ISO 23494-1:2026

International
Standard
ISO 23494-1
First edition
Biotechnology — Provenance
2026-06
information model for biological
material and data —
Part 1:
Design concepts and general
requirements
Biotechnologie — Modèle d’information sur la provenance des
matériels et données biologiques —
Partie 1: Concepts de conception et exigences générales
Reference number
© ISO 2026
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Roles of provenance controller, provenance processor, and provenance provider . 4
5 Requirements for provenance controllers . 5
5.1 General .5
5.2 Purpose of finalized provenance components collection .6
5.3 Finalized provenance components findability .7
5.4 Finalized provenance components accessibility and provision .7
5.5 Quality control .7
5.6 Identifiers .8
6 Requirements for provenance providers . 8
7 Requirements on provenance processors . 8
7.1 Finalized provenance components generation .8
7.2 Finalized provenance components accessibility and provision .9
7.3 Finalized provenance components storage .9
7.4 Quality control .10
7.5 Finalized provenance components versioning .10
Annex A (informative) Description of the provenance framework .12
Bibliography .15

iii
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out through
ISO technical committees. Each member body interested in a subject for which a technical committee
has been established has the right to be represented on that committee. International organizations,
governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely
with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of ISO document should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
ISO draws attention to the possibility that the implementation of this document may involve the use of (a)
patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed patent
rights in respect thereof. As of the date of publication of this document, ISO had not received notice of (a)
patent(s) which may be required to implement this document. However, implementers are cautioned that
this may not represent the latest information, which may be obtained from the patent database available at
www.iso.org/patents. ISO shall not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 276, Biotechnology.
This first edition of ISO 23494-1 cancels and replaces ISO/TS 23494-1:2023, which has been technically
revised.
A list of all parts in the ISO 23494 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.

iv
Introduction
Research in life sciences has undergone significant changes during recent years, evolving away from
individual projects confined to small research groups to transnational consortia covering a wide range of
techniques and expertise. The exchange of research data and biological materials has become essential for
the research in life sciences and biotechnology, and consequently interoperability and quality measures of
data have become imperative.
At the same time, several reports addressing the quality of research papers in life sciences uncovered an
alarming number of ill-founded claims. The reasons for the deficiencies are diverse, with insufficient quality
and documentation of the biological material used being the major issue.
Hence, there is urgent need for standardized and comprehensive documentation of the entire process, from
collection, processing, storage and analysis of the biological material to data generation, data analysis,
and ultimately, interpretation and use, by humans and machine, for example, in artificial intelligence (AI)
applications. The resulting provenance information can serve as a quality indicator and can provide evidence
of the reliability of the data, thus enabling transparency and comparability of research results.
The purpose of this document is the standardization of provenance information management for the
biotechnology domain in a way that allows for meaningful data integration. To achieve this, provenance
information needs to be prepared in such a way that interoperability between prevailing tools for data
generation, processing and analysis is ensured. While well-established approaches for provenance
[1]
information are available in information technology (e.g., OPM or World Wide Web Consortium (W3C)
[2]
PROV ), their implementation for the biotechnology domain and related fields in particular is still a
pending issue (as became evident in the Electronic Health Records Systems for Clinical Research (EHR4CR)
[3]
and Translational Research and Patient Safety in Europe (TRANSFoRm) projects ).
With the increasing adoption of data-intensive technologies, such as next-generation sequencing (NGS), high-
throughput mass spectrometry as used for proteomics or metabolomics, or high-throughput microscopy
in digital pathology, and their impact on data collection strategies, consistent and comprehensive
documentation of data provenance has become a necessity.
In fact, experimental designs in life sciences have moved from individual experiments with a limited amount
of data towards pipelines generating a vast volume of raw digital data using massively parallel acquisition
systems demanding complex data processing workflows to extract biologically relevant information.
This trend is particularly evident in NGS, where the actual data acquisition device at the wet lab-digital
interface (i.e., the sequencer) is completely oblivious to the details of the experiment being performed,
with all the specialization pushed to the protocols used by the sample preparation procedure and to the
software pipelines processing the data. Software pipelines are continuously changing due to the evolution
of analytical algorithms and reference data sets, which is having a significant effect on result concordance.
In addition, particular issues, relevant to scientific domains utilizing biological material and data obtained
from humans, needs to be considered. These include aspects of data privacy, ethics or management of
identities. Notably, issues such as withdrawal of an informed consent or communication of incidental
findings require the implementation of appropriate mechanisms.
The major objectives for collecting and storing provenance information are summarized as follows:
— retrospective evaluation of experimental results and data analysis with respect to the influence of
standard operating procedures (SOPs), processing methods, and process parameters;
— quality monitoring of biological materials and data entered in a computational workflow or analysis
pipeline (e.g., against reference ranges and tolerances);
— automation of quality control procedures (e.g., comparisons of processing pipelines);
— profiling of sample and data analysis to identify bottlenecks;
— assessment of fitness for purpose of biological materials and data for the intended use.
To achieve these objectives, a digitally processable description of provenance information is required.

v
This overarching document will be complemented by additional horizontal standards and by appropriate
vertical standards for specific fields (e.g., collection of biological material, data generation, processing
of biological material and data). The basic requirements contained in this document do not impose any
limitations to future, domain-specific standards based on this document.
The standardization of provenance information requires the conceptualization and essential specifications
for the generation, management, provisioning and maintenance as described in this document. Not
covered in this document are additional fundamental components such as a generic model for provenance
information and extensions common to all kinds of provenance information, ensuring security, privacy and
non-repudiation. For particular domains in biotechnology and life sciences in general, detailed specifications
building on a common provenance model are required, covering provenance information describing:
— the life cycle of biological materials, including acquisition, processing, transport and storage;
— the data generation by analytical methods;
— the data processing and analysis in computational workflows.
This document provides definitions for relevant terms used and specifies fundamental requirements for
provenance information generation, management and provisioning.

vi
International Standard ISO 23494-1:2026(en)
Biotechnology — Provenance information model for
biological material and data —
Part 1:
Design concepts and general requirements
1 Scope
This document specifies a general concept for provenance information of biological material and data,
organizational roles, and requirements for provenance information management. The provenance
information covers any information relevant to the traceability, quality and fitness for purpose of the
biological material and data generated throughout the life cycle of the biological material from collection
to analysis, including data originating from analytical procedures applied to the biological material and
further processing of the data.
This document is applicable to organizations, authorities and industries that are:
a) acquiring, collecting, processing, testing, analysing, storing, or distributing biological material
in biotechnology and biomedicine (e.g., biobanks, laboratories, biomedical research as well as
biotechnological development or production);
b) generating, collecting, analysing, processing, or storing data on and related to biological material (e.g.,
biobanks, laboratories, developers, manufacturers, or other institutions and commercial organizations
in biotechnology or biomedicine);
c) generating, collecting, analysing, processing, or storing data or digital objects in biotechnology
and biomedicine (e.g., in vitro/in vivo/in silico diagnostics developers and manufacturers, or other
institutions and commercial organizations in the domain);
d) manufacturing devices or software for the aforementioned tasks or providing facilities for these tasks.
This document is also applicable to providers of services related to provenance information management
(e.g., provenance information generation, storage, provision, or validation).
This document can be used by customers, regulatory authorities, organizations and schemes using
peer-assessment, accreditation bodies, and others for confirming or recognizing the competence of the
aforementioned parties.
This document does not apply to biological material and data used for medical diagnosis, treatment and
therapy.
NOTE 1 This document can be applied by organizations performing laboratory or research activities as well as
other activities in biotechnology and biomedicine.
NOTE 2 International, national, or regional regulations, standards, or requirements can apply to specific topics
covered in this document, e.g., for organizations handling human materials procured and used for diagnostic and
treatment purposes.
2 Normative references
There are no normative references in this document.

3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
biological material
organic entity or any substance derived or part obtained from:
a) an organic entity, such as microorganism(s) or multicellular organism(s) (e.g. human, animal, fungus,
brown seaweed, plant); or
b) an environmental sample (e.g., soil, sediment, water, air), that contains an organic entity of interest
[SOURCE: ISO/DIS 20387:2025, 3.6]
3.2
common provenance model
CPM
data model for provenance information (3.15) representation
3.3
described activity
activity performed on a described object (3.4)
Note 1 to entry: Examples for activities performed on physical objects can be biobanking activities, as specified in
ISO 20387. Examples for activities performed on digital objects can be data analytics, as specified in ISO/IEC 20546.
[4]
[SOURCE: Common Provenance Framework ]
3.4
described object
physical or digital object to be traced
[4]
[SOURCE: Common Provenance Framework ]
3.5
finalization event
event at which provenance information (3.15) is transformed into a finalized provenance component (3.6)
[4]
[SOURCE: Common Provenance Framework ]
3.6
finalized provenance component
FPC
provenance component (3.12) which is prepared to be conserved or archived and which is considered as
being immutable
[4]
[SOURCE: Common Provenance Framework ]
3.7
interoperability
capability to communicate, execute programs, or transfer data among various
functional units in a manner that requires the user to have little or no knowledge of the unique characteristics
of those units
[SOURCE: ISO/IEC 2382:2015, 2121317, modified — Notes to entry deleted.]

3.8
machine-actionable
structured and with defined semantics
3.9
meta-component
provenance component (3.12) that contains provenance information (3.15) about finalized provenance
components (3.6)
[4]
[SOURCE: Common Provenance Framework ]
3.10
party
natural person or legal person, whether or not incorporated, or a group of either
[SOURCE: ISO 27729:2024, 3.1]
3.11
persistent identifier
unique identifier that ensures permanent access for a digital object by providing access to it independently
of its physical location or current ownership
[SOURCE: ISO 24619:2011, 3.2.4, modified — Abbreviated term and note to entry deleted.]
3.12
provenance component
provenance information (3.15) represented according to the common provenance model (3.2) with a unique
identifier assigned to it
[4]
[SOURCE: Common Provenance Framework ]
3.13
provenance controller
PC
party (3.10) that determines the purposes for which and the means by which provenance information (3.15)
and finalized provenance components (3.6) are collected, stored, and provided, and that collects finalized
provenance components documenting relevant described activities (3.3)
[4]
[SOURCE: Common Provenance Framework ]
3.14
provenance chain
set of mutually interlinked finalized provenance components (3.6)
[4]
[SOURCE: Common Provenance Framework ]
3.15
provenance information
PI
information that documents the history of a described object (3.4) and related described activities (3.3), and
that contains information about the origin or source of the described object, any changes that have occurred
since it was created, and who has had custody of it since it was created
[4]
[SOURCE: Common Provenance Framework ]
3.16
provenance processor
PProc
party (3.10) that carries out activities related to finalized provenance components (3.6), such as generation,
storage, or provision of finalized provenance components
[4]
[SOURCE: Common Provenance Framework ]

3.17
provenance provider
PProv
software, device, person, subsystem, organization/s, or group that has recognizable distinct existence
carrying out described activities (3.3) and supplying relevant provenance information (3.15)
[4]
[SOURCE: Common Provenance Framework ]
4 Roles of provenance controller, provenance processor, and provenance provider
4.1 The requirements defined in this document are applicable to organizations or their equipment or
assets (e.g., software or a device) which are performing one or more of the following roles: provenance
provider, provenance controller and/or provenance processor.
NOTE 1 Examples of the products include software or devices that can act as a provenance provider. In such cases,
developers and manufacturers of these devices and software are expected to address the requirements on provenance
providers (Clause 6) by providing required documentation for the products.
NOTE 2 Informative description about how the organizational roles interact is provided in Annex A.
4.2 An organization can serve in one, two, or all three roles at the same time: that of provenance controller,
provenance provider, and provenance processor.
NOTE 1 For example, a biobank can be a provenance controller, as it determines purposes and means to generate,
store and provide provenance information on samples and derived data and respective finalized provenance
components. The biobank uses organizations, software, or devices – provenance providers – to perform described
activities and to receive relevant provenance information.
NOTE 2 Activities related to the finalized provenance component can be carried out by the organization acting as
provenance controller or delegated to one or more organizations acting as provenance processors. If an organization
acting as provenance controller carries out activities related to finalized provenance components, it also becomes a
provenance processor.
4.3 A device or a software can act as provenance provider only and cannot act as provenance controller
nor provenance processor.
NOTE Figure 1 depicts potential flow of provenance information and the organizational roles and their relations.
If an organization serves in multiple roles, then multiple boxes are applicable to this organization.

Figure 1 — Overall schema of organizational roles, their main responsibilities, and relations
between them
4.4 An organization or its product acting as a provenance controller, provenance provider, or a provenance
processor shall document its role with respect to this document (i.e., provenance controller, provenance
provider, or a provenance processor), and specify which requirements are applicable.
NOTE Examples of the products include software or devices that can act only as a provenance provider. In such
cases, developers and manufacturers of these devices and software are subject to 4.4.
5 Requirements for provenance controllers
5.1 General
5.1.1 The provenance controller shall take appropriate measures to ensure that all the requirements
specified in this document are met.
5.1.2 The provenance controller shall collect finalized provenance components documenting described
activities it is involved in.
5.1.3 The provenance controller shall ensure that finalized provenance components are stored for
accountability. In case of disagreement on the content of provided finalized provenance component, the
stored finalized provenance component serves as evidence.
5.1.4 The provenance controller can collect provenance information documenting a described activity it is
involved in.
5.1.5 The provenance controller shall take appropriate measures so that provenance processors prepare
finalized provenance components according to the Common Provenance Model.
5.1.6 The provenance controller shall take appropriate measures to create machine-actionable provenance
information, if relevant machine-actionable provenance information is not available (e.g., manually by a
person).
EXAMPLE If a biobank is acting as a provenance controller. When a sample is transported by a contracted
organization or processed by a device, the organization or the device don’t necessarily produce machine-actionable
provenance information. The transportation organization might only provide a paper protocol, and the device might
only have a graphical display output. In similar cases, an employee of the biobank can generate machine actionable
provenance information by putting the information (e.g., from the protocol or from the display) into an information
system.
5.1.7 If applicable, the provenance controller should provide provenance information used to generate the
finalized provenance component to a provenance processor without delay.
NOTE Provenance information can be provided to a provenance processor either by a provenance controller or by
a provenance provider.
5.2 Purpose of finalized provenance components collection
5.2.1 The provenance controller shall document purposes of finalized provenance components collection.
NOTE Defining the purpose helps to avoid situations where necessary information is omitted, or unnecessary
information is collect
...