EURUSD
Your shopping cart is empty.
CEN

prEN ISO/IEC 27010

(Main)

Information technology - Security techniques - Information security management for inter-sector and inter-organizational communications (ISO/IEC 27010:2015)

Information technology - Security techniques - Information security management for inter-sector and inter-organizational communications (ISO/IEC 27010:2015)

Informationstechnik - Sicherheitsverfahren - Informationssicherheitsmanagement für sektor- und organisationsübergreifende Kommunikation (ISO/IEC 27010:2015)

Technologies de l'information - Techniques de sécurité - Gestion de la sécurité de l'information des communications intersectorielles et interorganisationnelles (ISO/IEC 27010:2015)

Informacijska tehnologija - Varnostne tehnike - Upravljanje informacijske varnosti za medsektorsko in medorganizacijsko komunikacijo (ISO/IEC 27010:2015)

General Information

Status
Not Published
Publication Date
16-Aug-2021
Withdrawal Date
16-Feb-2022
ICS
03.100.70 - Management systems
33.030 - Telecommunication services. Applications
Technical Committee
CEN/CLC/TC 13 - Cybersecurity and Data Protection
Drafting Committee
CEN/CLC/TC 13 - Cybersecurity and Data Protection
Current Stage
4098 - Decision to abandon - Enquiry
Start Date
10-Jul-2020
Completion Date
14-Apr-2025
Ref Project
oSIST prEN ISO/IEC 27010:2020 - Information technology - Security techniques - Information security management for inter-sector and inter-organizational communications (ISO/IEC 27010:2015)
prEN ISO/IEC 27010:2020prEN ISO/IEC 27010:2020
PreviousNext
Draft
prEN ISO/IEC 27010:2020
English language
39 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-marec-2020
Informacijska tehnologija - Varnostne tehnike - Upravljanje informacijske varnosti
za medsektorsko in medorganizacijsko komunikacijo (ISO/IEC 27010:2015)
Information technology - Security techniques - Information security management for
inter-sector and inter-organizational communications (ISO/IEC 27010:2015)
Informationstechnik - Sicherheitsverfahren - Informationssicherheitsmanagement für
sektor- und organisationsübergreifende Kommunikation (ISO/IEC 27010:2015)
Technologies de l'information - Techniques de sécurité - Gestion de la sécurité de
l'information des communications intersectorielles et interorganisationnelles (ISO/IEC
27010:2015)
Ta slovenski standard je istoveten z: prEN ISO/IEC 27010
ICS:
03.100.70 Sistemi vodenja Management systems
33.030 Telekomunikacijske Telecommunication services.
uporabniške rešitve Applications
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

INTERNATIONAL ISO/IEC
STANDARD 27010
Second edition
2015-11-15
Information technology — Security
techniques — Information security
management for inter-sector and
inter-organizational communications
Technologies de l’information — Techniques de sécurité — Gestion de
la sécurité de l’information des communications intersectorielles et
interorganisationnelles
Reference number
ISO/IEC 27010:2015(E)
©
ISO/IEC 2015
ISO/IEC 27010:2015(E)
© ISO/IEC 2015, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2015 – All rights reserved

ISO/IEC 27010:2015(E)
Contents Page
Foreword .vi
Introduction .vii
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Concepts and justification . 1
4.1 Introduction . 1
4.2 Information sharing communities . 2
4.3 Community management . 2
4.4 Supporting entities . 2
4.5 Inter-sector communication . 2
4.6 Conformity . 3
4.7 Communications model . 4
5 Information security policies . 4
5.1 Management direction for information security . 4
5.1.1 Policies for information security. 4
5.1.2 Review of the policies for information security . 5
6 Organization of information security . 5
7 Human resource security . 5
7.1 Prior to employment . 5
7.1.1 Screening . 5
7.1.2 Terms and conditions of employment . 5
7.2 During employment . 5
7.3 Termination and change of employment . 5
8 Asset management . 5
8.1 Responsibility for assets . 5
8.1.1 Inventory of assets . 5
8.1.2 Ownership of assets . 5
8.1.3 Acceptable use of assets . 6
8.1.4 Return of assets . 6
8.2 Information classification . 6
8.2.1 Classification of information . 6
8.2.2 Labelling of information . 6
8.2.3 Handling of assets . 6
8.3 Media handling . 6
8.4 Information exchanges protection . 7
8.4.1 Information dissemination . 7
8.4.2 Information disclaimers . 7
8.4.3 Information credibility . 7
8.4.4 Information sensitivity reduction . 8
8.4.5 Anonymous source protection . 8
8.4.6 Anonymous recipient protection . 8
8.4.7 Onwards release authority . 9
9 Access control . 9
10 Cryptography . 9
10.1 Cryptographic controls . 9
10.1.1 Policy on the use of cryptographic controls . 9
10.1.2 Key management . 9
11 Physical and environmental security . 9
© ISO/IEC 2015 – All rights reserved iii

ISO/IEC 27010:2015(E)
12 Operations security . 9
12.1 Operational procedures and responsibilities . 9
12.2 Protection from malware .10
12.2.1 Controls against malware .10
12.3 Backup .10
12.4 Logging and monitoring .10
12.4.1 Event logging .10
12.4.2 Protection of log information .10
12.4.3 Administrator and operator logs .10
12.4.4 Clock synchronization .10
12.5 Control of operational software .10
12.6 Technical vulnerability management .10
12.7 Information systems audit considerations .10
12.7.1 Information systems audit controls .10
12.7.2 Community audit rights .10
13 Communications security .11
13.1 Network security management .11
13.2 Information transfer .11
13.2.1 Information transfer policies and procedures .11
13.2.2 Agreements on information transfer .11
13.2.3 Electronic messaging .11
13.2.4 Confidentiality or non-disclosure agreements .11
14 System acquisition, development and maintenance .11
15 Supplier relationships .12
15.1 Information security in supplier relationships .12
15.1.1 Information security policy for supplier relationships .12
15.1.2 Addressing security within supplier agreements .12
15.1.3 Information and communication technology supply chain .12
15.2 Supplier service delivery management .12
16 Information security incident management .12
16.1 Management of information security incidents and improvements .12
16.1.1 Responsibilities and procedures .12
16.1.2 Reporting information security events .12
16.1.3 Reporting information security weaknesses .13
16.1.4 Assessment of, and decision on, information security events .13
16.1.5 Response to information security incidents .13
16.1.6 Learning from information security incidents .13
16.1.7 Collection of evidence . .13
16.1.8 Early warning system .13
17 Information security aspects of business continuity management .13
17.1 Information security continuity .13
17.1.1 Planning information security continuity .13
17.1.2 Implementing information security continuity .14
17.1.3 Verify, review and evaluate information security continuity .14
17.2 Redundancies .14
18 Compliance .14
18.1 Compliance with legal and contractual requirements .14
18.1.1 Identification of applicable legislation and contractual requirements .14
18.1.2 Intellectual property rights .14
18.1.3 Protection of records .14
18.1.4 Privacy and protection of personally identifiable information .14
18.1.5 Regulation of cryptographic controls .14
18.1.6 Liability to the information sharing community .14
18.2 Information security reviews .15
Annex A (informative) Sharing sensitive information .16
iv © ISO/IEC 2015 – All rights reserved

ISO/IEC 27010:2015(E)
Annex B (informative) Establishing trust in information exchanges .21
Annex C (informative) The Traffic Light Protocol .25
Annex D (informative) Models for organizing an information sharing community .26
Bibliography .32
© ISO/IEC 2015 – All rights reserved v

ISO/IEC 27010:2015(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity
assessment, as well as information about ISO’s adherence to the WTO principles in the Technical
Barriers to Trade (TBT) see the following URL: Foreword - Supplementary information
The committee responsible for this document is ISO/IEC JTC 1, Information technology, SC 27, IT
Security techniques.
This second edition cancels and replaces the first edition (ISO/IEC 27010:2012), which has been revised
for compatibility with ISO/IEC 27001:2013 and ISO/IEC 27002:2013.
vi © ISO/IEC 2015 – All rights reserved

ISO/IEC 27010:2015(E)
Introduction
This International Standard is a sector-specific supplement to ISO/IEC 27001:2013 and
ISO/IEC 27002:2013 for use by information sharing communities. The guidelines contained within this
International Standard are in addition to, and complement, the generic guidance given within other
members of the ISO/IEC 27000 family of standards.
ISO/IEC 27001:2013 and ISO/IEC 27002:2013 address information exchange between organizations,
but they do so in a generic manner. When organizations wish to communicate sensitive information
to multiple other organizations, the originator must have confidence that its use in those other
organizations will be subject to adequate security controls implemented by the receiving organizations.
This can be achieved through the establishment of an information sharing community, where each
member trusts the other members to protect the shared information, even though the organizations
may otherwise be in competition with each other.
An information sharing community cannot work without trust. Those providing information must
be able to trust the recipients not to disclose or to act upon the data inappropriately. Those receiving
information must be able to trust that information is accurate, subject to any qualifications notified by
the originator. Both aspects are important, and must be supported by demonstrably effective security
policies and the use of good practice. To achieve this, the community members must all implement a
common management system covering the security of the shared information. This is an information
security management system (ISMS) for the information sharing community.
In addition, information sharing can take place between information sharing communities where not
all recipients will be known to the originator. This will only work if there is adequate trust between
the communities and their information sharing agreements. It is particularly relevant to the sharing of
sensitive information between diverse communities, such as different industry or market sectors.
© ISO/IEC 2015 – All rights reserved vii

INTERNATIONAL STANDARD ISO/IEC 27010:2015(E)
Information technology — Security techniques —
Information security management for inter-sector and
inter-organizational communications
1 Scope
This International Standard provides guidelines in addition to the guidance given in the
ISO/IEC 27000 family of standards for implementing information security management within
information sharing communities.
This International Standard provides controls and guidance specifically relating to initiating,
implementing, maintaining, and improving information security in inter-organizational and inter-
sector communications. It provides guidelines and general principles on how the specified requirements
can be met using established messaging and other technical methods.
This International Standard is applicable to all forms of exchange and sharing of sensitive information,
both public and private, nationally and internationally, within the same industry or market sector or
between sectors. In particular, it may be applicable to information exchanges and sharing relating to
the provision, maintenance and protection of an organization’s or nation state’s critical infrastructure.
It is designed to support the creation of trust when exchanging and sharing sensitive information,
thereby encouraging the international growth of information sharing communities.
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 27000:2014, Information technology — Security techniques — Information security management
systems — Overview and vocabulary
ISO/IEC 27001:2013, Information technology — Security techniques — Information security management
systems — Requirements
ISO/IEC 27002:2013, Information technology — Security techniques — Code of practice for information
security controls
3 Terms and definitions
For the purposes of this document, the terms and definitions in ISO/IEC 27000:2014 apply.
4 Concepts and justification
4.1 Introduction
ISMS guidance specific to inter-sector and inter-organizational communications has been identified in
Clauses 5 to 18 of this International Standard.
ISO/IEC 27002:2013 defines controls that cover the exchange of information between organizations on a
bilateral basis, and also controls for the general distribution of publicly available information. However,
in some circumstances there exists a need to share information within a community of organizations
where the information is sensitive in some way and cannot be made publicly available other than to
© ISO/IEC 2015 – All rights reserved 1

ISO/IEC 27010:2015(E)
members of the community. Often the information can only be made available to certain individuals
within each member organization, or may have other security requirements such as anonymization of
information. This International Standard defines additional potential controls and provides additional
guidance and interpretation of ISO/IEC 27001:2013 and ISO/IEC 27002:2013 in order to meet these
requirements.
There are four informative annexes. Annex A describes the potential benefits from sharing sensitive
information between organizations. Annex B provides guidance on how members of an information
sharing community can assess the degree of trust that can be placed in information provided by other
members. Annex C describes the Traffic Light Protocol, a mechanism widely used in information sharing
communities to indicate the permitted distribution of information. Annex D contains some examples of
models for organizing an information sharing community.
4.2 Information sharing communities
To be effective, information sharing communities must have some common interest or other relationship
to define the scope of the shared sensitive information. For example, communities may be market sector
specific, and limit membership to organizations within that one sector. Of course, there may be other
bases for common interest, for example, geographical location or common ownership.
There must also be trust between members, in particular that all members will follow the information
sharing agreement.
4.3 Community management
Information sharing communities will be created from independent organizations or parts of
organizations. There may, therefore, not be clear or uniform organizational structures and management
functions applying to all members. For information security management to be effective, management
commitment is necessary. Therefore, the organizational structures and management functions applying
to community information security management should be clearly defined.
Differences among member organizations of an information sharing community should also be
considered. The differences could include:
— differing legal or regulatory environments,
— whether member organizations already operate their own ISMS, and
— member rules on protections of assets and information disclosure.
4.4 Supporting entities
Many information sharing communities will choose to establish or appoint a centralized supporting
entity to organize and support information sharing. Such an entity can provide many supporting
controls such as anonymization of source and recipients more easily and efficiently than where
members communicate directly.
There are a number of different organizational models that can be used to create supporting entities.
Annex D describes two common models, the Trusted Information Communication Entity (TICE) and the
Warning, Advice and Reporting Point (WARP).
4.5 Inter-sector communication
Many information sharing communities will be sector based, as this provides a natural scope of
common interest. However, there may well be information shared by such communities that would be
of interest to other information sharing communities established in other sectors. In such cases it may
be possible to establish information sharing communities of information sharing communities, again
based on some common interest, such as the nature of the shared information. We refer to this as inter-
sector communication.
2 © ISO/IEC 2015 – All rights reserved

ISO/IEC 27010:2015(E)
Inter-sector communication is greatly facilitated where supporting entities exist within each
information sharing community, as the necessary information exchange agreements and controls
can then be established between the supporting entities, rather than between all members of all
communities. Some inter-sector communities will require anonymization of the source or recipient
organizations; this also can be achieved by use of supporting entities.
4.6 Conformity
There are a number of places where ISO/IEC 27001:2013 will need to be interpreted when applied to
an information sharing community (or, for inter-sector communication, a community of communities).
The first area where interpretation is required is the definition of the organization concerned.
ISO/IEC 27001:2013 requires that an ISMS is established, implemented, maintained and continually
improved by an organization (ISO/IEC 27001:2013, 4.4). In this context, the relevant organization is
the information sharing community. However, the members of the information sharing community will
themselves be organizations – see Figure 1.
Key
A Member organization k of the community (k = 1 . n), including any supporting entity.
k
Figure 1 — Communities and organizations
Secondly, in many information sharing communities, not all persons within the member organizations
will be permitted access to the sensitive information shared between members. In this case, part of the
member organization will be within scope of the community ISMS and part will be outside. The part
outside the community scope will only have access to community information if it is marked for wider
release – see Figure 2.
It is possible that members of the information sharing community may have their own information
security management systems and, in consequence, some processes might fall within scope of both the
community and members’ management systems. In this case, there is at least a theoretical possibility
that there might be conflicting and incompatible requirements upon those processes. This might be an
issue justifying exclusion from the scope of the member’s ISMS – see ISO/IEC 27001:2013, 4.3.
© ISO/IEC 2015 – All rights reserved 3

ISO/IEC 27010:2015(E)
Figure 2 — Member ISMS partially in scope
When defining its risk assessment process (ISO/IEC 27001:2013, 6.1.2), the information sharing
community will need to recognize that the impact of risks may be different on different members of
the community. The community will, therefore, need to choose a risk assessment methodology that can
handle non-uniform impact, and similarly for its risk assessment criteria.
4.7 Communications model
Communications of sensitive information as covered by this International Standard can take any form –
written, verbal or electronic – provided that the selected control requirements are met.
In the remainder of this International Standard, individual sensitive communications are described in
terms of the following participants:
— The source of an item of information is the person or organization that originates an item of
information; the source does not need to be a member of the community.
— The originator is the member of an information sharing community that initiates its distribution
within the community. The originator may distribute the information directly, or send it to a
supporting entity for distribution. The originator may, but need not be, the same as the source of
the information; the originator may conceal the identity of the source. Communities may provide
facilities to enable a member to conceal its own identity as the originator.
— A recipient is a receiver of information distributed within the community. Recipients need not
be members of the community if the information is identified as available for wider distribution.
Communities may provide facilities to enable recipients to conceal their identities from the
originators of information.
5 Information security policies
5.1 Management direction for information security
5.1.1 Policies for information security
ISO/IEC 27002:2013, control 5.1.1 is augmented as follows:
Implementation guidance
An information sharing policy should define how the community members will work together to set
security management policies and direction for the information sharing community. It should be made
4 © ISO/IEC 2015 – All rights reserved

ISO/IEC 27010:2015(E)
available to all employees involved in information sharing within the community. The policy may
restrict its dissemination to other employees of community members.
The information sharing policy should define the information marking and distribution rules used
within the community.
5.1.2 Review of the policies for information security
ISO/IEC 27002:2013, control 5.1.2 is augmented as follows:
Implementation guidance
The review should include information on significant changes to membership of the information
sharing community.
6 Organization of information security
No additional information specific to inter-sector or inter-organizational communications.
7 Human resource security
7.1 Prior to employment
7.1.1 Screening
ISO/IEC 27002:2013, control 7.1.1 is augmented as follows:
Implementation guidance
Screening rules are unlikely to be consistent across all members of an information sharing community.
Communities should consider defining minimum levels of verification checks to be applied to all
employees or contractors of members who will be given access to shared community information.
7.1.2 Terms and conditions of employment
No additional information specific to inter-sector or inter-organizational communications.
7.2 During employment
No additional information specific to inter-sector or inter-organizational communications.
7.3 Termination and change of employment
No additional information specific to inter-sector or inter-organizational communications.
8 Asset management
8.1 Responsibility for assets
8.1.1 Inventory of assets
No additional information specific to inter-sector or inter-organizational communications.
8.1.2 Ownership of assets
No additional information specific to inter-sector or inter-organizational communications.
© ISO/IEC 2015 – All rights reserved 5

ISO/IEC 27010:2015(E)
8.1.3 Acceptable use of assets
ISO/IEC 27002:2013, control 8.1.3 is augmented as follows:
Implementation guidance
Information provided by other members of an information sharing community is an asset and should
be protected, used and disseminated in accordance with any rules set by the information sharing
community or by the originator.
8.1.4 Return of assets
No additional information specific to inter-sector or inter-organizational communications.
8.2 Information classification
8.2.1 Classification of information
ISO/IEC 27002:2013, control 8.2.1 is modified as follows:
Control
Information should be classified in terms of legal requirements, value, credibility, priority, criticality
and sensitivity to unauthorized disclosure or modification.
Implementation guidance
As well as the criteria given in ISO/IEC 27002:2013, information should be classified in terms of its
credibility and priority. Credibility should be assessed in terms of the reputation of its source, technical
content, and quality of description. Priority should indicate the need for urgent or immediate action,
such as further distribution.
Likewise, sensitivity can depend on many aspects of information beyond a need for maintaining its
confidentiality, such as the impact of disclosure or potential to compromise the anonymity of its source.
Care should be taken in interpreting classification markings assigned by other members of an
information sharing community.
EXAMPLE One well-known email client displays the message “Please treat this as Confidential” when
displaying emails where the sensitivity header field has been set to “company confidential” (RFC 4021[1]). It is
not clear in this case if the originator intended “company confidential” (and the message has been sent in error)
or intended “confidential to you, the recipient”.
8.2.2 Labelling of information
No additional information specific to inter-sector or inter-organizational communications.
8.2.3 Handling of assets
No additional information specific to inter-sector or inter-organizational communications.
8.3 Media handling
No additional information specific to inter-sector or inter-organizational communications.
6 © ISO/IEC 2015 – All rights reserved

ISO/IEC 27010:2015(E)
8.4 Information exchanges protection
A control objective additional to ISO/IEC 27002:2013, Clause 8, asset management, is:
Objective: To ensure adequate protection of information exchanges within an information sharing community.
Information exchanged between members of an information sharing community should be protected in a con-
sistent manner, even though the members are independent entities or parts of entities that may mark, distribute
and protect their own information in different ways.
Where anonymity is requested, any information identifying the source of the information exchange should be
removed. Likewise, it should be possible to receive shared information without revealing the recipient’s identity.
Release of shared information outside the community should be controlled.
8.4.1 Information dissemination
Control
Information dissemination within the receiving member should be limited, based on pre-defined
dissemination markings defined by the community.
Implementation guidance
Information which has no assigned dissemination marking should be given a default dissemination
defined by the information sharing community. If in doubt, or where there is no generally accepted
agreement on default dissemination, information should be treated conservatively. If possible, the
recipient should request the originator to re-transmit with an explicit dissemination marking.
Dissemination restrictions may include limitations on use such as controlling electronic copy and paste,
preventing screen shots being taken, or preventing printing and export.
Other information
Different attributes or components of shared information may have different sensitivities. In particular,
knowledge of the existence of a message or other shared information may have a different sensitivity to
its contents.
Information rights management functionality is often used to enforce in-use limitations. If so, a clear
user rights policy or model is needed so that users understand what their system will allow them to do
and where they will be blocked.
8.4.2 Information disclaimers
Control
Each information exchange should begin with a disclaimer, listing any special requirements to follow
by the recipients in addition to the normal information markings.
Implementation guidance
A recipient should request clarification from the originator if the disclaimer is not fully understood, or
cannot be implemented.
8.4.3 Information credibility
Control
Each information exchange should indicate the originator’s degree of confidence in the transmitted
information’s credibility and accuracy.
Implementation guidance
© ISO/IEC 2015 – All rights reserved 7

ISO/IEC 27010:2015(E)
Based on urgency, potential consequences and technical constraints, it may not be possible to
validate all information before transmission. Where limitations exist, these should be indicated as
part of the message.
Indicating reservations on credibility of information is particularly important where the source is
anonymous or unknown. It is also i
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

CEN
EN ISO 18674-7:2025(Main)
Geotechnical investigation and testing - Geotechnical monitoring by field instrumentation - Part 7: Measurement of strains: Strain gauges (ISO 18674-7:2025)
kSIST FprEN ISO 18674-7:2025

This document specifies the measurement of strain by means of strain gauges and strainmeters carried out for geotechnical monitoring. General rules of performance monitoring of the ground, of structures interacting with the ground, of geotechnical fills and of geotechnical works are presented in ISO 18674-1.
This document is applicable to:
—     performance monitoring of
—    1-D structural members such as piles, struts, props and anchor tendons;
—    2-D structural members such as foundation plates, sheet piles, diaphragm walls, retaining walls and shotcrete/concrete tunnel linings;
—    3-D structural members such as gravity dams, earth- and rock-fill dams, embankments and reinforced soil structures;
—     checking geotechnical designs and adjustment of construction in connection with the observational design procedure;
—     evaluating stability during or after construction.
With the aid of a stress-strain relationship of the material, strain data can be converted into stress and/or forces (for 1-D members; see ISO 18674-8) or stresses (for 2-D and 3-D members, see ISO 18674-5).
NOTE            This document fulfils the requirements for the performance monitoring of the ground, of structures interacting with the ground and of geotechnical works by the means of strain measuring instruments as part of the geotechnical investigation and testing in accordance with References [1] and [2].

  • Draft
    52 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 22568-2:2019/A1:2025(Amendment)
Foot and leg protectors - Requirements and test methods for footwear components - Part 2: Non-metallic toecaps - Amendment 1 (ISO 22568-2:2019/Amd 1:2025)
SIST EN ISO 22568-2:2019/oprA1:2025
  • Draft
    3 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 17117-1:2025(Main)
Health informatics - Terminological resources - Part 1: Characteristics (ISO 17117-1:2025)
kSIST FprEN ISO 17117-1:2025

This document defines universal and specialized characteristics of health terminological resources that make them fit for the purposes required of various applications. It covers only terminological resources that are primarily designed to be used for clinical concept representation or to those parts of other terminological resources designed to be used for clinical concept representation.
This document helps users to assess whether a terminology has the characteristics or provides the functions that will support their specified requirements. In order to do that, this document focuses on defining characteristics and functions of terminological resources in healthcare that can be used to identify different types of terminological resources for categorization purposes.
NOTE 1        Categorization of healthcare terminological systems according to the name of the system might not be helpful and has caused confusion in the past.
The following aspects are not covered in this document:
—     evaluations of terminological resources;
—     health service requirements for terminological resources and evaluation criteria based on the characteristics and functions;
—     the nature and quality of mappings between different terminologies;
NOTE 2        It is unlikely that a single terminology will meet all the terminology requirements of a healthcare organization: some terminology providers produce mappings to administrative or classification systems such as the International Classification of Diseases (ICD). The presence of such maps would be a consideration in the evaluation of the terminology.
—     the nature and quality of mappings between different versions of the same terminology;
NOTE 3        To support data migration and historical retrieval, terminology providers can provide maps between versions of their terminology. The presence of such maps would be a consideration in the evaluation of the terminology.
—     terminology server requirements and techniques and tools for terminology developers;
—     characteristics for computational biology terminology.

  • Draft
    29 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 18184:2025(Main)
Financial services - Specification of QR codes for mobile initiated (instant) credit transfers
oSIST prEN 18184:2025

This document provides a specification for QR codes for mobile (instant) credit transfers (MCTs) whereby the payer uses a mobile device to initiate the payment transaction. The QR code is used to exchange data between the payer and the payee to enable the initiation of the (instant) credit transfer by the payer.
This document is applicable to both cases where the QR code is presented by the payee or by the payer.
This document excludes the following from its scope:
—   The details of technical requirements and the supporting infrastructure to achieve interoperability amongst mobile (instant) credit transfer (MCT) service providers;
—   The detailed implementation specification of the payload included in the QR code.

  • Draft
    36 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 80601-2-70:2025(Main)
Medical electrical equipment - Part 2-70: Particular requirements for basic safety and essential performance of sleep apnoea breathing therapy equipment (ISO 80601-2-70:2025)
kSIST FprEN ISO 80601-2-70:2025

This document is applicable to the basic safety and essential performance of sleep apnoea breathing therapy equipment, hereafter referred to as ME equipment, intended to alleviate the symptoms of patients who suffer from obstructive sleep apnoea by delivering a therapeutic breathing pressure to the respiratory tract of the patient. Sleep apnoea breathing therapy equipment is intended for use in the home healthcare environment by lay operators as well as in professional healthcare institutions.
Sleep apnoea breathing therapy equipment is not considered to utilize a physiologic closed-loop-control system unless it uses a physiological patient variable to adjust the therapy settings.
This document excludes sleep apnoea breathing therapy equipment intended for use with neonates.
This document is applicable to ME equipment or an ME system intended for those patients who are not dependent on artificial ventilation. This document is not applicable to ME equipment or an ME system intended for those patients who are dependent on artificial ventilation such as patients with central sleep apnoea.
This document is also applicable to those accessories intended by their manufacturer to be connected to sleep apnoea breathing therapy equipment, where the characteristics of those accessories can affect the basic safety or essential performance of the sleep apnoea breathing therapy equipment.
Masks and application accessories intended for use during sleep apnoea breathing therapy are additionally addressed by ISO 17510. Refer to Figure AA.1 for items covered further under this document.
If a clause or subclause is specifically intended to be applicable to ME equipment only, or to ME systems only, the title and content of that clause or subclause will say so. If that is not the case, the clause or subclause applies both to ME equipment and to ME systems, as relevant.
Hazards inherent in the intended physiological function of ME equipment or ME systems within the scope of this document are not covered by specific requirements in this document except in 7.2.13 and 8.4.1 of the general standard.
NOTE 2        See also 4.2 of the general standard.
This document does not specify the requirements for:
–    ventilators or accessories intended for critical care ventilators for ventilator-dependent patients, which are given in ISO 80601‑2‑12.
–    ventilators or accessories intended for anaesthetic applications, which are given in ISO 80601-2-13.
–    ventilators or accessories intended for home care ventilators for ventilator-dependent patients, which are given in ISO 80601-2-72.
–    ventilators or accessories intended for emergency and transport, which are given in ISO 80601-2-84.
–    ventilators or accessories intended for home-care ventilatory support, which are given in ISO 80601‑2-79 and ISO 80601‑2‑80.
–    high-frequency ventilators[23], which are given in ISO 80601-2-87.
–    respiratory high flow equipment, which are given in ISO 80601‑2‑90;
NOTE 3      ISO 80601-2-80 ventilatory support equipment can incorporate high-flow therapy operational mode, but such a mode is only for spontaneously breathing patients.
–    user-powered resuscitators, which are given in ISO 10651-4;
–    gas-powered emergency resuscitators, which are given in ISO 10651-5;
–    oxygen therapy constant flow ME equipment; and
–    cuirass or “iron-lung” ventilation equipment.

  • Draft
    80 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 12814-1:2025(Main)
Testing of welded joints of thermoplastics semi-finished products - Part 1: Bend test
SIST EN 12814-1:2026

This document specifies the dimensions and the method for sampling and preparing test specimens, together with the conditions for carrying out the bend test.
The result of the test is also influenced by the deformation behaviour of the tested material, the kind of welding process and the geometry of the sample.
The test is applicable to plate and tube butt jointed assemblies made from thermoplastic materials filled or unfilled, but not reinforced, irrespective of the welding process used. It is not applicable to assemblies with a wall thickness < 3 mm.

  • Draft
    13 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 17131-1:2025(Main)
Textiles and textile products - Determination of certain residual solvents - Part 1: Determination of aprotic solvents, method using gas chromatography
SIST EN 17131-1:2026

This document specifies a method using gas chromatography with mass selective detector (GC-MS) for detection and quantification of extractable N,N-dimethylformamide (DMF), N,N-dimethylacetamide (DMAC), N-methyl-2-pyrrolidone (NMP) and N-ethyl-2-pyrrolidone (NEP) in filaments and coatings of textile products.

  • Draft
    12 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 3677:2025(Main)
Aerospace series - Steel X5CrNiCu17-4 (1.4542) - Air melted - Solution treated and precipitation treated - Forgings - a or D ≤ 200 mm - Rm ≥ 1 310 MPa
SIST EN 3677:2026

This document specifies the requirements relating to:
Steel X5CrNiCu17-4 (1.4542)
Air melted
Solution treated and precipitation treated
Forgings
a or D ≤ 200 mm
Rm ≥ 1 310 MPa
for aerospace applications.
W.nr: 1.4542.
ASD-STAN: FE-PM3801.

  • Draft
    9 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 2719:2025(Main)
Determination of flash point - Pensky-Martens closed cup method (ISO 2719:2025)
kSIST FprEN ISO 2719:2025

This document specifies three procedures, A, B and C, using the Pensky-Martens closed cup tester, for determining the flash point of combustible liquids, liquids with suspended solids, liquids that tend to form a surface film under the test conditions, biodiesel and other liquids in the temperature range of 40 °C to 370 °C.
NOTE 1        Although, technically, kerosene with a flash point above 40 °C can be tested using this document, it is standard practice to test kerosene according to ISO 13736.[5] Similarly, lubricating oils are normally tested according to ISO 2592.[2]
Procedure A is applicable to distillate fuels (diesel, biodiesel blends, heating oil and turbine fuels), new and in-use lubricating oils, paints and varnishes, and other homogeneous liquids not included in the scope of procedures B or C.
Procedure B is applicable to residual fuel oils, cutback residuals, used lubricating oils, mixtures of liquids with solids, and liquids that tend to form a surface film under test conditions or are of such kinematic viscosity that they are not uniformly heated under the stirring and heating conditions of procedure A.
Procedure C is applicable to fatty acid methyl esters (FAME) as specified in specifications such as EN 14214[11] or ASTM D6751.[13]
This document is not applicable to water-borne paints and varnishes.
NOTE 2        Water-borne paints and varnishes can be tested using ISO 3679.[3] Liquids containing traces of highly volatile materials can be tested using ISO 1523[1] or ISO 3679.

  • Draft
    32 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TR 18240:2025(Main)
Safety of toys - Mechanical and physical properties - Guidance on the requirements for food-imitating toys in EN 71-1
kSIST-TP FprCEN/TR 18240:2025

This proposed TR gives guidance on the requirement for toys which may be a realistic food imitation under the meaning of the prEN 71-1 clause 4.28, in order to assist users of the EN 71-1 standard.
This document is only to assist users in distinguishing whether a toy product that imitates food in some way should be considered a realistic food imitation. It does not address products that are not toys.

  • Draft
    39 pages
    English language
    sale 10% off
    e-Library read for
    1 day