, Dr. Thomas Details released However, more than 66 000 organiza- Facklam, explained : “ This 18-month of 18-month tions around the world [see The ISO transition period is considered suf- Survey – 2003] have chosen to have ficient for national standards bodies ISO 14001:2004 their EMS independently certified and, to adopt and translate ISO 14001: although ISO itself does not carry out 2004, and for the accredited certifica- transition plan either certification or accreditation, we tion market to assess the requirements naturally wish to ensure a smooth tran- of the revised standard and to make by Roger Frost, sition of certification to the improved adjustments as necessary to existing standard. environmental management systems.” Press and Communication Manager, ISO Central Secretariat

etails have now been released of the 18-month period for D organizations implementing environmental management systems (EMS) certified as conforming to the original 1996 version of the ISO 14001 standard to make the transition to ISO 14001:2004, the newly revised and improved version. The transition period extends from 15 November 2004, when ISO published the revised standard, to 15 May 2006. Beyond that date, only certificates to ISO 14001:2004 will be recognized by members of the International Accreditation Forum (IAF). This is an international associa- tion that represents the accreditation bodies of 44 countries and economies which have been set up to verify the competence of (“ accredit ”) certifica- tion bodies. Certificates issued by accredited certification bodies may be perceived on the market as more cred- “ ISO has therefore supported The IAF’s 18-month ISO ible than non-accredited ones. The IAF the IAF in developing a transition 14001:2004 transition plan is for released its transition plan for accred- plan for certification to ISO 14001: implementation by certification bodies ited certification from ISO 14001:1996 2004, accredited by IAF members. We accredited by its members when they to ISO 14001:2004, developed in con- are now counting on the IAF and its carry out ISO 14001 audits of users’ sultation with ISO, on 20 December members to implement that policy for EMS. The main points are summarized 2004. the benefit of current and new users as follows : “ I encourage all organizations of ISO 14001, which is one of ISO’s • For up to six months after the 15 to begin implementing ISO 14001: most important standards in the service November 2004 publication date 2004 as soon as possible in order of organizations aspiring to sustainable of the new version, it is up to to benefit from its easier-to-under- development.” the certification bodies and their stand language, clearer intention, and The IAF estimates that 18 clients to agree on whether audits increased compatibility with the ISO months is sufficient for the transi- are conducted according to ISO 9001:2000 quality management sys- tion to ISO 14001:2004, compared to 14001:1996 or to ISO 14001:2004. tem standard that many of them also the three-year transition considered This concerns the entire audit cycle implement,” ISO Secretary-General necessary when ISO 9001:2000 was – initial, surveillance and reassess- Alan Bryden commented. published. The reasoning is that the ment audits. “ It is not necessary for improvements made to ISO 14001 organizations to be certified to attain consist of fine-tuning, while ISO 9001 • During this period, no additional the benefits that implementing the underwent major revision, such as audits will be added to the audit- standard can bring, such as continually introduction of the process approach. ing cycle solely to assess revisions

ISO Focus February 2005 39 New this month

made to existing EMS in order to ISO/IEC Guide 74 needs of consumers are adequate- conform to the requirements of ISO ly addressed when a possible new 14001:2004. for designing symbols requirement for a graphical symbol is being considered.” • From six months after 15 November that get the right 2004, all audits of both existing The Guide is intended in partic- and new clients should be to ISO message across ular for standards writers, although it 14001:2004. also puts an international consensus on to consumers good practice in designing and devel- • Nonconformities to the require- worldwide oping graphical symbols with the con- ments of ISO 14001:2004 may be sumer in mind at the disposal of public raised against organizations cur- authorities, manufacturers and service rently certified to ISO 14001:1996, providers, consumer associations and but will not adversely affect certifi- by Roger Frost graphic designers. cation until the end of the 18-month John Perry, the Guide 74 project transition period. raphical symbols crop up eve- leader, summed up : “ The use of graph- • Existing ISO 14001:1996 cer- rywhere – from public infor- ical symbols in signs, on labels and in tificates will be renewed as ISO G mation and safety signs, to product instructions and other product 14001:2004 certificates only when product and equipment safety labels documentation has a number of advan- the EMS concerned has been suc- and user guides, and to consumer doc- tages. Well designed symbols stand out cessfully audited as conforming umentation. If people misunderstand visually, save wordy explanations and to the new version. All existing them, the consequences may be on a convey the intended message across certificates must be renewed as scale ranging from simple inconven- language barriers. ISO/IEC Guide 74 ISO 14001:2004 certificates before ience, to waste and misuse, and as far will help to ensure the design and the end of the 18-month transition as danger to life and limb. development of graphical symbols that period. The recently published ISO/ get the right message across to con- sumers worldwide.” • Eighteen months after the publi- IEC Guide 74 sets out to reduce the ISO/IEC Guide 74, Graphical cation of ISO 14001:2004 on 15 possibilities and adverse consequences symbols – Technical guidelines for the November 2004, any existing ISO of misunderstanding to a minimum by consideration of consumers’ needs, is 14001:1996 certificate accredited ensuring that the needs of consumers available from ISO national member by an IAF member will no longer are considered when graphical sym- institutes and from ISO Central Secretar- be considered valid by the IAF. bols are designed and developed. iat. It was developed jointly by the ISO/ Outstanding nonconformities to The Guide 74 project team COPOLCO, Committee on consumer ISO 14001:2004 will become active sets the context for the work in the policy, and ISO/TC 145, Graphical and will affect certification. Introduction : “ Poorly designed and researched graphical symbols, and symbols. The IAF transition plan also the proliferation of graphical sym- (IAF GD 4:2004), can be consulted bols with the same intended meaning, on the IAF Web site (www.iaf.nu can cause confusion for – under Publications, then Guidance consumers. Such prob- Documents). lems will become ever more common in an age of mass travel, mobili- ty of labour and global trading unless graphical symbols are designed, evaluated and standard- ized in accordance with procedures set out in the relevant International Standards.” They go on to say : “ However, these benefits are not always achieved in practice and the purpose of Guide 74 is to ensure that the

40 ISO Focus February 2005 Coming up

Developments and Initiatives

SARS. Severe Acute Respiratory Syn- drome” (SARS) is a severe, highly infectious acute viral respiratory dis- ease. At present, even though SARS itself has vanished, the coronavirus for the pathogen of SARS has now been identified morphologically and the entire genome sequence been spelled out, the source, transmission path, disease mechanism and variation of the virus nevertheless remain to be fully understood. This article looks at the development of an International Standard on morphological examina- tion of the SARS associated virus by using electron microscope.

Security performance of glazing materials. Explosion resistance of glazing has become a high priority in many commercial and governmental buildings as a means of protecting people and property from accidental Main Focus ISO Focus March 2005 looks explosions or the effect of terrorist Trade and conformity assessment at the new International Standards bombs. A working group within and Guides that have been recent- ISO/TC 160, Glass in buildings is Having confidence in products, ly published by ISO (jointly with the developing test methods to assess services, processes, systems, person- IEC) covering a number of conform- security performance of glazing nel and organizations is important to ity assessment subjects – from peer materials, and has developed a series everyone’s wellbeing. ISO contrib- assessment and of test methods aimed at ballistics, utes to this wellbeing by producing to suppliers’ declaration of conformity explosions, forced entry and International Standards and Guides and management systems certification. hurricane/cyclone resistance. that harmonize and record interna- At the heart of CASCO’s work tionally accepted practices for assess- – and its success in producing the use- ment of conformity of products, serv- ful and market-relevant documents ices, processes, systems, personnel and – is its close and fruitful collabora- organizations to predefined require- tion with partners and stakeholders in ments. Application of these conform- the development of Guides and Inter- ity assessment practices contributes national Standards, and fellow actors to economic efficiency, sustainable in the universe of conformity assess- development and fair trade. ment. ISO Focus has asked the lead- The ISO Committee on con- ers of several key groups to give their formity assessment (ISO/CASCO) views on where and how ISO has con- develops International Standards and tributed and is contributing to enhanc- Guides on conformity assessment. ing and facilitating conformity assess- Over the past year CASCO has adopt- ment practices, and what these partners ed a new structure to enable a continu- expect of ISO in the future. ous improvement philosophy to be fol- lowed in the documents it produces. This has happened at the same time that CASCO has completed a number of revised and new documents related to conformity assessment practices.

ISO Focus February 2005

Publication in third-quarter of 2005 Failures in food safety can be dangerous and cost you plenty !

Make sure there are no weak links in the food supply chain... Get the security of ISO 22000, Food safety management systems !

For a free foretaste, see ISO Management Systems article, “ ISO 22000 to ensure integrity of food supply chain ”, on ISO Web site : www.iso.org/iso/en/iso9000-14000/articles/tools.html