ISO Focus, September 2005.Pdf

ISO Fo c u s The Magazine of the International Organization for Standardization Volume 2, No. 9, September 2005, ISSN 1729-8709

• Gathering of standard makers • World Trade Report 2005 highlights ISO’s key role ISO Fo c u s The Magazine of the International Organization for Standardization Volume 2, No. 9, September 2005, ISSN 1729-8709 Contents

1 Comment Ziva Patir, ISO Vice-President (technical management), Securing the safety of our society 2 World Scene Highlights of events from around the world 3 ISO Scene Highlights of news and developments from ISO members

• Gathering of standard makers 4 Guest View • World Trade Report 2005 highlights ISO’s key role Tamotsu Nomakuchi, President and CEO of Mitsubishi Electric Corporation ISO Focus is published 11 times 7 Main Focus a year (single issue : July-August). It is available in English. Annual subscription 158 Swiss Francs d o Individual copies 16 Swiss Francs Standar s for a safer w rld

Publisher Central Secretariat of ISO (International Organization for Standardization) 1, rue de Varembé CH-1211 Genève 20 Switzerland Telephone + 41 22 749 01 11 Fax + 41 22 733 34 30 E-mail [email protected] • World Standards Day – Standards for a safer world Web www.iso.org • Advisory Group on security Manager : Anke Varcin • Improved ISO/IEC 17799 heralds new series on information Editor : Elizabeth Gasiorowski-Denis security management systems • Biometrics : global challenges and customer needs Artwork : Pascal Krieger and Pierre Granier • Container security seals ISO Update : Dominique Chevaux • Safer ships : lifesaving and fire protection at sea Subscription enquiries : Sonia Rosas • Safe machine operations ISO Central Secretariat • High ambitions for a new robot safety standard Telephone + 41 22 749 03 36 • Providing fire containment standards for today and tomorrow Fax + 41 22 749 09 47 • Image safety – new biological risks in the IT age E-mail [email protected] • Consumers depend on safety standards • Protecting vital sites with new clean fire extinguishing systems © ISO, 2005. All rights reserved. • Management of food safety in the supply chain The contents of ISO Focus are copyright • Managing security in the whole supply chain and may not, whether in whole or in part, be reproduced, stored in a retrieval 38 Developments and Initiatives system or transmitted in any form or • Putting Passion into Practice – the Standard Makers’ third ISO by any means, electronic, mechanical, photocopying or otherwise, without Conference written permission of the Editor. 43 New this month ISSN 1729-8709 • World Trade Report 2005 highlights ISO’s key role Printed in Switzerland • ISO 9000 and leading agricultural seed researcher and producer

Cover photo : Marc Elder, Australia. 45 Coming up

ISO Focus September 2005 Comment Securing the safety of our society

ecurity is understood as the antidote have also expanded to the management System enables. It is encouraging to note of danger, risk, damage, injury or of security or the tools deployed globally that an extensive array of security-relat- Sdeath – whether they result from to ensure it, such as biometrics or secur- ed standards exist or are under develop- human negligence or violence, industrial ing the global supply chain. In this way, ment, thanks to the strong partnership activities or from natural disasters – and we can contribute to improving the level between government and inter-govern- it implies that dire measures need to be of security worldwide and disseminate mental organizations on the one side, and taken in order to prevent or reduce the good practices, whilst avoiding creating the private sector on the other. occurrence of such threats. new technical barriers to trade. So as we think about standards On 11 September 2001, the world for security, we must consider our strate- Standards for a safer world experienced a tremendous “ wake-up “ At ISO, we have both gic plan, whose vision is to bring a pos- call ”. It has today become clear that itive contribution to sustainable devel- there must be a change in the way secu- an obligation and a tool opment, and implies making a balance rity issues are dealt with, including the to contribute effectively between our present needs and the well need for an evolution of the respective to the global effort being of future generations. By opti- roles of government, the private sector mizing resources and, above all, using and society, as well as for the behav- of providing greater International Standards, we will be in a iour of citizens. security to society.” position to contribute effectively to glo- While acts of terrorism have bal security efforts and achieve a safer drawn the world’s attention to counter- Our Advisory Group on Securi- and more secure world for all people, ing human malevolence, security is not ty has recently submitted its final report from all walks of life in society – today restricted to this aspect ; it addresses a with 15 recommendations for implemen- and tomorrow. wide spectrum of measures to help prevent tation. These recommendations provide One thing has become very clear. the daily occurrence of injuries, caused a strategic and systematic approach that We need to continue working together by everything from physical accidents will allow us to respond effectively to in order to create a safer world. At ISO, at home, at work or in transportation to the evolving needs of society. we have both an obligation and a tool to aggressions, environmental deteriora- Moreover, our stakeholders expect contribute effectively to the global effort tion or hazardous activities, from unsafe standards, where they are needed, to of providing greater security to society. toys for children to the safety in cars as be delivered in a matter of months, not Let us meet the challenge together. well as other threats related to the evo- years. The need for effective solutions lution of society. With the pervasiveness at short notice requires the use of exist- of ICT and our growing dependence on ing products and processes and adapting their reliable operation, IT security has them for security purposes. For exam- also become a major concern. ple, our Advisory Group on Security The need for International Stand- identified many existing International ards has grown with the globalization Standards for products and test methods and broadening of the concern for secu- that could be used in relation to securi- rity and of the scope of standardization ty. There is also an opportunity to adapt itself. ISO, the IEC and ITU have decid- existing products and technologies from ed to devote this year’s World Standards the Defense Industry for civilian secu- Day to the theme, “ Standards for a saf- rity solutions. er world ”. As highlighted in the WSD Finally, with the development of message on page 7, the event is designed trade and the fact that both natural dis- to raise awareness to the extent of this asters and violence know no frontier, contribution, where it impacts and the international solidarity and collabora- scale of its importance. tion is indispensable. Developing and Ziva Patir Indeed, in ISO, we are not only still implementing internationally accepted ISO Vice-President (technical actively producing and updating stand- standards for security requires, more than management) and Director-General, ards related to the safety of consumer ever, the involvement of the world com- Standards Institution of Israel products or industrial equipment, but we munity : this is precisely what the ISO

ISO Focus September 2005 1 World Scene

Pacific Area Standards work in standardization at culture, from forest manage- with AIDMO, on the provision Congress national, regional and interna- ment to food safety, from the of training services and material tional levels. promotion of the use of the ISO to the Arab region in relation to The 28 th meeting of the Pacific The meeting was hosted by 14000 series to consumer infor- the promotion of standardization. Area Standards Congress mation and protection. (PASC), a forum to strengthen Japanese Industrial Standards international standardization Committee (JISC), ISO member Cooperation within programmes for countries in the for the country. Excellence in education EuroAsian countries Asia-Pacific region, was held in supported by ISO Nagoya, Japan, between 21 and Codex Alimentarius standards 23 June 2005. Commission addresses The Arab Academy in Alexan- ISO President Masami Tanaka relations with ISO dria, in collaboration with EOS, attended the event, and provided The Codex Alimentarius Com- the Egyptian member of ISO, an update on ISO’s progress mission held its 28 th session in organized on 27-29 June a towards Horizon 2010, the ISO Rome from 4 to 9 July 2005. regional conference entitled Code of Ethics, the ISO Five It had explicitly on its agenda “ Quality in education : the path th Year Action Plan for Develop- the issue of its relations with to excellence ”. Attended by The 27 meeting of the the ing Countries, and the ISO ISO. Delegates recognized and over 250 participants from 10 Euro-Asian Council for Stand- Policy of Global Relevance. welcomed the expanding countries, it focused on examples ardization, Metrology and Certi- collaboration and the need for and modalities for implement- fication (EASC), an intergovern- close coordination. ing quality management in mental body of the Common- educational institutions. wealth of Independence States ISO Secretary-General, Alan (CIS), was held in Chisinau, the Bryden, presented the broadening Indeed, education is both a key to economic development and, Republic of Moldova, on 20 to scope of ISO’s activity in the area 22 June 2005. of food products and foodstuffs, concerning higher education, a covering test and analytical subject for increasing interna- Presentations included updates methods, management aspects, tional competition. National on EASC work in the area of such as ISO 22000 and related schemes for the accreditation of harmonization of technical reg- standards on food safety manage- faculties and curricula are ulations and interstate standard- ment and product traceability, or expanding, as was illustrated by ization, metrology, conformity the toolbox of ISO standards on the examples of Italy and assessment and accreditation. Egypt. More and more, these The PASC meeting highlighted conformity assessment. Mrs. Béatrice Frey, Head, schemes promote the use of the Bureau of the Secretary-General, the importance of the strong The relevance of this work to the ISO 9000 series as the core ele- relations and synergies between WTO Agreement on the Appli- ISO Central Secretariat, gave a ment of management systems presentation on the progress ISO, IEC and the ITU and cation of Sanitary and Phytosan- for educational institutions. encouraged the organizations to itary Measures (SPS Agreement), made to date of the ISO Strate- continue to work towards closer which ISO had had the opportu- gic Plan 2005-2010 and identi- collaboration, with particular nity to present to the WTO SPS fied areas where members of focus on the issue of intellectu- Committee a few days previously, EASC could play an important al property rights policy. was also underlined, Alan Bryden role. She also noted that an increasing number of EASC A special session was held on took the opportunity of the Codex meeting to also meet Mr. Jacques members are interested in adopt- “ Standards for a Safer World,” ing ISO standards and translat- which included presentations Diouf, the Director General of the Food and Agriculture Organ- ing them into Russian, in an addressing the 2004 tsunami effort to avoid duplication and disaster and recommendations ization. This latter organization (Left to right) Alan Bryden, Secretary- is, with WHO, one of the two General of ISO ; Dr. Mahmoud Eisa, unnecessary barriers to trade. encouraging standards develop- President, Egyptian Organization for ment experts to work closer parent organizations of the Standardization and Quality Control In examining the draft “Agree- with seismology and tsunami Codex Alimentarius Commission. (EOS) ; Dr. Sherif El-Araby, Dean, Pro- ment on the fundamentals of ductivity and Quality Institute, Arab harmonization of technical reg- experts. It was agreed that shar- The current and potential Academy for Science and Technology. ing between PASC members of collaboration between FAO and ulations in the CIS member information on early warning ISO is important in domains The ISO Secretary-General’s key states ”, EASC members recog- systems and disaster recovery that range from agricultural note address focused on the use of nized the importance of greater could be crucial in the areas of equipment to sustainable agri- ISO 9001 and the specific Interna- harmonization and adopted 60 environment, accessibility, tional Workshop Agreement relat- interstate standards that have (Left to right) Jacques Diouf, Director been harmonized with Interna- unexpected serious events, and General of the FAO with Alan Bryden, ed to education (IWA 2), as well as metrology. Secretary-General of ISO. on ISO 10015 which provides tional and European standards. In parallel to the meeting, Guidelines for the satisfaction Mr. Gregory Elkin, Head of Professor Masami Tanaka was of training needs in organizations. the Federal Agency on technical presented with the Inaugural On the occasion, Alan Bryden regulation and metrology of the PASC Meritorious Service signed a MoU with the Arab Russian Federation, ISO member Award for 2005 for his out- Academy, represented by its for the country, was elected standing work as PASC Stand- President, Prof. Dr. Gamal El President of EASC. ing Committee Chair from 1995 Din Mokhtar Moktar, to initiate For more information, contact to 2000 and for his tireless collaboration, in coordination Béatrice Frey : [email protected]

2 ISO Focus September 2005 ISO Scene

SII celebrates New ISO working group (Australia) and the secretariat on risk management is to be provided by JISC On the occasion of the 60 th (Japan). It is charged with anniversary of standardization ISO has established a working developing a document that in Israel, the Standards Institu- group designed to develop gen- provides principles and practical tion of Israel (SII) organized, eral guidelines for principles guidance on risk management. in the last week of May, a and implementation of risk The future guidelines are envis- series of events to underline management. aged to apply to all organiza- and promote its contribution to Risk management is a key busi- tions, regardless of type, size, national economic develop- ness tool within both the private activities and location, and ment and to international and public sector around the should apply to all type of risk. standardization. In particular, world. Sound and effective an international conference on implementation of risk manage- “ Standardization and Quality ” ISO Secretary-General was attended by over 350 visits PSI participants from more than 20 countries. Keynote presentations were made by Dr. Torsten Bahke, Director of DIN Deutsches © ISO Institut für Normung and ISO New technical committee Vice-President (policy) as well on nanotechnologies as by Dr. Mark Hurwitz, Presi- dent and CEO of The American ISO has established a new National Standards Institute technical committee on nan- (ANSI). ISO Secretary-General otechnologies (TC 229). The highlighted the ISO Strategic decision was among those Plan 2005-2010. An update Following his participation in taken by the organization’s was given on developments the SII conference on standard-

Technical Management Board in ISO/TC 176, Quality man- © ISO ization and quality, ISO Secre- (TMB) at its June 2005 meeting agement and quality assur- ment is part of best business tary-General visited PSI, the in Geneva, Switzerland. ance, and ISO/TC 207, Envi- practice at a corporate and stra- Palestine Standards Institute, The scope of the committee ronmental management, tegic level as well as a means of which has recently upgraded identifies specific standardiza- together with presentations improving operational activities. its membership in ISO to tion work such as classification, of the need and prospects for It is widely understood that, to correspondent member. integrated management be truly effective, risk manage- terminology and nomenclature, High level contacts with Gov- systems standards. ment must become part of the basic metrology, characteriza- ernment Officials and repre- culture of the tion, including calibration and sentatives of the Palestinian organization certification, risk and environ- economy were organized, as and be part of mental issues. Test methods well as visits to several indus- everyday busi- include approaches for deter- trial plants in Ramallah and ness practice. mining physical, chemical, Bethlehem, covering several structural and biological There are sectors : food processing and properties of materials or a number of beverages, stone products, tele- devices for which the perform- risk-related coms, as well as the Palestinian ance, in the chosen application, standards pub- Trade Board and an incubator is critically dependent on one lished by ISO for IT start ups. PSI, which or more dimension of <100nm. and other covers standardization, metrol- Test methods for applications, standards bod- ogy and certification, has and product standards are to ies as well as Other events were associated increased its staff to almost 90, come within the scope of the many standards that refer to risk to make the celebration com- and is providing a wide range technical committee. management processes, but there plete and communicative : an of services and assistance to is no central ISO document that The proposal for the new field open house at the SII facilities, the Palestinian economy. provides a consistent approach. of technical activity was sub- the presentation of the Israel PSI wishes to enhance its role Although the concept of risk mitted by the British Standards National Quality Awards and as the “ go between ” its stake- terminology has been defined in Institution (BSI), ISO member an International Conference on holders and international ISO/IEC Guide 73, there is not for United Kingdom, who has homeland security held in standardization. Increased and yet a clear concept of risk or the been assigned the secretariat, Jerusalem. targeted participation in ISO, with Dr. Peter Hatto (United management of risk. The celebrations were hosted as well as associated training Kingdom) acting as its Chair. There is a need to develop an by Ziva Patir, Director-General needs were considered during International Standard which ISO/TC 229 is required to of SII and ISO Vice-President the discussions of the ISO provides the concept of and submit within a maximum of (technical management). Secretary-General with the 18 months a draft business guidelines for implementing Chairman of PSI, Eng. Mazen plan for review by the TMB. risk management.. Sonokrot, who is the Minister Its first meeting is expected to The working group, under the for Economy, and the Director be held in November 2005. TMB, will be chaired by SA General, Mazen Abusharia.

ISO Focus September 2005 3 Guest View Tamotsu Nomakuchi © Mitsubishi Electric Corp. r. Tamotsu Nomakuchi is ISO Focus : How does Mit- President and Chief subishi Electric, that designs DExecutive Officer of and develops equipment and Mitsubishi Electric Corporation. products for personal, public Dr. Tamotsu Nomakuchi, who and industrial use in a broad received his MSc from Kyoto range of industries, ensure and University, began his career as demonstrate the safety of both a research scientist at Mitsubishi its users and its workforce ? Electric’s Central Research What benefits do you see for Laboratory in 1965. In 1975, he your Company from Interna- received his PhD in Engineering tional Standards to support from Osaka University. design, marketing, trade and communication in this area ? Dr. Nomakuchi was elected corporate vice president, General Tamotsu Nomakuchi : To tack- Manager of Information le the issue of safety within the Technology R&D Center in 1995 company, we have established and promoted to corporate senior company-wide procedures asso- vice president, Corporate Research and Development in ciated with quality assurance that 1997. After serving as executive ensure strict compliance – both vice president, Information inside and outside the company System and Network Services, he – with any quality-related laws, became President and Chief standards or technical criteria, Executive Officer of Mitsubishi Electric including product safety. We look to Corporation in April 2002. establishing safety and reliability by " Standards must be making full use of related technologies internationally and the International Standards during ISO Focus : If you were to describe the acknowledged, the developing, designing and manufac- Mitsubishi Electric Group in a nut- turing processes. shell, what would you say? to ensure compatibility In addition, we have established Tamotsu Nomakuchi : Mitsubishi and guarantee product safety management activity and Electric was established in 1921 and interoperability." quality diagnosis as company-wide reg- now has consolidated sales of about ulations so as to ensure product safety, 32 billion US dollars. The company is and to take action to prevent the occur- es even stronger. The company focus- expanding its business in the follow- rence of product defects as well as any es on such areas as satellites, elevators ing fields : energy and electric systems, recurrence of such. We have also stream- and escalators, automotive electric and industrial automation systems, infor- lined product safety regulations with- electronic products and factory automation and communication systems, in each business group and for factory mation products. electronic devices and home applianc- lines, and, through regular and periodic es. The company has about 100 000 Mitsubishi Electric is in the inspections of product safety manage- employees in its consolidated global process of becoming a conglomerate ment, we have striven to make sure our terms, and operates in over 34 coun- of highly competitive electric-electron- products are safe. tries. Mitsubishi Electric is especially ic businesses, with its unity stemming To give a specific example : in committed to making strong business- from interconnecting synergies. the area of home appliances, we ensure

4 ISO Focus September 2005 ISO Focus : With the growing conver- Tamotsu Nomakuchi : In recent years, gence of ICT and electronics, how do there has been a tendency for businesses you view the cooperation between IEC, to spread into new areas and to develop ITU and ISO, developed in the context internationally. In view of this evolu- of the World Standards Cooperation ? tion, standards must be international- IEC and ISO have successfully joined ly acknowledged so as to ensure com- forces in the area of Information Tech- patibility between operating techniques © Mitsubishi Electric Corp. Mitsubishi Electric Corporation Headquarters, in Tokyo, Japan. safety through risk assessment based on ISO/IEC Guide 51, Safety aspects – Guidelines for their inclusion in standards, ISO 14121, Safety of machinery – Principles of risk assessment, and ISO 12100, Safety of machinery – Basic concepts, general principles for design. As the top-ranking standard within safety standards in the home appliances field, we have put in place the fail-safe design standard, that reestablishes any malfunc- tion to bring it in line with the standard’s safety criteria. This standard seeks to ensure development of reasonably safe, free-from-hazard products that may cause injury or damage to users. Large-scale display systems.

and systems and to guarantee interoperability between systems. It is our sin- cere hope and expectation that IEC, © Mitsubishi Electric Corp. © Mitsubishi Electric Corp. ITU and ISO will cooperate and promote together, under the framework of World Standards Cooperation (WSC), activities that help develop Internation- al Standards and to establish evaluation criteria. This will result in the creation of standards that enable compatibility and interoperability. Information and communication technologies (ICT) are foundation technologies that support many social activities, and have led the growth and development of the Internet. In this field as Machine-room-less elevator AXIES. well, International Standards have played a major role. nologies (cf. JTC1) and in the area of Due to the massive spread of conformity assessment where they have the Internet, information systems are developed a comprehensive tool box of now largely inter-connected, enabling International Standards and Guides the rapid distribution of individual and relating to first, second and third party organizational information. In such an

ISO Focus September 2005 5 Communications Satellite Platforms DS2000. Guest View

ISO/IEC 15408 – the stand- Toxicity), we have established and ard that enables objective evaluation promoted specific targets in the fol- of the quality of information security lowing areas: effective utilization – sets out seven grade evaluation lev- of resources; efficient use of ener- els ; in certain cases today, procure- gy ; and reduced use of substanc- ment at private and government lev- es potentially harmful to the envi- els is contingent upon acquisition of ronment. In November 2004, ISO Standards for a safer world the ISO/IEC 15408 certification. Our 14001 was revised and, in response company has been awarded ISO/IEC to this revision, we will continue 15408 certification for systems in the to increase and promote our contri- financial field ; acquisition of this cer- bution to the environment. For our tification for products and systems company, environmental manage- may in the future become necessary ment is of the utmost importance; in other fields, as well. © Mitsubishi Electric Corp. we must fulfil our social respon- An information security man- sibility. We have reduced the envi- agement system (ISMS) based on ISO/IEC increasingly important to our industry in ronmental impact by making full use of 17799, Information technology – Security the future. In order to address this issue, it our company’s technologies and prod- techniques – Code of practice for infor- is essential for all standardization bodies ucts. Secondly, we have developed an mation security management, has been to streamline their rules and regulations environmental business by giving feed- introduced and promoted in Japan together when working with IPRs relating to tech- back and know-how to businesses and with the country’s personal data protec- nical standards. We welcome the recent clients. Such activities result in a syner- tion Act. Much in the same way that ISO studies that have reviewed patent policies gy between environmental management 9000 and ISO 14000 have been broadly among ISO, IEC and ITU. These studies and environmental business. utilized, ISMS will become increasingly mark the beginning of a new era. Our company promotes univer- accepted in the future. We are eager for ISO, IEC and sal design and ecology, and provides “ We are eager for ISO, ITU to continue making efforts to create top products that are both user-friendly guidelines related to patent policies and and eco-friendly. With the concept of IEC and ITU to continue frequently asked questions (FAQs) with universal design, hyper-eco products making efforts to create a view to helping in their implementa- and hyper cycle technology after use , guidelines related to patent tion, as well as to investigate measures we are striving to improve the safety for overcoming obstacles that restrict and user-friendliness of our products, policies and frequently the spread and use of technical stand- as well as to reduce their impact on the asked questions.” ards because of IPR-related competi- environment. tion-restrictive practices. We look for- ISO Focus : The incorporation of pat- ward to seeing measures such as clari- ISO Focus : What new areas of stand- ented technologies in standards is fication of reasonable and non-discrim- ardization would the Mitsubishi Elec- crucial, especially in the area of infor- inatory (RAND) conditions, investiga- tric Group like to see coming out of mation technologies. ISO and IEC tion of IPRs in the early stage of devel- ISO ? have a common policy on this matter oping standards, and/or the confirmation Tamotsu Nomakuchi : For sustaina- [i.e. that International Standards may of intent to join patent pools. ble development at a global level, it is contain patented technologies, but vital to reduce the environmental burden that they should be made available ISO Focus : How have ISO Internation- through toxic substances control, energy under reasonable and non-discrimi- al Standards – such as ISO 14000 for saving, and the promotion of recycling. natory (RAND) conditions] and are environmental management – helped As I mentioned above, Mitsubishi Elec- working on the convergence of our Mitsubishi Electric to grow and progress tric Group puts stress on this point and is policy with that of ITU. What are your as well as to implement its procurement developing continuous activities. In this views on this ? policy ? area, where all countries and firms are Tamotsu Nomakuchi : In most cases, tech- Tamotsu Nomakuchi : Regarding ISO required to conduct cooperative activities nical standards in the area of information 14001, operation of the PDCA (Plan, Do, based on a general agreement, necessity technologies include intellectual property Check and Act) Cycle in accordance with for International Standards will be rapid- rights (IPRs), which may perhaps encour- the ISO standard is extremely helpful ly getting higher. We would greatly like age competition-restrictive practices by for improving performance and ensur- to expect ISO’s continued leadership, in taking advantage of IPRs with a view to ing observance of the law. With regard cooperation with IEC and ITU as well using them in an adverse way. We there- to performance, from the viewpoint of as other standards organizations. fore recognize that this issue will become MET (M : Material, E : Energy and T :

6 ISO Focus September 2005 Main Focus World Standards Day Message 14 October 2005 Standards for a safer world

e all want to live and fire, ensuring that equip- in a safer, more ment does not have sharp edg- Wsecure world. But es or moving parts, and protec- earthquakes and hurricanes, tion against the effects of elec- floods, transportation and tromagnetic emissions on the domestic accidents, epidemics human body. and industrial disasters still Just a few of the many account for many thousands fields where ISO Internation- of deaths and injuries each al Standards ensure safety year, in addition to material Mr. Renzo Tani, Prof. Masami Tanaka, Mr. Yoshio Utsumi, include construction, transpor- and social damage. Interna- IEC President ISO President ITU Secretary-General tation, safety in the home or at tional Standards offer widely accepted the workplace. From safety in and recognized solutions to prevent and • Measurement of the effects of nucle- buildings, including emergency, fire and respond to these threats. The role that ar radiation or electromagnetic emis- alarm systems, to standards that help to standards can play in preventing or mit- sions on the human body ; protect car drivers and passengers (such igating such human and material losses • Means to monitor illicit trafficking of as child restraint systems, anti-locking is increasingly recognized and their use radioactive material ; braking systems and airbags), to vari- is rising as a consequence. ous aspects of food safety and quality • Biometric technology for identifying “ Standards for a Safer World ” (including a new food safety manage- people and protecting access to sen- is the theme of this year’s Worlds Stand- ment system), to machinery safety stand- sitive areas ; ards Day to be celebrated on 14 Octo- ards, ISO standards help make the world ber 2005. The International Standards • Effective communications following a safer place. For its part, ITU is taking produced by the world’s leading inter- a natural disaster or during an emer- a leading role in the area of cybersecuri- national standards-setting organizations gency ; ty, developing standards that will help to – International Electrotechnical Com- • Cybersecurity and protection of the combat cyber crime, including protection mission, the International Organization integrity of fixed and mobile commu- against identity theft. In the non-cyber for Standardization and the Internation- nication networks. world, ITU is working on standards that al Telecommunication Union – provide will allow the prioritization of calls in a valuable safety net. IEC, ISO and ITU standards devel- a disaster situation. This means that in The three organizations’ proce- oped at the international level are avail- an emergency, telecommunications net- dures and areas of expertise ensure that able for use at the national and regional works can be effectively cleared of non- the world’s leading experts from indus- levels to meet societal, market and regu- urgent calls. The new phenomenon of try, government, academia and society latory needs. They assist in disseminat- telemedicine, whereby doctors and sur- work together to develop International ing best practices and new technologies, geons located in different facilities can Standards that contribute to building a while avoiding new barriers to trade that communicate and administer treatment safer, more secure world. Their Interna- national security and safety regulations remotely, is also possible thanks to ITU’s tional Standards are thus based on a dou- may create. real-time multimedia standard. ble level of consensus : amongst stake- For those technologies involving Implementation of IEC, ISO and holders and across countries. electricity, electronics and related tech- ITU International Standards at the national and/or regional level are help- The IEC, ISO and ITU offer a nologies, the IEC produces both prod- ing make the world a safer place. The portfolio of thousands of Internation- uct-specific standards (for example, for standards currently under development al Standards specifically focusing on electrical batteries or laptop computers) by the three organizations address the safety and security and relating to such and system standards (for example, func- new safety and security challenges of the diverse areas as : tional electrical safety in a factory system). Product standards enable goods to 21 st century. Together, the IEC, ISO and • Products, systems and the global sup- be certified to internationally recognized ITU are working to produce the “ Stand- ply chain ; safety standards. Typical hazard abate- ards for a Safer World ”. • Medical technologies and telemedi- ment measures include protection against cine ; electric shock, excessive temperatures Biography of the artist Overleaf

ISO Focus September 2005 7 Main Focus

Biography of Mark Elder by its security-relevant technical com- Advisory Group mittees and it was considered that this on security needed to be supplemented by a more strategic, top-down perspective. As a consequence, and recognizing that similar considerations had been undertaken in t its meeting in September 2003, the International Electrotechnical Com- the ISO Council, recognizing that mission (IEC), it was agreed to establish A events in recent years had placed a joint ISO/IEC Strategic Advisory Group the subject of security high on the list on security to provide ongoing strategic of government priorities as well as a oversight of security-related standardi- concern of the general public, requested zation work in both ISO and IEC. The that an inventory be developed of ISO group has also been asked to charter a standards relevant to the field of secu- subgroup to develop guidance for ISO rity and that the Technical Management and IEC committees on the inclusion of Board (TMB) also be engaged in this security aspects in standards. activity. As a consequence, the TMB As part of its deliberations, the Trained in fine arts, photography established a high-level Advisory Group AGS members had been requested to and design, Mark Elder has worked as on security (AGS). consult widely with stakeholders in their graphic designer for over twenty years. The AGS met extensively by tele- countries and many of the stakeholders Most of this time was spent as an art conference, but also held two physical had indicated that they lacked knowledge director in the magazine industry both meetings, in New York in June 2004 about what security standards exist and in Sydney and London. He has worked and in Geneva in September. Its final how to obtain them. As a result, the ISO on, at one time or another, nearly eve- report and recommendations were con- Central Secretariat has been requested ry publication that you can think of in sidered by the Technical Management to make available a Web portal provid- such areas as lifestyle, motoring, music, Board at its meeting in February 2005 ing access to the inventory of security health, gardening, to name a few. and subsequently were made available standards and linking to similar portals For the last fifteen years, he has to all ISO member bodies. of other organizations. It is expected been running his own design company, In its report, the AGS noted that that the portal will be available by the Look Serious Design, specialising in current ISO work on security had resulted end of 2005. developing designs for new businesses, almost entirely from bottom-up efforts Most of the remaining AGS recom- new publications and ideas that interest mendations related to particular aspects him. He has worked with clients in Indo- of security and have been referred to the nesia, Singapore, London and Los Ange- relevant ISO committees. These deal with les. As well as designing, he has written such subjects as management of security, a book, TV commercials, an award win- threat/vulnerability assessment (which ning short film as well as countless arti- will be addressed in a new initiative to cles on travel, humour and men’s issues develop a standard for the broad field of for Elle, Cleo, GQ, Body+Soul and The risk management), built infrastructure Sun Herald. His article on anorexia in protection, protection and equipment for boys is now part of the Australian cur- first responders, personal identification, riculum for high school students. cybersecurity, healthcare, resources and transportation systems. As well as being a classically A particularly urgent need was trained percussionist his other interests seen for an emergency preparedness are travelling and photography. He is standard and a proposal is expected in presently the Corporate Creative Director the next few months to develop an Inter- with SAI Global, Australia.In his spare national Workshop Agreement (IWA) on time, he is writing another book, work- this subject. ing on a series of paintings for an exhibi- tion, helping friends launch a new magazine and studying psychology.

8 ISO Focus September 2005 Standards for a safer world

Improved ISO/IEC 17799 heralds new series on information security management systems by Ted Humphreys, Convenor ISO/IEC JTC 1/SC 27, WG 1

he newly published ISO/IEC 17799:2005, Information technol- Togy – Security techniques – Code of practice for information security management, is a revised, improved version of the standard that has become the international benchmark. It will be followed later this year by the new ISO/IEC 27001, © ISO Information security management systems – Requirements, intended for man- reported their resulting financial losses for information security management 3), agement system certification. as totalling USD 455 848 000 2) (excerpt integrates the latest developments in the Every organization has assets essen- from “ Business standards : IT security field to maintain it as the international tial to its survival. Arguably, information — securing your business advantage ”, standard code of practice. in its various forms is one of the most ISO Management Systems, July-August ISO/IEC 17799:2005 is a code of prac- important assets, be it printed, stored 2003). tice for information security management. electronically, posted or e-mailed, shown It is not a certification standard and was on film or spoken. Improved protection neither designed, nor is it suitable for this For most businesses, information secu- guidelines purpose. It will be followed in the last rity may be essential to maintain compet- quarter of the year (publication current- itive edge, cash flow, profitability, legal With exploitation of these computer ly expected in November 2005) by the compliance and commercial image. But vulnerabilities accelerating at an alarm- specification standard ISO/IEC 27001, many businesses and most non-business ing rate, the work of Joint Technical Information security management sys- organizations may hold information as Committee, ISO/IEC JTC 1, Informa- tem (ISMS) requirements, which can be their only asset. An absence of information technology, Subcommittee 27, IT used for certification. tion security may threaten their integrity Security techniques, Working Group 1, and, therefore, very existence. Requirements, services and guidelines has become timelier than ever. The 2002 Computer Crime and Secu- 1) The survey is conducted by the Computer rity Survey 1) of 503 computer security In view of the critical need for the Security Institute with the participation of the practitioners in the United States indicat- business world to protect the confiden- San Francisco Federal Bureau of Investigations ed that the threat from computer crime tiality and integrity of information, the (FBI) Computer Intrusion Squad. and other information security breaches ISO/IEC working group has developed 2) Refers to those respondents who were willing continues unabated – and that the finan- an improved version of the joint ISO/IEC and/or able to quantify their financial losses. cial toll is mounting. standard that has become the burgeon- 3) ISO/IEC 17799:2005, Information technology According to the survey’s findings, ing e-commerce community’s interna- – Security techniques – Code of practice for 90 % of respondents detected computer tional benchmark for information secu- information security management, costs 200 security breaches within the 12 months rity management. Swiss francs and is available from ISO national Just published, the revised ISO/IEC member institutes membership (these are listed covered by the survey, 80 % acknowl- with full contact details on ISO’s Web site : edged financial losses due to computer 17799:2005, Information technology – www.iso.org) and from ISO Central Secretariat breaches, and 46 % (223 respondents) Security techniques – Code of practice ([email protected]).

ISO Focus September 2005 9 Main Focus What users think of ISO/IEC 17799

International language Has ISO/IEC 17799 been valuable to users ? What do they expect from the revised version ? The revised ISO/IEC 17799:2005 is the most important standard for manag- Here is some feedback from organizations around the world about benefits ing information security that has been they have experienced from implementing the best practice given in this developed – it establishes a truly inter- standard, to support the economic well-being of their businesses. national common language for information security for all organizations around Microsoft : ‘ An invaluable toolset ’ the world to engage with each other to do business. “ The ISO/IEC 17799 standard, in particular, the newly revised version, is an invaluable toolset for the information security professional. This standard provides them with a universal approach of communicating information security “ Information security management best practice, a way to ensure consistency of practice, and a means may be essential to to establish and raise the baseline for managing information security risk in their maintain competitive edge .” environment.” Meng-Chow Kang, CISSP, CISA and Chief Security & Privacy Advisor, Asia Pacific Region, Microsoft. It provides organizations with many state-of-the-art additions and improve- Fujitsu : ‘ Much more user friendly ’ ments in information security best practice. For example, better management “ The 2000 version of 17799 provided management with a tool to ensure that of security arrangements with external all important areas of information security were included in security control pro- businesses, outsourcing and service programmes including best practice advice to deal with the risks of third party access viders, enhanced indicant handling capa- from suppliers, outsourcing arrangements and service delivery. The new 2005 ver- bility, dealing with problems of patch sion makes it much simpler to develop internal standards because the requirements management, mobile devices, wireless are now clearly and consistently described for each control. We plan to start using technologies and harmful mobile code it in our ISMS work as soon as possible because it is much more user friendly.” via the Internet, improvements in best John Snare, Fujitsu Australia. practice managing human resources and several other new features. PCCW : ‘ has benefited extensively ’ The new version addresses the security of information in its widest sense, “ By continuously enhancing its strategic and operational approach to the con- providing best business practice, guide- sistent management of information security, PCCW has benefited extensively from lines and general principles for imple- using the structured approach contained within ISO 17799. With the release of the menting, maintaining and managing new version, including the new multiple controls, the tightening of existing con- information security in any organiza- trols and the alignment of the new simplified structure, ISO 17799:2005 will allow tion, producing and using information PCCW to immediately enhance and further lead the industry in applying world in any form. best information security practices to the protection of its information assets.” ISO/IEC 17799:2005 identifies the Dale Johnstone, Information Security Governance Risk Management, controls that form the starting point for PCCW Limited, Hong Kong. information security. It covers the critical success factors, the organization of information security, asset management, human resources, physical and environ- • new and emerging technologies and mental security, communications and Business drivers and requirements greater connectivity, and the impact operations management, information sys- this has on protecting information ; tems acquisition, development and main- Several changes to business environ- and tenance, incident management, business ments and new ways of doing business • growing security requirements for continuity management and compliance. were important in driving the develop- regulatory compliance. It is destined to become an essential tool ment of the revised ISO/IEC 17799:2005. for organizations of every type and size, We recognized : whether public or private. “ The new version Here are some of the drivers for this • the growing dependence on the use provides best business revised edition of the Code of Practice, of external services and the manage- highlighting its new features that address ment of service delivery ; practice for managing the latest business requirements. • changes to the risks and threats fac- information security in any ing businesses ; organization. ”

10 ISO Focus September 2005 Standards for a safer world

External services practice to external services to address today’s business demands, and has also The revised edition introduces a number Threats and introduced new service management con- of improvements and updates and addi- trols aimed at securing the availability vulnerabilities tional best practice provisions. and accessibility of external services. ISO/IEC 17799:2005 also acknowl- The business world is more depend- edges a number of threats and vulner- ent on external services for its outsourc- abilities that have emerged recently, ing, off-shoring, networking and Inter- Human resources including : net hosting needs than ever before – and Another revision addresses the critical more business is being carried out with area of information security and employ- • Management of software patches – in clients, business partners and supply ees. Irrespective of how good the secu- recognition of the increasing risk of chains using various on-line and net- rity technology may be, people can be new software being exploited before working arrangements. exploited and thus compromise securi- patches can be introduced to counter While providing business efficiency ty. ISO/IEC 17799:2005 improves best the problem. and better information sharing in high- practice in three key areas : • Potential problems of mobile code ly competitive markets, it also makes – addressing the need for control of access to organizational systems easier 1. Prior to employment mobile software code to avoid breach- and increases the vulnerability of sen- – the recruitment process ; es of information security, including sitive and critical information. unauthorised use or disruption of busi- ISO/IEC 17799:2005 extends best – employee references and screening, and ness systems, networks, or applications. – contracts, terms and conditions of • About the author employment. Pervasive use of mobile devices and wireless networks – awareness that Ted Humphreys 2. During employment those sharing wireless networks can is the Convenor – allocating roles and responsibilities ; gain access to mobile devices, lap- of ISO/IEC JTC tops and business information. 1/SC 27, WG1, – giving access rights and establishing which is user accounts ; and responsible for managing – training and awareness, including Helping organizations projects such as applying procedures and reporting worldwide ISO/IEC 17799, incidents. ISO/IEC 13555 ISO/IEC 17799:2005 is intended to and ISO/IEC 3. At termination of employment provide organizations around the world 18044. Ted Humphreys is Director of – removing access rights and user with new best practice improvements and XiSEC Consultants Ltd, a UK company accounts, thus preventing later access enhancements to help them : providing Information Security to the organization’s systems and proc- Management consultancy services around • provide greater customer confidence the world. He has been an expert in the esses ; and assurance that their systems and field of IT and telecommunications – removing physical access, e.g. can- services are “ fit for purpose ” ; security, information security and risk cellation of entry passes ; and • make more profitable use of their management for more than 27 years. During this time he has worked for major – return of assets such as information, investment in information security international companies (in Europe, North papers, storage media, software and as a business enabler ; America and Asia), and organizations and laptops. • enhance management control of busi- institutions such as the European ness information assets and informa- Commission and the OECD. tion security risks; • make improvements to internal secu- © ISO rity policies and procedures operations, and to security arrangements with suppliers and service providers ; • achieve compliance with applicable national and international security requirements.

ISO Focus September 2005 11 Main Focus

Complementary and supportive standard © ISO While ISO/IEC 17799:2005 is a code of practice for information security management, it is not applicable to management system certification. However, the complementary and supportive standard ISO/IEC 27001, Information security management systems – Requirements is designed for this purpose. Publication of the ISO/IEC 27001 ISMS is expected in November 2005. The specification standard is a revised version of BS 7799 Part 2:2002 (ISMS), which has been used for certification for the past seven years. Both use the Plan-Do- Check-Act process model as featured in ISO 9001:2000 and ISO 14001:2004, and are based on the same certification process as the QMS and EMS standards.

International certification activities Already over 1300 organisations in over 50 countries have had their ISMS certified. The figure is rising by around 80-100 per month and it is expected that certification to ISO/IEC 27001:2005 will accelerate this growth via some 45 accredited certification bodies involved in the process. A free access register, available on the ISMS International User Group Web Biometrics : behavioural and biological characteris- site (www.xisec.com), provides details tics. Hand and facial features, finger- of the certificates to be registered and/ global challenges prints and iris patterns are examples of or modified/deleted. This information is biological characteristics. Behavioural submitted regularly by all the accredited and customer characteristics are traits that are learned certification bodies involved. or acquired, such as signature verifica- needs tion and keystroke dynamics. Biomet- The ISO/IEC 27000 series ric technologies are ready to pervade nearly all aspects of the economy and ISO/IEC 17799:2005 and the future by Fernando L. Podio, Chair, our daily lives. ISO/IEC 27001 are part of the ISO/IEC ISO/IEC JTC 1/SC 37 Although for many years biomet- 27000 series of standards being developed ric technologies have been used main- by JTC 1/SC 27. There is a proposal to iometric technologies are able to ly in law enforcement, they can be now allocate the number ISO/IEC 27002 to establish or verify the personal found in all levels of government func- ISO/IEC 17799 in 2007. Currently, SC 2 7 Bidentity of individuals against tions, in national defence applications is developing ISO/IEC 27003 and ISO/ previously acquired data. Used alone, or and in commercial fields ranging from IEC 27004, aimed at providing support- together with other authentication tech- financial transactions to visitor authen- ing guidance for ISO/IEC 27001. nologies such as tokens and encryption, tication in amusement parks. World The creation of a family of ISMS- biometric technologies can provide high- events in the last few years have further related standards is intended to mirror the er degrees of security than other tech- increased global interest in highly secure approach adopted by the ISO 9000:2000 nologies employed alone, and can also personal authentication using biomet- series of QMS standards – and thus ISO/ be used to overcome their weaknesses. rics. National security priorities have IEC 27001 will serve information secu- Biometrics is defined as the automated led to the use of biometrics in machine rity as ISO 9001:2000 does quality. recognition of individuals based on their readable travel documents, employee

12 ISO Focus September 2005 Standards for a safer world identification badges, and other secure al biometric standards. SC 37 success- applications. fully brought together a wide range of testing methodologies to test the With the rapid dissemination of interests among IT organizations, the performance of systems and devic- biometric technologies, it is important biometric industry, security experts es. The goal is to provide tools for to recognize that enterprise systems and and end-users of multiple biometric- the understanding and prediction of applications based upon consensus-based based identification and verification real-world error and system through- international biometric standards are applications. The JTC 1 subcommittee put performance. Current develop- more likely to be interoperable, scalable, currently has twenty-two participating ment includes a principles and testing usable, reliable, secure, and economical members, five observer members and framework specification that presents – than proprietary systems. established liaisons with eleven organi- the requirements and best scientific zations including other JTC 1 subcom- practices for conducting technical per- Data interchange formats mittees, an ISO TC, and outside organi- formance testing to determine error and other open systems zations ; SC 37 is currently responsible and throughput rates. The multi-part standards for the development of thirty projects/ standard includes performance-test- subprojects. ing methodologies for specific test- The establishment of ISO/IEC ing programs and for different test- JTC 1/SC 37, Biometrics in June 2002 ing methodologies, and also includes offered the IT community and end– “ Biometric technologies a framework for biometric device per- users an international venue to acceler- can be now found in all formance evaluation ate and harmonize formal internation- levels of government Biometric interface standards include functions, in national the CBEFF standard described above, the BioAPI specification and relat- About the author defence applications and in ed standards. The BioAPI specifi- commercial fields ranging cation defines an open system stan- Fernando L. Podio is a from financial transactions dard application program interface member of the to visitor authentication in (API) that allows software applica- Computer tions to communicate with a broad Security amusement parks.” range of biometric technologies in a Division of the common way. The related standards Information under development include a biomet- As shown in the accompany- Technology ric archive specification, support for ing chart, SC 37’s work programme Laboratory at Graphical Users’ Interfaces, a BioAPI includes the following types of biomet- the National specification for systems with mem- ric standards : Institute of ory or computing power limitations, Standards and Technology (NIST). For the Biometric data interchange standard and a BioAPI interworking protocol past seven years he has been involved in formats promote the exchange of bio- biometrics research and standardization. enabling distributed components of a He is currently responsible for the NIST metric data in standardized formats biometric system to talk to each oth- Program on Accelerating the Development among multiple vendors and appli- er. A conformance testing methodol- of Critical Biometric Standards & cations. They define either biometric ogy for BioAPI is also under devel- Associated Conformity Assessment image formats or template formats. opment. Activities. He is Chair of ISO/IEC JTC 1/ SC 37 is developing these formats for Biometric profiles for interopera- SC 37, Biometrics and he also chairs the a number of modalities. International Committee for Information bility and data interchange stan- Technology Standards Technical Common Biometric Exchange For- dards describe requirements for spe- Committee M1, Biometrics. He is the mats Framework (CBEFF) defines cific applications and identify base co-chair of the Biometric Consortium a data structure that is a requirement standards for specific domain(s) of which is an organization of over one for conformance to all the data inter- use. They also identify mandatory thousand members from Government, change standards. It defines meta- requirements for each of these base industry and academia. data that describe biometric data in standards and the optional charac- Computer Security Division, Information the structure, enabling applications to teristics and parameter values that Technology Laboratory, NIST decide their interest in the particular should be considered mandatory for 100 Bureau Drive, MS 8930 data without having to decode it. It the specific application(s). Gaithersburg, MD. 20899-8930 includes, for example, the identifica- In addition to the projects described tion of the data format E-mail : [email protected] above, SC 37 is developing a harmonized Biometric performance testing and biometric vocabulary and four techni- reporting standards define standard cal reports :

ISO Focus September 2005 13 Main Focus

Cross jurisdictional and societal aspects “…the trend toward supporting the ILO on the seafarer’s ID of implementation of biometric tech- (SC 17 – Cards and Personal Identifica- nologies – Part 1: Guide to the acces- accessing a number tion and SC 31 – Automatic Identification sibility, privacy and health and safety of services through portable and Data Capture Techniques). issues in the deployment of biometric devices such as personal systems for commercial applications and Part 2 : Practical application to digital assistants and 1 ICAO adopted a global, harmonized blueprint for the integration of biometric identification specific contexts ; cellular phones presents information into passports and other Machine Multi-modal and other multi-biomet- new challenges for Readable Travel Documents (MRTD). Facial recognition was selected as the globally ric fusion ; biometric-based personal interoperable biometric for machine-assisted A biometric tutorial ; authentication standards identity confirmation with MRTD. ICAO requires conformance to the face recognition Biometric performance testing and development.” standard developed by ISO/IEC JTC 1/SC 37. reporting – Part 3 : modality-specific Other ISO/IEC JTC 1/SC37 standards required testing. by ICAO are the fingerprint data interchange of biometrics for machine-readable trav- formats, the iris recognition interchange format, el documents. SC 37 has established a and the Common Biometric Exchange Formats ISO in June 2005 published the first strong working relationship with ILO. Framework (CBEFF). three International Standards developed In March 2004, the ILO governing body by SC 37: ISO/IEC 19794-4, Information 2 ILO’s requirements for the seafarers’ ID card approved a Technical Report (SID 0002) include the use of two fingerprint templates to technology – Biometric data interchange which specifies the use of several SC 37 be stored in a barcode which will be placed in formats – Part 4: Finger image data, ISO/ draft standards and offered their Techni- the area indicated by ICAO’s 9303 standard. IEC 19794-5, Information technology – cal Report to SC 37 for use in the devel- ILO requirements also specify the use of some of the standards approved or under development Biometric data interchange formats – Part opment of a biometric application profile 5: Face image data and ISO/IEC 19794-6, in ISO/IEC JTC 1/SC 37, specifically finger for the seafarer’s ID. In addition to SC minutiae and finger image data interchange Information technology – Biometric data 37, two other JTC 1 subcommittees are formats and CBEFF. interchange formats – Part 6: Iris image data. One additional standard should be

published within the next several weeks: © ISO ISO/IEC 19794-2, Information technology – Biometric data interchange formats – Part 2: Finger Minutiae Data. Several other standards projects are at, or very close to, the FDIS ballot stage.

Large customers’ adoption Since its inception, SC 37 has responded to its customers’ needs for International Standards by rapidly developing a first generation portfolio that includes technically sound consensus standards. What is remarkable is that many of the standards developed by SC 37 are already being adopted by major global customers such as the International Civil Aviation Organization (ICAO) 1) and the International Labour Office (ILO) 2) of the United Nations prior to the formal approval of these specifications as International Standards. ICAO’s adoption of these standards is an important contribution to international travel, as well as to the biometric and ID management industries. It is expected to significantly impact the use

14 ISO Focus September 2005 Standards for a safer world

Strong personal technological approaches are being pro- authentication and posed and developed to meet the needs and an additional one awaits publica- enhanced security of highly secure authentication appli- tion as an International Standard. SC cations. Standardization of these solu- 37 has also rapidly advanced additional Biometric technologies can be tions based on the emerging biometric documents to FDIS status –the BioAPI used in enterprise-wide network secu- standards will require strong collabo- Specification, the Common Biometric rity infrastructures, secure electronic ration between biometric and securi- Exchange Formats Framework (CBE- financial transactions and many other ty experts. This close collaboration is FF) – Part 1 – Data Element Specifi- applications requiring strong person- expected to result in harmonized, tech- cation and the CBEFF Procedures for al authentication. The world’s highly nically sound, standard-based solutions the Operation of the Biometric Regis- mobile workforce and the trend toward that will meet customers’ needs. tration Authority. It is anticipated that accessing a number of services through A summary of the standards these standards will also be published portable devices such as personal digital under development within SC 37 is during 2005. The completion of at least assistants (PDAs) and cellular phones shown in the accompanying chart. SC three other FDIS ballots is anticipated presents new challenges for biometric- 37 is concurrently addressing approx- by the end of this year. based personal authentication standards imately 30 parallel standards devel- development. opment projects/subprojects. During Through the work of SC 37, new 2004 it finalized four biometric data and highly secure authentication appli- interchange standards (finger minuti- cations based on open biometric stand- ae, finger image, iris image and face ards are now becoming possible. Many image). Three have been published

ISO/ISO JTC 1/SC 37, Biometric Standards Development Portfolio

Biometric data interchange formats for a Biometric Profiles for Interoperability and number of biometric modalities – finger minutiae Data Interchange. A multi-part standard is under data, finger pattern spectral and skeletal data, finger, development : Part 1 : Biometric Reference Architecture ; face, iris and vascular biometric image data, signature/ Part 2 : Physical Access Control for Employees at sign time series and processed dynamic data, and hand Airports ; and Part 3 : Biometric Profile for Seafarers. geometry silhouette data. An amendment of the face image data interchange format will address conditions for taking photographs for face image data. Harmonized biometric vocabulary.

Biometric technical interface standards include the BioAPI-Biometric Application Programming Interface BioAPI Conformance Testing Methodology standard (the BioAPI Specification), related standards includes methods and procedures, and test assertions for (BioAPI Biometric Archive Function Provider Interface, Biometric Service Providers, BioAPI Frameworks and the BioAPI GUI and BioAPI Lite), the Common biometric applications. Biometric Exchange Formats Framework – CBEFF (Data Element Specification, Procedures for the Operation of the Biometric Registration Authority, and Patron Formats Technical Reports on Cross Jurisdictional and Specification) and the BioAPI Interworking Protocol Societal Aspects of Implementations of Biometric (BIP). Technologies (Part 1: Guide to the accessibility, privacy and health and safety issues in the deployment of Biometric Performance Testing and biometric systems for commercial applications and Reporting – multi-part standard addressing Part 2 : Practical application to specific contexts), Multi- principles and framework, testing methodologies for Modal and Other Multi-Biometric Fusion, Biometric technology and scenario evaluation, performance and performance testing and reporting – Part 3 : modality- interoperability testing of data interchange formats and specific testing and a Biometrics Tutorial. performance of biometric access control systems.

ISO Focus September 2005 15 Main Focus

Access is controlled when the container is on a ship or in a marine container terminal.

ISO/TC 104, Freight Contain- Container security needs Container ers, has been actively working with ISO/PAS 17712:2003, Freight con- the World Customs Organization on security seals tainers – Mechanical seals, was estab- container seals and in a Joint Working lished to address existing concerns and Group (JWG) with TC 122 on the use of to meet the need for high quality security Radio Frequency Identification Devices seals. It offers a set of recommendations by Mike Bohlman, Chair of (RFID) for marking and tracking at all to assist customs authorities, manufac- ISO/TC 104, Freight containers levels within the transportation chain. turers and users of freight containers. It This article addresses specifically ISO’s establishes uniform procedures for the pproximately 90 percent of the work on container seals and their use on world’s trade moves in contain- freight containers. classification of mechanical seal types Aers. At any given time this equates Container seals are typically as well as the acceptance and withdraw- to billions of dollars worth of inventory affixed to the door end of the freight al of acceptance of mechanical freight moving in freight containers either via container. They are used to secure the container seals based on a defined series truck, train, ship or barge. Last year an freight container in a manner that pro- of tests. Use of ISO/PAS 17712 ensures estimated 100 000 000 TEU (twenty – foot vides an indication of tampering with better seal performance, a reduction in equivalent units) moved in international the seal if an attempt is made to open cargo theft, and a more secure transporta- trade. It is estimated this will increase the container doors. Different seal types tion chain from container loader to con- to over 150 M TEU by 2010. provide evidence of tampering in differ- signee. In addition, a large increase in Getting these goods safely to their ent ways, from scratches or nicks on the in-transit security can now come about planned destination and in good condi- body of the seal to a deformation of the because customs authorities have a basis tion was the initial definition of freight locking mechanism. to require use of a high security seal security. This has changed. Today secu- based on this new document. rity includes both this safe delivery and Prior to ISO/PAS 17712, indus- the prevention of any unauthorized use try and governments were confronted or misuse of the cargo or the transport with a number of challenges from the means. lack of a comprehensive standard for

16 ISO Focus September 2005 Standards for a safer world mechanical seals. Container owners against terrorism, theft, smuggling and and shippers, for example, were unsure illegal immigration. Standards for electronic as to what type of mechanical seal was This work is not complete how- seals appropriate for the applications they had ever. An annex to support ISO/PAS – and there was noticeable inconsisten- 17712 has been developed by ISO/TC Building on the work with mechan- cy in the strength of seals that purported 104 that sets out “Security Seal Manu- ical seals, the TC 104 is actively devel- to perform the same function. Govern- facturers’ Best Practices”. The purpose oping a series of standards for electronic ments, on the other hand, did not have of this annex is to ensure that all seals seals. These seals will meet the structur- a standard on which they could base a produced meet the required perform- al standards that have now been set for requirement to use seals. An all-encom- ance and strength parameters and that mechanical seals and, in addition, add passing standard was needed in order their distribution and use is in a control- the alarm and data retention capabilities to promote in-transit security of freight led environment. Without this control of that can be achieved through electronics. containers. Since its publication in 2003, ISO/PAS 17712:2003 has effectively established itself as the unique source of information on mechanical seals that are acceptable for securing freight con- © JISF tainers in international commerce. It has been recognized as such by the World Customs Organization (WCO) in their latest framework of standards to secure and facilitate global trade ; PAS 17712 promises to play a significant role in improving security measures taken

About the author

Michael Bohlman is Director of Marine Services for Horizon Lines and Chair of ISO technical Blast furnace. committee ISO/ Thousands of freight containers are delivered each day. TC 104, Freight Containers. He is also Vice- Chair of ICHCA International’s “ The publicly available The electronic seal series of standards International Safety Panel, Chair of the specification promises to are being organized to address: Executive Committee of the International play a significant • the protocol that the seal will use to Vessel Operators Hazardous Materials communicate with other devices Advisory Council (VOHMA) and Chair role in improving security • of the Board of Directors of the Chamber how the seal will be used, i.e. appli- of Shipping of America (CSA). Michael measures taken cation requirements Bohlman is a member of the American against terrorism, theft, • the environment the seal must be capa- Maritime Association and the Maritime ble of operating in Association of the Port Authority of New smuggling and illegal York / New Jersey. immigration.” • how the data in the seal will be pro- Additional information regarding ISO’s tected from tampering or unauthor- work on security and on mechanical and ized disclosure the seals and their use, security could electronic seals can be directed to Michael • how the message sets will be structured Bohlman, who can be reached via email at be unknowingly compromised. This is so critical that TC 104 has agreed to for data transfer between an electron- [email protected] or via ic seal reader and a host computer mail care of Horizon Lines, LLC, publish a revised PAS 17712 to ensure 1700 Galloping Hill Road, Kenilworth, these practices are immediately taken • how the physical data will be struc- NJ 07033, USA. into account. tured

ISO Focus September 2005 17 Main Focus

Specific work is also underway Thwarting non-evident in the ISO TC 104 – TC 122 JWG to tempering develop a series of related standards using RFID in the areas of Application TC 104’s work on seals is a Requirements (ISO 17358), Freight big step forward with regard to con- Containers (ISO 17363), Returnable tainer security but the experts have shown that the best sealing provi- Transport Items (ISO 17364), Trans- An easy process to defeat a seal. port Units (ISO 17365), Product Pack- sions in the world are worthless if aging (ISO 17366) and Product Tag- containers can be opened without ging (ISO 17367). touching the seal. The current state of technolo- For this reason TC 104 has been gy development for container track- working to address how seals are used ing devices is RF tags for Automat- on freight containers, responding spe- ic Equipment Identification (AEI). cifically to a need identified by both national and international authorities These have been standardized by to improve the location of the seal on ISO (ISO 10374) for several years. the container’s doors and subsequent- Tags based on this technology are ly improve the ability of the sealed in wide use in the United States’ rail doors to thwart non-evident tamper- industry and in limited use by some ing. TC 104 has just finished examin- containership operators, mainly for ing the design of the door end of the chassis identification & management. container from the aspect of improving The usefulness of these Tags and this Door can be opened but the seal is intact. security and making undetected entry type of technology is limited by the into the container more difficult. As need for and suitable placement of a result of this work a newly drafted radio frequency transponders along requirement is about to be balloted as the transportation route or at appro- an amendment to the standards. priate equipment checkpoints. It is The current draft of this new also limited by the lack of a univer- requirement reads : “ All door open- sal (worldwide) standard frequency ings shall be fitted to accept an ISO on which these types of devices are compliant high security seal (see ISO to operate. Frequencies available for PAS 17712) in a manner that precludes these types of devices in the United opening or gapping of the doors with- States are not available in other coun- out first removing the seal. The design tries and vice versa. Cost (between 25 of the container shall be such that the and 45 US Dollars per Tag) has also door constrained by the seal must be been a deterrent to wider adoption of A more secure seal arrangement. opened before the other door can be this technology in shipping. opened. The mechanism in which the Even more expensive (about 10 seal is fitted shall either be welded to times) and less widely used are satel- a significant structural member of the lite based tracking systems. Existing container or otherwise be constructed systems are based on either low earth so that the mechanism or seal cannot orbit or geo-stationary satellites. Both be removed and the door opened or are limited in that they require line of gapped without first having to break sight between the tracking device and the seal. Seal affixing mechanisms that the satellite. These devices work but do not meet these basic requirements have not been implemented because shall not be fitted onto the container. of their cost. Within a closed or semi- The door hinges shall either be weld- closed system like containership opera- ed to the door panel or, if affixed with tions, tracking of individual containers fasteners, affixed with TIR approved is relatively straight forward. Whenever A more secure seal arrangement. fasteners that are further protected from the container is in a marine yard or on removal by a suitable shield or equiv- a ship, the operator knows it and can alent design feature. Hinge pins shall be control access to it. It is when the contain- “ Approximately 90 percent welded in place or otherwise protected er is released to a trucker or placed on a to preclude their removal.” railcar that it loses visibility and operators of the world’s trade moves lose control over access to it. in containers.”

18 ISO Focus September 2005 Standards for a safer world

ulatory regime to keep pace. In recent years, as IMO has taken up new wide- ranging initiatives to address such issues as the role of the human element in maritime safety, safety management systems, the development of ever-larger passenger ships, and most recently, maritime security, there has been a continuing need for development of technical standards in support of those initiatives.

ISO frees IMO This is where ISO/TC 8, Ships and marine technology, steps in. As the recognized single point of contact between ISO and IMO, the ISO/TC 8 and its subcommittees focus primarily on development of International Stand- ards in support of IMO. TC 8/SC 1, Life-saving and fire protection, in particular supports the IMO subcommittees on ship design & equipment, and

Safer ships : About the author lifesaving and fire Kurt Heinz has © ISO served as protection at sea Secretary of ISO/TC 8/SC 1 © ISO Life-saving & Fire Protection by Kurt Heinz, Secretary, Destination or since 1996. A ISO/TC 8/SC 1, Life-saving & transportation ? graduate of the Fire Protection United States In recent years cruise ships, espe- Coast Guard t took a major disaster to focus the cially, have continued to grow in size and Academy and a world’s attention on the need for complexity. Such ships operating and registered professional engineer, he is I internationally recognized stand- under development today are half again primarily involved in development of national and international standards and ards for safety at sea. It was the April as long and three times the tonnage of the Titanic, and the number of persons on regulations for life-saving equipment in 1912 sinking of the RMS Titanic after the U.S. Coast Guard’s Lifesaving & Fire the largest is approaching 10 000. The colliding with an iceberg in the North Safety Standards Division in Washington, Atlantic, that led to the first International ships have become destinations as much DC. He chaired the Working Group on Convention for the Safety of Life at Sea as transportation, continually adding fea- Personal Life-saving Appliances at the last (SOLAS) in 1914, requiring lifeboats for tures and amenities to provide a diverse session of the International Maritime all on board, and a host of other safety and pleasurable experience for passen- Organization’s Sub-Committee on Ship measures. Although World War I pre- gers on board. Passenger demograph- Design and Equipment, and is currently vented its ratification, it led to another ics have changed as well, with increas- Co-Coordinator of the Sub-Committee’s SOLAS convention in 1929, and even- ing numbers of children and the elderly Life-saving Appliances Correspondence tually the establishment of the Interna- enjoying the cruising experience. Final- Group. tional Maritime Organization (IMO), a ly, there is growing demand for cruises “ Disclaimer ” : The views expressed specialized agency of the United Nations to remote or extreme locations far from herein are those of the author and are not devoted to development of international search and rescue resources. to be construed as official or reflecting legislation in pursuit of safety and pre- With all of these changes, it can the views of the Commandant or of the vention of pollution at sea. be a challenge for the international reg- US Coast Guard.

ISO Focus September 2005 19 Main Focus fire protection. In addition to allowing standard shore-based signing systems, greater engagement in the process by the with which many if not most passen- affected industries, and greater consid- gers will be familiar. Other significant eration of market factors, development standards under development in WG 3 of needed detailed technical standards address shipboard fire-fighters’ outfits, within ISO frees IMO to concentrate breathing apparatus for fire-fighting its resources on adoption of high-level and emergency escape, and point-type international legislation. resettable flame detectors. A premise of IMO regulations Unlike the “ unsinkable ” Titanic, governing ship stability and fire protec- which carried lifeboats for only about half tion is that a ship should be its own best the people on board, in the rare instances lifeboat. But there are sometimes situa- when a modern ship must be abandoned tions where abandonment of the ship is there are survival craft for everyone, unavoidable. Obviously, the egress of per- with substantial excess capacity. Most haps thousands of passengers distributed of these survival craft are in the form of throughout a large ship with many decks, lifeboats, with the remainder consisting potentially through smoke-filled passage- of inflatable life rafts stored uninflated in canisters. ways, to assembly stations for lifeboats Redundant signs may hinder the safety of and life rafts is a daunting task. those onboard the ship. This requires the ship design- “ Ships have become er to give careful consideration to the destinations as much as layout and marking of the ship and its escape routes, which can be complicated transportation, continually by common design features of modern adding features and ships such as large, open atriums span- amenities to provide a ning numerous decks, and the variety of languages spoken by both passengers and diverse and pleasurable crew. Several standards providing guid- experience for passengers ance in this process have been developed on board.” or are under development by TC 8/SC 1/ Marine evacuation systems chutes are used WG 3, Fire protection. ISO 15731, Ships to evacuate a large number of people within a 30-minute evacuation time. Until fairly recently, life rafts were and marine technology – Low location generally of the davit-launched type, sus- lighting on passenger ships – Arrange- pended over the side under davits and ment specifies performance, installation, boarded at the embarkation deck, then and maintenance of low-location light- lowered to the sea by wire rope. How- ing systems used to provide way guid- ever, because such life rafts are limited ance in smoke-filled conditions, and in capacity, and can only be launched one has been implemented internationally at a time, it can be difficult to achieve in IMO instruments. the 30-minute evacuation time required by SOLAS, as the number of persons on Signing and surviving board increases. Consequently, in recent years there has been increasing use of Surprisingly, there is little in marine evacuation systems (MES), where the way of specific regulatory guid- Carnival Cruise liner “Ecstasy” (July 1998). evacuees descend to a floating inflata- ance for shipboard safety signs-and Good directional signs can help reduce the ble platform by either an inclined slide unfortunately, bad examples abound. time needed to evacuate a ship. (like those used in aircraft), or a vertical To fill this gap, a three-part standard, fabric chute (like those sometimes used ISO 24409, Ships and marine technol- by fire-fighters to exit from tall build- ogy – Design, location, and use of ship- ings), then transfer from the platform to board signs for fire protection, life-sav- inflatable life rafts floating alongside. ing appliances, and means of escape is Typical capacity for an MES is on the currently under development in liaison order of 400 persons in 30 minutes, or with ISO/TC 145/SC 2, Safety identifi- as much as 8 x 50-person life rafts – and cation, signs, shapes, symbols, and col- because the life rafts do not need to be ours. It aims to harmonize shipboard suspended under load, fewer, larger life signing to the extent possible with rafts can be used.

20 ISO Focus September 2005 All photos courtesy of the author. Standards for a safer world

To ensure the safe and orderly flow of persons through an MES, effec- © ISO tive communication between the top and bottom is essential, and required by SOLAS. However, in practice this has been accomplished by a variety of means, and with varying degrees of effectiveness. TC 8/SC 1/WG 1, Life-saving appliances and arrangements, has therefore recently taken up development of a new standard to specify the desired performance for means of communication for MES.

Fit for the purpose After the occupants have boarded a lifeboat or life raft, they will find a variety of equipment provided to aid in survival, including emergency food Safe machine rations and drinking water, distress flares and smoke signals, fishing kits, first aid operations kits, sea sickness medication, and other equipment to permit survival for several days to a week. by Alfred Sutter, Chair TC 199, A complex interaction However, for many of these items IMO has not established specific require- Safety of machinery Safety in the workplace entails ments, leaving them up to individual isks from the use of a particular a complex interaction – and reaction – maritime administrations. As a result, machine occur worldwide. Since between the individual, the machine and their quality and effectiveness varies, and R machines are used in both profes- the work environment. Not only is this ships can find it difficult to obtain suit- sional and personal environments, safety concept important to ensuring the safe- able replacement equipment in foreign standards can contribute to a reduction ty and health of employees, but it is the ports. To address these problems, WG 1 of risks at work, in the home and while foundation of the standardization proc- has recently completed development of pursuing leisure activities. ess for machine safety. The slogan “ Do a comprehensive standard ISO 18813, The safety of individuals oper- it once – do it right – do it internation- Ships and marine technology – Surviv- ating and maintaining machines is the ally ” has in this instance to be comple- al equipment for survival craft and res- focus of many institutions. Attaining mented by “ Do it right from the begin- cue boats, that prescribes agreed speci- safety depends on culture, laws and ning ” – meaning that the concept of safe- fications for this equipment. regulations. And the consequent vari- ty must be integrated into machinery at Due to a complex and ever-evolv- ety of safety requirements may hinder the design stage. It is the designer who ing system of preventative measures, a international trade. The World Trade knows his machine best. When he does trip on a cruise ship is normally safe and Organization declared that Internation- everything in his power to ensure that uneventful (at least from a safety stand- al Standards can make a large contribu- the user of the machine can work safe- point). Most of the equipment for which tion to removing Technical Barriers to ly within the boundaries of the normal TC 8/SC 1 develops standards is unusu- Trade (TBT). anticipated use of the machine, then he al in that we sincerely hope it will never Maintaining the safety and health is integrating safety into the design. need to be used, or in many cases even of the users of machinery is an impor- seen, by the travelling public. We look tant part of this. Safety levels should be Three steps to safety forward to continuing to work in the serv- high in order to accord with the occupa- ice of and in cooperation with IMO, to tional health and safety requirements of The safety concept is based on ensure that in the very rare cases when national legislations. And the objectives a so called three step method. The fol- it is needed, it is fit for the purpose and of international safety standardization will lowing principles should be observed, meets the needs of the market. only be reached, when all countries are in the order below : willing to adopt them in their national Eliminate or reduce risks as far as standardization programmes. possible (inherently safe machinery design and construction)

ISO Focus September 2005 21 Main Focus

Take the necessary protection measures in relation to risks that cannot be eliminated, Inform users of the residual risks due to any shortcomings of the protection measures adopted, indicate whether any particular training is required and specify any need to provide personal protection equipment. “ ‘ Do it right, from the beginning ’ – means that the concept of safety Figure 1. must be integrated into concepts, general principles for design machinery at the design machinery (ISO 12 100, Safety of machin- – Part 1 : Basic terminology, methodolo- stage. It is the designer ery – Basic concepts, general princi- gy, and Part 2 : Technical principles, and who knows his machine ples for design); type-B standards 2) deal ISO 14121, Risk assessment. best.” with one safety aspect that can be used across a wide range of machinery e.g. Basic hazards and design safety distances (ISO 13852, Safety of principles Horizontal and vertical machinery – Safety distances to prevent standards danger zones being reached by the upper ISO 12 100 was recently revised limbs Safety of machin- and deals with the definition of a broad In order to implement a systematic and ISO 13853, ery – Safety distances to prevent danger range of terms, the description of basic approach to standardization in machine zones being reached by the lower limbs hazards and principles for design for safety, a concept with both horizontal ) the implementation of each of the three and vertical standards was adopted, to and general noise aspects and applica- steps of risk reduction – inherently safe help the designer with the methodology tion of ergonomic principles. design, protection measures and infor- and giving decision guidance for design- Another series of type-B stand- mation for use, including any special ing a safe machine. Horizontal type-A ards address products that can be used 3) training needs. standards 1) (basic safety standards) give in different machines , such as safe Safety of This standard is also intended basic concepts, principles for design and control systems (ISO 13849, machinery – Safety-related parts of con- for training designers. It is recommend- general aspects that can be applied to all trol systems), two hand control systems ed that the standard be incorporated in (ISO 13851, Two-hand control devices training courses and manuals to convey – Functional aspects and design prin- basic terminology and general design About the author ciples), or interlocking devices (ISO methods. ISO 14121, Risk assessment is Alfred Sutter, 14119, Interlocking devices associat- Dipl.-Masch.- ed with guards – Principles for design under revision and will contain sub- Ing ETHZ, was and selection). stantially more than the original. It will for several years The vertical type-C standards 4) include in an informative annex a number Director health (machine safety standards) deal with of well tried risk assessment methods and and safety for detailed safety requirements for a partic- risk reduction methodologies which will Europe at Grace ular machine or group of machines (e.g. give the designer an appropriate choice Industrial Chem- ISO 11111, Textile machines). for his needs. icals, Inc, ISO/TC 199, Safety of Machin- TC 199 has also produced a ter- Lausanne. He is ery, deals with standards of both types minology data base in which a great a former mem- A and B. The basic work is reflected in number of terms are listed and defined ber of the Swiss Federal Commission for in more than a dozen languages. Occupational Health and Safety, partici- ISO 12 100, Safety of machinery – Basic pating in various special committees. Supporting the international Alfred Sutter is Chair of ISO/TC 199 1) see figure 1, pink planets standardization programme for machinery safety is an important contribution Safety of machinery (CEN/TC 114), Con- 2) see figure 1, orange planets venor CEN/WG 14 Risk Assessment and a towards a safer world and facilitates member of the CEN/Safety of machinery 3) see figure 1, yellow planets global trade by reducing technical bar- sector (SMS) Advisory Nucleus. 4) see figure 1, green planets riers to trade.

22 ISO Focus September 2005 Standards for a safer world

Although differences in industry culture and language may be difficult to overcome, they all work hard to find acceptable solutions. The current situation of different national safety standards is not satisfac- tory. Although ISO 10218, Robots for industrial environments – Safety requirements, dating from 1992, exists, it is mainly used in Europe – with regional standards used in the USA, Canada and Japan. Robot manufacturers and their international customers have to deal with the resultant differing requirements and regional variations. Within ISO/TC 184/SC 2, Robots for industrial environments, it was proposed to start revising ISO 10218 in order to replace the different regional and national standards with one com- monly used global standard. Everyone realised that this work would not be easy and would require extensive efforts from the participants. But the potential advantages outweigh the disadvantages and work has started.

Robots and other machinery High ambitions The safety standard on industrial robots is being updated in line with the for a new robot general safety of machinery standard ISO safety standard 12100 1). Being an A-standard, ISO 12100

© ISO 1) Note, see bottom of page 24. by Per Norlin, Chair of ISO/TC 184/SC 2, Robots for industrial About the authors environments and Mattias Lafvas, Per Norlin is Mattias Lafvas Secretary of ISO/TC 184/SC 2 the Chair of is the Secretary ISO/TC 184/SC 2, of ISO/TC 184/ takeholders of the industrial robot Robots for SC 2, Robots for industry intend to replace differ- industrial envi- industrial envi- S ent regional and national stand- ronments. He ronments. He ards with one common global robot works for ABB works for SIS, safety standard. The intention holds, Automation Swedish Stand- despite the current strength of region- Technologies ards Institute, and is manager and is also al standards. of the product planning and product man- responsible for Swedish national commit- Intense activity is taking place. agement department at the Robotics tees within automation and safety of The international project team is work- Products Business Area Unit in Sweden. machinery. He is also the secretary of ISO/ ing in parallel with ISO and The Euro- He holds both MBA and MSc degrees. TC 118/SC 6, Air compressors and com- pean Committee for Standardization Past managerial positions within the pressed air systems. Before moving into (CEN) and with robot experts from robotics field include business development, standardization he worked in manufacturing East Asia, North America and Europe. after-sales, and product & software. industry on product development.

ISO Focus September 2005 23 Main Focus Robot welding with operator. is part of the hierarchical type A-B-C sys- © All photos courtesy of the author. tem within safety of machinery. But, as a machine-specific type C standard, ISO IRB1400 10218 sets safety requirements for haz- with operator. ards and risks unique to robots.

“ Stakeholders of the industrial robot industry intend to replace different regional and national standards with one common global robot safety standard.”

Robot Safety Industrial robots are usually kept behind fences, but nevertheless hazards and risks need to be dealt with to prevent persons from entering hazardous spac- es. One way to achieve this is the use of interlocking devices. Special considerations are also to be incorporated, for entering the production cell as required during set up and programming. Basic hazards associated with robots are described in the standard Robot cell. which also provides requirements to eliminate or adequately reduce the risks associated with these hazards. Require- ments and guidelines are specified for the inherent safe design, protective measures and information for use of, indus- 1) This trial robots and robot systems. standard is the basis for a set of standards Collaborating robots which has the Since ISO 10218 was first pub- following structure : Project leader for the work is Jeff lished in 1992, technical development Type-A standards (basic Fryman at Robotic Industries Association has proceeded apace. In many cases the safety standards) giving basic concepts, (RIA) in the USA. He has ensured that the existing standard prohibits, or does not principles for design, and general aspects that can be applied to all machinery ; ISO-led work, in parallel with CEN, also address, the use of new emerging tech- incorporates the CEN consultant. The latter nologies. Type-B standards (generic safety standards) dealing with one safety aspect or one type of makes assessments to ensure that the stand- Wireless control is one exam- safeguard that can be used across a wide range ard fulfils the essential health and safety ple of technology that was not used for of machinery ; requirements of the European machinery industrial robots when the current ISO Type-C standards (machine safety standards) directive. As a European standard, the new standard was developed. Today the tech- dealing with detailed safety requirements for a EN ISO 10218 is intended to be harmo- nology is being introduced on the shop particular machine or group of machines. nized under the machinery directive. floor and there is a need to agree on

24 ISO Focus September 2005 Standards for a safer world requirements addressing use of wire- was that industrial applications such less pendants. as warehouse locations appeared to be assist devices not made from robots or Applications with more than one excluded. robot controllers, micro-robots, and serv- robot, requiring synchronised robot con- ice or consumer products. To remove ambiguity, the stand- trol, are not dealt with in the 1992 standard is being divided into two parts : ard. However, technology with several Publication robots using one control system is com- • ISO 10218-1, Robots for industrial monly used today and new requirements environments – Safety requirements Target publication date for the are therefore being developed. – Part 1: Robot new ISO 10218-1 is early 2006 and for A new application that bare- 10218-2 in 2007. The standards that will • ISO 10218-2 Robots for industrial ly exists today but is foreseen to grow be replaced are ISO 10218:1992, EN environments – Safety requirements quickly is so-called collaborating robots. 775:1992 (Europe), CSA Z434:2002 – Part 2 : Robot system and integra- (Canada), JISB 8433:1993 (Japan) and This means that the operator is collab- tion orating with the robot, sometimes in ANSI/RIA R15.06 1999 (USA). The ISO direct physical contact. Traditionally Part 1 contains requirements for standard will be published in English robots and operators have been kept manufacturers of robots, part 2 for inte- and French. As a European standard it apart in the production mode, so this grators of robots into complete produc- will additionally be translated into Ger- kind of collaboration raises new haz- tion cells or lines. man. It is then up to the national standards and risks. Thus, the standard writ- The standard is not developed ardisation bodies to translate into others have looked into different future for, but may also be used for, non- er languages. scenarios in order to achieve require- industrial robots. ments that should allow for technical Many of the safe- development. ty principles estab- Other new technical requirements lished are common included in the new standard relate to for other environ- safety-related control system perform- ments than indus- ance, robot stopping function, ena- trial. Examples of bling devices programme verification, non-industrial robot and updated system design for safety applications are requirements. healthcare, reha- bilitation, prosthet- Wider scope ics and other aids for the physically The title of the new standard impaired, under- reflects the recent change of the com- sea, military and mittee title from “ Robots for manufac- space robots, tele- turing environments ” to “ Robots for operated manipu- industrial environments ”. The reason lators, intelligent Operator with IRB.

Conclusion The goal of one globally implemented ISO standard is not far away, thanks to the extensive efforts made. The revised ISO standard on robotics will solve the problem with conflicting regional and national standards, and facilitate communications in the purchasing process. Harmonised requirements will lead to safer robot applications, reducing both accidents and costs. The new robot safety standard will contribute to a safer world.

Foundry cell.

ISO Focus September 2005 25 Main Focus Providing fire containment standards for today and tomorrow by Peter E. Jackman, Convenor, ISO/TC 92/SC 2/WG 7

he more that human beings congre- gate under one roof for accommo- Tdation, leisure or work the greater is the need to protect them from tragedy. Some tragedies are unpredictable, for example earthquakes, tsunamis, hurricanes, but others are more predictable and possibly preventable, such as cata- strophic fires. This problem is generally addressed by building codes, a major component of which is the construction of barriers to contain fire and to build structures which can resist the impact “New fire protection and the need to consider the third dimen- of fire. Producing common test proce- systems require new test sion of the construction which often pro- dures and methods of calculating how vides gratuitous constraint. Methods of a construction may satisfy such tests is methods.” calculating how these larger three-dimen- the role of ISO/TC 92/SC 2, Fire con- sional constructions may behave have tainment. provide solutions for those countries or needed to be put in place, and who bet- blocks that have yet to generate fire safe- ter to do this than the SC 2 committee, Bridging the gap between ty codes for themselves. which is more aware of the data inputs existing test methods and outputs expected. New test methods Predicting the behaviour of a Testing to prove the fire perform- for new fire protection structure when exposed to real fire (i.e. ance of a construction is costly and time systems where the exposure conditions are the consuming. In pre-standardization days product of the actual fire load and ven- individual countries developed their own The work of ISO/TC 92/SC 2, tilation conditions), remains very much test procedures, each similar to, but irri- however, goes beyond producing har- the responsibility of TC 92/SC 4, Fire tatingly different from each other, mean- monized versions of existing test meth- safety engineering. ing that global manufacturing companies ods. In the recent past it has been recog- Subcommittee 2 has no less than were doing repeat testing on a frequent nized that there are new fire protection eight active working groups, each of basis. Recently, these test procedures systems that require new test methods. which takes responsibility for a differ- have been harmonized within trading Furthermore, there is a recognition that ent aspect of the work. The most estab- regions, such as the European commu- fire severities vary in different applica- lished of these working groups is work- nity, but trading regions on other conti- tions, which require new test procedures ing group 1, until recently under the con- nents, whilst being harmonized within that reflect the different conditions. These venorship of Deg Priest, SC 2 Convenor. a continent, can be different from those new procedures have had to be generat- This working group has been responsi- used in ‘ neighbouring’ continents. ISO/ ed, or adapted by SC 2. Perhaps one of ble for the generation and maintenance TC 92/SC 2 is close to putting in place the biggest challenges was as a result of of the basic fire resistance testing stand- a range of new ISO test procedures for recognizing that the size of the testing ard, ISO 834 ; now being produced in the purpose of containing and resisting facilities in general use restricted the safe multiple parts, following the European fire, which aim to bridge the gap between application of the outputs of these tests. Committee for Standardization (CEN) existing trading blocks with well estab- Many applications could not be tested model which evolved in response to the lished procedures and, at the same time, generally because of the scale of the test legal need for there to be a full suite of

26 ISO Focus September 2005 Standards for a safer world

standards covering every 3009) is the first standard in the world to element of building that consider testing sloped glazing, in rec- is being evaluated in working group 6, may be traded through- ognition of the massive increase in the whereby standard conductors are used out Europe. Working use of glass in buildings worldwide, and in lieu of ‘ real ’ cables and pipes. The group 1 did not, howev- the inevitability that not all of it will be method looks very promising. er, adopt the European used vertically. Similarly, recognizing Working group 8 has been formed draft standards without the growing use of intumescent seal tech- at the request of the petro-chemical indus- change. It recognized nology in the design and construction of try. In this industry, the fire exposure can that many of the tests fire doors, working group 3 has recent- be magnitudes greater than those expe- were unduly compli- ly published ISO 12472:2003, which is rienced in normal building fires and the cated because each pro- a method for evaluating the efficacy of group has produced a harmonized ‘ jet- cedure was required to intumescent door seals. fire ’ test that simulates the fire attack incorporate the specif- from ruptured petroleum pipework. This ic requirements of each “ Should any country in the is probably the most spectacular test from member state in Europe within SC 2’s arsenal of fire tests. – thus making the stand- world look to put standards What of the other working groups ; ards unwieldy for inter- in place to support its working group 2 and working group 7 ? national use. Each stand- own fire safety codes, it Neither of these committees have respon- ard was therefore re- sibility for any sector of test methods. worked to produce a should not need to look any Working group 2 is the committee charged method that could be further than ISO for such with the responsibility for generating more easily adopted by test methods.” calculation methods for use when test- any of the ISO member ing is impractical, or even impossible. countries around the It has produced a number of technical Buildings worldwide are seeing world. In many cases, reports, giving guidance on the genera- an increase in the use of ductwork, either the changes made have been fed back tion of data for modelling purposes or for heating buildings in the northern cli- into Europe to be considered in the first even harmonizing methods of calcula- mates or cooling buildings in the southern revision of the EN standards. The latest tion. Working group 7, the authors’ own or equatorial regions. Preventing these standard to be undertaken by working working group is the one looking to the ducts from compromising any attempt group 1 is ISO 834 : Part 10 which is a future. The current test methods, the to contain a fire is the responsibility of special method for evaluating the contri- instrumentation and criteria have their working group 4. Their responsibility is bution that intumescent protected coat- roots many decades ago. The World to ensure that there are common world- ings make to the fire resistance of steel Trade Centre and the more recent Madrid wide tests for both ducts and dampers. structural members. fire, for example, show how the technol- Working group 4 has had to move with Fire test methods for fire doors, ogy may be lagging behind. Working the times and it has recently published a and more recently fire resisting glazing group 7 is making recommendations for method for evaluating intumescent damp- has been the responsibility of working bridging the gap for the future. ers, a brand new and very effective tech- group 3. While the test for fire doors The catalogue of standards under nology for stopping the spread of fire in (ISO 3008) is a simplified version of the SC 2’s control is now extensive and, while ducts. (ISO 10294: Part 5). EN test, the new test for glazing (ISO it continues to keep its portfolio up to Working group 5 is charged with date, should any country in the world the task of producing a test procedure for look to put standards in place to sup- roofs, with the objective of either keep- port its own fire safety codes, it should About the author ing fire in, or out. Dr Tamás Bánky of not need to look any further than ISO Hungary has the difficult job of trying for such test methods. Peter E. to achieve a common test when there is Jackman is not a common philosophy. Technical Like ductwork, all buildings now Director of experience a massive increase in the use International of services and working group 6 is gen- Fire Consultants erating standards that evaluate the degree Ltd (United of compromise that these services cause Kingdom) and in addition to being to the fire containment strategy. Initially, the Convenor of the working group is working on adopting working group 7 the draft CEN methods, but because the he has attended ISO/TC 92/SC 2 working services themselves vary so much among group meetings continuously since 1975. ISO members, a brand new approach

ISO Focus September 2005 27 Main Focus

endorsed this initiative and recommended Image safety – that JISC hold a meeting aimed at estab- new biological lishing an International Workshop Agree- risks in the IT age ment (IWA). by Ken Sagawa, Group leader of Accessible Design Group, and Hiroyasu Ujike, Group leader of Multimodal Interaction Research Krieger © P. Group, National Institute of many more similar inci- Advanced Industrial Science and dents are likely to have Technology (AIST) occurred.

mage safety is an urgent new issue Children at risk of the information technology age. IScreen images such as those in vid- One of the more eo games contain lots of rapidly chang- serious aspects of the image safety issue ing scenes and flashing lights to enhance is that children are likely to be affected This was the right decision, as the feeling of thrill, speed and excitement. by this type of hazard, and more likely to there was no relevant Technical committee But how do they affect those viewing suffer recurrent effects. There is no doubt or Subcommittee in ISO to discuss this the image ? Are there any psychological that we need to establish a rule to guide issue, and it is timely to apply the IWA or physiological effects ? This problem both image producers and viewers, to deliverable to this urgent problem. was not much discussed before highly promote greater safety in the enjoyment During 7-9 December 2004 in advanced images and displays became of screen images. Tokyo, the International Workshop on available. But the growth of image pro- And so, Japanese Industrial Stand- Image Safety, organized by JISC and the duction companies and their high volume ards Committee (JISC) proposed a new National Institute of Advanced Industrial of striking images make this problem a work item to ISO Committee on consum- and Science and Technology (AIST) was reality of daily life. er policy (COPOLCO) in 2002, to con- attended by some 100 delegates, includ- Almost all children like video sider developing an evaluation system for ing COPOLCO Chair Caroline Warne and games. But they are exposed to whatev- image hazards and enhancing consumer a number of technical experts and other er risks the images present, whilst being awareness of the safety issue. COPOLCO interested parties. The focus was on : themselves unaware of potential risk. Image safety is a matter of protecting people, especially children, from any unde- About the authors sirable physiological and psychological effects of viewing images presented on Ken Sagawa is Hiroyasu Ujike a Group leader is a Group leader screens such as videos, games, the inter- of Accessible of Multimodal net and other electronic displays. Design Group, Interaction Re- Evidence of potential hazard has National Institute search Group, grown in the past decade. In 1993, a TV of Advanced National Institute commercial in the United Kingdom con- Industrial Science of Advanced tained flashing images that caused pho- and Technology Industrial Science tosensitive seizures in three people who (AIST), Tsukuba, and Technology watched it. In 1997 a TV animation pro- Japan. He is a (AIST), Tsukuba, gramme in Japan affected more than 700 vice-president of the International Com- Japan. He is a bachelor of engineering in robot- children with similar photosensitive sei- mission on Illumination (CIE). His major ics and a doctor in engineering on human lens zures, requiring them to consult doctors. field is visual psychophysics in photome- accommodation. His research on parallactic try and colorimetry, and most of his recent depth perception had triggered his interest in Recently in Japan 36 junior high-school studies concern age-related changes in the interaction between visual and non-visual students among 300 who were watching visual functions and evaluations of the information, leading him to work on visually- a video with a high content of fluctuating visual environment for the elderly. Mr. induced motion sickness in 2002. His research scenes on a large screen experienced Sagawa contributes to ISO/TC159, Ergo- work on motion sickness has mainly focused symptoms of motion sickness. These nomics, and is a member of the Japanese on types of optic flow and velocity, which are only three widely reported incidents; committee on consumer policy. are more effective in motion sickness.

28 ISO Focus September 2005 Standards for a safer world

• General aspects of image safety (background, problems, current situation) • Three technical aspects of image hazards (photosensitive seizure, motion sickness, and visual fatigue from 3D- images) • What ISO could do. All present were agreed that there was no doubt of the importance of the image safety issue and that some standard may be needed to address it. Howev- er, the discussion did not agree on technical items. The workshop served as a starting point, with most of the problems raised left in abeyance.

Striking a balance One of the difficult problems is how to strike an appropriate balance between the interests of image producers and image viewers. Any future standard on image safety should address this problem by being firmly grounded in scientific knowledge on the safety of images. Recognizing these problems, the IWA on image safety (IWA 3) was edit- ed after the workshop and will be published soon. IWA 3 clearly addresses the © Grace Nielsen importance of this issue for both industry and consumers and calls for future work toward standardization in ISO. Consumers “ Consumers, whether from It is of note that similar work has a developed or developing been done in the International Telecom- depend on safety munication Union (ITU) which recently country, depend on safety published “ Guidance for the reduction of standards standards to prevent them photosensitive epileptic seizures caused and their families from by television ”. Currently, this is the only existing international recommendation in being harmed or injured.” this area and it deals only with photosen- by Elizabeth Nielsen, Convenor sitive seizures. It is clear we need guide- of COPOLCO’s working group tion. For trade to be successful, the needs lines for other aspects of image safety, on product safety and member of both parties involved in the process such as motion sickness and visual fatigue of the Standards Council of must be satisfied. from 3D images, which may affect many Canada’s CAC COPOLCO Every aspect of a consumer’s life more people than seizures. is touched by standards from the toys their Since the JISC proposal to tandardization provides a range children play with, to the sports helmets COPOLCO in 2002, the image safety of benefits to producers from the they wear and the products they use to issue has gained attention from many Selimination of technical barriers carry out a multitude of household tasks interested parties in industry, broadcast- to trade to a reduction in costs and an each day. Consumers, whether from a ing and amongst consumers. The first increase in product innovation. Moreo- developed or developing country, depend stage of the discussion is almost com- ver, it also plays another important role on safety standards to prevent them and plete ; a second stage awaits. The JISC is in protecting the health and safety of their families from being harmed or now considering the proposal of a new those who buy and use the products pro- injured. They, therefore, expect a high work item in ISO to further discuss this duced. Consumers like producers are an level of safety in the products they buy, new image safety problem. essential component of the trade equa- irrespective of where, when or by whom

ISO Focus September 2005 29 Main Focus

350 550 000 Face protectors and visors for Ice hockey players (CAN/CSA-Z262.2) 300 500 000 First edition Second edition Third edition 250

200 450 000

150

400 000 Players/Year Injuries/Year

100 350 000 50

0 300 000 72/73 77/78 80/81 83/84 86/87 89/90 92/93 95/96 98/99 00/01 Total eye Eye injuries resulting injuries in blindness that a child of this age will instinctively place any toy in his/her mouth. In order About the author Canadian Hockey Association registered ice hockey players to ensure this toy will not injure the child, the manufacturer must make the product Dr. Elizabeth Nielsen has been Ice hockey eye injuries in Canada big enough so that it can’t be swallowed, involved in (Sources : Dr. T. Pashby, 2002, use materials that do not leach out toxic Canadian Hockey Association, 2002) © CSA improving the substances when in contact with saliva safety of products and eliminate any sharp edges that may since the late the products were made. Unfortunately, result in cuts or gashes. 1970s. As a product related injuries continue to be a Practical experience has shown Canadian worldwide problem particularly among that safety standards can lead to reduced Government the young and the elderly. frequency and severity of injuries among scientist, regulator consumers. For example, the Canadian and policy ana- lyst, she has been responsible for testing Addressing all potential Standards Association (CSA) developed safety standards for face protectors used consumer products and radiation emitting devices for compliance with safety regula- hazards by hockey players. As illustrated in the tions and standards, and for the development Safety standards, that follow a chart produced by CSA, the number of of such regulations, legislation and holistic approach by addressing all the reported hockey eye injuries in Canada standards. hazards associated with a product and has dropped from 290 per year when Recently retired from Health Canada, are accepted and used internationally, the standard was published to less than Elizabeth Nielsen continues to contribute have a significant role to play in meet- 10 today. Through the same period, the to the work of the Standards Council of ing consumers’ expectations. The lack number of players has increased signifi- Canada and the Canadian Standards Asso- of such standards can result in increased cantly. Similarly, the development of child ciation (CSA). She is a member of the injuries, expensive product recalls and the resistant packaging safety standards has Canadian Advisory Committee to COPOLCO, the Canadian National loss of consumer confidence in a prod- resulted in 72 percent fewer Canadian children being hospitalized for poison- Committee of the International Electro uct or brand name. The importance of technical Commission, convenor of ings in 2000 than in 19831). addressing all the potential hazards asso- COPOLCO’s Working Group on Product ciated with a product is obvious in this Safety and the CSA Consumer Represent- illustration of an infant playing with a toy. 1) Health Canada and Canadian Institute of ative on the committee responsible for the Child behavioural studies have determined Health Information, 2001. safety of electrical products.

30 ISO Focus September 2005 Standards for a safer world

Guidance on the 71 which provide guidance on safety assessment of risks requirements for products in general needs of older persons and people with throughout the product and specific requirements for children disabilities among product designers, and seniors. lifecycle manufacturers, and those who develop product standards. One of the main problems iden- Improving product safety In order to address the issues tified with respect to safety standards is standards raised and achieve the goal of prevent- the reactive nature of the standards devel- ing unsafe products from being manu- opment process. Instead of being proac- In order to address the continuing factured and sold, the working group tive and preventing unsafe products from concerns of COPOLCO members about made a number of recommendations being manufactured or sold, the stand- product safety a working group on prod- which were approved by COPOLCO ards development process often starts uct safety was established in 2002. This including: group identified many issues including after the product has entered the mar- Rationales that explain why certain ket or has injured someone. The tradi- the need: to raise awareness about safety issues among standards developers, safety levels or test procedures were tional vertical-product sector approach chosen and the evidence on which the to standards development is one of the designers and manufacturers; to establish a mechanism to manage product safe- decisions are based be available to factors that contribute to this reactive those using or revising a standard; situation. With the number of new prod- ty issues in a proactive and horizontal manner; for ISO to establish a forum to ucts and technologies that are enter- Recommending to ISO that ISO/IEC address gaps in safety standards for con- ing the marketplace, it is very difficult Guides 50, 51, and 71 be made avail- sumer products; and to improve the use for any standards system to effectively able to the public and those writing and understanding of Guides 50, Safe- respond to the new products or classes standards since committee members at ty aspects – Guidelines for child safety, of products in a timely fashion. the international, regional and nation- 51, Safety aspects – Guidelines for their To address this problem, con- al levels do not have easy access to inclusion in standards and 71, Guide- sumer representatives recently recom- these guidance documents; lines for standardization to address the mended that ISO consider the develop- Preparing a detailed justification paper ment of a consumer product manage- “The standards for the development of a Consumer ment guide or standard. The purpose Product Safety Management Guid- is to provide suppliers with guidance development process ance Standard or Guide that assists on the assessment of risks associated should serve to prevent those responsible for the safety of with consumer products and their man- unsafe consumer products consumer products in assessing and agement throughout the product life- managing the risks associated with cycle. It necessitates a shared respon- from being designed, their products, and sibility and sustained commitment by manufactured and sold and producers, distributors and retailers Including in the justification paper to ensure that safety issues are iden- to ensure that all potential criteria for the safety risk assessment tified at the design stage, that produc- hazards associated of consumer products and the results tion controls are established and that with the product are of consultation with appropriate bod- corrective actions are implemented at ies. any stage in the process when a safety addressed.” In conclusion, when standards are issue is identified. © P. Granier being developed, the safety needs, use To ensure that the voice of patterns, and abilities of consumers consumers is expressed and heard in must be considered. The standards the development of ISO standards, development process should serve to ISO established the Consumer Poli- prevent unsafe consumer products cy Committee (COPOLCO) in 1978. from being designed, manufactured COPOLCO is involved in identifying and sold and to ensure that all poten- the concerns of consumers and pro- tial hazards associated with the prod- viding advice and recommendations uct are addressed. While it is easy to ISO on how to address them. Over to criticize the delays and tradition- the past 25 years, COPOLCO mem- al approach used to develop product bers have taken an active interest in standards, substantial progress has improving product safety standards. been made and I am convinced that, The Committee has taken the lead or if not for the existing system, the safe- played a major role in the develop- ty of consumers would be complete- ment of ISO/IEC Guides 50, 51 and ly overlooked.

ISO Focus September 2005 31 Main Focus Protecting vital sites with new clean fire extinguishing systems

by Barry Lee OAM, Chair ISO/ TC 21/SC 8, Gaseous media and firefighting systems using gas

ollowing five years of outstanding international collaboration, ISO F 14520, Gaseous fire extinguishing systems – Physical properties and system design, was published in 2000. It is a 14-part Standard, with Part 1 covering general requirements and Parts 2 through 14 dealing with agent-specific requirements. This work was necessitated by the phase-out of Halon 1301, bromot- rifluoromethane, a versatile and widely used ‘ clean ’ fire extinguishing agent introduced in the late-1960s. Production of Halon 1301 ceased a decade ago following recognition that it was an ozone depleting substance (ODS). The demise of Halon 1301 was anticipated in 1987 when 24 countries signed the Montreal Protocol 1). Legislation subsequently scheduled the phase-out of ODSs. Some- what unexpectedly, Halon 1301 proved to have the highest ozone depletion potential of any man-made ODS.

New agents, no damaging residues A number of new products have been developed as alternative fire extinguishing agents. Many of these have attributes similar to Halon 1301 includ-

1) The Montreal Protocol on Substances that Deplete the Ozone Layer was negotiated and signed by 24 countries and by the then European Economic Community in September 1987. It called for the parties to phase out the use of CFCs, halons and other man-made ODSs. It has been described by UN Secretary General Kofi Annan as “ Perhaps the single most successful international agreement to date.”

32 ISO Focus September 2005 Standards for a safer world ing low toxicity to humans, nil electri- meric sheet fuel array fire tests involving cal conductivity and ‘ clean ’ character- Polymethylmethacrylate (PMMA), Poly- istics, that is, they leave no damaging propylene (PP) and Acrylonitrile-Buta- time dimension to the safe exposure cri- residue. These attributes are particular- diene-Styrene (ABS)). These tests are teria – a dimension that has not thus far ly important in the case of gaseous fire designed to more closely represent plas- been a consideration with the gaseous extinguishing systems protecting such tic fuel hazards such as may be encoun- Halon alternatives. mission-critical hazards as telecommu- tered in information technology, telecom- Several agent-specific Parts have nications facilities, control centres, communications and process control facili- been withdrawn on the basis that the extin- puter rooms and Uninterruptible Pow- ties. The special case of grouped power guishing media have not been commer- er Supply (UPS) plant. They are also in or data cables is also addressed. cialised, and a new agent-specific Part demand for the protection of archives, (5) has been introduced to cover FK-5- art storage vaults and similar water dam- Testing 1-12 dodecafluoro-2-methylpentan-3- age-susceptible hazards. Clearly, it is and the environment one systems. important to users and those who spec- Systems practitioners generally ify such fire protection systems to know ISO contribution to that they are being designed to appro- agree that full-scale discharge is the most priate global standards. ISO 14520 sat- effective way of proving all aspects of a safer world isfies that need. system design and function. Of course, Finally, it should be noted that the with certain extinguishing agents, envi- new agent-specific FDIS Parts include “ It is important to users ronmental factors militate against this. only extinguishing concentration values ISO 14520 states that a discharge test is determined in accord with ISO 14520 and those who specify … generally not recommended but concedes test requirements. Heptane, wood crib, fire protection systems to that ‘ a discharge test may be conducted PMMA/PP/ABS and a range of other know that they are being if acceptable to the authority ’. The intro- fuels are included. Viewed across all duction to ISO 14520 notes in part that, Parts, the new ISO/FDIS 14520 prob- designed to appropriate ‘ new elements to eliminate the need to ably contains the most comprehensive global standards. ISO release extinguishants during testing and up-to-date data on ‘ clean agent ’ extin- 14520 satisfies that need.” commissioning procedures are includ- guishing concentrations currently avail- ed ’. These are linked to the inclusion of able – once again developed through a enclosure integrity testing (the so-called global inter-laboratory cooperative effort. It accomplishes this by specify- ‘ door fan test ’). Completed in parallel with CEN work, ing requirements for the design, instal- ISO 14520 requires not only that this is a further example of ISO’s con- lation, testing, maintenance and safety effective extinguishing concentrations tribution to a safer world. of gaseous fire extinguishing systems be achieved, but also that they be main- in buildings, plant or other structures. tained for a sufficient period of time to It also details the characteristics of the allow effective emergency action. This various extinguishants and the types of is known as ‘ hold time ’ and may be fires on which they are effective. Accord- predicted by a door fan test ; this test ingly, it is addressed to architects, engi- has been restructured in the new edi- neers, insurers and specialist contrac- tion to accommodate lighter-than-air About the author tors concerned with the specification, gases and to deal with odd-shaped haz- design, installation, testing, approval, ard enclosures. Barry M Lee, inspection, operation and maintenance OAM, Dip Mech of such systems. Safe human exposure E, FI Fire E limits (Lond), MRSH, is Plastics as fuel hazards a Fellow of the The new edition also includes Society of Fire The second edition of ISO 14520 an annex dealing with safe personnel Protection Engi- has reached Final draft International exposure guidelines based on physio- neers, USA. He is Standard (FDIS) stage and is expect- logically based pharmacokinetic (PBPK) technical consultant (formerly ed to be published in 2006. It will com- modelling as an option for determining technical director) Tyco International Pty prise 12 parts, 11 of which are agent- allowable exposure times for halocarbon Limited and past president of the Australian specific. agents. The PBPK model represents a Industrial Research Group. He is a member – As foreshadowed in the 2000 edi- scientific approach to determining safe at board level – of numerous technical and tion, the fire test procedures have been human exposure limits, with respect to professional bodies in Australia. He is Chair extensively revised to include tests rep- both concentration level and exposure of ISO/TC 21/SC 8, Gaseous Fire resentative of plastic fuel hazards (poly- time. Its importance is that it adds the Extinguishing Systems.

ISO Focus September 2005 33 Main Focus Management of food safety in the supply chain

by Jacob Færgemand, convenor and project leader of ISO/TC 34, Food products, WG 8, Food safety management systems, and Dorte Jespersen, secretary of the WG, the Danish Standards Association

ood safety hazards may be introduced at any stage of the food chain, F and adequate control throughout that chain is therefore essential. Food safety is a joint responsibility of all the parties participating in the food chain. Unsafe food can be dangerous and costly. ISO 22000, Food safety management systems – Requirements for any organization in the food chain, aims at ensuring that there are no weak links in the food supply chain. ISO 22000 sets requirements for food safety management systems and can Communication with customers ard analysis to determine the strategy be applied to all types of organizations and suppliers, based on the information for hazard control. within the food chain, ranging from feed generated through systematic hazard producers, primary producers, food man- analysis, will also assist in establishing What are the benefits ufacturers, transport and storage operators customer and supplier requirements in for users? and subcontractors to retail and food ser- terms of feasibility, need and impact on vice outlets – together with inter-related the end product. Organizations implementing the organizations such as producers of equip- • System management standard will benefit from : ment, packaging material, cleaning agents, • additives and ingredients. The most effective food safety sys- organized and targeted communica- tems are designed, operated and updat- tion among trade partners ; What is the standard ed within the framework of a structured • optimization of resources (internally management system and incorporated and along the food chain) ; about ? into the overall management activities • improved documentation ; ISO 22000 combines generally of the organization. This provides max- recognized key elements to ensure food imum benefit for the organization and • better planning, less post-process safety along the food chain : interested parties. ISO 22000 is aligned verification ; with the requirements of ISO 9001:2000 • Interactive communication • more efficient and dynamic control in order to enhance the compatibility of of food safety hazards ; Clear communication along the the two standards and to ease their joint food chain is essential to ensure that all or integrated implementation. • all control measures subjected to relevant food safety hazards are identi- hazard analysis ; fied and adequately controlled at each • Hazard control • systematic management of prerequi- step. This implies communication of ISO 22000 combines the HACCP1 site programmes ; the needs of the organization to organi- principles and application steps, devel- zations both upstream and downstream oped by Codex Alimentarius, with pre- • wide application because it is focused in the food chain. requisite programmes. It uses the haz- on end results ;

34 ISO Focus September 2005 Standards for a safer world

• valid basis for taking decisions ; as the Confederation of the Food and Drink Industries of the European Union • increased due diligence ; ISO/TS 22003, which will be (CIAA), Codex Alimentarius Commis- available in the first quarter of 2006, • control focused on what is necessary; sion, CIES/Global Food Safety Initia- is being developed by a joint working and tive, and World Food Safety Organiza- group JWG 11, Requirements for bod- tion (WFSO). • saving resources by reducing over- ies providing audit and certification of lapping system audits. food safety management systems, of ISO/ “ Unsafe food TC 34, Food products, and the ISO committee on conformity assessment (CAS- What are the benefits for can be dangerous and CO). Experts from 22 countries are par- other stakeholders ? costly.” ticipating in the joint working group in Other stakeholders will bene- liaison with the International Accredita- fit from : To increase the acceptance of tion Forum (IAF) and IQ-NET. ISO 22000, the Association Française

• confidence that the organizations de Normalisation (AFNOR) proposed a which are implementing ISO 22000 technical specification intended to assist “ISO 22000 can have the ability to identify and con- certification bodies. The purpose of the be applied to all types trol food safety hazards. ISO/TS 22003, Food safety manage- of organizations within The standard adds value ment systems – Requirements for bod- the food chain.” because : ies providing audit and certification of food safety management systems, is to

• it is an auditable standard with clear provide the necessary information and ISO/TC 34 is also preparing an requirements ; confidence about the way in which the important standard ISO 22005, Trace- • it is internationally accepted ; certification of an organization’s food ability in the feed and food chain – Gen- safety management system has been eral principles and guidance for system • it integrates and harmonizes various conducted. This technical specification design and development, which will existing national and industry-based will provide harmonized guidance for shortly be circulated as a Draft Interna- certification schemes ; the accreditation of certification bodies tional Standard. • food processing industries are wait- and define the rules applicable for the ing for this standard ; audit of a food safety management system complying with ISO 22000. • it is aligned with both ISO 9001:2000 and HACCP 1) ; • it contributes to a better understanding and further development About the authors of HACCP. Dr. Jacob Mrs. Dorte Jes- Færgemand, a persen, a chem- The ISO 22000 Family food engineer, ical engineer, graduated from graduated from ISO/TS 22004, Food safety man- Aalborg Techni- the Technical agement systems – Guidance on the cal University, University of application of ISO 22000:2005, will be Denmark. Since Denmark in published shortly to give guidelines on 1994, he has 1992. Since implementing the standard, with par- worked with 1994, she has Bureau Veritas ticular emphasis on small and medium worked with the BVQI Denmark as lead auditor for ISO Danish Standards Association (DS) as sized enterprises. ISO 22000 and ISO/ 9000 and HACCP (DS 3027) and hygiene project manager. She is secretary of a TS 22004 were developed by working inspector for BRC. In 1996, he became number of national standardization com- group WG 8, Food safety management Food Sector Manager, and in 2002 Sales mittees in the areas of food, laboratory systems, of ISO technical committee Director BVQI Denmark. He is responsible equipment and medical devices. ISO/TC 34, Food products. Experts from for Bureau Veritas BVQi activities world- E-mail [email protected], Web www.ds.dk1 23 countries participated in the working wide on BRC inspection and HACCP certi- group together with many international fication to DS 3027. He chairs the Danish organizations having liaison status, such food safety standardization group. In 2001, he launched the development of ISO 22000, E-mail: jacob.faergemand@dk. 1) Hazard Analysis and Critical Control Point. bureauveritas.com, Web www.bvqi.dk

ISO Focus September 2005 35 Main Focus

Managing security in the whole supply chain

by J.F.F. Becker, TNO, Netherlands expert member, Working Group on Security of ISO/TC 8

hat is the one thing that can bring together an airline, an W airport, the largest container port in Europe, a brewer, a shipping company and a coffee retailer ? The answer is – a highly developed sense of the need for corporate security. Security not only of the type experienced by today’s air traveller at the departure gate or, latterly, by users of Risk-based approach that have adopted a process approach metro trains – but security in the widest to management systems, such as ISO sense. Security that deals with all aspects ISO Publicly Available Specifi- 9001:2000, may be able to use their of a company’s activities and the integri- cation (PAS) 28000 * prescribes secu- existing management system as a foun- ty of the procedures that provide it with rity procedures. It is a generic man- dation for the security management sys- raw materials and other inputs, produce agement specification that enables any tem of PAS 28000. its goods and services and deliver those organization, large or small, in any sec- The specification describes six goods and services to their destination. tor of activity, to establish an overall sup- interrelated elements of a security man- We are looking at security of the whole ply chain security management system. agement system. Section 4.1 states ‘ Gen- supply chain. The procedures require the organization eral Requirements ’. Following sections Representatives of all the varied to assess the vulnerabilities in which it elaborate on ‘ Policy ’ issues, ‘ Security corporate activities in the supply chain operates and to determine if adequate risk assessment and planning ’, ‘ Imple- are members of PROTECT, a project security measures are in place and reg- launched by the Netherlands to address ulatory requirements are satisfied. For supply chain security issues. Research any security needs identified by this pro- members include the Dutch industry orga- cess, the specification instructs the orga- About the author nizations of shippers, transport compa- nization to implement mechanisms and processes to meet these needs. J.F.F. Becker nies and logistics service providers, Port MSc (Justus, of Rotterdam, Dutch customs, Erasmus 1978) is consult- University of Rotterdam, BCI and TNO. “ The stakes are high ant logistics and Supply chain security can thus be stud- and the need for transport at the ied from door-to-door : from brewer via Netherlands container ports, shipping line and haul- standardization work Organisation er to retailer. The need for standardized grows, daily.” for Applied security procedures is the reason for par- Scientific ticipation in the security working group PAS 28000 is based on the format Research (TNO) since 2001. He established under the aegis of ISO tech- adopted by ISO 14001:2004, because is work package leader in PROTECT, a nical committee ISO/TC 8, Ships and of its risk- based approach to manage- Dutch TRANSUMO project (2005-2008) marine technology. The stakes are high ment systems. However, organizations for Dutch parties on security in interna- and the need for standardization work tional supply chains. For the European grows, daily. * ISO 28000 was prepared by TC 8, Ships and Union, he performs research on a Europe- marine technology, in collaboration with other an transport security policy and the Inte- TCs responsible for specific nodes of the supply grated Surveillance of Crowded Areas for chain. Public Security.

36 ISO Focus September 2005 International Organizations involved in the development Standards for a safer world of ISO/PAS 28000 mentation and Operation ’, ‘ Checking & IMO (International Maritime Organ- corrective action ’, and ‘ Management ization), IAPH (International Asso- Threats and Review ’ – as in the figure opposite. ciation of Ports and Harbours), ICS countermeasures (International Chamber of Shipping), Better decisions WCO (World Customs Organiza- The user’s security plan will : tion), BIMCO (Baltic and Interna- • Identify the threats posed. That is, ISO/PAS 28001 – which is close tional Maritime Council), several the security scenarios. to publication - details the procedures IACS (International Association of prescribed in PAS 28000. But PAS Classification Societies) members, • Determine how likely it is that a per- 28001 should be seen only as one way our MoU partners, SCST (Strategic son, attempting to identify particular to achieve security management of a Council on Security Technology) and security scenarios in the supply chain, supply chain. A company can choose our Category A liaisons with ITN would encounter them. This deter- its preferred method for complying with (International Innovative Trade Net- mination is made by reviewing the PAS 28000. For example, shipping com- work) and WSC (World Shipping current state of security in the sup- panies may wish to apply PAS 20858 as Council). ply chain and, based on the finding a start, since this standard can be used of that review, professional judgment as guidance to implement the Interna- is used to postulate how vulnerable tional Ship & Port Security (ISPS) code. • A security assessment report - docu- the supply chain is to each security Such other methods may require addi- menting the vulnerability of the sup- scenario. tional actions – and full conformity to ply chain to defined security scenari- • For a supply chain considered reason- PAS 28000 needs to be verified. os. It also defines the impact expect- ably vulnerable to a threat with severe ed from each of the threat scenarios if consequences, develop additional they occur. “ Based upon a system of procedures or operational changes to priorities, countermeasures • A training programme to enable supply reduce the likelihood of the threat, the can be incorporated into chain personnel to meet any assigned consequences of the threat, or both. security related duties. These are called countermeasures. the security plan to reduce Based upon a system of priorities, the threat to a manageable countermeasures can be incorporat- level.” ed into the security plan to reduce the threat to a manageable level. ISO/PAS 28001 is thus designed to establish reasonable and documented levels of security operations within international Policy supply chains. Organizations can 4.2 then make better risk-based deci- Managementreview sions for the security of both intra- 4.6 firm supply chain operations and inter-firm goods flows. The specification is therefore important for Security three major stakeholders: industries, logistics providers and Management governments. Application System Security risk of PAS 28001 Checking andn assessment and will produce : corrective actio4.5 planning 4.3 • A security plan that describes measures in place to manage exist- Implementation ing threats. and operation 4.4 • A statement of coverage that defines the boundaries of the portion of the supply chain Security management system covered by the security plan. elements

ISO Focus September 2005 37 Developments and Initiatives

Third ISO Conference for Technical Committee and Subcommittee Chairs Geneva, Switzerland

Putting Passion into Practice the Standard Makers’ third ISO Conference

ollowing the initial words of confer- ISO meetings take place at the rate of and good practices. Standards were the ence moderator Kevin McKinley, over 10 per day in different parts of the building blocks of quality. Global reach F ISO Deputy Secretary-General, world. Between meetings the experts and competitiveness could be obtained further speakers at the 3 rd ISO Con- continue the standards’ development only through quality assurance. She ference for technical committee and work through information and commu- pointed out that services now represent subcommittee chairs, held in Geneva nication technology (ICT) tools. 70 percent of the world economy and on 16-17 June, also referred to the pas- Because this system is decentral- were no longer “ soft ” subjects. They sion with which makers of International ized, ISO instituted periodic conferences demanded an approach in which qual- Standards approach their work. But all for the chairs of its technical committees ity was embedded. agreed on the need to channel that pas- and their subcommittees to offer a chance sion into making the ISO system glo- of face-to-face exchanges of views, expe- A motivated, efficient bally relevant and efficient – the con- riences and ideas with their counterparts and peaceful “ army ” ference theme. from other committees. ISO’s current portfolio of more ISO Vice-President (technical In his own welcome, ISO Secre- than 15 000 voluntary standards is the management) and Chair of the Techni- tary-General Alan Bryden identified the output of some 50 000 experts, coming cal Management Board (TMB), Mrs. actions taken by ISO over the last three from stakeholders in business, govern- Ziva Patir, welcomed delegates with a years “ to better position itself as the lead- ment, international organizations, con- challenge to ensure that standards do not ing platform for the production of glo- sumer associations and other groups, become an impediment to progress, but bally and market relevant International working in over 3 000 technical bodies remain “ the bright side of globalization ” Standards, covering products, services, under 177 active technical committees. and a vehicle to disseminate innovation and management and business practices.”

38 ISO Focus September 2005 Alan Bryden saw a growing demand for The value of time Mr. Bélisle welcomed the ISO and growing production of, standards, 2005-2010 Strategic Plan which he qual- Conference organization recog- against a background of increased glo- ified as clear and useable. He had praise nised the fact that delegates’ time has a balization and a need for increased secu- for the ISO initiative aimed at develop- high personal and business value. Dur- rity that should not itself become a new ing countries – “ the one raison d’être of ing the two days, Chairs were given at barrier to trade. The ISO/WTO interface my organization, the ITC, is to help the least as much opportunity to network was changing in scope and importance, developing world export more. That is and interact on a “ one-to-one ” basis with the emergence of ever larger mul- simple to state but difficult to do. The with each other and with Central Sec- tinational companies ; trade in services ISO is reaching out to the developing retariat staff as to listen to and take part (cf. WTO-GATS) would become a larg- world in ways that complement the work in formal working sessions. er part of the daily dialogue. of the ITC. In order to sell more to the Those formal sessions were developed world, less developed coun- arranged around six themes, each with tries need to use International Standards its moderator, rapporteur and from three “ ISO’s current portfolio – a fundamental part of the process of to six presenters ; no working session last- eliminating non-tariff barriers to trade of more than 15 000 ed more than 90 minutes and times were in the WTO.” strictly adhered to – without serious cur- voluntary standards is The initial refusal of the EU to tailment of the vital question and answer the output of some accept sardines from Peru as an accept- periods. It is at least conceivable that ele- able use of the name was a useful illus- 50 000 experts.” ments of ISO’s own 9000 series on qual- tration of overcoming non-tariff barri- ity assurance went into the crispness of ers to trade. The EU eventually aligned the overall planning and execution. Providing ISO with a “ platform itself with CODEX definitions. for performance ” had become a prin- The chronology of the two days cipal aim of Alan Bryden’s tenure. The took attendees through ISO 2005-2010 Strategic Plan “ Stand- Managing the technical ards for a sustainable world ” was central work, Global relevance to this and recognized three vital pillars (a relatively new initia- of enhanced performance : the 153 mem- tive), Developing coun- bers of ISO, the 177 technical commit- tries and stakeholder tees and the 150 staff in Central Secre- engagement (another tariat services and support. initiative of recent vin- Alan Bryden outlined four other tage), Using IT from major recent initiatives : the ISO Code of development to deliv- Ethics ; the ISO Five Year Action Plan for ery, Communication Developing Countries ; the ISO Policy for and promotion, to Cen- global relevance ; the deployment of a tral Secretariat servic- communication plan designed to enhance es and support. Many ISO’s profile with governments, indus- of the sessions covered try and civil society at large. old ground but in the The theme of communication in light of new imperatives all its forms – through Joint Working for speed and relevance. Groups, through ISO’s connections to Something new emerged the outside world including the World from all the sessions. Economic Forum, through IT and publications such as the magazines ISO Focus Sardines from or ISO Management Systems – was cen- From left to right : ISO Deputy Secretary-General Kevin McKinley, ISO Peru Secretary-General Alan Bryden, ISO Vice-President (technical) Ziva Patir tral to Alan Bryden’s closing remarks, and J. Denis Bélisle, Executive Director, International Trade Centre. following two days of intensive discus- Before the work- sions and interaction. “ I see all of you, ing sessions got under- Technology transfer was achieved involved in meeting the world’s growing way Mr. J. Denis Bélisle, Executive Direc- through use of standards ; in fact, stand- demand for more relevant International tor, International Trade Centre UNCTAD/ ards offered the lowest cost solution for Standards, as the highly motivated and WTO, stressed the symbiotic nature of such transfers. Lower transaction costs increasingly efficient field officers of a the ISO/ITC/UNCTAD/WTO relation- led to lower development costs. Mentor- peaceful army.” ship, in his keynote address. ISO Chairs ing and twinning – fostered at the multi- were seen as a driving force for world lateral level through ISO – were impor- trade and development in a process where tant tools in transferring knowledge and ITC and ISO need each other. experience.

ISO Focus September 2005 39 Developments and Initiatives

In Mr. Bélisle’s view, government al total GDPs of 119 of the countries on ANSI takes to obtain input on techncial regulators accept International Stand- the World Bank list. So we are looking policy matters. ANSI also holds 25-30 ards if they see that the standards fulfil at a very large figure indeed. bilateral meetings per year with parties their objectives, which are in general to in other countries and that assist in its make all markets as international as pos- formulation of positions for TMB. sible. But he recommended improving From Tradition to The implication seemed to be communication to the boardroom. “ You Innovation emerging that what had become a tradi- must reach out directly to those people tion for ANSI could perhaps become an It would not be possible to hold a amongst the users who assess the bot- innovation for other national standards conference for TC and SC Chairs with- tom line, in any business. So – commu- bodies. But, as was clear from many of out a working session devoted to man- nicate in a non-technical manner and the questions, that challenge depended aging the technical work. Participants convince these people that standards on resources and time. were perhaps confirmed in their view of improve profits.” Trevor Vyze, BSI representative most aspects of the processes. But were to the TMB, United Kingdom, was keen they surprised or challenged ? to demystify the TMB. Everything came Putting a Dollar Sign on A clear distinction had to be made down to what was good for the qual- between the Technical Management Standards ity of ISO standards – with questions Board (TMB) and Technical Commit- concerning TCs, Chairs, members and Standards may improve profits tees (TCs). For the latter, interactions experts derived from that, but against a at the individual corporate level. That with Subcommittee Chairs and Secre- background of the need to secure con- improvement may even be measurable, taries, and Technical Programme Man- sensus. The TMB strives to take reason- accurately. One thing that might convince agers (TPMs) within the ISO Central able consensual decisions, even if it may even more people of the value of stand- Secretariat added three more dimen- seem to imply an added burden on the ards work is the contribution it makes to sions to their way of working which TC leaders at times. national economies and the world econo- could simplify, complicate or even bury Scott Jameson, Chair of ISO/IEC my. Various speakers alluded to this and their efforts, depending on the quality of JTC 1, Information technology and Trevor Ziva Patir quoted some hard data. those interactions. Smith, Chair of ISO/TC 176, Quality The tasks of the TMB included management, identified key messages “ ISO is reaching out to establishment of TCs and allocation of from the Chairs. Perhaps life was easier secretariats. The TMB appointed TC the developing world in for them than for members of the TMB – Chairs. They approved TC titles, scopes ways that complement the but perhaps not. They did not have to ask and programmes. They coordinated and themselves six questions. They merely work of the International monitored. They heard appeals. had to remember to lead and not partici- But against that background the Trade Centre.” pate ; to concentrate on consensus build- TMB had to ask themselves, continuing ; to be a diplomat, a communicator, a In moderating the final working ously, six key questions. What worked ? negotiator, a mediator, an observer and session, she pointed out that DIN had What did not work ? How much was a listener. And, whilst embracing diver- identified an annual standards contribu- implemented ? How much was fulfilled ? sity, they had to communicate, commu- tion worth 1 percent of Germany’s GDP. How many of the predictions were cor- nicate, communicate. That contribution was reckoned to be rect ? How difficult was it to predict the five to ten times more than the contri- future ? bution from patents (intellectual prop- Members of the TMB do not ask I Have a Dream erties). The return on investment from questions in a vacuum. In order to be standards was approximately 25 percent on the TMB they are required in most Mario O. Wittner, Chair of ISO/ – which would be the envy of most com- cases to have broad experience in stand- CASCO, Committee on conformity mercial enterprises. ardization. They consult nationally – and assessment, replied to the observation by It is possible to put a dollar sign on sometimes regionally or internationally. Olivier Peyrat, AFNOR representative to such data, using GDP figures for 2003 – They represent the whole ISO member- Council, France, that he had moved from the most recent year for which the World ship. And they recognise that they need the academic world of exact and natural Bank has published indicators for each advice from stakeholders. Plan Do Check science, to standardization, by remind- of 185 independent countries. One per- Act was becoming a watchword. ing delegates of the past ISO President cent of Germany’s GDP (the world’s Steven Cornish, ANSI representa- Cortopassi 1-1-1 dream. third largest economy, behind the Unit- tive to the TMB, USA, gave participants One standard – One test – One ed States and Japan) is USD 24 billion, a detailed analysis of just how deep the certification. some 6.6 percent of the corresponding process of seeking stakeholder advice It was necessary to provide rules world figure of USD 365 billion. USD 24 in the USA could go. He described the and tools for TC/SCs on global rele- billion is a larger amount than the annu- open and consulatative approach that vance policy and guidance. The impor-

40 ISO Focus September 2005 tant things were avoidance of technical coordinated manner. Under the watchful bers involved, including the develop- barriers to trade, options to reflect mar- eye and sympathetic ear of Rob Steele, ing countries. ket differences and to ensure that stand- SNZ Member of ISO/TMB, three oth- Herman Schipper, NEN mem- ards were market driven. er principals contributed to the debate – ber of Information Technology Strat- Cheryl Stark, Chair of ISO/TC 67, Katie Altoft of the Canadian Standards egies Implementation Group (ITSIG) Materials, equipment and offshore struc- Association, Francisco Verdera Mari – reported on the progress outlined by Bob tures for petroleum, petrochemical and nat- TMB member and Director International Feghali, Chair of ITSIG, ANSI, Ernst- ural gas industries gave delegates “ glo- Relations and Cooperation AENOR and Peter Ziethen, DIN representative to the bal relevance in differing climatic condi- Caroline Warne – Chair ISO Consumer TMB, and Reinhard Weissinger of ISO tions.” The most problematic of climates Policy Committee (COPOLCO). Central Secretariat. They had been kept was the political - which involved all the in order by Elizabeth Stampfl-Blaha, ON questions of social responsibility. “ You must reach out representative to Council. Global relevance itself had to be Behind much of the jargon inevi- exported around the world – to the UN, directly to those people table in the IT world it became clear that IEC, EU and others. A global relevance amongst the users who ISO was already well along a path which conformity assessment set had to be assess the bottom line, led in its daily work to the total elimi- developed. Global relevance should be nation of airmail and FAX, the elimina- considered in business planning. And, in any business. So tion of much of the present e-mail and following the Vienna Agreement (VA), – communicate in a non- telephone traffic and even a fair portion CEN members should be asked to pro- technical manner and of meeting time. The main message to mote ISO global relevance in Europe. emerge was that member bodies should The Cortopassi dream had been convince these people that use the harmonized systems developed replaced by a motto : global standards standards improve profits.” under ITSIG and provide training; then used locally, worldwide. But realisable the enormous potential of ICT could be dreams remained – that of market con- The twinning concept had pro- fully used. The Global directory (GD), as vergence and a global market in a signif- gressed to the point where new groups a database for the management of users/ icant number of goods and services. in TC 207 will have twinned leader- participants in the ISO system, was an ship (from Canada and Brazil) and TC integral part of the changing system. 176 had an approved internal policy Feedback was welcome. Standards for Progress on twinning and was seeking nomina- In reply to the inevitable question on access, it emerged that all but a Eighty percent of ISO members tions for a Vice Chair for the TC and few members have at least first level IT are developing countries or economies SCs. Spain and Tunisia shared a com- capability. More support is in the pipe- in transition. Despite this, ISO member mon interest in the new TC 228 (Tour- line. Developing countries themselves organizations from developing countries ism). A MoU for five years was 95 per- see the necessity to upgrade their ICT hold only 5 percent of the ISO technical cent complete and established twinning infrastructures and are investing in new committee (TC) or subcommittee (SC) principles. Doc TMB 13/2005 provided systems. Then – does the new GD pose secretariats and only 2 percent of the “ Guidance for twinning & Partnership a security threat ? “ Less so than before ISO/TC/SC working group (WG) sec- Arrangements.” – better protection is ensured.” retariats. This is primarily due to a lack The discussion yielded important of funding but also to a lack of informa- points for the way forward: monitoring tion and awareness. of stakeholder involvement – including their actual presence at the table; con- Methods, Plans – and Maureen P. Mutasa, Chair of ISO/ Times DEVCO, Committee on developing coun- sumer guides to be used in committee; try matters and Director General, SAZ, getting to know committee colleagues; The winner of the 2004 Lawrence Zimbabwe, reminded delegates of the avoidance of jargon; writing participa- D. Eicher Leadership Award was SC 2, ISO Five-Year Action Plan for develop- tion guides; recognising that participation Quality system, of ISO/TC 176, Quali- ing countries – to improve awareness, must precede twinning; applying Plan, ty management. Charles Corrie, TC 176 develop capacity, increase national and Do, Check, Act; the possibility of a Web Secretary, said that he trusted the award regional cooperation, develop electronic site for those involved in twinning. was given strictly because of the meth- communication and expertise in IT tools, ods adopted in quality systems and it and increase participation in governance …and Progress in IT had nothing to do with the emblematic and technical work of ISO. nature of ISO 9001. But the successful implementa- Application of IT is a key suc- Three significant “firsts” had been tion of the Plan depends to a large extent cess factor for ISO to accelerate stand- achieved in developing the standard: a on partnerships amongst international ards development, facilitate the work product introduction – entirely new to organizations in a more systematic and of the TC secretariats and get all mem- ISO; an electronic comments template –

ISO Focus September 2005 41 Developments and Initiatives more than 7 000 comments had required “Standards may improve Third Pillar to be handled; and a DIS in electronic The third of Alan Bryden’s three form. The whole effort had demanded profits at the individual pillars for enhanced performance is the 16 weeks of work per year by each com- corporate level.” ISO Central Secretariat (CS). Kevin mittee participant – probably another McKinley, Joanna Goodwin and Alain “ first ” for ISO. canvassed views on ISO TC BPs. They Samné contended with final conference Adoption of the approach used were difficult to locate on the ISO Web billing immediately after lunch and a took place 5 years after the vision for site, they had tended to be of poor qual- hot afternoon to provide a rapid quick- a “process based” standard. But, when ity and not fresh for TC experts. They step through what CS can do for you – adopted, the approach had a management were too technical for the general pub- the users – and what you are expected plan with objectives, responsibilities and lic and there had been a problem with to do for CS. milestones. It had a project plan with names. A long-term vision was required. The technical operation of ISO key processes, staff, risks and schedules A simplified BP template had become CS is now reorganized into four main built in. And it had a work breakdown available in September 2004. By May functions – technical policy, produc- structure/design specification, with all 2005, 130 updated BPs had been received tion, project management and e-servic- processes defined and scheduled. and 30 were missing of which 10 had es, and the technical group. The focus Success had been achieved through extended dates. in all areas is now on first class custom- management, agreeing fundamental Ernst-Peter Ziethen had been look- er service, responsiveness, quality, effi- issues early, a higher work rate, exten- ing at standards development times and ciency and speed. ISO CS is certified sive communication and the support of development tracks. The overall time to to ISO 9001:2000. Feedback and sug- all involved. market of International Standards had gestions for improvement are always Graham Holloway, Chair of ISO/ improved. In 2000, only 46 percent had welcome. TC 157, Graham Thomas, Chair of ISO/ met their time frame; by 2004, 68 per- TC 118, and Hiroo Wakai, JISC repre- cent had done so. Further improvement sentative to the TMB, debated the need depended on management (with BPs as for, and design of, business plans (BPs). one element), stronger leadership, sup- There was no other systematic way to port by NSBs, support for the conven- analyze the market, link the work pro- ers, training and more work between gramme to market needs and determine meetings. priorities and allocate resources. But BPs had to be simpler and more trans- parent. “The focus in all areas is Graham Thomas saw a lot of work now on first class customer for no reward, too many BPs that were service, responsiveness, not compelling and very often an unfo- cused mix of issues. Hiroo Wakai had quality, efficiency and speed.”

42 ISO Focus September 2005 New this month

encouraging for ISO and its 153 nation- World Trade al members to see the importance of international standardization to trade Report 2005 and the economy, as well as to social issues such as the environment and highlights social responsibility, recognized and ISO’s key role analysed so thoroughly in the World Trade Report 2005. “ It shows that ISO’s efforts by Roger Frost, Press and to communicate the benefits of inter- Communication Manager, ISO Central national standards, not only to engi- Secretariat neers, but also to business, government and to society as a whole, are SO’s position as “ the world’s largest achieving positive results.” developer of standards ” is acknowl- The WTO report states that ISO I edged in the World Trade Report 2005, and IEC produce about 85 % of all inter- markets. For this to just published by the WTO (the World national standards and that in 2004, ISO become a reality, confidence in the Trade Organisation), in an analysis of published 1 247 standards and related work of conformity assessment bodies in “ Trade, Standards and the WTO ”. documents, bringing its total at the end other countries needs to be established Written by WTO economists, of the year to 14 900. through multilateral cooperation. the report underlines the important ben- While the private sector pro- “ Cooperation is facilitated if har- efits that standards can deliver in terms vides the biggest impetus to developing monized standards on best practices in of information for consumers, environ- standards, the report points out that non- conformity assessment are adhered to, mental protection and compatibility of governmental organizations have become such as in the international standards/ related goods and services. involved, working with industry and inter- guides on conformity assessment estab- “ International standards help national organizations to develop stand- lished by ISO’s Committee on conform- ensure technical compatibility across ards in such areas as the environment and ity assessment, ISO/CASCO.” countries and convey information to con- corporate social responsibility. The report adds that the ISO/IEC sumers about products that have been “ ISO and IEC standards are vol- 17000 series developed by ISO/CASCO produced abroad or processes that took untary,” the report continues, “ but some establishes best practice for conformity place in another country,” the report are referred to in technical regulations and assessment bodies, encouraging consist- states, adding, “International standards some become de facto mandatory. A cer- ency, transparency and candour. thus reduce transaction costs and facil- tain number of their standards – mainly Turning to the standards’ develop- itate international trade.” those concerned with health, safety or ment process, the report notes that ISO’s The report identifies ISO and its the environment – have been adopted work is strictly regulated by the organi- partners the IEC (International Elec- in some countries as part of their regu- zation’s own procedures and the WTO’s trotechnical Commission) and the ITU latory framework, or are referred to in “ code of good practice ” [Editor’s note : (International Telecommunication Union) legislation for which they serve as the Annex 3 to the Agreement on Technical as “ the most important ” of the 49 inter- technical basis. Barriers to Trade (TBT), “ Code of Good national standardizing bodies, and com- “ Although voluntary, some ISO Practice for the Preparation, Adoption ments, “ The expansion of membership and IEC standards become a market and Application of Standards ”]. in both ISO and IEC over recent decades requirement, as has happened in the case The report also underlines that reflects the growing importance of inter- of ISO 9000 quality management systems, improving the participation of develop- national standards.” or of dimensions of freight containers, ing countries in international standardi- On the reasons for this growth, bank cards or electric batteries.” zation is “ crucial ”. the report states : “ Increased standardi- Among areas of ISO’s work high- Alan Bryden commented on this zation activity reflects, among other fac- lighted by the report is its development of point : “ ISO and the WTO see eye-to- tors, demand by consumers for safer and standards and guidelines for conformity eye on the need to facilitate access by higher quality products, technological assessment – the process of verification developing countries to world markets innovations, the expansion of global com- that products or services actually meet through greater awareness of the bene- merce and the increased concern paid by the specifications or requirements profits of international standardization and many governments and nongovernmen- vided in standards or regulations. increased participation in developing ISO tal organizations to social issues and the The WTO report comments, “ Ide- standards. It is one of our strategic objec- environment. Standards have played an ally, an attestation of conformity with reg- tives for 2005-2010 and a concrete aim important role in fulfilling these needs.” ulatory requirements should be carried out of the ISO Five-year Plan for Develop- ISO Secretary-General Alan only once and in the most cost-effective ing Countries.” Bryden commented : “ It is certainly very manner and should be recognized in all

ISO Focus September 2005 43 New this month

the customer and a desire for competitive The ISO 9000 approach has even How ISO 9000 advantage drove the decision to certify won over Pioneer’s R&D community its quality management systems – and it whose concerns that a quality man- benefits leading was a decision that has paid handsome agement system would “ kill creativi- agricultural seed dividends.” ty ” evolved into a realization that sys- Oestreich credits ISO 9000 with tematic support builds greater preci- researcher and strengthening the company’s seed pro- sion and confidence in the results of duction operations worldwide, explain- experimentation. ing : “ Seed product specifications vary producer Far from rigidifying Pioneer’s proc- from market to market, but quality man- esses, its quality management sys- agement systems help ensure that seed by Roger Frost, Press and Communication tems have proved to be “ a highway produced in one country reliably meets Manager, ISO Central Secretariat of change ” for introducing techno- specifications in another country even logical innovations. though it is halfway around the world. nternational Standards for quali- That consistency and uniformity builds ISO 9000 certifications have been of ty management systems, as well as customer confidence and delivers val- value in meeting rigorous regulatory I standards for testing, food process- ue to farmers.” requirements, including those affecting ing and food products, “ promise to play Among the nuggets of ISO 9000 the international movement of seed, an increasingly critical role in feeding experience shared by Oestreich with something that is critical to the seed the world ”, according to Dean Oestre- ISO Management Systems readers are industry. ich, President of Pioneer Hi-Bred Inter- the following : national, Inc., a DuPont subsidiary, one Looking to the future, Oestreich con- of the world’s largest agricultural seed Certifications initially covered indi- cludes : “ Tomorrow’s food supply research and production companies. vidual locations or individual mar- chain needs to be supported by sci- Oestreich shares the above per- kets, but today, Pioneer has the goal ence-based standards that promote spective as guest contributor of the of one global certification. trade, enhance research, and ensure a plentiful supply of safe, healthy “ Viewpoint ” column in the current The company’s transition to ISO food. issue of the ISO magazine ISO Man- 9001:2000 went smoothly because it agement Systems under the heading of was already implementing customer “ This is the direction set by “ ISO 9000 helps Pioneer cultivate pro- focus, the process approach and con- ongoing efforts to develop International ductivity and confidence in global agri- tinual improvement. Standards for quality management sys- culture ”. tems, environmental manage- The company develops ment systems, food safety sys- improved seed products, mar- tems, and biological research. keting in nearly 70 countries Because of its importance, the around the world, and its sales international seed industry in in 2004 totalled USD 2,6 billion. general and Pioneer specifi- Pioneer has certified its quality cally continue to participate in management systems for seed the development of Internation- production and seed quality test- al Standards. ing worldwide, covering opera- “ Future standards may tions at 112 locations. well play a regulatory role. One Pioneer began pursuit of the goals for these stand- of certification for its quality ards-development efforts needs management systems in 1992 to be the consolidation or har- because it viewed ISO 9000 as monization of overlapping reg- a management tool to help it to ulatory systems and auditing meet the challenges of inten- schemes. Streamlining nation- sifying international compe- al and international regulato- tition, ever-increasing com- ry systems, without weaken- plexity, and rapidly advancing ing legitimate safeguards, will technology. reduce costs to consumers and “ Unlike many other support increases in agricultur- organizations, no one required al productivity.” the company to certify its quality management systems,” says Oestreich. “ Instead, concern for

44 ISO Focus September 2005 Coming up

Developments and Initiatives International Standard Book Number (ISBN) – ISO has published a new edition of its heavily utilized ISBN standard providing the international book identification system. The article highlights the changes made to the newly published fourth edition of ISO 2108, Information and documentation – International Standard Book Number (ISBN) – which specifies an implementation date of 1 January 2007 for a new 13-digit ISBN – as well As of as the benefits of 2007 the new standard for publish- ers, booksellers, libraries, distributors, systems Main Focus suppliers and other sectors of Aerospace : the new frontier The October 2005 issue of ISO Focus the book supply brings together the current and future chain that have From the world’s largest passenger plane, standardization for aerospace – with come to rely on Airbus A380, to the The European Space emphasis given on the output of ISO/TC the ISBN over Agency’s Rosetta spacecraft used to help 20, Aircraft and space vehicles – togeth- the past thirty monitor NASA’s Deep Impact mission, er with concrete examples illustrating years. the aerospace industry has become a glo- the impact of International Standards in bal business. Gone are the days when a the context of aerospace projects, such single company will undertake to bring + as Deep Impact and Rosetta Europe’s a new air or spacecraft along. Today’s Comet Chaser. The issue also reveals new products are being developed more the broadening scope of standards from and more by international teams, not by Standards in the materials sector technical standards relating to interop- individual companies, or even by indi- Materials are literally the building erability, quality and safety of compo- vidual countries. blocks for technology. The efficient and nents and equipment to management effective design, manufacture and per- As international cooperation in aero- systems, from data exchange to serv- formance of products can best be space has grown, so has the need for ices, from optimization of production achieved through having appropriate International Standards. Today, Interna- to environmental impact. and reliable materials’ properties data. tional Standards are necessary not only Articles cover such topics as the use of This relies upon the availability of to ensure interchangeability and inter- space technologies in accident detec- dependable, pertinent and validated operability of equipment, but to do so tion and warning of natural disasters, standardized methods and procedures in a reliable and cost-effective manner. air cargo and aircraft ground equip- for materials testing. They are also necessary to facilitate fair ment, aircraft hydraulic systems, aer- and equitable trade and to remove tech- The article looks at how the Versailles ospace electrical requirements, safety nical barriers to trade and open markets Project on Advanced Materials and and compatibility of materials, space in various regions of the world. Thus, Standards (VAMAS) has addressed debris, spacecraft-to-launch vehicle International Standards are an impor- the need for reliable materials proper- interface control documents as well as tant and critical resource that can be ties data through pre-standardization terrain and airport mapping data bases used by engineers, scientists, and tech- research into materials for many years. for aeronautical use. nicians in support of flight and ground Such work has fed into the development support hardware, software, facilities of many standards on testing of mate- and procedures. rials predominantly in ISO.

ISO Focus September 2005 Information is vital to your organization’s survival. Such a precious asset deserves the best protection.

99:2005 ISO/IEC 177 international for information The benchmark security management

For most businesses, information security is ISO/IEC 17799, the state-of-the-art countermeasure, essential to maintain competitive edge, cash has just been updated and improved. Use it to make flow, profitability, legal compliance and commer- your information assets even more secure ! cial reputation. For many businesses and non- Available from ISO national member institutes (listed business organizations, information may be their with contact details on the ISO Web site: www.iso.org) principal asset. A breach of information security and from the ISO Central Secretariat Web store at may threaten their very existence. www.iso.org. E-mail enquiries to [email protected].