iTeh Standards logo
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 27554:2024

(Main)

Information security, cybersecurity and privacy protection — Application of ISO 31000 for assessment of identity-related risk

Information security, cybersecurity and privacy protection — Application of ISO 31000 for assessment of identity-related risk

This document provides guidelines for identity-related risk, as an extension of ISO 31000:2018. More specifically, it uses the process outlined in ISO 31000 to guide users in establishing context and assessing risk, including providing risk scenarios for processes and implementations that are exposed to identity-related risk. This document is applicable to the risk assessment of processes and services that rely on or are related to identity. This document does not include aspects of risk related to general issues of delivery, technology or security.

Titre manque

General Information

Status
Published
Publication Date
30-Jun-2024
ICS
03.100.01 - Company organization and management in general
35.030 - IT Security
Technical Committee
ISO/IEC JTC 1/SC 27 - Information security, cybersecurity and privacy protection
Drafting Committee
ISO/IEC JTC 1/SC 27/WG 5 - Identity management and privacy technologies
Current Stage
6060 - International Standard published
Start Date
01-Jul-2024
Due Date
13-Sep-2023
Completion Date
01-Jul-2024
Ref Project
ISO/IEC 27554:2024 - Information security, cybersecurity and privacy protection — Application of ISO 31000 for assessment of identity-related risk Released:1. 07. 2024ISO/IEC 27554:2024 - Information security, cybersecurity and privacy protection — Application of ISO 31000 for assessment of identity-related risk Released:1. 07. 2024
PreviousNext
Standard
ISO/IEC 27554:2024 - Information security, cybersecurity and privacy protection — Application of ISO 31000 for assessment of identity-related risk Released:1. 07. 2024
English language
18 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


International
Standard
ISO/IEC 27554
First edition
Information security, cybersecurity
2024-07
and privacy protection —
Application of ISO 31000 for
assessment of identity-related risk
Reference number
© ISO/IEC 2024
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2024 – All rights reserved
ii
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Principles . 3
5 Framework . 3
5.1 General .3
5.2 Leadership and commitment .3
5.3 Integration.3
5.4 Design .4
5.5 Implementation . .4
5.6 Evaluation .4
5.7 Improvement .4
6 Process . . 4
6.1 General .4
6.2 Communication and consultation.4
6.3 Scope, context and criteria .4
6.4 Risk assessment .4
6.5 Risk treatment .5
6.6 Monitoring and review .5
6.7 Recording and reporting .5
7 Identity-related context establishment . 5
7.1 General .5
7.2 Actors .5
7.2.1 Subscribers/Actors .5
7.2.2 Administrators.5
7.3 Types of personal data .5
7.4 Policies and regulations .5
7.5 Service and transaction scope .5
8 Identity-related risk assessment . 6
9 Identity-related risk identification . 6
10 Identity-related risk analysis . 7
10.1 General .7
10.2 Affected parties .7
10.3 Identity theft or fabrication .7
10.4 Categories of consequences of identity-related risk .8
10.5 Risk impact assessment . .8
11 Identity-related risk evaluation . 9
12 Identity-related risk treatment . 9
Annex A (informative) Standards related to identity-management risk assessment .10
Annex B (informative) Risk impact assessment.13
Bibliography .18

© ISO/IEC 2024 – All rights reserved
iii
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations,
governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/
IEC Directives, Part 2 (see www.iso.org/directives or www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of any
claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC had not
received notice of (a) patent(s) which may be required to implement this document. However, implementers
are cautioned that this may not represent the latest information, which may be obtained from the patent
database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall not be held
responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www.iso.org/iso/foreword.html.
In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 27, Information security, cybersecurity and privacy protection.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national-committees.

© ISO/IEC 2024 – All rights reserved
iv
Introduction
ISO 31000 provides guidelines and a methodology for assessing risk. The additional guidance provided in
this document supports the use of ISO 31000:2018 in the field of identity management, in particular for
the risk management for identities. This document elaborates on the steps in the methodology provided
in ISO 31000, demonstrating how to apply them to the assessment of identity-related risk. Therefore,
this document is an application of ISO 31000 for the assessment of identity-related risk. This document is
intended to be used in connection with ISO 31000:2018.
While the contexts in which identities are established differ between implementations, there are some
elements that are consistent. This document presents those elements where they have been identified.
This document is intended to help organizations establishing and using identities to understand the risks
posed by these identities, in order to determine what is needed to mitigate these risks. The manner in which
this is done enables the output of the assessment process to be used as an input into processes which are
described in other identity management standards, where a risk-based approach is specified for determining
levels of assurance.
© ISO/IEC 2024 – All rights reserved
v
International Standard ISO/IEC 27554:2024(en)
Information security, cybersecurity and privacy protection —
Application of ISO 31000 for assessment of identity-related risk
1 Scope
This document provides guidelines for identity-related risk, as an extension of ISO 31000:2018. More
specifically, it uses the process outlined in ISO 31000 to guide users in establishing context and assessing
risk, including providing risk scenarios for processes and implementations that are exposed to identity-
related risk.
This document is applicable to the risk assessment of processes and services that rely on or are related to
identity. This document does not include aspects of risk related to general issues of delivery, technology or
security.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
ISO 31000:2018, Risk management — Guidelines
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 31000 and the following apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
risk identification
process of finding, recognizing and describing risks
Note 1 to entry: Risk identification involves the identification of risk sources, events, their causes and their potential
consequences.
Note 2 to entry: Risk identification can involve historical data, theoretical analysis, informed and expert opinions, and
interested parties’ needs.
[SOURCE: ISO 31073:2022, 3.3.9]
3.2
risk analysis
process to comprehend the nature of risk and to determine the level of risk (3.5)
Note 1 to entry: Risk analysis provides the basis for risk evaluation and decisions about risk treatment.
Note 2 to entry: Risk analysis includes risk estimation.
[SOURCE: ISO 28002:2011, 3.51]

© ISO/IEC 2024 – All rights reserved
3.3
risk evaluation
process of comparing the results of risk analysis (3.2) with risk criteria to determine whether the risk is
acceptable or tolerable
Note 1 to entry: Risk evaluation assists in the decision about risk treatment (3.6).
[SOURCE: ISO 31073:2022, 3.3.25]
3.4
risk assessment
overall process of risk identification (3.1), risk analysis (3.2) and risk evaluation (3.3)
[SOURCE: ISO 31073:2022, 3.3.8]
3.5
level of risk
magnitude of a risk or combination of risks, expressed in terms of the combination of consequences and
their likelihood
[SOURCE: ISO 31073:2022, 3.3.22]
3.6
risk treatment
process to modify risk
Note 1 to entry: Risk treatment can involve:
— avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk;
— taking or increasing risk in order to pursue an opportunity;
— removing the risk source;
— changing the likelihood;
— changing the consequences;
— sharing the risk with another party or parties (including contracts and risk financing); and
— retaining the risk by informed choice.
Note 2 to entry: Risk treatments that deal with negative consequences are sometimes referred to as “risk mitigation”,
“risk elimination”, “risk prevention” and “risk reduction”.
Note 3 to entry: Risk treatment can create new risks or modify existing risks.
[SOURCE: ISO 31073:2022, 3.3.32]
3.7
risk control
measure that maintains and/or modifies risk
Note 1 to entry: Risk controls include, but are not limited to, any process, policy, device, practice, or other conditions
and/or actions which maintain and/or modify risk.
Note 2 to entry: Risk controls do not always exert the intended or assumed modifying effect.
[SOURCE: ISO 31073:2022, 3.3.33]

© ISO/IEC 2024 – All rights reserved
3.8
identity
partial identity
set of attributes related to an entity
Note 1 to entry: An entity can have more than one identity.
Note 2 to entry: Several entities can have the same identity.
[SOURCE: ISO/IEC 24760-1:2019, 3.1.2, modified — “partial identity” has been changed to an admitted term;
Note 3 to entry has been removed.]
3.9
identity information
set of values of attributes optionally with any associated metadata in an identity
Note 1 to entry: In an information and communication technology system an identity is present as identity information.
[SOURCE: ISO/IEC 24760-1:2019, 3.2.4]
3.10
identity management
processes and policies involved in managing the lifecycle and value, type and optional metadata of attributes
in identities known in a particular domain
Note 1 to entry: In general identity management is involved in interactions between parties where identity information
is processed.
Note 2 to entry: Processes and policies in identity management support the functions of an identity information
authority where applicable, in particular to handle the interaction between an entity for which an identity is managed
and the identity information authority.
[SOURCE: ISO/IEC 24760-1:2019, 3.4.1]
3.11
identity theft
result of a successful false claim of identity
[SOURCE: ISO/IEC 24760-3:2016, 3.4]
4 Principles
The principles presented in ISO 31000:2018, Clause 4 also apply when assessing identity-related risk.
5 Framework
5.1 General
The guidance in ISO 31000:2018, 5.1 applies.
5.2 Leadership and commitment
The guidance in ISO 31000:2018, 5.2 applies.
5.3 Integration
The guidance in ISO 31000:2018, 5.3 applies.

© ISO/IEC 2024 – All rights reserved
5.4 Design
The guidance in ISO 31000:2018, 5.4 applies.
5.5 Implementation
The guidance in ISO 31000:2018, 5.5 applies.
5.6 Evaluation
The guidance in ISO 31000:2018, 5.6 applies.
5.7 Improvement
The guidance in ISO 31000:2018, 5.7 applies.
6 Process
6.1 General
The guidance in ISO 31000:2018, 6.1 applies. Figure 1 below is an adaptation of ISO 31000:2018, Figure 1,
which illustrates the risk management process.
Figure 1 — Risk management process
6.2 Communication and consultation
The guidance in ISO 31000:2018, 6.2 applies.
6.3 Scope, context and criteria
The guidance in ISO 31000:2018, 6.3 applies.
6.4 Risk assessment
The guidance in ISO 31000:2018, 6.4 applies.

© ISO/IEC 2024 – All rights reserved
6.5 Risk treatment
The guidance in ISO 31000:2018, 6.5 applies.
6.6 Monitoring and review
The guidance in ISO 31000:2018, 6.6 applies.
6.7 Recording and reporting
The guidance in ISO 31000:2018, 6.7 applies.
7 Identity-related context establishment
7.1 General
Risk assessment is conducted in a given context. This clause identifies elements of the organization and
organizational systems that have particular relevance for identity-related risk assessment. See Annex A for
standards related to identity-management risk assessment.
7.2 Actors
7.2.1 Subscribers/Actors
Identifying and understanding service or transaction actors is foundational for being able to identify and
classify specific risks. Actors can be categorised in multiple distinct ways, for example: internal or external
to the organization; having special privileges or none. Organizations should also consider whether the
identified actors are bound by any contractual, legal, or other types of agreements.
7.2.2 Administrators
For the purposes of identity-related risk assessment of a service or transaction, administrators are a group
of users. Nonetheless, privileged administrators, with responsibility for parts of the identity management
lifecycle, or with privileged system access that allows them to intervene in the identity management system,
are treated as a separate group of actors in the assessment of identity-related risk.
7.3 Types of personal data
Identifying the types of data that are stored and processed, and determining the specific risks, are precursors
to determining the target assurance levels. Data can be grouped using several distinct dimensions, for
example:
— sector-specific: financial, medical;
— sensitivity: personally identifiable information, other protected types;
— availability: public, confidential, secret.
7.4 Policies and regulations
Whether or not an organization or its transactions is subject to policy or regulatory requirements, the latter
affects its risk profile.
7.5 Service and transaction scope
In addition to the overall context, an organization should determine and document the scope of the service
and each of its transactions before carrying out the identity-related risk assessment.

© ISO/IEC 2024 – All rights reserved
For the service, it is important to establish:
— the various roles of individuals within the service;
— the value of the service to the organization;
— what the service offers now (current transactions) and what is planned in the future.
The following should be determined for each transaction to be assessed:
— individual roles that have access within the transaction;
— prerequisites for accessing the transaction, other than registration;
— how the transaction is initiated;
— information collected and stored for the transaction;
— direct outcomes of the transaction;
— information that becomes accessible;
— actions that can be carried out;
— financial implications;
— other forms of entitlement;
— intervention points in the process (end point of the transaction);
— events or other transactions directly triggered by the transaction being assessed;
— other services or transactions that become accessible as a result of completing the transaction;
— periodic assessment of gained access;
— time-bound access based on the current service/transaction.
8 Identity-related risk assessment
This document also uses the process outlined in ISO 31000 to give guidelines for establishing context and
assessing risk, including providing risk scenarios for processes and implementations that are exposed to
identity-related risk.
9 Identity-related risk identification
Identity-related risk arises from the threat posed by identity theft and fabrication within a service or
transaction. These are realized as identity crime, which describes the gaining of money, goods, services, or
other benefits, or the avoidance of obligations through the use of a fabricated or stolen/assumed identity.
Identity-related risks also arise from permitted impersonation, where an identity owner colludes with
another who uses that identity falsely.
Identity-related risk is very specific and is expressed by the following two risks:
a) Risk 1: incorrect information is provided for a service or transaction.
This is the risk of providing or denying a service or transaction to a person, based on someone giving
incorrect information during enrolment for, or later use of, a service or transaction.
b) Risk 2: someone is incorrectly linked to or associated with the information or authenticator used in a
service or transaction.
© ISO/IEC 2024 – All rights reserved
This is the risk that by using someone else’s information or authenticator, a person can gain an advantage
they are not entitled to, avoid obligations such as paying fines, or impact the entitlement of someone else.
Other activities which are not considered as identity-related risk include:
— internal fraud – where staff deliberately undermine the system and its processes;
— collusion – where an individual deliberately gives away their identity or access;
— hacking – where skilled people circumvent a (computer) system’s security to access records, usually
involving information of multiple individuals;
— identity loss – where identity information has been lost (accidentally or otherwise) but is not used for
fraudulent purposes.
Organizations should have other strategies in place to deal with the risks associated with these activities.
10 Identity-related risk analysis
10.1 General
Risk analysis involves developing a better understanding of the risk and provides an input to risk evaluation.
It involves consideration of who can be affected, the identity theft and fabrication sources, the consequences
associated with each risk and what the impact of risks can be.
10.2 Affected parties
As part of identity-related risk analysis, it is useful to understand who is affected by the consequences of
identity-related risk. The affected parties are:
— Entitled individuals
EXAMPLE 1 An entitled individual applies for a service and is deemed ineligible because their identity has been
used previously by someone else to claim the same service.
— Service providers
EXAMPLE 2 An organization’s reputation suffers as a result of publicity revealing that the agency has been
defrauded by large numbers of individuals claiming false identities.
— The wider community
EXAMPLE 3 Identity-related documents are mistakenly issued to people with false identities and are then used to
commit fraud against other organizations.
10.3 Identity theft or fabrication
Identity theft or fabrication can cause someone financial loss, damage to reputation, physical or emotional
harm, or embarrassment. In order to help determine which
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

Loading comments...

This May Also Interest You

ISO
ISO 13144:2025(Main)
Textiles — Determination of quinoline, isoquinoline and certain derivatives

This document specifies a method for the qualification and quantification of certain quinoline derivatives in textile products by means of extraction with methanol and gas chromatography with mass selective detector or liquid chromatography with mass selective detector. The method is applicable to all kinds of textile products consisting of natural or artificially dyed textile fibres and fabrics. It is further applicable to dyestuff powder used as textile auxiliary for dyeing and printing.

  • Standard
    16 pages
    English language
    sale 15% off
  • Standard
    18 pages
    French language
    sale 15% off
ISO
ISO 21800:2025(Main)
Guidance for organizations to increase consumer understanding of online terms and conditions

This document gives guidance to organizations on creating clear, accessible, fair and easy-to-understand online terms and conditions (T&Cs). This document is applicable to drafting business-to-consumer online T&Cs, including websites facilitating consumer-to-consumer sales, such as online auction sites. It does not apply to consumer-to-consumer and business-to-business online T&Cs.

  • Standard
    11 pages
    English language
    sale 15% off
ISO
ISO 11929-1:2025(Main)
Determination of the characteristic limits (decision threshold, detection limit and limits of the coverage interval) for measurements of ionizing radiation — Fundamentals and application — Part 1: Elementary applications

The ISO 11929 series specifies a procedure, in the field of ionizing radiation metrology, for the calculation of the “decision threshold”, the “detection limit” and the “limits of the coverage interval” for a non-negative ionizing radiation measurand when counting measurements with preselection of time or counts are carried out. The measurand results from a gross count rate and a background count rate as well as from further quantities on the basis of a model of the evaluation. In particular, the measurand can be the net count rate as the difference of the gross count rate and the background count rate, or the net activity of a sample. It can also be influenced by calibration of the measuring system, by sample treatment and by other factors. ISO 11929 has been divided into four parts covering elementary applications in this document, advanced applications on the basis of the ISO/IEC Guide 3-1 in ISO 11929-2, applications to unfolding methods in ISO 11929-3, and guidance to the application in ISO 11929-4. This document covers basic applications of counting measurements frequently used in the field of ionizing radiation metrology. It is restricted to applications for which the uncertainties can be evaluated on the basis of the ISO/IEC Guide 98-3 (JCGM 2008). In REF Annex_sec_A \r \h Annex A 08D0C9EA79F9BACE118C8200AA004BA90B02000000080000000C00000041006E006E00650078005F007300650063005F0041000000 , the special case of repeated counting measurements with random influences is covered, while measurements with linear analogous ratemeters are covered in REF Annex_sec_B \r \h Annex B 08D0C9EA79F9BACE118C8200AA004BA90B02000000080000000C00000041006E006E00650078005F007300650063005F0042000000 . ISO 11929-2 extends the former ISO 11929:2010 to the evaluation of measurement uncertainties according to the ISO/IEC Guide 98-3:2008/Suppl 1:2008. ISO 11929-2 also presents some explanatory notes regarding general aspects of counting measurements and on Bayesian statistics in measurements. ISO 11929-3 deals with the evaluation of measurements using unfolding methods and counting spectrometric multi-channel measurements if evaluated by unfolding methods, in particular, for alpha- and gamma‑spectrometric measurements. Further, it provides some advice on how to deal with correlations and covariances. ISO 11929-4 gives guidance to the application of the ISO 11929 series, summarizes shortly the general procedure and then presents a wide range of numerical examples. Information on the statistical roots of ISO 11929 and on its current development may be found elsewhere[ REF Reference_ref_40 \r \h 33 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000110000005200650066006500720065006E00630065005F007200650066005F00340030000000 ][ REF Reference_ref_41 \r \h 34 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000110000005200650066006500720065006E00630065005F007200650066005F00340031000000 ]. The ISO 11929 series also applies analogously to other measurements of any kind especially if a similar model of the evaluation is involved. Further practical examples can be found, for example, in ISO 18589[ REF Reference_ref_8 \r \h 1 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000100000005200650066006500720065006E00630065005F007200650066005F0038000000 ], ISO 9696[ REF Reference_ref_9 \r \h 2 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000100000005200650066006500720065006E00630065005F007200650066005F0039000000 ], ISO 9697[ REF Reference_ref_10 \r \h 3 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000110000005200650066006500720065006E00630065005F007200650066005F00310030000000 ], ISO 9698[ REF Reference_ref_11 \r \h 4 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000110000005200650066006500720065006E00630065005F007200650066005F00310031000000 ], ISO 10703[ REF Reference_ref_12 \r \h 5 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000110000005200650066006500720065006E00630065005F007200650066005F00310032000000 ], ISO 7503[ REF Reference_ref_13 \r \h 6 08D0C9EA79

  • Standard
    45 pages
    English language
    sale 15% off
  • Standard
    45 pages
    French language
    sale 15% off
ISO
ISO 18589-7:2025(Main)
Measurement of radioactivity in the environment — Soil — Part 7: In situ measurement of gamma-emitting radionuclides

This document specifies the identification of radionuclides and the measurement of their activity in soil using in situ gamma spectrometry with portable systems equipped with germanium or scintillation detectors. This document is suitable to rapidly assess the activity of artificial and natural radionuclides deposited on or present in soil layers of large areas of a site under investigation. This document can be used in connection with radionuclide measurements of soil samples in the laboratory (see ISO 18589-3) in the following cases: — routine surveillance of the impact of radioactivity released from nuclear installations or of the evolution of radioactivity in the region; — investigations of accident and incident situations; — planning and surveillance of remedial action; — decommissioning of installations or the clearance of materials. It can also be used for the identification of airborne artificial radionuclides, when assessing the exposure levels inside buildings or during waste disposal operations. Following a nuclear accident, in situ gamma spectrometry is a powerful method for rapid evaluation of the gamma activity deposited onto the soil surface as well as the surficial contamination of flat objects. NOTE The method described in this document is not suitable when the spatial distribution of the radionuclides in the environment is not precisely known (influence quantities, unknown distribution in soil) or in situations with very high photon flux. However, the use of small volume detectors with suitable electronics allows measurements to be performed under high photon flux.

  • Standard
    54 pages
    English language
    sale 15% off
  • Standard
    55 pages
    French language
    sale 15% off
ISO
ISO 18953:2025(Main)
Steel structures — Structural bolting — Test methods to determine loss of pretension from faying surface coatings

This document specifies test methods to determine loss of pretension in high-strength bolts due to the presence of coatings on the faying surface(s) of a bolted joint to be used in structural steelwork, when any of the coatings are thick enough to affect the pretension in a bolt in the short term, or can show significant deformation over time under sustained loads (creep-prone materials). The presence within the grip of the bolt of other materials having considerably smaller stiffness than steel, such as insulation, is not included in this test method.

  • Standard
    11 pages
    English language
    sale 15% off
ISO
ISO 18243:2025(Main)
Electrically propelled mopeds and motorcycles — Test specifications and safety requirements for lithium-ion battery systems

This document specifies the test procedures for lithium-ion battery packs and systems used in electrically propelled mopeds and motorcycles. The specified test procedures enable the user of this document to determine the essential characteristics on performance and safety of lithium-ion battery packs and systems. It is also possible to compare the test results achieved for different battery packs or systems. This document enables setting up a dedicated test plan for an individual battery pack or system subject to an agreement between customer and supplier. If required, the relevant test procedures and/or test conditions of lithium-ion battery packs and systems are selected from the standard tests provided in this document to configure a dedicated test plan. NOTE 1 Electrically power-assisted cycles (EPAC) cannot be considered as mopeds. The definition of electrically power-assisted cycles can differ from country to country. An example of definition can be found in Reference [ REF Reference_ref_12 \r \h 7 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000110000005200650066006500720065006E00630065005F007200650066005F00310032000000 ]. NOTE 2 Testing on cell level is specified in the IEC 62660 series.

  • Standard
    46 pages
    English language
    sale 15% off
ISO
ISO 24758-1:2025(Main)
Fine bubble technology — Evaluation method for determining the reactive oxygen species in ultrafine bubble dispersions — Part 1: Probe based kinetic model

This document specifies evaluation methods for determining the content of reactive oxygen species (ROS) used in the FB-facilitated advanced oxidation for pollution abatement in the wastewater treatment process. The probe based kinetic model is applicable to systems that generate ROS in substantial quantities, rather than at physiological concentrations, and is applicable to short-lived ROS. However, it is not applicable to long-lived ROS, such as ozone (O3) and hydrogen peroxide (H2O2). The probe based kinetic model method specifies: — cumulative concentration of different types of ROS during the reaction process; — concentration of different types of ROS at each time point during the reaction process. This method does not define the mechanisms of ROS generation, nor the correlation between bubble size and ROS production.

  • Standard
    34 pages
    English language
    sale 15% off
ISO
ISO/TR 18728:2025(Main)
Health informatics — Global medicinal product and ingredient and batch registration as part of identification of medicinal products (IDMP)

This document showcases existing practices to monitor supply chains as implemented in the healthcare supply chains, by making use of medicines verification or authentication systems, or both, traceability tools, safe communication technology solutions, and more. This document also discusses the potential benefits of expanding the identification of medicinal products (IDMP) to provide global identifiers for medicinal products, ingredients and batches. It also addresses potential pathways to a global registration system.

  • Technical report
    13 pages
    English language
    sale 15% off
ISO
ISO 11929-2:2025(Main)
Determination of the characteristic limits (decision threshold, detection limit and limits of the coverage interval) for measurements of ionizing radiation — Fundamentals and application — Part 2: Advanced applications

The ISO 11929 series specifies a procedure, in the field of ionizing radiation metrology, for the calculation of the “decision threshold”, the “detection limit” and the “limits of the coverage interval” for a non-negative ionizing radiation measurand when counting measurements with preselection of time or counts are carried out. The measurand results from a gross count rate and a background count rate as well as from further quantities on the basis of a model of the evaluation. In particular, the measurand can be the net count rate as the difference of the gross count rate and the background count rate, or the net activity of a sample. It can also be influenced by calibration of the measuring system, by sample treatment and by other factors. ISO 11929 has been divided into four parts covering elementary applications in ISO 11929-1, advanced applications on the basis of the GUM Supplement 1 in this document, applications to unfolding methods in ISO 11929-3, and guidance to the application in ISO 11929-4. ISO 11929-1 covers basic applications of counting measurements frequently used in the field of ionizing radiation metrology. It is restricted to applications for which the uncertainties can be evaluated on the basis of the ISO/IEC Guide 98-3 (JCGM 2008). In ISO 11929-1:2025, Annex A, the special case of repeated counting measurements with random influences is covered, while measurements with linear analogous ratemeters are covered in ISO 11929-1:2025, Annex B. ISO 11929-3 deals with the evaluation of measurements using unfolding methods and counting spectrometric multi-channel measurements if evaluated by unfolding methods, in particular, for alpha- and gamma‑spectrometric measurements. Further, it provides some advice on how to deal with correlations and covariances. ISO 11929-4 gives guidance to the application of ISO 11929, summarizes shortly the general procedure and then presents a wide range of numerical examples. Information on the statistical roots of ISO 11929 and on its current development may be found elsewhere[ REF Reference_ref_37 \r \h 30 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000110000005200650066006500720065006E00630065005F007200650066005F00330037000000 ][ REF Reference_ref_38 \r \h 31 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000110000005200650066006500720065006E00630065005F007200650066005F00330038000000 ]. ISO 11929 also applies analogously to other measurements of any kind especially if a similar model of the evaluation is involved. Further practical examples can be found, for example, in ISO 18589[ REF Reference_ref_8 \r \h 1 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000100000005200650066006500720065006E00630065005F007200650066005F0038000000 ], ISO 9696[ REF Reference_ref_9 \r \h 2 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000100000005200650066006500720065006E00630065005F007200650066005F0039000000 ], ISO 9697[ REF Reference_ref_10 \r \h 3 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000110000005200650066006500720065006E00630065005F007200650066005F00310030000000 ], ISO 9698[ REF Reference_ref_11 \r \h 4 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000110000005200650066006500720065006E00630065005F007200650066005F00310031000000 ], ISO 10703[ REF Reference_ref_12 \r \h 5 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000110000005200650066006500720065006E00630065005F007200650066005F00310032000000 ], ISO 7503[ REF Reference_ref_13 \r \h 6 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000110000005200650066006500720065006E00630065005F007200650066005F00310033000000 ], ISO 28218[ REF Reference_ref_14 \r \h 7 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000110000005200650066006500720065006E00630065005F007200650066005F00310034000000 ] and ISO 11665[ REF Reference_ref_15 \r \h 8 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000110000005200650066006500720065006E00630065005F007200650066005F00310035000000 ]. NOTE A code system, named UncertRadio, is available for calculations according t

  • Standard
    40 pages
    English language
    sale 15% off
  • Standard
    41 pages
    French language
    sale 15% off
ISO
ISO/IEC 19583-27:2025(Main)
Information technology — Concepts and usage of metadata — Part 27: Mapping between metamodel for computable data registration and bioinformatics analyses by high-throughput sequencing (HTS)

This document provides a mapping between the ISO/IEC 11179-34 metamodel for computable data registration and the IEEE 2791 standard for bioinformatics analyses generated by high-throughput sequencing (HTS), to facilitate the production of IEEE 2791 objects from instances of ISO/IEC 11179-34 metamodel and the registration of IEEE 2791 objects as computable data within an MDR conforming to ISO/IEC 11179-34. This document is applicable to those who are submitting data to organizations that require metadata submissions in IEEE 2791 compliant format, as well as those aiming to register IEEE 2791 objects into an MDR that conforms to ISO/IEC 11179-34.

  • Standard
    50 pages
    English language
    sale 15% off