ISO Focus The Magazine of the International Organization for Standardization Volume 3, No. 3, March 2006, ISSN 1729-8709

Managing knowledge

• Adobe’s commitment to promoting ISO standards • Safety issues for needles Contents

1 Comment Håvard Hjulstad, Chair of ISO/TC 37 Standardizing knowledge ? You are kidding, aren’t you ? 2 World Scene Highlights of events from around the world 3 ISO Scene Highlights of news and developments from ISO members 4 Guest View Shantanu Narayen, President and Chief Operating Officer ISO Focus is published 11 times a year (single issue : July-August). of Adobe It is available in English. 8 Main Focus Annual subscription 158 Swiss Francs

Individual copies 16 Swiss Francs ISO ©

Publisher Managing knowledge Central Secretariat of ISO (International Organization for Standardization) 1, rue de Varembé CH-1211 Genève 20 Switzerland Telephone + 41 22 749 01 11 Fax + 41 22 733 34 30 E-mail [email protected] Web www.iso.org

Manager : Anke Varcin Editor : Elizabeth Gasiorowski-Denis • Expanding the ISO e-learning programme Assistant Editor : Antoinette Price • How ISO built one of the world’s leading extranets Artwork : Pascal Krieger and • Standards as databases Pierre Granier • PDF/A – worldwide collaboration to preserve electronic ISO Update : Dominique Chevaux documents Subscription enquiries : Sonia Rosas Friot • The learning curve – how IT shapes learning environments ISO Central Secretariat • Common sense, Telephone + 41 22 749 03 36 Fax + 41 22 749 09 47 • Topic Maps – Supporting both knowledge and information E-mail [email protected] • Protecting business information, knowledge and intellectual capital © ISO, 2006. All rights reserved. • Managing records, managing knowledge The contents of ISO Focus are copyright • The Dublin Core standard – a worldwide electronic and may not, whether in whole or in part, be reproduced, stored in a retrieval information resource for business and learning communities system or transmitted in any form or • How to integrate standardization in knowledge management by any means, electronic, mechanical, photocopying or otherwise, without 41 Developments and Initiatives written permission of the Editor. • ISO at Davos : International Standards ‘ tools for positive The articles in ISO Focus express the views of the author, and do not necessarily reflect globalization and sharing innovation’ the views of ISO or of any of its members. • ISO/PAS 28000 applies management system approach to security of global supply chains ISSN 1729-8709 Printed in Switzerland • Partnerships in the development of International Standards Cover photo : ISO. 49 Coming up

ISO Focus March 2006 Comment Standardizing knowledge ? You are kidding, aren’t you ?

ot really. What good is knowl- is crucial for success, and that means mechanisms for personal and sensitive edge if it cannot be represented interoperability on all levels: techni- information) regardless of language or Nand communicated? cal, operational and semantic. structure. Knowledge management sys- Knowledge management is “ Knowledge management tems can be used for so much more the sum of knowledge representa- than asking about the weather and the tion and knowledge communication. systems can be used next bus. We will see applications with- Then there is information, which is an for so much more than in e-learning, e-government, e-admin- important component of knowledge. asking about the weather istration – within all e-things. It will Roughly, you could say that informa- add new aspects to computer-assisted tion is data with meaning, and knowl- and the next bus.” translation and technical writing. It edge is information that can be used will also impact on design and engi- and reused. Semantic interoperability is neering. Standardizers have an impor- Knowledge management is as about different systems understand- tant role to play in all this, as we will old as the written word. People have ing each other’s language. A lot of it see throughout this issue of ISO Focus: been storing representations of knowl- is terminology; not just terms and def- Knowledge management is, quite simply, edge in systematic ways in dictionaries initions, but explicit and machine-usa- about everything. and encyclopaedias and libraries. Stor- ble links between concepts. Virtually ing is simple; retrieving and using this all standardization committees deal knowledge may be something entirely with terminology – many of them even different. Enabling computer systems develop it – and all standards are based to utilize stored knowledge adds yet on terminology. But for a knowledge- another level. based system to be as efficient as pos- The building of knowledge- sible, the terminology that is available based computer systems is changing needs to be highly reliable and con- things around us. It is a development sistent. We are seeing the emergence from “press-8-for-a-weather-report-for- of sophisticated ontologies, semantic tomorrow”-type systems to “I want to Webs and Topic Maps. The higher the go somewhere nice and warm for my quality and level of standardization in holidays next week within a budget of these activities, the higher the likeli- EUR 1 000 ”. ness of success. We are seeing fragments of these In addition, the information need- systems in various fields, such as pub- ed for any one particular application lic transport, traffic and weather infor- or query is likely to be found in many Håvard Hjulstad mation. New advanced applications different locations. We certainly do not are constantly being developed. We want to duplicate information, involv- Chair of ISO/TC 37, Terminology are engaging computers to carry out ing duplication of effort, and addition- and other language and content more routine tasks, thereby allowing al sources of inconsistencies. resources us to enjoy more interesting and com- For instance, the sentence, “John plex ones. The issue is not that com- Smith is Managing Director of the ABC puters are “taking our jobs”, but rather Company, which was founded eight that with so much information around, years ago”, can, using the same infor- computers are needed to filter it. mation, be structured as follows: “com- Of the scores of bits and pieces pany: ABC Company; founded: 1998; that make up a complete representa- person: John Smith; function: Manag- tion of knowledge, a large portion is ing Director”. The point of this exam- being standardized, creating almost too ple is to show how, ideally, any software many layers of standards. Interopera- should be able to access any piece of bility between standards and systems information (obviously with protection

ISO Focus March 2006 1 World Scene

Leading industry groups organizations and industry con- accepted everywhere without The meeting was attended by call for International sortia. They also agreed that the need for further measure- 80 government officials in Standards to shape the similar events designed to allow ments. addition to inter- and non- for the open exchange of ideas govermental organizations. future of the digital home The initial motivation for this should be held in the future, in declaration came at the 22 nd They discussed energy and Household connectivity is view of improving coordination General Conference on Weights tourism and the environment, growing rapidly with more and and avoiding duplication of and Measures in 2003, in which the incorporation of environ- more electronic devices and work. national delegations endorsed mental concerns more firmly networks within the home More on the outcomes of the its resolution. into the UN system, as well as distributing and using digital workshop will be available in the international energy policy, information and media. In addi- This joint declaration is a May 2006 issue of ISO Focus. particularly renewable energy tion, remote control of lighting, reflection of the ongoing close sources and efficiency and the heating, appliance-use and cooperation between ILAC, implementation of a global security systems attached to the Joint declaration to BIPM and OIML and promotes chemicals strategy. home are making the digital the use of the three Mutual recognize measurement ISO technical committee ISO/ home a reality. Given the Recognition Arrangements that standards, calibrations TC 207 for environmental various technologies involved, these organizations operate in and tests management has developed a International Standards that their respective fields : meas- A joint declaration was signed urement standards, legal three-part standard which gives in January 2006 by the direc- metrology and laboratory organizations globally harmon- tors of the International accreditation. ized verifiable requirements for Bureau of Weights and Meas- reducing their greenhouse gas ures (BIPM), the International emissions. Organization for Legal Framework for Metrology (OIML) and the international chemicals World Standards Day secretary of the International management 2006 Laboratory Accreditation At the international confer- ISO, IEC and ITU have Cooperation (ILAC), to facili- ence on chemicals manage- announced “ standardization tate mutual recognition of ment, held in February 2006 and small businesses ” as the measurement standards, cali- in Dubai, United Arab Emir- theme for this year’s World brations and tests. ates, the International Council WSC workshop on digital technologies Standards Day. in the home which was held in Geneva, of Chemical Associations Switzerland, on 2 and 3 February 2006. endorsed the United Nations The theme is designed to raise Environmental Programme’s awareness of the enormous enable interoperability and (UNEP) Strategic Approach to contribution of standards, security are seen as key to International Chemical Man- which are widely acknowl- bringing value and versatility to agement (SAICM). edged to play a key role in the successful economic growth, consumers, making possible the The SAICM will provide the for small and medium enter- use of diverse products, services framework for future interna- prises (SMEs). and sources, and therefore tional chemical management accelerating market development. arrangements and is intended Given their importance in any This was the key conclusion of to organize country, UN and economy, it is vital that these a successful World Standards international activities to meet businesses not only imple- Cooperation (WSC) workshop the 2002 Johannesburg World ment, but participate in the which brought together some Summit goal that chemicals development of ISO standards 100 experts from industry, the will be used and produced in in order to reap full benefits. academic community and ways that minimize adverse Some of the major benefits of standards developing organiza- effects on health and the envi- International Standards for tions, in Geneva, Switzerland, ronment. SMEs are the transfer of tech- on 2 and 3 February 2006. nical knowledge and good practices, as well as the facili- The event provided an overview tation of market access. of the technologies as well as an examination of standards Each year on 14 October, the that address access, services, members of ISO, IEC and ITU performance, quality of service, celebrate World Standards electromagnetic interference, Day, which is a means of pay- digital rights management, ing tribute to the collaborative efforts of the thousands of security issues and overall The aim of this international experts worldwide, who devel- networking. measurement system, which op the voluntary technical Representatives from more than can help to reduce the effects agreements that are published 15 leading industry groups, of technical barriers to trade as International Standards. such as DNLA, DSL Forum and provide a secure base for and Zigbee, called for closer scientific and other measure- cooperation between the WSC ment, is to give users meas-

partners, standards developing urement results which can be ISO ©

2 ISO Focus March 2006 ISO Scene

Seminar participants learn how to Speakers from Canada, Germa- implement the requirements of the new On the occasion of the 39 th ny, Japan, Poland, Spain, Swe- edition of ISO/IEC 17025 in Cairo, Egypt. Independence Anniversary of den, United Kingdom and the Barbados, Dudley B. Rhynd USA gave presentations on Workshop on emergency received National Honours in both the new developments in preparedness the form of the Silver Crown of SC 27 standards as well as An international workshop on Merit (SCM) for his dedication experiences of businesses in standardization for emergency and contribution to public serv- their use. The topics range preparedness will convene 24-26 ice. The presentation of insignia from business use of signature April 2006, at the Villa La Pietra was made by the Governor and authentication standards International Conference Center General of Barbados Sir Clif- for identity management and in Florence, Italy. ford Husbands GCMG, KA at credit application, evaluating Government House at the end

© ISO © security software products, Recent worldwide events, rang- of November 2005. IT staff at TJKSTN (pictured here standing) information security risk man- ing from earthquakes and hurri- receive training in the use of software With a career spanning more agement methods, to real busi- canes to the ongoing threat of developed by the ISO Central Secretariat. than thirty years, Mr. Rhynd ness experiences certification terrorism, have demonstrated has worked towards the estab- of an information security the need for international coor- Training in Tajikistan lishment of the Barbados management system. dination and standards develop- ISO held a three-day training ses- ment in the area of emergency National Standards Institution sion at the Tajikistan Agency of SC 27 is a primary resource of preparedness. The objective is (BNSI) in 1971 and became its Standardization, Metrology, Cer- International Standards on to establish an International first Director in 1973, a position tification and Trade Inspection application-independent IT Workshop Agreement (IWA) which he still holds. In addition (TJKSTN), an ISO correspondent security techniques for use by that is designed to provide to his active participation in member, sponsored by the Inter- industry and other standardiza- international guidance on this ISO General Assemblies and national Trade Centre (ITC) pro- tion groups. It has developed issue. the ISO Committee for devel- gramme for developing countries. many standards used by com- oping country matters (DEVCO) merce and industry, and its cur- The workshop will evaluate meetings, he was also the ISO ISO representatives gave a rent development programme is existing national standards for Regional Liaison Officer for the workshop for 40 representa- set to shape an even better applicability to the IWA. Partici- Caribbean and Central America tives from government and future for protecting those assets pants are invited to submit these from 2003 to 2005. industry, which highlighted the critical to the success and well standards for consideration in Mr. Rhynd is also the Vice Chair- importance and widespread use being of businesses worldwide. advance of the meeting. Individ- of International Standards with uals from ISO member bodies, man of CROSQ – the CARICOM a comprehensive overview of For more information, contact as well as organizations involved Regional Organisation for Stand- ISO, including its strategy, Ted Humphreys : with emergency preparedness ards and Quality. technical activities, coopera- [email protected] and operational continuity, are tion with international and encouraged to participate in the ISO 29th regional bodies, and the bene- creation of this document. fits from participation in ISO. Seminar on laboratory General accreditation in Egypt The workshop is being organ- Assembly The remaining two days were ized by the American National dedicated to the installation and ISO and the Egyptian Organiza- Standards Institute (ANSI), ISO At the invitation configuration of the software tion for Standardization and member for the USA, in partner- of the ISO member for Canada, developed by the ISO Central Quality (EOS) held a seminar at ship with the New York Univer- the Standards Council of Canada Secretariat and technical training the end of 2005, to provide sity International Center for (SCC), ISO will hold its 29 th in the use of the software. guidance for laboratories on Enterprise Preparedness (NYU General Assembly from 10 to how to implement the require- InterCEP). 16 September 2006 in Ottawa, The ITC is the technical coopera- ments of ISO/IEC 17025. Canada. tion agency of United Nations For more information, see: Conference on Trade and Devel- More than 50 participants www.ansi.org/iwa As part of the General Assembly, opment (UNCTAD) and the attended the seminar given by there will be one full-day open World Trade Organization (WTO) international experts and Egyp- session on 14 September on the for operational, enterprise-oriented tian laboratory representatives Dudley B. Rhynd theme of healthcare, an innova- aspects of trade development. involved in exportation and the honoured tive and rapidly-changing sector certification of commodities to For more information, see : for which the need for globally- enhance activities in the field of Governor General of Barbados Sir Clifford www.intracen.org Husbands GCMG, KA (left) awards Dudley relevant solutions has been rec- standards and quality. B. Rhynd with the Silver Crown of Merit ognized and which has also been (SCM) for his contribution to public the subject of special focus in The president of EOS said that Security standards for service. Canada for the last few years. the seminar came within the today’s business framework of the directives of Associated meetings of DEVCO, Security standards for today’s H.E. Rachid M. Rachid, the TMB (Technical Management business world was the subject Minister of Foreign Trade and Board) and Council will take of a recently held one-day Industry, which confirm the place at separate points during workshop in Berlin, Germany, necessity to follow up the inter- the week of the General Assembly. hosted by ISO/IEC JTC 1, national reference in quality Participation is reserved for repre- Information technology, SC 27, systems and to promote exporta- sentatives of ISO members and IT Security techniques. tion. invited international organizations.

ISO Focus March 2006 3 Guest View Shantanu Narayen

hantanu Narayen is ness and government by promoting President and Chief software interoperability, reducing SOperating Officer of Adobe, technology complexity, streamlining one of the world’s largest and adherence to regulations, and helping fastest growing software ensure that customers, partners, and companies. Narayen leads the employees can exchange information company’s day-to-day global securely and productively. ISO helps operations, sets Adobe’s long-term ensure that manufacturing processes market strategies and oversees all and associated technologies world- product research and development, wide are reliable, safe, efficient, and corporate strategy and investments, cleaner then ever before. and corporate and product marketing. Together with CEO ISO’s efforts are important for Bruce Chizen, Narayen maintaining and supporting standards spearheaded the USD 3.4 billion within the software industry. For Adobe acquisition of Macromedia Inc. in in particular, ISO approval helps pro- 2005, expanding Adobe’s software mote international adoption of file for- platform and solutions and mats and languages that bridge paper- strengthening the company’s to-digital worlds and advance global presence in key markets ranging commerce and communication. from enterprises and vertical From its early days, Adobe industries to mobile devices and has had to ensure the openness and multimedia publishing. interoperability of its technology. Before joining Adobe in 1998, PostScript, the page description lan- Narayen was co-founder of Pictra guage that helped drive the desktop Inc. He previously held senior publishing revolution, and Portable management positions at Silicon Document Format (PDF) are open,

Graphics Inc. and Apple ADOBE publicly available specifications. Computer Inc. © Certain varieties of TIFF as well as subsets of Portable Document Format Narayen holds a bachelor’s degree (PDF/X for reliable delivery of press- in electronics engineering from “ Standards are the engine Osmania University in India, a enabling our industry ready, high-end colour documents and master’s degree in computer science to develop software in PDF/Archive for long-term archiving from Bowling Green State University and preservation) are ISO standards. and a master’s degree in business a low-risk, cost-effective Adobe’s commitment to promot- administration from the Haas School manner.” ing standards is as strong today as it was of Business. when Adobe PostScript, TIFF and PDF were introduced years ago. The compa- Shantanu Narayen : Adobe is a leading ny is currently working with organiza- software company and a global business. tions throughout the world to spearhead ISO Focus : Adobe has used innova- At Adobe we build software that revo- the development of PDF/E, a proposed tive technology to bridge the paper- lutionizes the way the world engages standard for reliable engineering docu- to-digital world, by providing software with ideas and information. Support- mentation and 2D and 3D content, and solutions that enable its customers ing standards is vitally important to our PDF/UA, a format for universal access and employees to interact with infor- business and to our customers. of electronic documents for people mation and each other, and businesses Standards are the engine enabling with disabilities. In addition, Adobe to run smoothly. How have ISO Inter- our industry to develop software in a contributes to the development and sup- national Standards contributed to this low-risk, cost-effective manner. Even port of open standards such as U3D for innovation ? more important, standards help busi- 3D content.

4 ISO Focus March 2006 We will continue to work within ISO Focus : Adobe is an active partici- Adobe’s vision is to revolution- ISO’s network of standards institutes to pant in ISO as well as in more than 30 ize how the world engages with ideas ensure compliance with existing stand- standards organizations and commit- and information—anytime, anywhere, ards, develop new standards where there tees worldwide. Why does Adobe par- and through any medium. To realize this, is a market need and remain committed ticipate in the ISO standards-making Adobe is delivering a platform that pro- to supporting these standards in our prod- process ? Would you please comment on vides powerful solutions for engaging ucts and solutions moving forward. the benefits of participation in ISO ? people with digital information. This At Adobe, we fundamentally “ Engagement Platform ” provides the believe in open standards as a means of Shantanu Narayen : ISO is the world’s programming model – including open attracting developers to our technology most prominent organization for stand- standards such as PDF and Flash (SWF) platform. Being open needs to be part ards development, playing a pivotal role format, as well as robust application pro- of your DNA1). in developing and publishing recognized gramming interfaces – to create, man- and formally agreed to International age, deliver, and engage people with 1) Deoxyribonucleic acid (DNA) is the material Standards for digital collaboration, com- media-rich solutions. For organizations inside the nucleus of cells that carries genetic munication and commerce. to accomplish this, information must information. cross borders and time zones and sup- port multiple languages, mediums and devices on a large scale. This would lit-

© ADOBE © erally be impossible without published and supported ISO standards.

“ ISO helps ensure that manufacturing processes and associated technologies worldwide are reliable, safe, efficient, and cleaner then ever before.”

Adobe has forged its business around standards and also adopts a holistic view concerning standards, from the technologies and software we develop, to the buildings where Ado- be employees work. Adobe is apply- ing to the US Green Building Council (USGBC) for the highest-level “ plati- num ” certification it offers for environ- mentally-friendly buildings. If Adobe succeeds in winning certification, it would be the first platinum designation under a new Leadership in Energy and Environmental Design (LEED) pro- gramme for existing buildings, as well as one of only 11 platinum-certified buildings in the United States. It’s inter- esting to note that USGBC is using Adobe LiveCycle software and PDF to

Overhead view of Adobe System’s building and basketball court, Adobe headquarters in downtown San Jose, California, USA. (Photo for Adobe Systems by Court Mast, Mast Photography, Inc. San Francisco) (www.mastphotography.com).

ISO Focus March 2006 5 Guest View streamline the LEED application proc- code, they can enable business process- ess, reducing the time to submit LEED es beyond firewalls and across multiple application forms by as much as 50 % platforms. and making it easier for more organi- zations to seek certification. ISO Focus : International Standards are an effective vehicle for the dissemi- ISO Focus : Acrobat and PDF revolu- nation of innovation and may therefore, tionized collaboration and information of necessity, contain patented elements. sharing by enabling people around the In such cases, the policy is that any pat- world to deliver digital documents ented material included in the require- exactly as intended across computing ments of ISO (or IEC) standards should platforms and applications. How do About Adobe be made available under ‘ reasonable ISO standards help ensure businesses Systems and non-discriminatory conditions ’. and government agencies easily and Incorporated What is your view and your practice, securely exchange information across with respect to this policy ? the enterprise ? In what ways is knowl- edge more effectively managed ? Adobe revolutionizes how Shantanu Narayen : Adobe has been very the world engages with ideas and supportive of standards organizations and, Shantanu Narayen : In today’s busi- information – anywhere, anytime in fact, has helped draft the intellectual ness and political environments, ensur- and through any medium. For more property rules for many standards bod- ing delivery of the right information than two decades, the company’s ies, including those for the World Wide to the right people at the right time is award-winning technologies and Web Consortium (W3C). We believe a complex problem – and solving it is software have redefined business, that companies participating in the cre- essential. We all live in an information entertainment and personal com- ation of ISO level standards should offer engagement economy that relies on secure munications by setting new stand- licences under patent claims necessary to information delivery across borders. ISO ards for producing and delivering practise those standards. At a minimum, standards are instrumental in ensuring content that engages people. From those licences should include reasonable that global commerce and government rich images in print, video and and non-discriminatory terms. interactions and processes are as effec- film, to dynamic digital content for tive, timely, and secure as possible. a variety of media, the impact of Adobe solutions is felt by anyone ISO Focus : Almost all industries are “ Press and analyst who creates, views and interacts concerned with security issues today. with information. The company’s An important part of software develop- communities see Service solutions are used daily by many ment is to ensure that data is secured Orientated Architecture as of the world’s leading organiza- and travels when and where it is need- having great potential but tions in a range of industries, such ed. How can such information security as publishing, government, finan- systems benefit from International with parameters cial services, telecommunications Standards and which standards does and definitions to be and education. With a portfolio of Adobe use in its solutions ? many of the most respected and rec- nailed down.” Shantanu Narayen : Among other secu- ognizable software brands, Adobe rity issues, phishing attacks cost con- is one of the world’s largest and Adobe Acrobat and PDF are vital sumers USD 500 million in 2004. And, most diversified software compa- for securing and enabling information according to an Adobe/Harris poll on nies. For more information, visit flows. Both in the USA and globally, security, more than 23 % of organiza- www.adobe.com. PDF has garnered widespread adoption tions have had leaks of sensitive informa- as the standard for making documents tion over the last 12 months. As a result and information accessible in a control- of the challenges of securing electronic led, secure manner. Password-protection, interacting with all types of media-rich information, business and government encryption, locking content and setting information. Acrobat and PDF today are are facing thorny issues associated with viewing limits on documents are only a important enablers in driving engage- protecting privacy, adhering to nation- few of the security measures that can be ment and enabling informed action – an al and international regulations for pri- applied to PDF files. idea to be developed, a business process vacy and confidentiality, and retaining Acrobat and PDF started as a way to execute or an important government consumer and constituent trust. to reliably exchange documents, but they decision to make. PDF files can be used To date, most organizations have have since evolved into a global means as transactional, legally binding docu- focused almost solely on securing the of not only sharing, but also actively ments. And, when combined with XML perimeters of their network using tech-

6 ISO Focus March 2006 nologies such as firewalls. Increasing- traditional point-to-point architectures, people and organizations need to create, ly, it’s clear that this approach falls short SOAs comprise loosely coupled, high- manage and deliver information-rich con- – organizations must secure the con- ly interoperable application services. tent and applications that enable custom- tent itself. Through SOAs, silos of automation such ers and constituents to have more effective Adobe works very closely with as enterprise resource planning or cus- digital experiences. To date, this endeav- digital signature, smart card and security tomer relationship management systems our has been limited by the complexities companies to ensure there are efficient, are repurposed to create a composite set of developing, deploying and managing safe and effective ways to safeguard con- of applications that provides services to applications across multiple platforms, tent. New information security solutions customers and constituents, and extends devices and environments. from Adobe ensure effective rights man- organizations’ reach to facilitate interna- Adobe’s Engagement Platform agement for documents, not only created tional trade. With a combination of SOA, provides an integrating framework to in PDF, but in Office and CAD formats, XML and PDF, Adobe is enabling people simplify the creation and deployment of ensuring that documents are viewed only to participate in business processes any- compelling, actionable applications and by those who are intended to view them, time, anywhere, on any device. content. Unlike point technologies that that they aren’t leaked either intention- The press and analyst communi- require complex integration, proprietary ally or unintentionally, and that they are ties see SOA as having great potential solutions that require new skills and infra- indeed authentic and genuine. but also as being in a preliminary state, structure, or closed platforms that do not The security standards developed with parameters and definitions still being provide the breadth of support for content through the standards process ensure that nailed down. Adobe is actively involved or the reach across operating systems and organizations can balance between the in a standards effort to define a norma- devices, the Adobe engagement platform need to share electronic information and tive reference model for SOA, and other builds on existing infrastructure, stand- at the same time protect it. standards activities related to SOA imple- ards, and skills to integrate complex con- mentations. ISO’s efforts in developing tent and technologies without sacrificing ISO Focus : How do you see the digit- and publishing recognized and formally scale or efficiency. al industry evolving in the coming agreed to international SOA-related stand- The ability to deliver next-gen- years ? What new standards would ards will be necessary to realize this new eration functionality extending across Adobe like to see coming out of ISO ? technology model on a global scale. applications, enterprises, users, formats Another transformational industry and devices will depend upon ubiquitous Shantanu Narayen : There are two espe- trend is a dramatic shift in the way people clients such as Adobe Reader and Flash cially exciting trends driving advance- are engaging with ideas and information, Player, PDF and SWF formats, and open ment in the digital industry. One is a new whether it’s a newspaper, a billboard, a APIs and standards. As always, ISO will generation of enterprise-class technolo- Web site, a film, a mobile device, an online continue to play a crucial role in devel- gy called Service Oriented Architecture meeting, an enterprise application or an oping and disseminating the standards (SOA) that accelerates the flow of busi- electronic document. In today’s climate, needed to engage people with information ness-critical information by connecting in compelling yet controlled ways. people, documents and processes. Unlike An average day at Adobe. © ADOBE ©

ISO Focus March 2006 7 © ISO Managingknowledge to the ISO Secretary-General Strategic Adviser by Daniele Gerundino, programme e-learning the Expanding 8 8 M ISO

Focus ISO a

March i

n 200

6

F ocus sponsoring members (DIN Deutsches Deutsches (DIN members two sponsoring of support the with Secretariat, countries. oping devel from those notably and bodies standards national targeting activities, to be covered by education and training priority highest the is standardization international in participation national I creation of competences to support of competences creation the ISO, within that, underlined of issue past a n For this reason, For the ISO this reason, Central

ISO Focu ISO s 1)

we we - April 2005. 1) national standards bodies (primarily (primarily bodies within standards national members staff of needs ing train the addresses programme The management . standardization national in inter of expert the role the targeting programme e-learning comprehensive a of development the undertaken has JISC), Committee, Standards Industrial Japanese the and Normung für Institut The ISOe-learningprogramme, ISO Focus

- - technical officers who already have a content classification, as well as look certain background in standardization, and feel and can be reused in a variety at least at the national level), with a of contexts, such as classroom courses, Managing knowledge view to transfering the knowledge nec- new customized e-learning modules, as essary to effectively support their insti- well as information services. tutes’ involvement in international when exceptional cases must be noted. standardization. […] Intuitively, we all know this is the The programme includes three Retaining knowledge case. The more experience someone has independent – albeit interrelated modules through experience with a given situation, the more effective – dealing with the key activities that an he or she is in that situation. It follows Before presenting in more detail expert in international standardization that the best way to teach an employee Module 2, Participating in internation- management should master : is to let him or her work on a job that al standardization, it is useful to refresh requires the skills you’re trying to teach, • Assessing priorities for standardiza- the principles of “learning by doing ” on and eventually that employee will pick tion; which the ISO e-learning programme them up ” [through an iterative process • Managing participation in interna- is based. of fail and practice]. tional standardization; As Roger Schank has noted in one Modern information technolo- of his books 2), “ learning by doing works gies and notably the Web provide an • Implementing International Stand- because it strikes at the basic memory ideal platform for developing contexts ards. processes that humans rely upon. We where students can actually do things and The first Module, presented in learn how to do things and then learn learn through such an iterative process. ISO Focus last year 1), was very success- how what we have learned is wrong or A powerful approach consists in creating fully tested in 2005 by a pilot group of right. We learn when our rules apply and simulations or elaborate stories within learners (ten students from five differ- when they must be modified. We learn which the student has to play a role for ent countries) and is now operational as when our rules can be generalized and the duration of the course. a regular ISO Central Secre- “ The student pre- tariat course (the second edi- tends to live in a fiction- tion of Module one is under- al world in which events way, with 15 students from happen and he must deal 12 countries). with what to do in the sit- The second Module uations presented to him. was delivered in 2005 and After such an experience is described in more detail a student feels as if he below. Its pilot implementa- really had experienced tion started in January 2006 what the designers of with a group of 10 students the course intended for from five countries. him to experience 3) ”. If Development of the the story and its context third Module is underway are well designed, the and by the end of 2006, student’s will remember the entire ISO e-learning “ his or her own experi- programme, Expert in inter- ence ”, and more like- national standardization ly retain the knowledge management , will be fully acquired through that operational. experience. To underline the scale Of course this is of this effort and achieve- not a simple task. The ment, it is worth noting that Web is an exception- the three modules include al information delivery more than a hundred content mechanism – but upload- elements (such as informa- ing documents on the Web tive documents, guides, Pow- er Point presentations, tem- 2) Roger Schank, Designing plates and software tools) ; world class e-learning, these materials are fully har- Mc Graw Hill, 2002. monized, i.e. they share com- 3) Roger Schank, ISO Focus, ISO

mon design principles and © April 2005.

ISO Focus March 2006 9 Main Focus and making them available to a certain • Assignment to the learner of tasks to If a national standards institute audience (maybe with multiple choice be accomplished and deliverables to has already defined the fields of nation- questions at the end, to test the mne- be produced for each task to be per- al interest and selected those priority monics of students) is one thing, but formed (against which the learner's items, Module 2 will assist them to creating a context where students can work will be evaluated) ; participate in International Standards have a fulfilling learning experience, • Provision of comprehensive support- development. acquiring lasting elements of knowl- ing materials, helping the student to An expert in international stand- edge and skills needed for their pro- execute the various tasks ; ardization management should be able fession, is quite another. to effectively organize and support the This is a fascinating subject, but • Use of a structured environment sup- participation of national interests in the is not possible to go in further detail porting interactions between the learner international standardization process, within this article. I just want to under- and the tutor, and among students ; and ensure correct and timely applica- line that building an effective e-learning • Use of general information and descrip- tion of the ISO/IEC Directives. system along the lines outlined above, tive material (guides, textbooks, offi- The second ISO e-learning Mod- requires the combination of very care- cial documents, presentations, tem- ule, Managing participation in interna- ful instructional design with the power plates/tools) as side content, to be tional standardization, offers a compre- of the Web for information delivery and used as supporting material. hensive didactical environment where interaction support. professionals from ISO national stand- All the stories take place in a ficti- Instructional design is indeed ards bodies who already have some expe- tious country, Southistan, within its nati- the key aspect and is the one to which rience in standardization, can acquire onal standards body, Southistan Bureau the ISO project team has dedicated or significantly expand their knowl- of Standards (SBS). Learners play the most efforts (with the valuable support edge on participation in international role of a technical officer, with assign- of Roger Schank’s team from Socrat- standardization. ments to be performed for each of the ic Arts). The module provides an envi- three modules. ronment within which the learner has All modules are Web-mentored to apply concretely the procedures for “ The creation of and facilitated, meaning that as the stu- standards development work, practice dent works through assignments on the competences to support with tools (e.g. project and document course Web site, she/he will send ques- management systems) supporting the national participation tions and final work products to a mentor process, deal with consensus build- in international via the Internet. The mentor will review ing and promoting national positions and provide feedback on students’ work standardization is on specific content issues (taken from in each task, until they submit their final real ISO standards projects). the highest priority.” deliverable. At the end of each task, the mentor opens a discussion forum and In summary, the ISO e-learning takes this opportunity to standardize the “ The programme will modules are designed on the basis of the deliverables produced by the various stu- be completed and fully following key points : dents prior to opening the next task. operational by the end • Clear identification of the objectives of 2006.” and key tasks to be performed by the Managing participation target role/function, and thorough in international By participating in Module 2, analysis of the main teaching points standardization professionals from ISO national stand- (including important issues, and ways ards will be able to strengthen their to address problems and obstacles Module 1 addresses planning abilities to : concerning the selected tasks – to be activities that an expert in international 1. Manage rigorously and efficiently transferred to the students through standardization management should be the circulation of relevant informa- the “ story ” context) ; able to undertake to effectively allow his/ tion and documents to all national her country to take full advantage from • Collection of specific materials (pri- stakeholders involved in the stand- international standardization: analyzing marily case studies and real life expe- ardization process ; and defining fields of national interest, riences – as well as extensive mate- evaluating strategic alternatives (such 2. Monitor the activities of TC/SCs’ rials and tools for analysis and guid- as adoption of published International work where the national standards ance) related to the undertaking of Standards or participation to the stand- body is a participating member or the various tasks identified ; ards development process), assessing observer member, and to secure rig- • Creation of simulations (the stories) potential stakeholders’ participation, and orous and efficient project manage- around which to structure the core estimating resources needed to support ment for national mirror committees learning experience ; the process. (for all work items of interest) ;

10 ISO Focus March 2006 Managing knowledge

the test countries (Argentina, Croatia, Malaysia, Saint Lucia and South Africa) have contributed to the course design and development phase, providing input and documentation (concerning proc- esses, case histories and difficulties associated to the activities covered by the course). Learners have taken a little time to get started but the course is so far on schedule and progressing well.

The next steps The feedback received by all those who have been involved with the ISO e-learning programme is very pos- itive and encouraging – including feed- back from the sponsors of the project 3. Organize and support the dialogue – Subtask 1.2 : Monitoring technical (DIN, Deutsches Institut für Normung, among national interests and the committees ; and the Japanese Industrial Standards consolidation of national positions Committee, JISC). on the relevant work items; • Task 2 : Preparing for national The programme will be complet- mirror and ISO committees meet- ed and fully operational by the end of 4. Support and promote consolidat- ings : 2006. ISO Central Secretariat will then ed national postions at the interna- have the opportunity to organize a few tional level ; – Subtask 2.1 : Consolidating the national position in preparation sessions each year, covering a signifi- 5. Organize and support the participation for national mirror committee cant audience of professionals from of national delegations in technical meeting ; national standards bodies (several and subcommittee meetings. dozens per year). – Subtask 2.2 : Participating in nation- There is, however, much more to al mirror committee meeting ; The student acting in the role of be done: the learning materials devel- a technical officer of Southistan Bureau – Subtask 2.3 : Preparing to lobby for oped so far will be available to all ISO of Standards, with several years of expe- national positions at the interna- members, who will have the opportuni- rience, is asked by his supervisor (the tional level ; ty to reuse them in a variety of different technical director) to manage a certain – Subtask 2.4 : Preparing travel logis- contexts. ISO Central Secretariat itself number of technical committees with tics for an international meeting. plans to reuse some of the materials a view to revitalizing their activity and developed to provide new and comple- improving SBS’ participation in inter- mentary Web-based information servic- national standardization. The pilot implementation es targeting other user groups. The module’s duration is about 11 For more information, contact : weeks, with students working approxi- The pilot session of the module, Daniele Gerundino mately one hour per day. Managing participation in international standardization, started in January 2006 Strategic Adviser The module is subdivided in two and, at the time of writing, is underway. to the ISO Secretary-General main tasks and six sub-tasks, covering Ten students – all professionals E-mail [email protected] the following topics : in standardization from national stand- Tel. + 41 22 749 01 11 ards bodies from five different countries • Task 1 : Organizing and implement- Fax + 41 22 733 34 30 with various levels of experience – are ing improved processes: participating in the course, along with – Subtask 1.1 : Configuring project one ISO Central Secretariat employee. management tools ; Many national standards bodies from

ISO Focus March 2006 11 Main Focus

How ISO built one of the world’s leading extranets by Tom Jenkins, Chair and Chief Strategy Officer for Open Text Corporation

bout ten years ago, a meeting of four people in Geneva led to the creation of a reference model for A ISO © virtual communities. That ISO model has since been imitated throughout the and technologically advanced countries, As we take a closer look, it’s easy world – from the largest multination- but more than 100 developing countries, to see that maintaining and publishing als to non-governmental organizations is a real challenge. content on more than 15 000 ISO stan- and agencies that, for example, deliver This structure can lead to some dards is no simple task. The very suc- worldwide services for refugees. unique headaches, especially with regard cess of the ISO programme depends on During that meeting a whiteboard, to dealing with many different cultures, making sure that the most up-to-date, the most important part of it, and a lap- languages and technologies. However, valid standards are made easily avail- top computer connected to the Internet ISO has managed to build a worldwide able to the countless number of world- by a very fast phone line (24 Kbits/sec) extranet which, all things considered, wide users. What’s more, most of these were used. Using the laptop computer works quite well. standards are maintained in two lan- as motivation for the possibilities of the How did ISO do it ? To answer guages – English and French – and are Internet, the group sketched a vision on this question, we must first examine re-evaluated and updated at least every the board that would become a reality the global vision for the organization five years. for ISO and serve as a beacon for the for 2010, which is to develop standards way to organize diverse groups of peo- that support facilitation of global trade, “ ISO lead the industry ple all over the world. Open Text Cor- improvement of quality, safety, securi- to become one of the poration, then a start-up company, used ty, environmental and consumer protec- a new technology that would become tion, as well as the rational use of natu- first virtual Internet known as Enterprise Content Manage- ral resources, and global dissemination communities in the world.” ment (ECM). of technologies and good practices, all of which contribute to economic and The task begins at ISO’s Central social progress. Secretariat in Geneva, Switzerland, where Handling e-content 150 employees produce e-content in every At the time, a big challenge for Thousands of standards, type of format for its tens of thousands of users around the world. ISO was how to properly handle its different languages, information, in particular, electronic At one time, that meant a lot of or e-content. Any large organization constant updates paper – but not anymore. ISO and Open with an international presence knows Complying with ISO standards, Text began to work together a decade that isn’t easy. In addition to the prob- such as ISO 9000 for quality manage- ago. Over the years they have developed lems arising from supporting collabor- ment is a must for any organization before a consistently cutting edge approach to ative work of more than one hundred it can compete in the modern global information technology requirements, organizations from all continents, was economy. Companies in every kind of by constantly changing with the Inter- another challenge: being able to access business imaginable – from chemical to net environment, and adapting to meet and exchange information in a variety information technology – are required the needs of ISO’s membership. of formats. by their customers to comply with par- These needs are challenging. As ISO is a federation of national ticular ISO standards as a prerequisite to the Internet has expanded and bandwidth standards bodies from 156 countries. Not doing business. But developing, main- increased, the membership has demanded surprisingly, the diversity of its member- taining and distributing these standards more functionality. ISO has served as an ship, including not only the most modern involves a lot of effort. example for many other organizations that

12 ISO Focus March 2006 contemplate an extranet marketplace for ISO has since become a virtual a diverse international community. organization and its Central Secretariat’s Livelink ECM-based extranet is now on Managing knowledge Making the transition the verge of being one of the largest in to e-communications the world. publish content from its repository, or for its Web store, and pull information Using software called Enterprise from its product catalog residing in an Content Management (ECM) and mar- The importance of being Oracle database. It can then publish on keted as “ Livelink ECM ” by Open Text, Web-based the Web site in response to queries from ISO has made an effective transition to The ISO’s Central Secretariat all those end users. electronic communications. Before that, uses ECM to effectively manage the it was paper-based and far from efficient. entire standardization process – from Documents in multiple The manual, paper-based processes were development to distribution. ECM pro- slow, expensive and hard to control. vides a long-term foundation for cap- formats Communication was difficult amongst turing knowledge and is Web-based so ISO is no ordinary organization developers of standards, and even more it can ease the process of distributing when it comes to managing e-content, so between people inside and outside information over the ISO extranet. This for instance, the number of users of of ISO, resulting in high project man- means customers have instant access Open Text’s ECM includes the Central agement overheads, long development to information directly from their Web Secretariat, another 15 national stan- times and significant costs, not to men- browser, and they also have print-on- dards bodies and the European Com- tion excessive amounts of paper. demand capability, which reduces oper- mittee for Standardization (CEN) , over Long before most companies had ational costs. 700 ISO technical committees and sub- created even the most basic Web site, in committees and more than 2 000 working the mid-1990s ISO had a vision of what groups, all of which must be supported. the extranet should be, and started the Collaborating on technical In total, there are about 400 000 docu- deployment process of ECM software. content ments in multiple formats to be man- It planned to be able to provide a robust aged for different purposes, along with document-management base, an open At ISO, collaboration and the development of technical content and some 2 000 electronic ballots per year architecture and seamless integration of (i.e. comprizing the collection and com- all the collaborative working tools needed the dissemination of information are key. Content is created in a collaborative pilation of comments) organized by the to build Web-based intra/extranet busi- ISO Central Secretariat. ness solutions. process that encompasses 156 national standard bodies, over 700 ISO techni- cal committees and subcommittees and “ ISO has served About the author more than 50 000 technical experts. In as an example for many order to effectively coordinate the devel- Tom Jenkins is opment and to deliver this content via other organizations Chair and Chief the Web, ISO needed an open solution that contemplate Strategy Officer able to provide robust, highly scalable an extranet marketplace for Open Text services, and to interface with different Corporation. As systems and environments. for a diverse international CEO of Open Text Corporation ECM is the application that cost- community.” from 1997 to effectively met those needs for collabo- 2005, he was ration, knowledge management and con- Daniele Gerundino, Strategic instrumental in tent management. Advisor to the ISO Secretary-Gener- the creation of Toward that end, ISO integrated al, points out that “ ECM is the founda- one of the first Internet search engines that Web content management capabilities tion for the ISO repository, and support- was used by Netscape®, Yahoo !®, and with its ECM suite. The goal was two- ing the ISO’s Web content management IBM®. Mr. Jenkins went on to direct the fold: first, to create a solution to help ISO is no simple task, since the organization development of the first Internet-based improve how it organized and published has some 30 000 unique visitors to its document management system, as well as content; and second, to tie content pub- site every day.” the earliest versions of Internet-based lishing capabilities into the larger infor- workflow, portals, and online meeting According to Daniele Gerundino, software. All of these component mation repository on standards. ECM was selected because of its native technologies are early forerunners of Today, ISO utilizes ECM to man- Internet technology and protocols, and current ECM technology. Mr. Jenkins age content for its bilingual Web site – its scalable server-based architecture co-authored the first two books of the www.iso.org – and also to manage con- with the potential for disparate users Enterprise Content Management Trilogy. tent for its Web store. It can access and to connect.

ISO Focus March 2006 13 Main Focus

In making the original decision to use ECM software to solve these challeng- es, an ISO task force did a six-month, on- site evaluation and found ECM to be the best solution for its intra/extranet require- ments. It then installed ECM servers on Sun Solaris and Windows NT, using an Oracle database on both platforms. Now employees at ISO Central Secretariat and those from ISO members and their repre- sentatives have complete but controlled access to ECM’s integrated services.

The benefits of using ECM The benefits have been more than significant and today ECM allows ISO to : • Manage thousands of projects and facilitate the publishing of more than 1 000 standards every year ; • Handle contributions from ISO mem- bers’ networks and the hundreds of thousands of volunteers ; • Maintain tens of thousands of exist- ing standards in multiple formats and languages ; • Support the public enquiry process engaging the whole ISO constituen- cy (through the ISO electronic bal- loting application) ; • Effectively support the organiza-

tion’s governance (providing struc- ISO © tured access to all relevant docu- ments and recorded decisions) ; A preliminary analysis of such Standards as initiatives undertaken by the ISO Cen- • Ascertain problems in the process tral Secretariat staff in mid-2005 revealed and ensure swift resolution. databases that around 20 ISO committees had either The concept of Internet-based set up databases, were in the process of access by the membership to documents doing so or had expressed an interest from around the world is now a daily by Reinhard Weissinger, Group in storing items from their standards reality. ISO has led this industry in dem- Manager, Project Management in this form. The initiatives range from onstrating how it is possible to create a and e-Services, Standards extracting elements from standards and global community that interacts daily at Department, ISO Central storing them in databases to creating an a very reasonable cost. Secretariat environment in which the whole stan- ISO has greatly reduced the time dards development process itself, includ- required to publish International Stan- ver the last few years, ISO com- ing key decision stages such as ballot- dards and can now manage all official mittees have increasingly begun to ing, could be supported by the database documents and reports electronically. It Ouse databases to store and main- environment. is one of the first virtual Internet com- tain certain content from the standards Since the different committees munities and today one of the largest vir- they develop. Essentially, such content developed the initiatives independent- tual organizations in the world. is a collection of items which can be ly and without consultation, the lack dealt with individually, such as terms of coordination has led to very differ- and definitions, graphical symbols and ent outcomes in terms of the database similar discrete entities. structures and features.

14 ISO Focus March 2006 In order to better understand these a “ collection of items ” – which could be developments and arrive at guidelines for isolated and treated individually – data- stronger coordination, ISO’s technical bases could be used as an efficient tool Managing knowledge management board (TMB) decided in to maintain or develop standardized June 2005 to establish a special group. content. The group noted that currently The first meeting of the group databases are used to store the follow- the establishment of a maintenance team (known as the TMB ad hoc group on ing types of items : to keep the standards up-to-date. Every standards as databases) was held in • Terms and definitions ; newly published standard contains a Geneva, Switzerland, in November 2005 • Graphical symbols ; pre-determined withdrawal date. with the participation of and/or contri- butions from 15 committees from ISO, • Product properties ; one committee from the International • Reference data (codes, datasheets, Types of database uses Electrotechnical Commission (IEC), reference values applied in tests, In relation to the standards devel- four member body representatives, signals, etc.). opment process, databases are used essen- as well as staff members of the ISO tially in two types of instances : Central Secretariat and the IEC Cen- Maintenance of Type 1 : To store the result of the tral Office. The committees included the content of standards plastics, health informatics, optics and standardization work: after conclusion photonics, safety of machinery, geo- Under current ISO procedures, of the “traditional” standards develop- graphic information, industrial auto- the following options exist for the main- ment process, items are extracted from mation systems, agricultural electron- tenance of the content of standards. A standards and stored individually in a ics, small tools, information technolo- committee may decide to: database (see Figure 1). gy and horizontal fields such as termi- nology and graphical symbols. “ ISO committees have increasingly begun to use Standards Extraction of databases to store and development items and maintain certain content Approved process Published storage in a from standards.” Work standard Database Item (as a document) During this first meeting, com- mittees made presentations demonstrat- ing how they use databases, confirm- ing that they were already widely used independently of the particular subject field in which committees were oper- Figure 1 – Type 1 database to store the result of the standardization work. ating. The commonality between these developments was that whenever stan- dards contained partially or exclusively • Revise an existing standard follow- Such a database may contain the ing its systematic review or a com- content of one or more individual stan- mittee-decision ; dards. Its primary use is to maintain and update the content of standards, which About the author • Publish an amendment to an exist- would normally result in the publication ing standard ; Reinhard of a revised version of the standard or Weissinger is • Produce a corrigendum to correct of an amendment. Group Manager errors in a standard ; of Project Type 2 : To support the develop- Management • Establish a maintenance agency with ment process itself: individual items at and e-Services the mandate to continually update various stages of their development are within the the content of a standard. stored in the database. The development Standards stage of each item is expressed through Department at The IEC has relinquished the a status identifier (e.g. proposed, under the ISO Central systematic review and replaced it with review, approved, etc). In such cases Secretariat. a maintenance process, which requires databases contain either simple voting

ISO Focus March 2006 15 Main Focus

• How standards are developed and maintained, e.g. the database-cen- tred approach could become more common in the future ; • The structure of standards. The exist- ence of a standard as a document Approved Entry of items Products work Database and could become one form of presen- tation amongst others ; item (including services (each with a • The development of new business voting etc.) models derived from new types of status identifier) products and services (e.g. IT-applica- tions accessing standardized content based on subscription models) ; • The adoption of standards by region- al or national standards bodies. Figure 2 – Type 2 database to support the development process itself. The participants in the first meet- ing of the TMB ad hoc group felt that features or are connected with balloting ers, such as subscription services, access a new approach to standards develop- applications to allow authorized individ- of databases by remote IT-applications ment was emerging, which potentially uals to express their views on the items by companies, etc. could have a major impact in the future. under review (see Figure 2). It should be noted that the use It would also allow a more timely main- Once the development process for according to type 1 may evolve in the tenance of the content of standards. a set of individual items is concluded, future to use type 2. The work of the TMB ad hoc they receive the status of “ approved ”. In group has just started. For the first phase, this form they may represent a product the group decided to review the existing and/or could be the subject of a service IEC procedure, as well as the system of that addresses the needs of final custom- Potential implications for standards developments stage codes used to identify the devel- in the future opment stages of standards projects. “ Databases could be It was found worthwhile to review the used as an efficient tool It is evident that the increased work already done in IEC with a view use of databases in the development to sharing experiences and avoiding to maintain or develop and maintenance of standards may have duplication of efforts between the two standardized content.” important implications for : organizations.

Example : Terminology database (maintained by ISO/TC 199, Safety of machinery)

16 ISO Focus March 2006 Managing knowledge

Ensuring accessibility over time The problem is that the feature- rich nature of PDF can create difficulties in preserving information over the long term. For example, PDF documents are not necessarily self-contained ; some files depend on system fonts and other content drawn from outside the file. As technol- ogy changes, these external dependen- cies can cause information to be lost. Additionally, because there are many PDF development tools on the market, there is inconsistency in the file format. This means that future migration of PDF files could be difficult because archivists won’t necessarily know “ what’s under the hood ”. With so much important infor- mation all over the world being main- tained as PDF, we needed a long-term solution to ensure that digital PDF documents remain accessible for long periods of time.

© ISO © Addressing different market/application needs PDF is a digital format for rep- PDF/A – resenting documents. PDF files may be ISO 19005-1, Document manage- created natively in PDF form, converted ment – Electronic document file format worldwide from other electronic formats or digi- for long-term preservation – Part 1: Use collaboration tized from paper, microform, or other of PDF 1.4 (PDF/A-1) is the first in a hard copy format. Businesses, govern- new family of ISO standards to address to preserve ments, libraries, archives and other insti- the growing need to maintain informa- tutions and individuals around the world tion in electronic documents over electronic use PDF to represent considerable bod- archival time spans. documents ies of important information. Much of This is where the “ /A ” in PDF/ this information must be kept for sub- A comes in. Although never formally stantial lengths of time ; some must be defined, the “ /A ” to most of the people by Susan Sullivan, kept permanently. These PDF files must involved in the standards activity repre- US technical advisory group for remain useable and accessible across sents Archive. This is accomplished by the PDF/A ISO standard multiple generations of technology. The identifying a limited set of PDF objects future use of, and access to, these objects that may be used in PDF/A, and add- ust about everyone who has used depends upon maintaining their visual ing restrictions to the use, or form of the Internet has come in contact appearance as well as their higher-order use, of those objects and/or keys with- Jwith the Portable Document For- properties (such as the logical organiza- in those objects. mat (PDF). Adobe Systems Incorpo- tion of pages, sections and paragraphs) The PDF/A activity was initiat- rated openly publishes the PDF speci- machine recoverable text stream in nat- ed in the USA through the joint sponsor- fication and encourages vendors to use ural reading order, and a variety of admin- ship of the Association for Information it to develop software that creates and istrative, preservation and descriptive and Image Management (AIIM) and the processes PDF files. metadata. Association for Suppliers of Printing,

ISO Focus March 2006 17 Main Focus

The committee developing Publishing, and Converting Tech- PDF/A-1 wanted to be sure that nologies (NPES). Under the aus- PDF/A could be used by everyone, pices of ISO technical committee and not just by libraries, records ISO/TC 171, Document manage- managers and archival institutions. ment applications, subcommittee We recognized that organizations SC 2, Application issues, a Joint would use PDF/A applications to working group (JWG 5) was formed create and process PDF/A confor- with representatives from ISO/TC mant files as part of their regular 171, ISO/TC 42, Photography, ISO/ • Embed fonts ; • Encryption ; business processes and, in doing TC 46, Information and documen- • Device-independent • LZW Compression ; so, would need to adhere to differ- tation, and ISO/TC 130, Graph- ent rules and requirements. colour ; • Embedded files ; ic technology. A diverse group of In defining PDF/A-1 as a • XMP metadata ; librarians, archivists, PDF software • External content file format standard, the commit- developers, government agencies, • Tagging. references ; tee limited its scope to define an imaging experts, graphics experts • Transparency ; archival version of the PDF 1.4 and others collaborated to devel- file format. This would allow the op PDF/A-1. Initial meetings were • Multimedia ; flexibility needed for wide imple- held in mid-2002 and the standard • JavaScript. mentation, and leave to its imple- was approved in June 2005. Tech- menters : processes for generating nical experts from 15 national stan- PDF/A-1 files, specific implemen- dards bodies provided input throughout tation details of rendering such files, file the development process. archiving requirements for more com- storing methods and hardware/software plex content types. dependencies. “ Just about everyone who PDF/A is one of many efforts The introduction clearly explains has used the Internet underway to build standards which use that, as a file format standard, PDF/A-1 is PDF as the underlying document for- just one component of an organization’s has come in contact with mat, but which address different mar- comprehensive preservation strategy and the Portable Document ket/application needs. Current standards does not stand alone. By itself, PDF/A-1 Format.” based on PDF, either in work or already does not guarantee preservation or exact published include: replication of source material. Imple- The PDF/A-1 (ISO 19005- • PDF/X for pre-press data menters must use it in conjunction with 1:2005) standard is based on Adobe’s exchange ; additional controls such as : records man- PDF Reference 1.4, and specifies how • PDF/E for engineering, architectural to use a subset of PDF components to and GIS documents ; About the author develop software that creates, renders • PDF/UA for handicapped and otherwise processes a flavour of Susan Sullivan accessibility. PDF that is more suitable for archival is a Certified preservation than traditional PDF. It aims An important goal is for PDF/X, Records to preserve the static visual appearance E, and UA to be conformant with PDF/A Manager and of electronic documents over time and to and therefore capable of being preserved Information Technology support future access and future migra- over the long term. Currently, it is pos- Specialist for tion needs by providing frameworks for: sible for a file to be compliant with both the US National (1) embedding metadata about electron- PDF/A-1:2005 and the currently pub- Archives and ic documents, and (2) defining the logi- lished versions of PDF/X (ISO 15930 Records cal structure and semantic properties of parts 1, 3, 4, 5 and 6). Administration electronic documents. (NARA). She represents NARA on the Because this initial version of Designed for flexible US technical advisory group for the PDF/A PDF/A-1 is based on PDF 1.4, the stan- ISO standard. For 20 years, Ms. Sullivan dard is being published in parts so that implementation was a records management consultant to new parts can be added without obso- For an archival standard to be the nuclear power industry and then to the lescing previous parts. For example, viable, it must allow for flexibility of Federal government. In 2002, she joined NARA as a member of the ERM E-Gov PDF/A-1 refers to the format defined implementation. For example, organiza- Team and recently participated in the by part 1 (ISO 19005-1) of the standard tions will want to implement the PDF/A electronic records policy working (or PDF 1.4) while part 2 (ISO 19005- file format at various stages of the docu- group. Currently, she leads the NARA 2) and later parts may be based on a ment lifecycle, possibly even upon doc- “ Toolkit for Managing Electronic later version of PDF and/or may define ument creation. Records ” project.

18 ISO Focus March 2006 agement policies and procedures, quali- that could complicate archival preserva- ty assurance processes, requirements and tion and prohibited or restricted them. conditions necessary to ensure persistence For each section, we defined the set of Managing knowledge of electronic documents over time. For PDF objects that may be used in PDF/ example, PDF/A-1 information annex A-1 and in many cases added restric- data), and allows non-XMP schemas to B recommends conversion processes to tions to their use. We also specified PDF be included, as long as they are embed- ensure that PDF/A-1 files retain their objects that may not be used in PDF/A- ded. Implementers can use XMP in a quality and integrity as records. 1 files. In some cases, we defined how a variety of ways to include information PDF/A-1 supports two confor- PDF/A-1 conformant reader must han- about electronic records within the file mance levels to promote the creation of dle these objects. itself. Having metadata embedded in PDF/A-1 files with rich semantic and Let’s look at how PDF/A-1 the file can increase the information- structural information, and to allow less addresses long-term preservation al value of electronic documents and complex files such as scanned images. needs : enhance the future researcher’s under- There are two levels of conformance. • Device independence – PDF/A-1 standing of the document. Level A uses Tagged PDF and Unicode requires device independent compo- character maps to preserve the document’s nents so that the static visual appear- “ For an archival standard logical structure and content text stream ance can be reliably and consistently to be viable, it must allow in natural reading order, and level B rendered and printed without regard includes all requirements of ISO 19005- for the hardware or software platform for flexibility 1 minimally necessary to preserve the used. The graphics clause, for exam- of implementation.” visual appearance. While level A should ple, incorporates requirements from support a higher level of document pres- PDF/X to ensure predictable colour • Transparency – level A conforming ervation service and confidence over time, rendering. PDF/A-1 also prohibits PDF/A-1 files provide text “ in natu- level B allows PDF/A-1 conformance the use of components not defined ral reading order ” so that the file can without requiring users to define structure in PDF Reference 1.4. be read with basic text editing tools, or other descriptive information. • Self-containment – everything that such as MS Notepad. This supports access to the informational content Meeting long-term is necessary to render or print a PDF/ A-1 file must be contained within the of PDF/A-1 files, even without the preservation needs file. The fonts clause requires that all benefit of a PDF/A-1 reader. The PDF/A Joint working group fonts used are embedded in the file. • Accessibility – PDF/A-1 prohibits identified desirable properties for a long- A PDF/A-1 conforming writer must encryption in the file trailer. This pro- term preservation format. We adopted always embed fonts, meaning that the hibition means that user IDs and/or them as our objectives in developing the file will be rendered using the fonts passwords are not needed to do any- PDF/A-1 standard to ensure that it would intended and not those residing on thing with a PDF/A-1 file. PDF/A-1 meet long-term preservation needs. the local workstation. A conforming files are open and available to any- Our intent was not to claim that reader must always use the embed- one or any software that processes PDF-based solutions are the best way to ded fonts. The standard warns crea- the file. Implementers that require preserve electronic documents. We simply tors that not all fonts can be legally access controls can provide them defined PDF/A-1 as an archival profile of embedded and that legal restrictions on outside of the file format. embedding should be determined. PDF that is more amenable to long-term • Disclosure – PDF/A-1 is based on preservation than traditional PDF. The annotations clause prohibits an authoritative specification that is embedded files because such files publicly available. Anyone can use An archival profile rely on external software for ren- the PDF reference and XMP specifi- of PDF dering. In the future, some software cation in conjunction with PDF/A-1 programmes could be unavailable, to create applications that read, write, The PDF/A-1 standard is orga- and the information within embed- or process PDF/A-1 files. Adobe has nized to mirror the PDF 1.4 Reference. ded files could be lost. granted a general royalty free license In developing the standard, we assigned to use certain of its patents to create each section to a subcommittee, com- • Self-describing files – PDF/A-1 requires applications that process PDF/A files. posed of PDF developers, archivists, the Adobe Extensible Metadata Plat- Additionally, it has granted AIIM and librarians and content managers. These form (XMP) be used for embedding NPES the rights to publish these spec- experts collaboratively evaluated each metadata in PDF files. Again, to allow ifications on their respective Internet section of the PDF Reference against flexibility of implementation, PDF/A- sites for the foreseeable future. desired properties of a long-term format 1 provides recommendations for doc- (i.e. our objectives). Based on this eval- umenting file attributes (such as file • Adoption – PDF/A-1 was designed uation we identified PDF components identifier, file provenance, font meta- for flexibility of implementation to

ISO Focus March 2006 19 Main Focus

promote its wide adoption. If wide- ly adopted, PDF/A-1 software tools will proliferate and the market will support the file format, to help ensure the viability of PDF/A-1 and extend the length of time that PDF docu- ments can be maintained as PDF/ A-1, as long as the demand exists.

Reliability and predictability The requirements of PDF/A-1 emphasize reliable and predictable render- ing of static visual appearance. Users should use a PDF/A-1 conformant viewer to view or print PDF/A-1 documents. Conformant viewers should ensure reliable visual repre- sentation of the document. Also, PDF/A-1 permits the inclusion of interactive elements (e.g. annotations and hyperlinks) but sug- gests that a conformant viewer treat them as inactive. Implementers should take these needs into account when choosing a con- formant viewing tool. PDF/A may not be the last pres- ervation format you will need, but proper application of it should result in reliable, ment in IT for learning, education and predictable and unambiguous access to The learning training. In fulfilling a leadership role the full information content of electron- curve – how IT in the standards domain, the subcom- ic documents. mittee has an emerging reputation for Work has already begun on PDF/ shapes learning quality and innovation – by utilizing A part 2 (PDF/A-2) and part 3 (PDF/ proven, value-adding processes and

A-3) which will be based on PDF 1.6 environments procedures in producing International (which subsumes PDF 1.5). Implement- Standards and technical reports. Only ers have requested that the following by ensuring quality and innovation for features be considered for inclusion in by Bruce Peoples, Chair the implementers and users of SC 36 future parts of PDF/A : of ISO/IEC JTC 1/SC 36, documents, will the global use of IT in • JPEG 2000 image compression ; Information technology for the creation of learning environments achieve its potential. • More sophisticated digital signature learning, education and training Learning environments are unique support ; n the domain of learning, education, in that standardization and interopera- • Open type fonts ; and training, knowledge manage- bility are required across many levels of • 3D graphics ; Iment within information technolo- implementation, including the low-end gy-based learning environments requires (e.g. a standalone PC workstation, or • Audio/video content ; specific standards to supplement exist- Personal Digital Assistant), the middle • Consistency with PDF/X, PDF/E and ing and emerging knowledge manage- (e.g. workstations with high-speed inter- PDF/UA. ment standards. net access) and the high-end (e.g. high- The PDF/A Joint working group With a membership of 28 national fidelity simulators and trainers). is creating both a set of application notes standards bodies and 20 liaison organi- Learning environments consist- and a list of frequently asked questions zations, ISO/IEC Joint technical com- ing of e-enabled learning services across which will be made publicly available to mittee JTC 1, Information technolo- the globe are also unique in the realm of assist developers of PDF/A applications gy, subcommittee SC 36, Information IT and standardization because of their to better understand the requirements of technology for learning, education and embedded cultural attributes derived from the file format and provide implementa- training, serves as the pre-eminent inter- the unique educational and social heri- tion guidance. national forum for standards develop- tage of each region, nation and language.

20 ISO Focus March 2006 diverse membership brings unique per- spectives, grounded in the educational heritage of the societies that they repre- Managing knowledge sent. These educational heritages serve as a reminder, that we must remain focused is the first of a four-part standard, and on people, not technology. serves as a tool for education and train- ing organizations to efficiently create, Creating support for adapt and implement quality content and e-learning learning environments based on their requirements, needs and context. In creating quality IT standards and technical reports, SC 36 has seven WG 6, International Standard- working groups (WG) and one rappor- ized Profiles, is developing profile stand- teur group (RG) : ards consisting of existing ISO, IEC and consortia standards, enabling the use of WG 1, Vocabulary, is develop- needed multiple domain standards that ing domain-specific terminology stand- support e-learning environments. One ards and will be harmonized with the such emerging standard, ISO/IEC 24725- existing ISO/IEC 2382 series for IT 2, Profiles of standards and specifications, vocabulary. – Part 002 : Profile of Rights Expression WG 2, Collaborative technology, Language (REL), refines the existing is developing several standards to support ISO/IEC 21000-5, Information technol- the IT aspects of learner collaboration. ogy – Multimedia framework (MPEG-21) These standards include the collabora- – Part 5 : Rights Expression Language, tive workplace (data collection and reuse features for the learning, education and for collaborative environments), learn- training community. © ISO © er-to learner interactions (peer-to-peer WG 7, Culture language and and group) and agent-to-agent interac- These cultural attributes play a key role human functioning activities, is devel- tions (intelligent agent-based interfaces in how knowledge management functions oping a framework for content and user in collaborative environments). within learning environments. interfaces to be accessible by users with In producing IT standards for WG 3, Participant information, disabilities – where ‘ disability ’ is con- learning, education and training, we is developing standards that specify data ceived not as something a person lacks, must ensure these cultural heritages are models, bindings, codings, APIs, proto- being instead a mismatch between learner recognized and respected. In SC 36, our cols, etc., for data interoperability and needs and the education delivered. data exchange of information associ- RG 1, Marketing, is the SC 36 ated with learners (e.g. grades, prefer- group responsible for coordinating and About the author ences, abilities, objectives, portfolios in many cases delivering marketing and and peers). Bruce Peoples, communications to support the engage- a Systems Engi- WG 4, Management and deliv- ment of stakeholders in the standards neer at Raythe- ery, is focused on producing a multi- development process and awareness and on, is based in part standard and metadata for learn- adoption of our work products. State College, ing resources. The proposed data model PA, USA. He has over fifteen includes a flexible framework for spec- ifying disjointed conceptual schemas Develop your own years of experi- system with a template ence in the inte- that define structures and data elements grated design, for metadata instances associated with The recently published ISO/IEC development and learning resources. 19796-1 is a first step in harmonizing the implementation of complex training, per- WG 5, Quality Assurance and variety of quality approaches used in the formance, decision, and production sup- Descriptive Frameworks, is focused on field of learning, education and training port systems. He currently leads research (see box on page 23). The standard helps projects in the field of advanced intelligent developing standards that provide guide- multilingual systems. Mr. Peoples lines and support functions specifically decision makers, quality representatives, received a Bachelor of Science degree, for the field of learning, education and system developers and users to develop and a Master of Science degree from Clar- training, in particular e-learning. Their their own quality system. It is not a stand- ion University of Pennsylvania in Com- recently published standard, of ISO/IEC ard for certification, but a tool which pro- munication Systems, specializing in 19796-1:2005, Quality management, vides a common quality language, a for- Instructional Systems Design. assurance and metrics-general approach, mat to make quality interoperable, and a

ISO Focus March 2006 21 A bird’s eye view Main Focus of ISO/IEC JTC 1/SC 36 Scope : Standardization in the field of information template for developing ICT support for technologies for learning, education and training, to quality development. support individuals, groups or organizations, and to Commenting on UK e-learning enable interoperability and reusability of resources solution provider Simulacra’s 1) adop- and tools. tion of ISO/IEC 19796-1, CEO Michael Vision : A unified set of IT standards widely accepted Copestake said : “ This quality standard is by the intended class of users in the learning educa- ideal for us to use as a framework for all tion and training market. our e-learning services – we are applying it as a significant part of our enterprise Purpose : benchmark programme for example. In • Provide quality information technology learn- ISO © this programme we work with our cli- ing, education and training standards that meet stakeholder needs ; ents to create their own quality e-learn- ing strategy. We are also integrating this • Promote the use of information technology learning, education and train- quality standard into our implementa- ing standards produced by providing supporting materials ; tion method for Simulacra’s advanced • Provide leadership in information technology learning, education and train- e-learning solutions and have used its ing standardization through : principles in developing our own out-of- – The development of a comprehensive set of integrated standards with the box e-learning direct online learn- broad international and professional consensus ; ing portal ”. He added : “As a company we have a history of supporting and pro- – Initiating cooperative work with international professional and standards viding leadership to the development of producing organizations. British and International Standards in e- • A framework that : learning. Working with both government and leading UK organizations – some – Facilitates the integration of standards developed in other standards pro- international – it was important for us ducing organizations ; to take the best of the best practice from – Facilitates cooperation in the development of standards produced in SC round the world and make it available to 36 and in other International Standards producing organizations ; people in small and medium enterprises – Minimizes the inconsistencies between related standards including those and public sector initiatives.” developed by other standard producing organizations. “ Educational heritages Values : serve as a reminder, that • International consensus ; we must remain focused on • Leadership and expertise ; people, not technology.” • Quality and innovation ; • Informed and responsive development ; Another example of the subcom- mittee’s success is the fast-tracking of • Inclusion of different educational, cultural and linguistic paradigms. ISO/IEC 23988, A code of practice for the use of information technology (IT) in If you wish to participate in ISO/IEC JTC1 SC 36, please contact Bruce Peoples, SC 36 Chair, Bruce_ the delivery of assessments. This knowl- [email protected], or David Hyde, SC 36 Secretariat, [email protected] edge management-related standard is essential to all organizations that deliver tests, assessments or exams by computer. Among the other successes are Marketing group to These include universities, exam boards, the subcommittee’s work on accessi- create global awareness schools and colleges, as well as employ- bility – which includes three projects ers and training companies. This stand- under ballot in this area and participa- Creating quality IT standards and ard introduces guidelines and minimum tion in the ISO/IEC JTC 1-level special technical reports that are relevant to the requirements for any organization that working group on accessibility – partici- global community is not an easy task. uses computers to make assessments and pation at the recently concluded United There are several challenges faced by SC ensures that it establishes a good code of Nations World Summit on the Informa- 36, which we recognize and address on practice for delivering them. tion Society, and the co-organization of a daily basis. Our challenges are bridg- a major conference on e-learning, in col- ing the digital divide between educators 1) Simulacra is a company founded in 1997 laboration with the Agency of French- and technologists, involving developing with the mission to use online services to support business and technical change in the education speaking Universities, addressing stand- countries in the standards development and culture sectors. ards and the developing world. process, possible erosion of culture, and

22 ISO Focus March 2006 ISO/IEC standard benchmarks quality of e-learning by Elizabeth Gasiorowski-Denis

An ISO/IEC International Standard aims to harmonize the various approaches used around the world for assessing the Managing knowledge quality of e-learning initiatives. “ The standard represents the har- coordinating standards activities with oth- monized international know-how on er ISO/IEC subcommittees and techni- quality for e-learning,” explains Bruce cal committees, and with consortia and Peoples, Chair of ISO/IEC group that regional standards activities. developed the standard. “ By having SC 36 is rising to these chal- comparable and commonly understood lenges through a variety of methods. requirements and criteria, there will be a We actively recruit new national body better match between the needs of users, members and liaison organizations to purchasers and providers.” add expertise and to bring stable con- The acceptance of e-learning by the market is dependent on the quality of sortia standards and specifications into the related products, services and tools. A harmonized conception of e-learning SC 36 for internationalization. We con- quality is a prerequisite for a properly functioning market in e-learning products stantly support and attend international and services, and for their overall quality to continually improve. and regional conferences to exchange ISO/IEC 19796-1:2005, Information technology – Learning, education and information and perspectives with edu- training – Quality management, assurance and metrics – Part 1: General approach, cational and technical communities. We provides an overall framework which can be used for introducing quality approach- produce guides that allow the user com- es in all provider and user organizations of e-learning. The standard will make it munity to develop quality implemen- easier to compare and evaluate the relative merits of different initiatives. tations with interoperability in mind. The standard harmonizes the international conception of e-learning qual- We use advanced collaboration tools ity by creating a coherent inventory of the diverse processes which affect the to enhance the standards development attainment and preservation of e-learning quality. These processes embrace all process, especially in the review of doc- e-learning application scenarios, such as content and tool creation, service pro- uments. We also utilize our marketing vision, learning and education, monitoring and evaluation, and lifecycle stages rapporteur group to engage stakehold- – from continuous needs analysis to ongoing optimization. ers, create global awareness and adopt According to Bruce Peoples : “ The standard will reduce the cost and our work products complexity of adopting quality approaches and, at the same time, bring new or improved products and services to the market. This will have the effect of “ Our challenges are enhancing the level of innovation, diversity of supply and procurement intelli- gence in the market.” bridging the digital divide ISO/IEC 19796-1 is the first part of an overall framework which is due to be between educators and developed over the next two years and that will include the following documents : technologists.” 1. Part 2 : Quality model, will harmonize the aspects of quality systems and their relations and will provide orientation for all stakeholders. It will not SC 36 is also looking into options enforce any particular implementations but will, instead, focus on their to augment the responses to these chal- intended results. lenges. For example, we are actively looking into twinning, where member 2. Part 3 : Reference methods and metrics, will harmonize formats for describ- nations volunteer to sponsor representa- ing methods and metrics for quality management and assurance. It will tives from developing nations to partici- provide a collection of reference methods that can be used to manage and pate in the work of developing standards. ensure quality in different contexts. This part will further provide a collec- We are also looking into the feasibility tion of reference metrics and indicators that can be used to measure qual- of assisting in the creation of regional ity in processes, products, components and services. standards strategy groups, as a mecha- 3. Part 4 : Best practice and implementation guide, will provide harmonized nism to receive critical inputs, in devel- criteria for the identification of best practice, guidelines for the adaptation, oping global standards strategies and to implementation and usage of this multi-part standard, and will contain a foster the necessary collaboration infra- rich set of best practice examples. structure for implementers of standards ISO/IEC 19796-1 has been developed by ISO/IEC Joint technical com- to address issues such as interoperabil- mittee JTC 1, Information technology, subcommittee SC 36, Information tech- ity on a global scale. nology for learning, education and training. The standard is available from ISO national member institutes and from ISO Central Secretariat ([email protected]).

© Courtesy of NASA/JPL/UMD Artwork by Pat Rawlings ISO Focus March 2006 23 Main Focus

resent. They can register descriptive and provenance information, such as who is responsible for the data, why it was col- lected, what concepts it is related to, the definitions of data elements and defini- tions of their permissible values, who agrees to the validity of the concept def- initions, etc., which all concern seman- tics. The coming wave of semantic com- puting is based on the notion that seman- tics can be taken into account as com- puters process data.

Understanding concepts, managing metadata Humans have spent a million years progressing from grunts to eloquence, but computers are just beginning to process information based on the semantics car- ried by human language. Over thousands

© ISO © of years, philosophers have argued about, technologies that advance the capabili- and illuminated us with, notions of how Common sense, ties of computers to register and man- we think – about things in the real world, common logic age semantics in association with data. or things conceived in the mind – through ISO/IEC JTC 1, Information technology, use of concepts and the linguistic expres- subcommittee SC 32, Data management sion of those concepts. More recently, and interchange, working group WG 2, ISO/TC 37, Terminology and other lan- by Bruce Bargmeyer, Chair of Metadata, is working with ISO/TC 37, guage and content resources, has devel- ISO/IEC JTC 1, SC 32, Data Terminology and other language and oped standards for managing terminol- ogy and language resources, which are management and interchange content resources, (see box on page 26) and several ISO technical committees proving useful in developing the ISO/ omputers don’t understand. in application areas to make advances, IEC 11179, Metadata registries (MDR) They do what they do incredibly align standards and build on each oth- family of standards. Nancy Lawler, an fast, but understand nothing – er’s standards. expert in WG 2 and project editor from C the USA, presents the challenge: “ We at least in the human sense of the word. We would like for computers to be more want to register any semantic artifacts Semantic computing ? helpful – to do what we mean, not what that are useful in managing and using we say, so that we don’t have to say it so How can we lay a foundation data ”. This includes registration of con- explicitly and in such detail. We would for semantic computing ? Even for cepts, which may be structured, semi- like a computer to reason gently while humans, the meaning of data can be structured or unstructured in databases, it performs the task we intend, possibly elusive. Without much context, the knowledge bases and text. encountering a blizzard of potentially datum “ 42 ” can be recognized as an It is quite impossible to put real useful data, to produce a desired result. integer. In the context of the Hitchhik- world entities – apples, oranges or Patrick 1) Such applications require processing er’s Guide to the Galaxy , the number J. Hayes – into a computer in any useful data based on its meaning or semantics, 42 is the ultimate answer to life, the way, or to conjure them out of a compu- in ways that elude traditional program- universe and everything. In most con- ter. So we must represent the real world ming capabilities. texts, any item of data usually falls as concepts that can be referenced by a There is currently a surge of somewhere between these extremes of activities dealing with semantics man- meaning. Given that meaning is elusive 1) See : www.ihmc.us/users/phayes/ Pat agement, knowledge management, cre- in natural language, how can computers Hayes is a John C. Pace Eminent Scholar at the ation of the semantic Web and seman- deal with the meaning of data ? Ultimate- Institute for Human and Machine Cognition at tic computing. In ISO and IEC (Interna- ly, “ meaning ”, like beauty, is in the eyes the University of West Florida and is a former of the beholder. However, creators of president of the American Association for tional Electrotechnical Commission), a Artificial Intelligence. His current research multidisciplinary effort is underway to data and primary users can convey to focuses on the representation of knowledge, the help specify fundamental techniques and others what they intend the data to rep- underpinnings for an artificial consciousness.

24 ISO Focus March 2006 computer. But it is no more possible to the environment 3) are used to document enter the concept – of an apple, orange data for a broad range of users, including or Patrick J Hayes – which you may hold system developers, programme manag- Managing knowledge in your mind, than it is to enter the entity ers, researchers and the general public. itself. So we must register a proxy, such To date, these metadata registries have as a definition, a term, an image or an focused on registering metadata (data model, with most of the six-part standard icon, as something that can be record- that describes other data). elaborating how to use the metamodel ed and machine processed. Thus, we are and its attributes. The part 3 metamodel driven to understand the convergence essentially serves as the schema for a of concepts, definitions, terms, images, Ontology, anyone? metadata registry, which can be imple- icons and the ways that we can manage There are several eloquent, if a mented using a database management the metadata, which underlies databases, bit Delphic, definitions of “ ontology ”. At system, thus enabling query facilities knowledge bases and other computable an implacably practical level, ontologies to provide easy access to the metada- expressions about phenomena in the real consist of concepts, relationships among ta through interfaces tailored to various world and conceptions of the mind. the concepts, and possibly axioms, which user populations. might be statements in some logic-based “Effort is underway to language (like ISO/IEC 24707, Common logic). A loose definition of ontologies Extending metadata specify fundamental includes what ISO/TC 37 refers to as registries techniques and concept systems, which might include Leaders of WG 2 are working technologies that advance thesauri, taxonomies and partonomies. 4) with participants from around the world computer capabilities John Sowa notes that a terminological to resolve hundreds of issues for the ontology is an ontology whose categories third edition of ISO/IEC 11179. There to register and manage need not be fully specified by axioms and 5) are proposals to enhance the semantic semantics in association definitions . A looser notion of ontolo- management capabilities by extending with data.” gy might include glossaries and control- the standard’s metamodel to more rig- led vocabularies – terms and definitions orously specify concepts, relationships without any relationships. We want to between concepts, the associated defi- Magnificent, yet register the content of all of these things implacably practical nitions and terms (signs) used to rep- and any concept-based graph structure resent concepts, along with machine Yet, the thrust of the metadata comprised of nodes, edges and possibly processible statements about them. registry family of standards is to be axioms that may include millions of con- These extensions should help meta- implacably practical, and registering cepts, terms and relationships (maybe data registries to enable the semantic the semantics and provenance of data billions). We want to link the concepts Web by grounding the concepts found has long been their forte. For exam- (e.g. research organization w, person x, in ontologies (e.g., OWL ontologies – ple, metadata registry applications in disease y, location z) to data, even when an ontology Web language for process- healthcare 2), transportation, aviation and we may only have a probabilistic notion ing information on the Web). It should of w, x, y, and z. also be possible to ground the subject, verbs and objects (nodes and edges) About the author Semantic management of RDF (Resource Description Frame- capabilities work, for how to describe any Internet Bruce resource such as a Web site and its con- Bargmeyer is a Work is underway to extend the tent) statements through use of the con- Staff Computer semantic management capabilities of the tent of metadata registries, which may Scientist at the metadata registries standard. The first University of edition of ISO/IEC 11179 was written California, entirely in prose and contained about 15 2) See : ncicb.nci.nih.gov/NCICB/ Lawrence items of information (metadata) that can infrastructure/carore_overview/cadsr Berkeley Nation- be used to describe data. It specified, for 3) See : www.epa.gov/edr al Laboratory, the first time, an International Standard and Chair of 4) John F. Sowa is a cofounder of VivoMind for standardizing and harmonizing data ISO/IEC JTC 1, Intelligence Inc., a fellow of the American SC 32 – Data management and inter- as a general discipline, useful in a broad Association for Artificial Intelligence and he has change. He leads research, development range of application areas. The second taught courses at the IBM Systems Research and demonstration projects in the areas edition of ISO/IEC 11179 expressed a Institute and universities. of metadata registries, semantics and more extensive set of metadata attributes 5) See John Sowa’s description of ontology at : ecoinformatics. as a unified modelling language (meta) http://www.jfsofa.com/ontology/guided.htm

ISO Focus March 2006 25 Terminology – fuelling the engines Main Focus of knowledge management by Håvard Hjulstad, Chair of ISO/TC 37, Terminology and other language and content resources be vetted and managed by large com- munities of interest (e.g. healthcare, “ The long crooked thing that connects the big noisy machine to that grey environment, geography, construction). gadget.” There isn’t much information left in a message if you leave out the ter- Proposals for the third edition also spec- minology. Terminology is the key to communicating and managing knowledge. ify metadata structures that can support The terms themselves, the defined meanings and the relations between the con- more advanced queries such as infer- cepts are all building blocks in any knowledge-based system. encing on metadata stored in metadata ISO technical committee ISO/TC 37, Terminology and other language registries. Inferencing enables users to and content resources, is as old as ISO itself. It’s a relatively small, but impor- find information by traversing not only tant committee : everybody uses our International Standards – whether they the concepts, but also the relationships know it or not. between them. The technical committee cannot tell you what the “ long crooked thing ” is called, but its standards and expertise may be used to figure out what the A common logic standard “ thing ” should be called. And more importantly : how to express our knowl- edge about the “ thing ”. This work also draws on other projects; an emerging standard for com- Basic standards relating to terms and concepts, definitions and concept mon logic (ISO/IEC 24707) and the ISO/ relations, as well as layout, coding and typography have existed for a long time, IEC 19763 framework for metamodel and they are kept up-to-date and continually improved. The portfolio of stan- interoperability family of standards being dards developed by the technical committee form a core set of documents that developed in SC 32/WG 2. are central to any terminology activity, including writing of International Stan- A multi-stakeholder group is pur- dards. These documents were first developed in the paper age ; now they are suing research to produce proposals for fully adapted to the information age. Typefaces and visible symbols are still the third edition of ISO/IEC 11179 and important, but in addition the documents now deal with information structur- to develop a demonstration prototype of ing, metadata and XML. a third edition metadata registry. This is Since the establishment of the ISO/TC 37, a language industry and a con- the eXtended Metadata Registry (XMDR) tent industry have developed. A few years ago the committee took the natural project 6) being led by the Lawrence Ber- consequence of that and modified its title and scope to include this entire field keley National Laboratory of the Univer- within its area of interest. The more traditional field of terminology is now being sity of California. It is focused on con- seen in the context of language resource management. tent for the environment and healthcare in support of ecoinformatics and bio- Efficient management, combination and reuse of language resources informatics as well as defense applica- require sophisticated structuring and standardized metadata. This has always been tions. Sam Chance, a project sponsor, is central to terminology work, but during the last ten years this has been brought leading this effort from the initial core to a much higher level of abstraction than was previously the case. Relatively content and capabilities toward provision simple “ fields ” and “ field codes ” of traditional terminology management have of a semantic, service-oriented architec- been replaced by newer information management techniques. The development ture, along with extending the tradition- of ISO 12620, Computer applications in terminology – Data categories, is typ- al role of metadata registries from data ical in this respect. It started as a relatively simple list of data categories based lifecycle management to include ontol- on a variety of existing “ term record formats ”. It will most likely end up as a ogy life cycle management. “ language resource metadata registry ”. Metadata interoperability and Structuring principles for terminology and language resources have under- bindings are important for provision of gone great changes. Yet the resulting list of terms and definitions may look the metadata registry services and are being same. So why change ? The reason is simple : Looks deceive ! Terminology and specified by ISO/IEC 20944, Informa- other language resources structured according to state-of-the-art principles (e.g. tion technology – Metadata Access Serv- according to the principles of ISO 16642) may be utilized in more ways than ice. This will help metadata registries to the original editor or compiler could imagine. These resources fuel the engines provide semantic services, possibly as of knowledge management. part of a semantic grid. ISO/TC 37 is by no means stopping at that. A series of new International Standards is being developed or planned, e.g., to facilitate knowledge extraction 6) See: xmdr.org from texts and multi-lingualism in knowledge management. The language and content industries have many actors in academic and commercial environments. International standardization greatly enhances pos- sibilities of sharing, which are a key success factor.

26 ISO Focus March 2006 Topic Maps – Supporting both Managing knowledge knowledge and information by Steve Pepper, Convenor of ISO/IEC JTC 1/ SC 34, Document description and processing languages, WG 3, Information association

ho would have thought that trying to figure out how to Wmerge back-of-book indexes would lead to a comprehensive family of standards that addresses some of the fundamental problems of today’s knowl- edge economy ? But that’s essentially the story of ISO/IEC 13250, Topic Maps, a standard that is seeing widespread adoption as a technology for capturing organizational memory, improving information retrieval and integrating legacy data systems. Back in the early 1990s a num- ber of players in the computer indus- try were meeting to figure out how to interchange electronic documentation between different computer systems. They called themselves the Davenport Group and they ended up adopting ISO 8879, Standard Generalized Markup Language (SGML), to create an applica- tion called DocBook that is still in wide- spread use today. Some of the participants in this

effort had a particular business problem ISO © that they needed to solve: they wanted to Homonyms are words that mean a search engine doesn’t know the do more than simply interchange docu- more than one thing, like “Paris”, which difference between the capital of ments; they wanted to merge the index- is the capital of France, a Trojan hero and France and the Trojan hero. Search es of those documents in order to cre- a character in Romeo and Juliet, just to for Paris and you’ll get both. (This ate a master index across multiple sets name a few. is known as the problem of preci- of documentation. Synonyms, on the other hand, sion.) ; are words that mean the same, like “ St. • And one reason why you often don’t Where search engines Petersburg ” and “ Leningrad ”. find what you’re looking for is that fall down What a lot of people don’t real- a plain search engine doesn’t know ize is that homonyms and synonyms are Their first attempts were a total that Leningrad is the same as St. the source of many of today’s informa- failure, but in the process they discov- Petersburg. Search for St. Petersburg tion overload problems : ered a number of concepts that librarians and you’ll miss all the documents have known about for centuries, includ- • One reason why you get many irrel- that talk about Leningrad. (This is ing homonyms and synonyms. evant hits using Google is because known as the problem of recall.)

ISO Focus March 2006 27 Main Focus

Knowledge structures It soon became clear that the Topics represent the subjects in a domain model underlying back-of-book indexes of interest. If our domain is the SC 34’s These were some of the very also underpins glossaries and thesauri ; standards activities, typical examples might basic lessons that were learned dur- that it looks very much like the semantic be SC 34 itself, our Chair (Dr. James D. ing that first attempt to merge index- networks of artificial intelligence (and Mason of the US Department of Ener- es. They led to the insight that back- thus truly does express knowledge) ; and gy), our Secretariat (Standards Council of-book indexes are actually “ models that, with a little further generalization, it of Canada), our working groups, projects, of […] the knowledge available in the could support the capture, collation and national bodies, experts, etc. materials that they index. But the mod- management of both information and els are implicit, and they are nowhere • Topics are thus just like the list of knowledge, irrespective of where they to be found ! If such models could be topics you find in a back-of-book might reside or what form the informa- captured formally, then they could index. tion might take. guide and greatly facilitate the process At this point, in 1995, Topic Maps Associations represent relationships of merging modeled indexes together ” was approved as a new work item with between these subjects : SC 34 is a sub- (Dr. Steven R. Newcomb). responsibility going to what is today committee, WG 3 is part of SC 34, WG 3 This is what led to the develop- 1) JTC 1, Information technology, SC 34, is responsible for ISO 13250 , Jim Mason ment of Topic Maps. The original goal Document description and processing is Chair of SC 34, Jim Mason represents was to formalize the model of back-of- 2) languages. This subcommittee was ANSI , Jim works for DoE. You get the book indexes using the newly approved already responsible for SGML and idea. ISO/IEC 10744, Hypermedia/Time- based HyTime ; Topic Maps was a natural • Associations are like the “ see also ” Structuring Language (HyTime). addition to the family and the standard relationships you find in back-of-book was finally published in 2000. indexes. “ Topic Maps is a standard Occurrences are information resources that, for the first time, The TAO of Topic Maps that are pertinent to topics : www.jtc1sc34. allows us to really manage The basic concepts are extremely org is the Web site of SC 34, www. knowledge, not just simple ; they are called topics, associa- isotopicmaps.org is the Web site of information.” tions, and occurrences (often referred to WG 3, http://www.jtc1sc34.org/ as the “ TAO ” of Topic Maps). repository/0696. is the final draft international standard (FDIS) text of Figure 1 – A for the domain of standards development, consisting of four topics, three ISO 13250-2, etc. associations, and nine occurrences of different types. Note that one information resource, a picture (circled), is an occurrence of two different topics. • Occurrences usually involve external documents (of any type or Legend P erson Subcommittee W orking group Standard media), in which case the link cor- responds to the page numbers in a Part of Chair of Responsible for back-of-book index. In addition to the basic model there WG 3 are types. Figure 1 shows four topic types Jim Mason SC 34 (person, subcommittee, working group and ISO/IEC 13250 standard), three association types (conve- nor of, part of and responsible for) and seven occurrence types (Chair’s report, Knowledge bio, picture, Web site, terms of reference, new proposal text and final draft interna- Information tional standard text). NP Types are important because they BIO WEB TEXT allow Topic Maps to convey more infor- WEB SITE mation to the user and thus ease the task SITE of locating information. They also go a long way to solving the problem of CH A I R ’ S homonyms, since the type of a topic is REPORT FD IS often sufficient to disambiguate hom- PIC TO R TEXT 1) ISO 13250, Information technology – SGML applications – Topic maps 2) ANSI – American National Standards Institute

2 8 ISO Focus March 2006 onyms such as Paris (capital city), Par- A standard for knowledge is (Trojan hero) and Paris (Shakespear- management ean character). Managing knowledge There are no predefined types; A Topic Map is essentially a instead, the creator of the Topic Map knowledge base that can be used, among committees chaired by employees of the defines whatever types are needed for a other things, to capture and manage the DoE ? ” Imagine putting that kind of que- particular application. This means that very matter of knowledge management : ry to Google ! This is more like an SQL Topic Maps can be applied in absolute- namely, organizational memory. query on a relational database – except ly any domain and express any kind of Topic Maps is thus a standard that a Topic Map contains knowledge, relationship (as opposed to, say, thesau- that, for the first time, allows us to really rather than data. ri, which only support a limited set of manage knowledge, not just information. relationships). In fact, it is the knowledge management standard par excellence, since it supports Topic Maps additional Furthermore, topics have names. features In fact, topics can have multiple names, both knowledge and information. and it is possible to specify the context Also, because Topic Maps is an There are a couple of addition- in which each name is valid. This allows International Standard, with an XML- al features in Topic Maps that add even us to capture the fact that “ Dr. James D. based interchange syntax, it holds the more power. The first of these is the con- Mason ”, “ Jim Mason ” and even “ Jim ” all-important promise of longevity and cept of scope, to which we have already (in a certain context, such as that of this vendor independence for the knowledge alluded when discussing names. article) all refer to the same subject. The it is used to manage. Scope expresses the context in ability to support multiple, contextual What’s more, because Topic Maps which an assertion is valid and thus pro- names solves the problem of synonyms is defined in terms of a formal data mod- vides support for contextual knowledge el, the knowledge contained in a Topic (and, incidentally, provides out-of-the- and the ability to represent multiple, con- Map can be automatically processed in box multilingual capabilities). flicting Weltanschauungen in one and ways that are quite impossible with tra- the same Topic Map. ditional documents. The final feature – perhaps the A multi-use model For example, the DoE could pose most powerful of all – harks back to the This simple but powerful mod- a structured query on our Topic Map ask- business requirement that originally trig- el has a surprising number of uses. It ing “which standards are the responsibil- gered the invention of Topic Maps. It is can represent all the traditional knowl- ity of working groups belonging to sub- the ability to merge Topic Maps ; any two edge organization structures, including arbitrary Topic Maps can be merged auto- indexes, controlled vocabularies, tax- About the author matically to create a single Topic Map onomies, thesauri, glossaries and (fac- that contains the sum of the knowledge eted) classifications, thus providing a Steve Pepper in the two original maps. single, unified framework for classify- (pepper This ability solves the problem of @ontopia.net) is ing information. merging back-of-book indexes, but it also the founder and opens up an incredible richness of addi- The topic/association layer mir- Chief Strategy rors the associative way we humans think Officer of Onto- tional possibilities, for example : and so functions very well as a navi- pia, a company • Supporting distributed knowledge gation interface. For this reason, Top- that provides management without losing the abil- ic Maps is rapidly gaining ground as a Topic Maps soft- ity to share knowledge (knowledge technology used by information archi- ware, consulting bases can be merged on-the-fly) ; tects to organize intranets, portals, Web and training sites and other Web-based information services. He represents Norway on JTC 1/ • Providing a unified integration layer delivery applications. SC 34, Documentation description and across legacy data systems by merg- Topic maps embody a form of processing languages, and is Convenor of ing Topic Maps that are automatically WG 3, whose responsibilities include the knowledge. While defining knowledge is generated from the contents of each HyTime and Topic Maps standards. Mr. system ; notoriously difficult, knowledge clearly Pepper is the editor of the XML Topic is not the same thing as information ; the Maps specification (XTM) and the author • Paving the way to the “ Global Knowl- difference is the same as that between of numerous papers and presentations on edge Federation ”. knowing something and simply having Topic Maps-related subjects. A frequent information about that thing. To the extent speaker at SGML, XML, and knowledge The range of applications is lim- that computers can possess knowledge, management events worldwide, he was for ited only by the imagination ! the topic/association layer represents many years the author of the Whirlwind For more information about SC 34 knowledge, while the occurrence layer Guide to SGML and XML tools. He also and Topic Maps, including examples, dem- simply contains information. co-authored the SGML Buyer’s Guide and is os, and free software, see : www.jtc1sc34. currently writing a book on Topic Maps. org or www.ontopia.net/topicmaps

ISO Focus March 2006 29 Main Focus

Protecting business information, knowledge and intellectual capital by Ted Humphreys, Convenor of ISO/IEC JTC1/ SC 27, IT security techniques, WG 1, Requirements, security services and guidelines

nformation is an all pervasive asset, driving operations and processes across Iall business areas. An increasing vol- ume of information is ascribed as being of high business value and criticality. Not only is recognizing the information value ISO © and criticality of extreme importance to all organizations, but also its potential • Leaked, disclosure without authori- of corporate and strategic importance to utility and importance for adding value zation and stolen (e.g. this could be their business. They have become key to business and its market position. an attack from an external threat, an market commodities – a currency for The importance of information accidental system failure or an insid- trading, bargaining and exchange. processes is highlighted in the recently er leaking information to competitors published Butler Report 1): or external colleagues). About the author “ Organizations generate poten- Without information security tially valuable information as in their business is faced with various impacts Ted Humphreys daily operations. If this information can including financial consequences, threats is the Convenor be captured and fed back into the pro- to the organization’s intellectual capital of ISO/IEC JTC 1/ cesses that create it, processes across the and intellectual property rights (IPR), SC 27, IT securi- whole organization can be significantly loss of market share, poor productivi- ty techniques, improved in terms of performance and ty and performance ratings, ineffective WG 1, Require- cost-effectiveness.” operations, inability to comply with laws ments, security services and and regulations, and even loss of image If businesses are to get the most guidelines, and value out of their day-to-day informa- and reputation. Director of tion, they need to make sure informa- XiSEC Consult- tion and information security risks are ants Ltd – a UK company providing infor- effectively managed. Businesses infor- Use of IT as a critical mation security management consultancy mation needs to be appropriately pro- corporate issue services around the world. He has been an tected to ensure it is not : expert in the field of IT and telecommunica- Over the last decade, more and tions security, information security and risk • Denied or made unavailable (e.g. this more organizations are seeing informa- management for more than 27 years and has could be a denial of service attack tion systems deploying the use of IT as worked for major international companies from an external threat or an acci- a critical, corporate issue of strategic (in Europe, North America and Asia), as dental system failure or overload) ; importance to their business. Hence they well organizations and institutions. In 2002, Mr. Humphreys was honoured with • Lost, destroyed or corrupted (e.g. this are seeking to move the strategic man- agement of their IT systems under the the Secure Computing Lifetime Achieve- could be an attack from an external ment Award for his achievements in shaping control of senior management, compa- threat or an accidental system failure and promoting the development and stand- or user processing error) ; ny executives, directors and the board ardization of information security manage- rather than the IT department. ment best practice. He has received an hon- 1) Source : Butler Report Exploiting Corporate In addition to information gov- orary Certified Information Security Man- Information Assets – Generating Business Value ernance, knowledge management and ager award from Information Systems Audit from Information Resources. intellectual capital are seen as key factors and Control Association (ISACA).

30 ISO Focus March 2006 Creating and using value of the company is made up of its knowledge net asset value and intellectual capital. It is generally agreed that such capital Managing knowledge A generally accepted working def- is made of : inition of the first generation of knowl- • Intellectual property values ; to get the full potential out of its cor- edge management refers to the use of porate information and to realize the • Human capital values ; business processes to combine data and IT findings of the Butler Report. information processing capacity, together • Value of the processes and method- The following important factors with the creative and innovative capac- ologies that the company uses and/or need to be taken into account to enable a ity of managers, employees and staff. has developed ; business to protect its information assets, The business world has moved on and their value and utility : refers to second generation knowledge • The essential ability of the business to exploit these assets. management, which gives precedence to • An effective risk management the way in which people create and use Intellectual property, knowledge, approach ; knowledge. It recognizes that learning processes and know-how are critical and doing are more important for suc- to the success of the modern business • A management system for informa- cess than the dissemination and imitation enterprise in a knowledge-based econ- tion security to enable an organiza- of information and knowledge. omy that is characterized by extensive tion to establish the appropriate level market competition. of security to meet its needs and to “ Information is an all Despite the legal protection a keep up to date via a process of con- pervasive asset, driving company may have asserted regard- tinual improvement ; operations and processes ing its intellectual property, piracy and • A set of best practice information theft is spreading throughout the busi- security controls and measures – across all business areas.” ness world. The reason for this is that it including a combination of security is not always easy, or even financially policies, procedures, processes and Knowledge management involves viable, to sue the offending parties. technology. the capture and processing of information As the commercial impact of pira- and the experience and use of knowledge cy seriously hits the company, legal pro- of its managers, employees and staff. If tection needs to be supplemented with Design ISMS managed effectively, it allows business to procedural, technological and physi- Maintain and exploit its information assets, and gener- cal measures to provide further layers improve ISMS ate additional value and intellectual cap- of information security. Based on a risk ital. This, in turn, enables them to grow assessment related to the value of its intel- ISO/IEC 27001: 2005 into powerful corporate assets, thereby lectual capital, the company can decide increasing the currency and utility of this just what measures are appropriate and Implement and information and knowledge. necessary. use ISMS Monitor and review ISMS The key to profitability Security information Information Security Management Systems and competitiveness systems (ISMS) Plan-Do-Check-Act cycle. It is often said that a company’s This brings us to the question ISO/IEC 27001:2005, Informa- intellectual assets are key to its success that needs answering – what do we tion technology – Security techniques – in a knowledge-based economy. If this need to do to ensure that business has Information security management sys - is the case, intellectual property and pro- the appropriate security information tems – Requirements, is an information cesses, methodologies and systems relat- systems to support its strategic infor- security management system (ISMS) ed to this knowledge-based environment mation, knowledge management and specifically designed to cover the three must be protected. These assets contrib- intellectual capital assets ? The key important factors mentioned above. It ute significantly to the company’s prof- issues are preserving the value of infor- is based on a risk management approach itability and competitiveness. The val- mation assets and possibly increasing and incorporates the PDCA (Plan-Do- ue of these types is often referred to as their value to the business, whilst taking Check-Act) process model used by assets with intangible value and also account of risks that threaten to deval- management system standards – ISO known as “intellectual capital”. Includ- ue these assets. Information security 9001:2000 and ISO 14000. ed in this set of intangibles are brands, helps to preserve confidentiality and goodwill and reputation, that are often integrity of information, and ensures ISO/IEC 17799:2005, Infor - recognized by the market but do not they are available when needed. Infor- mation technology – Security tech - appear on the company balance sheets, mation security is an important issue niques – Code of practice for infor - annual reports and accounts. Hence the to be taken seriously if a business is mation security management , is a set

ISO Focus March 2006 31 Main Focus of best practice measures that can be deployed by companies to help them protect their information, whether in paper or electronic form. It covers user and employee security measures, procedures and policies, asset man- agement, IT security measures, phys- ical security and many other areas to enable a company to build a manage- ment control framework for its infor- mation security. These security con- trols, whether implemented to protect information in IT systems and whether processed implicity or explicity, are covered by many best practice mea- sures given in the standard.

The international language for business security IT systems are being deployed and exploited to serve the strategic aims of many modern businesses providing wide-ranging opportunities in many areas of a knowledge-based economy. Many businesses are using their highly skilled, experienced workforce combined with processing of information using advance technology to deliver significant added value to the business. However, the key issue is how well business can protect its information and knowledge assets, whilst ensuring these assets maintain or ISO © increase their strategic value. Information security based on the ible and authoritative are essential to International Standards ISO/IEC 27001 Managing support legal and regulatory demands, and ISO/IEC 17799 provide business records, as well as to provide defence in court, with a basis for developing, maintain- should the need arise. ing and updating a management frame- managing However, this standard also rec- work for the protection of these impor- ognizes that records “contain informa- tant assets. Many organizations around knowledge tion that is a valuable resource and an the world are adopting these standards important business asset [...] that can across a diverse range of market sectors support subsequent activities and busi- 2) since the best practice measures and con- ness decisions” . It is this asset, com- trols defined in these standards are based by Robert McLean, member of bined with technology, systems and on years of experience that industry has people, which underpins knowledge the British delegation to ISO/TC management. How could ISO 15489 developed over the last 15 years. These 46, Information and documenta- measures are always kept up-to-date to be used to support a knowledge man- take on board the latest in business prac- tion, SC 11, Archives and records agement initiative ? tice, new and emerging threats and risks, management as well as advances in technology. These he records management stan- 1) ISO 15489 (or ISO 15489:2001) was standards are the common international dard ISO 15489 1) is often right- published in two parts, under the general title language for business security. ly viewed as a powerful tool to of information and documentation records T management. ensure that records have strong evi- dential value. Records that are cred- 2) Clause 4 of ISO 15489:2001.

32 ISO Focus March 2006 Turning strategic visions ISO 15489 not only recommends into practical realities that such an information management policy be developed, but also that it be Managing knowledge The systematic approach taken supported at the highest organizational by ISO 15489 starts with developing level and be promulgated throughout the an understanding of the organization organization by means of a communi- dled, and how people will be won over including its external environment, and cations strategy. from entrenched positions. internal activities and culture. Introduc- The policy needs to address An analysis of business activ- ing knowledge management to an orga- responsibilities and assign authority so ity (step B) collects information from nization brings enhanced “ stewardship ” that strategic visions can be turned into documentary sources and interviews responsibility to individuals as custo- practical realities. It also recognizes the with key staff to build a rich infor- dians of corporate information. Mem- importance of leadership – a champion mation map – identifying resources, bers of staff have a responsibility to with enough seniority to ensure that the media, formats and methods of access create and search for information and policy is taken seriously, and the will to and delivery of information. Users can knowledge, as well as to share expertise engage, encourage and motivate those usually identify information bottlenecks within their organization. The manage- affected by it. or gaps in the systems they use, as well ment must therefore, provide systems The organization will no doubt as identifying what they would like to that support this requirement. have recognized that current systems, see improved. If an enterprise has decided to process and “ ways of working ” need develop its knowledge capturing and adjustment – even overhaul – to free up “ It is not uncommon information sharing capabilities, then information that may have been locked it needs to state these values in strate- up in departmental silos, or perhaps, for two teams to be gic communications including a high never captured in the first place. working on the same issue level policy. ISO 15489 has a proven method- or on similar projects, ology for designing new information sys- tems and improving exiting ones based without either knowing on sound information and records man- what the other is doing.” About the author agement principles that will meet the needs of the organization. Step B leads to a gap analysis, Bob McLean establishing : has been a records manager Eight steps to a success- • what the real information needs are ; for over 25 ful records system • how they are currently met, if at all ; years and holds a Master of This methodology, also known as • what information sources are avail- Science degree design and implementation of a records able ; and in records and system (DIRS), is ideal for develop- • what manipulation or “ repackaging ” information ing sustainable systems that support of information is needed to ensure management. knowledge management. It is an eight- He has developed strategic policy and it is presented in a format that adds step process that, although presented as introduced systems and programmes in value. the field of managing proprietary informa- sequential actions, can be undertaken in tion in a number of organizations in the any reasonable order depending on the Once this detailed survey and financial sector as well as at the Wellcome current needs. analysis has been completed, it is pos- Trust – one of the words largest medical A preliminary investigation sible to identify prioritized require- research charities. Mr. McLean is a member (step A) serves to gather information ments for records against existing sys- of the British delegation to ISO/TC 46, about the organizations’ environment, its tems (steps C and D). Typically, a sys- Information and documentation, SC 11, culture and any critical factors, includ- tem which processes customer orders Archives and records management and a ing weaknesses arising from its current may contain ordering history but may member of the Association for Informa- records systems. Typically, information not be capable of tracking outstanding tion Management standards development may not be accessible to all who would orders or may not be linked to produc- committee. He has been a director of the benefit from it, or it may not be present- tion or delivery systems. Records Management Society of Great Britain who voted him Records Manager ed in a helpful form. Valuable market intelligence is of the Year in 1997. He is also an interna- Any unhelpful cultural factors, garnered by sales staff from custom- tional speaker at conferences, has written which could be the biggest impediment ers, exhibitions, trade fairs and the numerous articles for professional journals to information sharing, deserve special like, about the success of the compa- and provides training in understanding attention. The strategic policy must ny’s products, as well as those of their and applying ISO 15489. address how cultural issues will be han- competitors. Is there a way to capture

ISO Focus March 2006 33 Main Focus this and get it quickly to the decision “ Staff must be given To help to determine organi- makers at head office ? Similarly, can zational requirements in this complex the production people share real time recognition for the area, a related standard, ISO 23081- information with sales personnel to contribution that their 1:2006, Information and documenta- ensure commitments to customer can efforts will make to tion – Records management processes be met ? – Metadata for records – Part 1: Prin- It is not uncommon for two teams successful knowledge ciples, has been published. It does not to be working on the same issue or on capture and transfer.” define mandatory metadata sets since similar projects, without either know- these will be different in each organi- ing what the other is doing. It may be tation review of records systems (step H), zation. However, it does set the frame- that learnings from previous projects ISO 15489 emphasises the need to ensure work for creating, managing and using have not been captured or are locked that records systems support and do not records management metadata, and away in an isolated repository. Hence hinder the business. Records systems explains the principles that govern the same “ wheel ” albeit with different should be developed which fulfil the them. Part 2 is currently in production “ spokes ” may be reinvented several information needs defined in the strat- and aims to provide practical guidance times, thereby wasting valuable time egies and which are more pertinent to on implementation issues. and resources. the business and to systems that provide Post-implementation reviews The next step in the DIRS meth- timely access to relevant information at need to be done at regular intervals. odology (step E) involves identifying the point-of-need. Change is inevitable and inescapable. strategies that will satisfy the needs The organization must respond to that which have been discovered in the pre- change so that it can continue to sur- vious steps. The aim is to close the gaps Supporting search and vive. The principles and approaches in between what people need to know and discovery ISO 15489 are enduring and its meth- odologies can be relied upon to support what is currently available to them. It is widely recognized that much the organization through considerable Strategies may be developed that valuable information and knowledge is transformation. include provision of a project manage- contained in so called “ unstructured ” ment file structure with document tem- data – that is, not in structured data- plates to ensure consistency in the records. bases. The ability to “ mine ” into text Relationship to other One template might be a project closure documents, spreadsheets, presentations standards report that records lessons learned about and a host of other material is essen- Other standards such as ISO estimating, how critical success factors tial to a knowledge environment. The 9001:2000 also have requirements for were achieved (or not !) and the experi- key to unlocking this is records man- records, requiring that organizations ence gained that could be taken forward agement metadata. give appropriate attention and protection into other projects. Systems which manage unstruc- to their records, and that the evidence Of course, some may find such tured material must, at the design stage, and information they contain is legible, a spirit of openness a challenge. Admit- incorporate records metadata so that readily identifiable and retrievable. The ting how and why things were not per- searching and discovery is supported. newly published ISO 22310:2006, Infor- fect may open up opportunities for crit- It is often difficult for users to find their mation and documentation – Guidelines icism. However in a knowledge culture, own information much less discover for stating records management require- learning from mistakes is as important information written by colleagues. In ments in standards, identifies common as flagging up successes. Here again is systems which are not designed with elements and issues, so that it will be where skilled leadership and support ISO 15489 in mind, metadata is fre- a more straightforward matter to har- have a powerful role to play. quently missing, and often irretrievably monize records management elements When staff is asked to take great- lost over time. with ISO 15489 and ensure interoper- er personal responsibility for managing Metadata can be created at the ability between systems. their information, they must be given rec- time that records are generated or be Together, this suite of standards ognition and encouragement for the sig- added later. This can be done manually – ISO 15489, ISO 23081 and ISO 22310 nificant contribution that their efforts will or by automated means. Such metadata – will provide a valuable resource to sup- make to successful knowledge capture can also be shared, repurposed and aggre- port records, information and knowledge and transfer. Strategies that are developed gated to meet the demands of knowledge management initiatives. to create adequate records must take peo- workers. Of course, metadata serves to ple and their legitimate needs, responses fulfil a variety of different roles relevant and attitudes into consideration. to business activities, but in this context, In following the final steps – its role is to ensure ongoing protection (step F) design (or redesign), imple- of, and access to, recorded information mentation (step G) and post-implemen- and knowledge.

34 ISO Focus March 2006 Managing knowledge

dinary growth in the volume of informa- tion now available, estimating that the size of the public Web is no less than 167 terabytes 1). According to the study, the total Web including the “ deep Web ” (which includes all those hidden pages resid- ing in corporate intranets and propri- etary databases) was estimated at over 91 000 terabytes 2). In 2004, Google claimed to reach 4.28 billion Web pages (with reach into images and message boards expanding the total index to 6 billion items) 3): This is a vast information pool that scientists, researchers, scholars, students, businesses, governments and the aver- age lay person are adding to each day. © ISO © How can you make sure you are able to find the information you need ? If you One of the principal standards are a business, how do you make sure The Dublin Core promulgated by ISO, and widely adopt- your customers can find you ; equally ed in the information community, is ISO standard – 15836:2003, Information and documen- important, how can you make sure that a worldwide tation – The Dublin Core metadata ele- information on your products and serv- ment set. ices will get exposed to the customers electronic infor- Approved in 2003, ISO 15836 and potential customers you want to was developed by ISO technical com- reach so your business can grow in this mation resource mittee ISO/TC 46, Information and information-dependent age ? for business documentation. The standard is known One of the most important tools informally as the Dublin Core standard for information and resource discovery and learning after the town of Dublin, Ohio (a sub- is ISO 15836. urb of Columbus, Ohio in the USA) – communities the location of the development group’s A robust resource for first meeting. electronic information An initial report on ISO 15836 ISO 15836 defines 15 key terms, was featured in the April 2004 ISO by Stuart L.Weibel, Senior which describe the most important char- Focus. Since its formal adoption, ISO Research Scientist in the Office acteristics of an electronic information 15836 has continued to evolve and take of Research of OCLC Inc. and resource so that resource can be found on its place among the suite of standards the Web. Much like the information on a Patricia R. Harris, immediate and best practices that are being used by library catalogue card describes a book past Secretary of ISO/TC 46, businesses, government and educational Information and documentation, institutions, to manage and control elec- tronic information resources. 1) Terabytes in use : The books in the US SC 4, Technical interoperability Library of Congress have been said to contain approximately 20 terabytes of text. arnessing the enormous informa- Digesting the importance tion assets residing on the Web 2) Source : University of California Berkeley. of metadata “ How Much Information ? ” (2003) is an important part of knowl- H http://www.sims.berkeley.edu/research/ edge management today. ISO, through The challenge in managing elec- projects/how-much-info-2003/internet.htm a variety of standards initiatives and the tronic information is huge. A 2003 study 3) Source: Google Inc. “ Google Achieves continued involvement of its standards measuring the extent of the Web con- Search Milestone,” (17 Feb. 2004) developers, is at the heart of meeting ducted by the University of California, http://www.google.com/press/pressrel/ this challenge. School of Information, showed extraor- 6billion.

ISO Focus March 2006 35 Main Focus on a library shelf, the Dublin Core meta- plate that will enable anyone to cre- A strong relationship has been data elements describe the most impor- ate Dublin Core compliant metada- built with the European Committee for tant features of an electronic resource. ta. Using the metadata created by this Standardization (CEN). The DCMI and The terms are deliberately simple. template, following the examples, and CEN have agreed that CEN workshop Work on the Dublin Core stand- using the term lists and recommenda- agreements (CWA) can be endorsed as ard began in the 1990s. As the Web grew tions, HTML documents will carry high DCMI recommendations, opening the in size and in importance as an infor- quality metadata. way for the DCMI community to develop mation discovery and research tool, the the documents further and send these to Dublin Core standard matured and took CEN for update of workshop agreements hold through implementation in a vari- “ The Dublin Core standard in keeping with CEN procedure. ety of settings and countries. In 2005, six Dublin Core-relat- The metadata elements fall into now has a strong foothold ed CEN workshop agreements were three groups which roughly indicate the in other business and published. scope of information stored in them : (1) learning communities.” The Dublin Core standard now elements pertaining to the content of the has a strong foothold in other business resource (for example what is its title, and learning communities. subject, description, type, source, rela- Availability of this template sup- The broadcasting and media com- tion and coverage) ; (2) elements related ports the results of research that found that munity in the USA, with initial support mainly to the resource when viewed as authors or creators of electronic resourc- from the Corporation for Public Broad- intellectual property (such as the crea- es can create good quality metadata when casting, has developed and endorsed the tor, publisher, contributor, rights infor- working with the Dublin Core, and in some PBCore, a broadcasting metadata dic- mation) ; (3) elements describing the cases they may be able to create metadata tionary, based on ISO 15836. properties of the resource (such as date, that is of better quality than a metadata pro- The Dublin Core community has format, identifier, language). fessional can produce. This research sug- formed a joint working group with the The standard is officially main- gests that authors think metadata is valu- Open Digital Rights Initiative (ODRL) tained and supported by the Dublin Core able for resource discovery, that it should to develop a profile of ODRL/DCMI Metadata Initiative (DCMI) – an open, be created for Web resources, and that they, metadata usage. multinational group that brings together as authors, should be involved in meta- The DCMI community is work- implementers and users from all fields. data production for their works. ing closely with the Institute of Electrical The DCMI maintains a robust Web site In March 2005, the DCMI Direc- and Electronics Engineers (IEEE)/Learn- and organizes annual conferences focus- torate released the first DCMI abstract ing Object Management group (LOM) to ing on the standard. model. The Dublin Core reference model develop a recommended representation is an important milestone in the develop- of the metadata elements of the IEEE Making inroads for ment of the standard as it establishes the learning object metadata standard in the further implementation semantics to ensure interoperability of Dublin Core abstract model. the long-term advantages of its use. Prior to its formal adoption by ISO, the Dublin Core standard was test- ed extensively. It is now widely used About the authors throughout the bibliographic community Stuart Patricia Harris by publishers, documentalists, librarians L.Weibel, PhD, is the Executive and information scientists. The stand- is Senior Director of the ard is recognized globally ; notably, the Research Scientist National Infor- core elements have been translated into in the Office of mation Standards over 25 languages. Since ISO’s adop- Research of Organization tion of the standard, implementation OCLC Inc. – (www.niso.org) has continued to grow and tools have a worldwide – a non-govern- been released to support users. In paral- library coopera- mental, non- lel with these developments, the DCMI tive. He is a profit organiza- leadership is strategically working with founding member of the International tion based in the USA that develops and World Wide Web Conference Committee promotes technical standards used by pub- neighbouring information communities and has served on programme and organi- lishers, information services and libraries. to extend the benefits of the Dublin Core zational committees for the Internet Society, Ms. Harris is the immediate past Secretary standard to new groups. the European Conference on Digital of ISO technical committee ISO/TC 46, To encourage further implemen- Libraries, the Joint Conference on Digital Information and documentation, subcom- tation, the Nordic metadata project has Libraries and the International Conference mittee SC 4, Technical interoperability. designed and makes available on the on Asian Digital Libraries. For more information : http://dublincore.org/ Web free-of-charge, a metadata tem- and http://www.lib.helsinki.fi/meta/

36 ISO Focus March 2006 Managing knowledge

© ISO

Often ‘ data ’, ‘ information ’ and Individual versus How to integrate ‘ knowledge ’ are confused. Figure 1 organizational indicates the causal relation between 1) standardization these concepts. Nonaka distinguishes individ- in knowledge ual knowledge, possessed by single Tacit versus explicit operators, and organizational knowl- management edge, developed and shared by mem- Knowledge can be distinguished bers of an organization. By defini- into two types: tacit and explicit. Knowl- tion, standards are intended to cap- edge expressed in words and numbers ture organizational knowledge, to be by Henk J. de Vries, Associate is called explicit or codified, and exists used by several people and may also Professor of Standardization from objective components, or knowl- contribute to their individual knowl- at the Erasmus University, edge transmittable by formulas, tech- edge. Company standards target one Rotterdam, the Netherlands, nical specifications or embedded in organization (sometimes some of its and Marcella van Delden, equipment. It is captured in records suppliers) whereas ISO standards tar- of the past such as libraries, archives, get a multitude. a student from the same databases or standards. Tacit knowl- university edge, however, is highly personal and External versus internal based on personal ideas, experiences, n this contribution we will relate facts and is often difficult to convert. Another distinction can be standards and standardization to Communication between individuals made between external and internal knowledge management. We will first I may be seen as a process of sharing this knowledge. External knowledge lies provide a short introduction to knowl- knowledge to build mutual understand- outside the walls of an institution, edge management and then relate this ing. Explicit knowledge in contrast is like knowledge from competitors, concept to standardization. easily transferable. consultants and standards bodies like ISO. Internal knowledge is generat- ed in the organization and is easy to access and use.

Data Information Knowledge 1) Nonaka, I. (1994) A Dynamic Theory of Organizational Knowledge Creation, Organization Sciences, 5, 1: 14-37. Ikujiro Nonaka is Professor of Knowledge at the Haas School of Business at the University of California, Berkeley, and Professor of Strategy Figure 1 – Causal relation between data, information and knowledge. at Hitotsubashi University, Tokyo.

ISO Focus March 2006 37 Main Focus

The value chain Weggeman 2) developed a knowl- 1. Knowledge 2. Knowledge 3. Knowledge 4. Knowledge edge value chain: a simplified and schematic representation of the activ- ities necessary to implement knowl- Mission Development Sharing Application Evaluation edge management in an organization, see Figure 2. The term ‘ knowledge Determination value chain ’ indicates that knowledge obtains more value when it is moving of required along the chain. knowledge/ Assessment “ Why develop a company of available standard when knowledge an ISO standard exists?” Figure 2 – Knowledge value chain. The arrows at the end of the chain illustrate the continual and cyclical char- acter of the knowledge creation and knowledge is possessed, including between tacit and explicit knowledge exploitation process. tacit, and explore the most effective is necessary. Ideas are formed in the storage methods. The audit results minds of individuals but their interac- in a document providing a structural tion also plays a critical role in devel- Knowledge development overview of a chosen section of an oping ideas. Nonaka has defined the organization’s knowledge, as well process of knowledge conversion in The process of knowledge cre- as delivering details of the qualita- four modes, see Figure 3 (opposite) : ation exists of two sub-processes in tive and quantitative characteristics order to know what knowledge needs • Socialization is a process of sharing of the individual pieces of knowledge to be created: experience, thus creating knowledge within the chosen section. by observing, imitating and practic- • Determination of required knowl- When it is clear what knowledge ing. An individual can acquire tac- edge : taking the strategy of the a company has and what is required it knowledge without language. An organization or department as a start- for the diverse tasks, knowledge cre- example from a business setting is ing point, to determine the informa- ation can start, for which interaction on-the-job training. tion, skills, experiences and attitude needed to execute a strategy. During brainstorm sessions with strategic and middle managers and “ knowl- About the authors edge workers from the floor ” this information is listed. Often a lot of Henk J. de Vries Marcella van knowledge is only stated implicit- is Associate Delden, Master Management of ly, so this activity is important as it Professor of Standardization, Technology and may reveal discontinuities between Rotterdam Innovation, is a target and means. School of Man- student of RSM • Assessment of available knowledge : agement (RSM), at the Erasmus many companies are struggling to Department of University. She has written her make their knowledge visible within Technology Management master thesis the organization. When it is not clear and Innovation at the Erasmus University. about the possibility of using standardiza- who has certain knowledge, it is dif- For 19 years, he served at The Nether- tion as a concept for knowledge processes ficult to assess if a task will be done lands Standardization Institute (NEN), in within a service organization. Field properly. Therefore, a knowledge several functions, combining this between research has been conducted at Shell audit is a critical part of the knowl- 1994 and 2004 with research and teaching People Services, The Hague. edge management methodology. Per- standardization from a business point of forming an audit will disclose what view at Erasmus University. He is the author of more than 180 publications on standardization. E-mail [email protected] ; 2) Weggeman, M. (2000) Kennismanagement ; Web site : http://www.eur.nl/fbk/dep/ de praktijk. Schiedam : Scriptum. dep6/members/devries

38 ISO Focus March 2006 • Externalization is the process of indi- Other ways for developing viduals expressing, in language or knowledge besides in-house creation drawings, what they perceive from (as explained by the model of Nona- Managing knowledge socialization, dialogue or reflection on ka), can be done by employing new their own actions; articulating implic- people with required knowledge, buy- An additional phase has been it knowledge into explicit knowledge ing information, outsourcing of activ- proposed, in which knowledge is stored such as concepts, hypotheses, mod- ities or generating knowledge through and managed explicitly or made acces- els and analogies. Externalization is seminars and workshops. Why devel- sible for future use. Before knowledge the core of the knowledge creating op a company standard when an ISO can be spread in organizations, it must process, for example, the writing of standard exists ? Moreover, biblio- be formulated so that it is understood a standard. graphic information and communica- in the way the source intended it. This tion technology tools have improved • Combination involves the use of social corresponds to the externalization and access to standards. processes to combine different bodies internalization phase in Nonaka’s mod- of explicit knowledge held by indi- el and to codifying knowledge. In par- viduals. It is the reconfiguration of “ Knowledge must be ticular, companies with a continuous existing information through sorting, flow of people moving to other disci- adding, combining and categorizing shared between people plines must record knowledge so it is of explicit knowledge. Combination who need it to execute easily transferred to new employees. can lead to new knowledge. Some- their activities.” Therefore, the value chain of Wegge- times, standards are prepared using man should contain the additional phase one or more existing document as a of recording/fixing knowledge. starting point. Sharing knowledge Though Weggeman describes the In this operational phase, knowl- different phases of the value chain as a • Internalization is the stage where fixed order, we feel this is not always explicit knowledge is converted into edge must be shared between people who the situation. During a knowledge audit tacit, specific know-how. It is related need it to execute their activities. It is important tacit knowledge can be discov- to learning-by-doing and may include important to make a distinction between ered, codified and recorded directly. The using standards. the knowledge domain of the providers of the knowledge (e.g. standards writ- value chain should be a continual proc- ers) and the receivers of ess in which the different phases do not To : the recorded knowledge have to expire sequentially. Weggeman Explicit Tacit (e.g. the users of standards) described only one feedback loop in his when it is being shared. value chain and we suggest that all sub- Both have their own knowl- processes should have feedback loops so Tacit Socialization Externalization edge domain. they can be optimized.

Applying Handling knowledge knowledge Explicit Internalization Combination In general the term “ knowledge During this phase an management ” expresses handling knowl- employee tries to combine edge. Since knowledge is defined as a new knowledge with his personal ability which enables an indi- own experiences and skills vidual to execute a particular task, it can Figure 3 – Modes of the knowledge creation. to carry out his task. be defined as managing these personal abilities. Weggeman defines it as “ the Each mode of the model can cre- arrangement and steering of the opera-

ate knowledge independently, but organ- Evaluating knowledge tional processes in the knowledge value izational knowledge creation takes place As a consequence of sharing chain in such a way that the output and as a continuous process, shaped by shifts knowledge, new insights can be gained, the fun of the production factor knowl- between the different modes of knowl- that have to be considered and explored. edge is stimulated.” He emphasises the edge conversion. During the externali- It is important to involve the development output of the knowledge value chain and zation process of standards development, of new knowledge in the evaluation pro- stresses the importance of strategic knowl- for example, it is important to think about cess, where these insights might occur, edge management and value creation. It the internalization process of the future because they can influence existing oper- is evident that both people and organiza- standards users who will have to work with ational processes in the knowledge val- tions play an important role in knowledge the knowledge and add this knowledge to ue chain and may lead to changes in the management. Knowledge can be support- their own existing tacit knowledge. strategy or mission of the firm. ed by technical tools, e.g. software.

ISO Focus March 2006 39 Main Focus

Storing know-how and • standard reproduced from (parts of) companies. One element concerned the experience other external documents, for instance, involvement of users. From both literature suppliers’ documents ; and practice, it is known that involving Typically a solution laid down in a users in the (company) standards devel- • self-written standard. standard is intended to be used repeatedly. opment process has a positive influence Therefore, the relation between standards Many companies prefer external on their usage, making them more appli- and knowledge can be found in the type standards, for example from ISO, but cable and acceptable. In terms of knowl- and repeatedness of knowledge. When these do not always meet all their needs edge management, they share and make knowledge is explicit, or can be made and, therefore, they complement these tacit knowledge explicit. explicit, and needs to be applied many with all forms of company standards In this way, new knowledge is times, it is possible to develop a standard. previously mentioned. In most compa- developed so that a real best practice can One of the functions of standardization is nies, the number of company standards be achieved. User involvement also means to store know-how and experience. Once exceeds that of external ones. that experience and practical knowledge the standard is available (data), it can be In a research project of the Eras- flow into the standards. In practice, it is a source of information which may con- mus University a best practice for devel- impossible to involve all users ; a group of tribute to knowledge of individuals and oping company standards has been devel- representatives is used instead. The stan- organizations. oped. Figure 4 shows the model used dard is therefore developed by an entire Seen from the perspective of knowl- for this project. committee of specialists. The companies edge management within a company or This model can be compared to recognized the importance of user partici- other organization, standardization is pri- Weggeman’s knowledge value chain. Pri- pation, however, often did not give it ade- marily company standardization, which oritizing can be related to determination quate attention. Though diverging user opin- includes developing standards for use of required knowledge. Development, ions may hinder standards development, within the company and in its relations announcement and distribution of stan- it is better to discuss them and reach con- with direct business partners. Developing dards can be related to knowledge shar- sensus (including the option to stop further does not mean that each company standard ing. Application of company standards is development) than to develop standards has to be designed from scratch, instead a form of application of knowledge. Eval- the intended users do not want. it may have the form of a : uation is not a box in the process model Developing standards is a task • reference to one or more external stan- for standardization, but is included in the for which standardization knowledge dards, e.g. ISO standards, officially form of the feedback loop. Thus, at com- is needed. Depending on the compa- adopted by the company ; pany level, standardization can be seen as ny size, a well-versed standards offi- a concept in which knowledge manage- cer who supports the process or a stan- • company modification of an external ment plays an important role. dardization department, forms part of standard ; The research project was carried the best practice. • subset of an external standard (for out in six multinational chemical and instance, a description of the com- petrochemical companies, five of these pany’s choice of competing possibil- headquartered in the Netherlands and one ities offered in an external standard, in the USA. The best practice was partly or a subset of the topics covered in taken from literature, but the majority was the external standard) ; based on the actual practices of the six Figure 4 – Process model for standardization.

Policy making Finance Personnel Facility process process management management

Main processes Application Request for Company of company a standard Prioritizing Development Announcement Distribution standard standard of standard of standard of standard

40 ISO Focus March 2006 Developments and Initiatives ISO at Davos : International Standards ‘ tools for positive globalization and sharing innovation ’ by Roger Frost, Press and Communication Manager, ISO Central Secretariat

SO’s International Standards are force • relating to climate change – the addi- multipliers that enable government, tion to the ISO 14000 series of envi- I business and society to lever the pos- ronmental management standards itive aspects of globalization and they of ISO 14064 and ISO 14065 on also ensure that the benefits of innova- accounting and verification of green- tion are shared worldwide. house gas emissions (ISO 14064 is This was the core message com- targeted for publication in March municated by ISO Secretary-General 2006, while ISO 14065 will follow Alan Bryden at the World Economic in early 2007) ; Forum (WEF) which took place at Dav- • the deployment of a consolidated os, Switzerland, 25-29 January 2006. ISO © programme on security and safety The forum attracted more than 2 200 A panel at the World Economic Forum Annual Meeting discuss the nature of technology and related issues with the recent cre- global leaders to debate the following what the future might look like. From left to ation of a joint ISO/IEC Strategic five major challenges on the coming right : John T. Chambers, President and Chief Group and recent publications such business agenda : Executive Officer, Cisco Systems Inc., USA ; as ISO 22000 on food safety man- William H. Gates III, Chairman and Chief agement, ISO/IEC 27001 on infor- • emergence of China and India, Software Architect, Microsoft Corporation, USA ; Moderator Geoffrey Moore, Managing mation security management, and • changing economic landscape, Partner, TCG Advisors, USA ; Eric Schmidt, ISO/PAS 28000 on security man- • new mindsets and changing Chief Executive Officer, Google, USA ; Niklas agement in global supply chains ; Zennström, Co-Founder Chief Executive Officer, attitudes, Skype Technologies, United Kingdom. • creating future jobs, and © ISO © • regional identities and conflicts. The Davos participants consol- idated their responses around the fol- lowing three imperatives : • building trust in public and private institutions, • effective leadership in managing global risks, and • innovation, creativity and design strategy. ISO has been an institutional member of the WEF since 2005. Alan Bryden used his participation this year as an opportunity to underline devel- opments within ISO that relate to the above issues. These developments include the following : • the strategic commitment of China and India to raise their profiles and participate more actively in ISO and on the development and use of Inter- national Standards ;

ISO Focus March 2006 41 © ISO © Developments and Initiatives

• the successful launching of the devel- al pointed out that the creative impera- opment of ISO 26000 giving guid- tive also applies to the standardization ance on social responsibility, with the process. ISO itself is making major participation of 53 countries and 32 breakthroughs in the use of informa- organizations with liaison status, tar- tion and communication technologies, geted for completion in 2008; and including the Internet, to support devel- opment, consensus building and dis- • the contribution of International Stan- semination of its standards. dards to the dissemination of inno- Alan Bryden concluded: “Inno- vation worldwide. vations in ISO’s processes helped to “Innovation and standardization” make 2005 another record year. Over was in fact the theme of the February 1 240 ISO publications were delivered 2006 issue of ISO’s magazine ISO Focus and our membership has risen to 156 in which ISO’s President, Masami Tan- countries, thus demonstrating and con- aka, comments on its relevance to the solidating ISO’s global relevance.” choice of “The Creative Imperative” as the main theme for this year’s WEF. The ISO President writes: “The WEF organizers have stated: ‘It is impera- tive that we learn how to unleash our creative potential to tackle the world’s problems.’ We in ISO have something ISO/PAS 28000 to contribute. Our specialty is devel- oping standards that provide the link between ‘creative potential’ (great ide- applies management system as) and ‘tackling problems’ (practical implementation).” approach to security of global Professor Tanaka adds: “ISO standards also ensure that innovative solutions can be transferred to devel- supply chains oping countries so that the benefits are available on a global basis.” by Charles Piersall and Nancy Williams Two recently created ISO tech- nical committees are emblematic of how the development of International Standards parallels and supports the ith billions of dollars worth ISO/PAS 28000:2005 can there- deployment of innovation: ISO/TC of goods moving at any giv- fore be used by a broad range of orga- 197, Hydrogen technologies, and ISO/ en time along global supply nizations – small, medium and large – TC 229, Nanotechnologies. W chains, the newly published ISO/PAS in the manufacturing, service, storage Discussing the multiplication of 28000:2005 1) for supply chain security and transportation sectors. Its imple- bilateral and multilateral trade agree- management systems will help combat mentation will reassure business part- ments, most of them containing pro- threats to the safe and smooth flow of ners and regulators that security is tak- visions for the reduction of technical international trade. en seriously within the organizations barriers to trade, Alan Bryden under- ISO/PAS 28000:2005, Specifica- they deal with. lined that “they should not result in a tion for security management systems re-fragmentation into regional techni- for the supply chain, gives organizations cal standards, but rather support the the requirements for establishing, imple- adoption of International Standards as menting, maintaining and improving a a means to ensure at the same time the 1) An ISO/PAS (Publicly Available management system for the security of effectiveness of such agreements, their Specification) is one of several alternatives to the supply chain. compliance with the commitments tak- fully fledged International Standards offered As security hazards can enter the by ISO for cases where swift development en in the context of the World Trade supply chain at any stage, adequate con- and publication takes priority. All Publicly Organization and increased competi- trol throughout is essential. Security is Available Specifications are reviewed every tiveness on world markets”. three years to determine if the document should a joint responsibility of all the actors in Referring to this year’s main be reconfirmed as a PAS for another three-year the supply chain and requires their com- Davos theme, the ISO Secretary-Gener- period or whether it should be further developed bined efforts. to become an ISO International Standard

42 ISO Focus March 2006 The publication of ISO/PAS formity of a security management sys- toms Organization Framework. It is 28000:2005 is a major security initia- tem to ISO/PAS 28000 may be verified expected to be published in the sec- tive resulting from industry and gov- and certified by an independent body. ond quarter of 2006. ernmental cooperation within the ISO However, conformity to ISO/PAS 28000 • ISO/PAS 28004, Security manage- framework. It is designed to enable better does not in itself confer immunity from ment systems for the supply chain – monitoring of freight flows, to combat legal obligations. General guidelines, will help organi- smuggling and to respond to the threat zations to understand and implement of piracy and terrorist attacks by creat- “ ISO/PAS 28000 will help ISO/PAS 28000. In this respect, it will ing a safe and secure international sup- play a complementary role similar to ply chain regime. combat threats to the that of ISO 14004:2004 in relation ISO/PAS 28000:2005 integrates safe and smooth flow of to ISO 14001:2004. It will reference the process-based approach of ISO’s international trade.” the existing ISO 19011:2002, Guide- management system standards – ISO lines for quality and/or environmen- 9001:2000 (quality) and ISO 14001:2004 ISO/PAS 28000 is one of sever- tal management systems auditing and (environment) – including the Plan-Do- al developments for intermodal supply the future ISO/IEC 17021, Conformity Check-Act (PDCA) cycle and require- chain security being undertaken by ISO assessment – Requirements for bod- ment for continual improvement, as well technical committee ISO/TC 8, Ships ies providing audit and certification as the risk management aspects of ISO and marine technology, comprising the of management systems. 14001:2004. following documents : ISO Secretary General Alan While ISO/PAS 28000 can be • ISO/PAS 20858:2004, Ships and Bryden has commented: “The newly implemented on its own, it is designed to published ISO/PAS 28000 is the first of be fully compatible with ISO 9001:2000 marine technology – Maritime port facility security assessments and secu- a series of documents relating to secu- and ISO 14001:2004 and companies rity management. Two more documents already implementing these manage- rity plan development, which was published in June 2004, is designed are under preparation – ISO/PAS 28001 ment system standards may be able to and ISO/PAS 28004 – which together use them as a foundation for develop- to assist in the implementation of the International Maritime Organization’s will comprise a complete portfolio of ing a security management system con- ISO standards for security in the sup- forming to ISO/PAS 28000. International Ship &Port Security (ISPS) Code. ply chain.” To help users to do so, ISO/ ISO/PAS 28000 is the output of PAS 28000 includes a table showing • ISO/PAS 28001, Best practices for ISO/TC 8 in collaboration with other the correspondence of its requirements custody in supply chain security, will ISO technical committees that devel- with those of ISO 9001:2000 and ISO assist industry to implement best prac- op standards for specific nodes of sup- 14001:2004. Like these standards, con- tices as outlined in the World Cus- ply chains.

ISO Focus March 2006 43 Developments and Initiatives

Fourteen countries participated For example, a company may motives. Terrorists have also taken advan- in its development, together with several employ more than one logistics firm, tage of criminal smuggling networks to international organizations and regional trucking companies may subcontract circumvent border security measures. bodies. These included the International to operators or other companies, and Maritime Organization, the International vessel operating companies may divert “ ISO/PAS 28000 is Association of Ports and Harbours, the the cargo to other carriers for various International Chamber of Shipping, the reasons. a major security initiative World Customs Organization, the Bal- Since supply chains are dynamic resulting from industry and tic and International Maritime Council in nature, some organizations managing governmental cooperation (BIMCO), the International Association multiple supply chains may look to their of Classification Societies, the Interna- service providers to meet related gov- within the ISO. ” tional Innovative Trade Network, the ernmental or ISO supply chain security World Shipping Council, the Strategic standards as a condition of being included Cargo theft remains a significant Council on Security Technology, which in that supply chain in order to simplify issue in many parts of the world. Falsi- has a Memorandum of Understanding security management. Figure 1 reflects fication of shipping documents allows with ISO/TC 8, and the US-Israel Sci- the inter-related nature of supply chain for goods to enter into the “informal ence and Technology Foundation. security requirements. economy” (gray/black market), or facili- tates their theft and is rampant in certain regions. In some developing countries, “ Security hazards can Threats “informal economies” account for 41% enter the supply chain at The international supply chain is of actual GDP. Generally, this percent- any stage." vulnerable. The war on drugs, that rose age decreases to about 18 % for nations to prominence in the 1960s and 70s and with more controlled economies. continues today, illustrates how smug- Lesser known or understood are ISO/PAS 28000 was complet- gling techniques have kept pace with the efforts that industry and govern- ed in only 10 months, a truly remark- changes in transportation technology ment has been making in addressing able achievement which demonstrates and processes. the issue of international trade secu- the deep spirit of cooperation and ener- Many of these vulnerabilities rity. A major outcome of these efforts gies of all the stakeholders who partic- remain today and can be exploited by is ISO/PAS 28000, which specifies the ipated. It was an extraordinary effort organizations with far more sinister requirements for a security manage- and proves that standards can and will be completed to meet market needs “ on time ”. About the authors ISO/PAS 28000:2005 is availa- ble from ISO national member institutes Captain Nancy Williams (listed with full contact details on the ISO Charles Piersall is the Project Web site : www.iso.org) and from ISO is Chair of ISO Leader of the Central Secretariat ([email protected]). technical com- ISO working mittee ISO/TC group that 8, Ships and developed ISO/ Supply chains marine technol- PAS 28000 and ogy. A retired she will also “ Supply chain ” designates an United States lead the devel- overall process that results in goods Navy officer, he opment of ISO/ being transported from the point of ori- has 48 years of experience in the mari- PAS 28004. On ISO/TC 8, she represents gin to final destination and includes the time industry and is recognized world- the International Innovative Trade movement of the goods, the shipping data wide as a leader in international maritime Network (ITN) which has liaison status and the associated processes, including standardization. He has received numer- with the committee. the dynamic links between the differ- ous awards for his contributions to stand- She is Vice President of Cotecna, a com- ent participants. ardization. pany with a broad range of activities that These include many entities, such E-mail [email protected] in this context focuses on the point of ori- as producers of the goods, logistics man- gin of the supply chain, not only to facili- agement firms, consolidators, truckers, tate trade, but also to assure the security railroads, air carriers, marine terminal of the supply chain. Cotecna is an active operators, ocean carriers, cargo/mode/ participant in the US initiative ‘Operation Safe Commerce’. customs agents, financial and informa- tion services, and buyers of the goods E-mail [email protected] being shipped. Web www.cotecna.com

44 ISO Focus March 2006 © SPRING ©

“ ISO/PAS 28000 offers a systematic approach to security management."

ity with these requirements, the organi- zation shall ensure that such processes are controlled. The necessary controls and responsibilities of such outsourced processes shall be identified within the security management system.

International consensus International supply chain secu- Captain Piersall (right) and ISO/TC 8 rity can be thought of as consisting of “ Fourteen countries Secretary, Mr. I. Ogo (left), receive on behalf broad groups of stakeholders : govern- of the committee the Lawrence D. Eicher ment, owners of the goods, and serv- participated in the Leadership Award from ISO President, ice providers. Each of these groups, as Professor Masami Tanaka, at the 28th ISO well as the individual organizations of development, together with General Assembly in September 2005 in international organizations Singapore. ISO/TC 8, of which the secretariat which they are composed, may have its is held by the Japanese Industrial Standards own specific needs and objectives and, and regional bodies.” Committee (JISC), was honoured for its at times, they may conflict with those of creativity and innovation in the development other entities in the supply chain. ment system, including those aspects of standards. For the individual organizations in critical to security assurance of the the supply chain that implement it, ISO/ supply chain. ment system for identifying security PAS 28000 offers a systematic approach These aspects include, but are risks and controlling and mitigating to security management that can both not limited to, financing, manufactur- their consequences. improve their operational capabilities ing, information management and the The organization shall define the and increase confidence in them on the facilities for packing, storing and trans- scope of its security management system. part of customers and regulators. ferring goods between modes of trans- Where an organization chooses to out- In addition, because the approach port and locations. Security management source any process that affects conform- is the result of international consensus, is linked to many other aspects of busi- ISO/PAS 28000 promises to avoid ness management. These other aspects the complication and cost of dif- should be considered where and when ferent and possibly conflict- they have an impact on security. ing national requirements ISO/PAS 28000:2005 is a high and therefore to facilitate level management systems standard. It global trade for the ben- requires the organization to assess the efit of all. security environment in which it oper- ates, to determine if adequate security measures are in place, and to identi- fy and comply with relevant regulato- ry requirements. If security needs are identified by this process, the organiza- tion should implement mechanisms and processes to meet these needs. ISO/PAS 28000 requires the user organization to establish, document, implement, maintain and continually improve an effective security manage-

Figure 1 : This model depicts the principal inter-related requirements (with clause numbers) of ISO/PAS 28000:2005.

ISO Focus March 2006 45 Developments and Initiatives Partnerships in the development of International Standards by Jørn Rex, Chair ISO/TC 84, Devices for administration of medicinal products and intravascular catheters and Lars Brogaard, Division Manager at Danish Standards

eveloping countries must have

an influence on standards, which SAZ © D will increasingly form the com- mon rules of the free global market. ISO is ready to give standards global rele- vance, and Denmark and Zimbabwe have initiated a pioneer project on standardi- zation of injection equipment. The new economy involves great opportunities for countries experiencing growth and being at the head of affairs on the global market. However, many developing countries consider globali- zation primarily as a threat. The fear is that domestic markets as well as the few export markets will be invaded by for- eign competition – resulting in company shutdowns and unemployment.

Denmark and Zimbabwe – cooperation In a global economy, the path towards free world trade is paved with In front of the office of the Standards Association of Zimbabwe (SAZ) are pictured here, from left : standards having joint requirements on George Makore, Manager, Marketing and Public Relations, SAZ ; Jørn Rex, Chair of ISO/TC 84 ; safety, quality, etc. But unfortunately Maureen Mutasa, SAZ Director-General and Chair of DEVCO ; Lars Brogaard, Division Manager, Danish Standards ; Dr. Oswald Chinyamakobvu, Director Operations, SAZ. standards do not fall from the sky. They are created by people – of which the eters, attaches great importance to ly can work, and it will also incite us to majority come from developed coun- global relevance and cooperation with participate in other twinning projects ” tries. This means that standards might developing countries. On the basis of says Dr. Oswald Chinyamakobvu from have the opposite effect ; being barriers this, ISO/TC 84 has together with its Zimbabwe, who will act as Convenor of towards developing countries and keep- secretariat held by Danish Standards this working group. ing them out of the global market. (DS), initiated a twinning project with With the so-called twinning Zimbabwe. projects and cooperation between devel- The aim is to assist the Zimbab- A visit to Zimbabwe oping and developed countries, ISO wish- wean Standardization Organization (SAZ) Zimbabwe has participated in es to give standards global relevance. in the convenorship of the working group international standardization since 1991, This means that in future developing ISO/TC 84/WG 7, Safety issues for nee- when it became a member of ISO. To my and developed countries will cooperate dles. knowledge, Zimbabwe was one of the in elaborating standards, and develop- “ This is a very positive move. first countries to implement quality and ing countries will put their fingerprint We are happy to participate and the environmental management according to on standards. twinning project is very useful for us. the ISO 9000 and 14000 standards, and The new business plan for ISO Danish Standards contributes to ISO’s puts great emphasis on playing an active technical committee, ISO/TC 84, vision by putting it into action. It also part in the health area. For instance, all Devices for administration of medic- sets a good example showing other condoms imported by Zimbabwe are inal products and intravascular cath- developing countries that things real- tested according to ISO 4074, Natural

46 ISO Focus March 2006 latex rubber condoms – Requirements standards and is technically equipped also involved in standardization. Their and test methods. to participate in international standardi- active participation and knowledge is Recently, SAZ established a zation work, many developing countries very important in this particular twin- national mirror committee for injection cannot afford to participate. ning project, because their experience equipment. On that occasion the chair and knowledge will help to minimize and the secretariat of ISO/TC 84 went Twinning – money and the spread of AIDS. to Zimbabwe to participate in the open- partnership “ We believe that these twinning ing meeting and discuss further details arrangements will enhance the participa- on future cooperation. Twinning is an important item tion of developing countries and, at the on ISO’s agenda in getting developing same time, bring even more value to ISO’s “ Developing countries countries to participate in standardiza- standards. As developing countries, we must have an influence tion. Such a project could, for exam- must exploit standardization to our max- ple, involve a developing and developed imum benefit and make a difference to on standards, which will country, sharing the chair and the sec- the qualities of our lives ”, says Maureen increasingly form the retarial work in an ISO technical com- P. Mutasa, Director General, of SAZ and common rules of the free mittee or working group. The develop- Chair of DEVCO – ISO’s policy commit- ing country would have to play an active tee on developing country matters. global market.” part in the work and at the same time They visited a factory which man- receive guidance on how the standardi- “Twinning is an important ufactures syringes for single use, which zation process works in practice within item on ISO’s agenda a representative of the Danish medical the ISO system. company for injection equipment, Novo Twinning and global relevance is in getting developing Nordisk A/S, confirmed fully complied partly about giving developing countries countries to participate with the requirements of European Union access to the global market, and partly in standardization.” CE-marking 1) and the US Food and Drug about ensuring that their requirements Administration (FDA). Additionally, the and needs are considered when elabo- quality of the work at SAZ, which has a rating International Standards, which But without money you will not staff of 70 and manages laboratories for developing countries would hopefully get far. Having a modest account for trav- testing, was impressive. implement in their countries. el, it is very difficult for representatives Though the manufacturer knows When developing countries from developing countries to participate a lot about the process of developing participate in standardization, it will in meetings held worldwide. Therefore, be easier to implement International Novo Nordisk decided to assist SAZ Standards, which will enable them financially in this case, and ISO/TC 84 to export their products to the global will look into the possibility of establish- 1) CE-Marking, also called CE Mark, is a mandatory mark for many of the products sold market. Additionally, participating in ing a travel fund to help other developing on the European Free Trade Association and international meetings increases their countries participate actively in standard- European Union markets (a total of 28 countries). chances of meeting potential customers, ization. However, other technical com- mittees themselves should consider the possibility of involving other developing About the authors countries for the benefit of all.

Jørn Rex is Lars Brogaard Chair of ISO/TC is Division Man- Standards can make 84 and Design ager at Danish a difference on safety Manager for Standards. He issues Novo Nordisk, a has served as Danish company secretary for Developing countries form a large manufacturing the ISO commit- percentage of ISO’s member countries, pharmaceuticals tees on Safety of but very few hold chairs and secretariats. and medical Toys and Injec- Of ISO’s 156 member countries, 101 are devices. Novo tion Equipment. developing countries. Sixty members in During several years he was a member of Nordisk is known for being the world these countries hold participation in TC/ leading manufacturer of insulin and Jørn the CEN Sector Board for health care and SCs and 17 hold convenorships. Rex, is the inventor of the insulin-pen the ISO Technical Management Board. being the first pen-injector on the “We are very aware that we have market. Under the leadership of Jørn Rex, to work towards our standards becoming ISO/TC 84 has widened its scope to cover globally relevant. But it requires more than several new types of medical devices. just mutual agreement among developed

ISO Focus March 2006 47 Developments and Initiatives countries.” According to Maureen Muta- bal relevance on safe design of medi- this respect, as the handling of needles sa it is of vital importance that develop- cal devices and safe handling of nee- in developed countries is well organized ing countries join in on the work. dles. These standards will be relevant and already at a high safety level. “ Standardization is an excel- for Zimbabwe where a large part of the In addition to the working groups, lent means of technology transfer to population is vaccinated and many are the committee is calling on companies developing countries, assisting them exposed to stick injuries. from developed countries to find the in overcoming technology gaps and ISO/TC 84 has made the first move necessary financial resources for the in becoming better integrated into the towards minimizing the risk of contam- project. global economy. For a standard to be ination and started preparing a stand- ard for auto-disposal syringes that can truly international and have global rel- Gaining knowledge at evance, it must take into account the only be used once. However, the twin- needs of all stakeholders. Internation- ning project with SAZ is ISO/TC 84’s an early stage al standardization bodies therefore first attempt to realize the aim of involv- Even though developing coun- have to nurture developing countries ing developing countries in establishing tries will increasingly have an influence by creating an environment conducive requirements in ISO standards. on International Standards, it does not for developing countries to participate The first meeting on safe design imply that they will alter in form or be in international standardization work ” and handling of needles took place in based on completely other principles. The she says. Switzerland in September 2005 and was requirements in the European Directive, Standards can make a differ- successfully convened by Dr. Oswald for example, of medical equipment are ence on safety issues, also in develop- Chinyamakobvu. It resulted in a pro- invariable. The same goes for the FDA ing countries. posal to broaden the scope of the work requirements in the USA. One of the biggest challenges in to cover requirements for sharps protec- Legislation cannot be compro- the African AIDS catastrophe is stop- tions for all medical devices. This broad- mised and there is no question of lower- ping the re-use of needles and syringes ening has to be discussed with other ISO ing standards in relation to requirements for injection and use of medical devices technical committees for medical devic- for hygiene and function for example. without sharps protection. es before the scope of the work item can Global relevance is therefore The World Health Organiza- go beyond the ISO/TC 84 scope. It was not about stretching any points when it tion (WHO) estimates that one third not considered appropriate to begin work comes to safety requirements or finding of all injections in developing coun- on the safety requirements for handling the lowest common denominator, but tries are carried out with needles that needles. However, it could be of value about learning from each other so that have already been used once, and that for both developed and developing coun- everybody has the opportunity to influ- one quarter of all people who are given tries and must be further studied. Input ence standards. medical treatment with re-used needles from developing countries is essential in Co-responsibility for standards get infected with the HIV virus. WHO is useful when marketing products that estimates that 210 000 people will die comply with the standards. In addition of AIDS before the year 2030 from this ISO © it is highly advantageous to gain knowl- cause alone. edge of the requirements at an early Standards for safe use of injection stage by following and participating in needles can prevent AIDS and other com- the elaboration of the standard from the municable diseases, but only if knowl- beginning. edge and requirements of developing Mass vaccinations are not a part countries are properly considered. of daily life in the West, but they are in “ In Zimbabwe we use injec- Africa. Though the safest option is single- tion equipment all the time and have use needles, Africa cannot afford this. to handle the safety issues on a daily Therefore, developing countries need a basis. Standards for this equipment will safe system of sterilization and disposal influence our daily life, and for this rea- of both syringes and needles. These needs son we have a great interest in having and practices must be better incorporat- direct influence on them and also so ed into international standards, which that our knowledge and requirements could, for example, lay down various can be taken into consideration ”, says requirements for insulin pens with high Dr. Oswald Chinyamakobvu. and low dose accuracy. The aim of the twinning project between Denmark and Zimbabwe, and the establishment of the new working group is to produce standards with glo-

48 ISO Focus March 2006 Coming up

Developments and Initiatives

A glimpse into microbeam analysis Microbeam analysis is widely employed in quality management and assurance and research and development in basic and high-tech industries, including metallurgy, chemical engineering, petroleum, semi- conductor materials, micro-electronics, information technology, nanotechnology, medical sciences and bio-technology etc., in testing and research in many sectors of the economy, technology and sciences. International Standards for microbeam analysis are expected to result in relia- ble, generally recognized, comparable

© ISO © and compatible results and data, which facilitate international cooperation, inter- Main Focus industry and consumers : ISO published ISO 22000 designed to ensure safe food action and trade in the relevant business supply chains worldwide. sectors and public services. Agro-food technologies Over recent decades, international trade

Across the world, agriculture and food ISO © in high value and value added food prod- specialists are pioneering new, innova- ucts has expanded with the support of tive and environmentally-friendly ways advances in production machines and to make the best use of the world’s agri- equipment. From standardized interfaces cultural resources. For farmers and the of tractors and equipment to increased entire food industry, this means boost- electronic content in agricultural equip- ing productivity and safety, while cut- ment to irrigation systems that promise ting production costs. It means reduc- maximum agricultural crops with a min- ing risks, forging strong research and imum of irrigation water, ISO/TC 23 is business alliances, and opening mar- at the forefront of standardization work kets around the world. for tractors and machinery for agricul- The April 2006 issue of ISO Focus brings ture and forestry. together the essence of what is happening In addition, cooperation at the interna- in standardization in the varied aspects tional level is helping to avoid duplica- of the agro-food industry. tion of work and reduce tariff barriers to ISO/TC 34, Food products, serves as a trade, such as in the case of the OECD platform for developing ISO Interna- (Organisation for Economic Coopera- tional Standards, and harmonizing the tion and Development) tractor test codes relations with those of other internation- schemes. al organizations such as the FAO/WHO Scientific breakthroughs are ushering Codex Alimentarius Commission and the agriculture and food industry into a the International Dairy Federation. new era. Remarkable biological advanc- The committee’s work, that covers all es, coupled with high-speed information The article highlights the work of ISO/ the “ traditional ” fields (cereals, tea and technology, are launching a global rev- TC 202 and how the technical committee coffee, milk and milk products, meat olution as scientists put living things to is pooling its global resources to devel- and poultry, fruits and vegetables, edible work in new ways. This month’s dos- op internationally standardized analyt- fats and oils, etc.), now tackles new and sier homes in on what International ical protocols as the technical basis for specific challenges in regard to geneti- Standards are being developed by ISO developing microbeam analysis software, cally modified organisms and traceabil- and what benefits are expected to result which will bring innovation to the inter- ity in the food chain. Good Manufactur- from their use. national community of software devel- ing Practice has become a must for the opers and end-users.

ISO Focus March 2006 Probably, you’ve heard the expression, “ One good idea can change your life ! ”

Definitely, one good ISO standard could change your business – for the better

ISO has more than 16 000 great standards for you to choose from !