ISO 17366:2009

INTERNATIONAL ISO
STANDARD 17366
First edition
2009-11-15


Supply chain applications of RFID —
Product packaging
Applications de chaîne d'approvisionnements de RFID — Empaquetage
de produit




Reference number
ISO 17366:2009(E)
©
ISO 2009

---------------------- Page: 1 ----------------------
ISO 17366:2009(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.


COPYRIGHT PROTECTED DOCUMENT


©  ISO 2009
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland

ii © ISO 2009 – All rights reserved

---------------------- Page: 2 ----------------------
ISO 17366:2009(E)
Contents Page
Foreword .iv
Introduction.v
1 Scope.1
2 Conformance and performance specifications.1
3 Normative references.1
4 Terms and definitions .2
5 Concepts .3
6 Differentiation within the layer.6
7 Data content.8
8 Data security .12
9 Identification of RFID labelled material.13
10 Human readable information.13
11 Tag operation.14
12 Tag location and presentation .17
13 Interrogator and reader requirements.17
14 Interoperability, compatibility and non-interference with other RF systems.18
Annex A (informative) Table of useful data elements for product life cycle management .19
Bibliography.20

© ISO 2009 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO 17366:2009(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
(ISO member bodies). The work of preparing International Standards is normally carried out through ISO
technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the
International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of technical committees is to prepare International Standards. Draft International Standards
adopted by the technical committees are circulated to the member bodies for voting. Publication as an
International Standard requires approval by at least 75 % of the member bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO 17366 was prepared by Technical Committee ISO/TC 122, Packaging, in collaboration with Technical
Committee ISO/TC 104, Freight containers.

iv © ISO 2009 – All rights reserved

---------------------- Page: 4 ----------------------
ISO 17366:2009(E)
Introduction
The supply chain is a multi-level concept that covers all aspects of taking a product from raw materials to a
final product including shipping to a final place of sale, use and maintenance and potentially disposal. Each of
these levels covers many aspects of dealing with products and the business process for each level is both
unique and overlapping with other levels.
This International Standard has been created in order to ensure compatibility at the physical, command and
data levels with the four other International Standards under the general title: Supply chain applications of
RFID. Where possible, this compatibility takes the form of interchangeability. Where interchangeability is not
feasible, the International Standards within this suite are interoperable and non-interfering. The International
Standards within the complete series of Supply chain applications of RFID include
⎯ ISO 17363, Supply chain applications of RFID — Freight containers,
⎯ ISO 17364, Supply chain applications of RFID — Returnable transport items (RTIs),
⎯ ISO 17365, Supply chain applications of RFID — Transport units,
⎯ ISO 17366, Supply chain applications of RFID — Product packaging, and
⎯ ISO 17367, Supply chain applications of RFID — Product tagging.
These International Standards define the technical aspects and data hierarchy of information required in each
layer of the supply chain. The air-interface and communications protocol standards supported within the
Supply chain applications of RFID International Standards are ISO/IEC 18000; commands and messages are
specified by ISO/IEC 15961 and ISO/IEC 15962; semantics are defined in ISO/IEC 15418; syntax is defined in
ISO/IEC 15434.
Although not pertinent to this International Standard, the work of
⎯ ISO/IEC JTC 1, Information technology, SC 31, Automatic identification and data capture techniques, in
the areas of air interface, data semantic and syntax construction and conformance standards, and
⎯ ISO/TC 104, Freight containers, in the area of freight container security, including electronic seals
(e-seals) (i.e. ISO 18185) and container identification
is considered valuable.

© ISO 2009 – All rights reserved v

---------------------- Page: 5 ----------------------
INTERNATIONAL STANDARD ISO 17366:2009(E)

Supply chain applications of RFID — Product packaging
1 Scope
This International Standard defines the basic features of RFID for the use in the supply chain when applied to
product packaging. In particular it
⎯ provides specifications for the identification of the product packaging,
⎯ makes recommendations about additional information on the RF tag,
⎯ specifies the semantics and data syntax to be used,
⎯ specifies the data protocol to be used to interface with business applications and the RFID system,
⎯ specifies the minimum performance requirements,
⎯ specifies the air interface standards between the RF interrogator and RF tag, and
⎯ specifies the reuse and recyclability of the RF tag.
2 Conformance and performance specifications
All of the devices and equipment that claim conformance with this International Standard shall also conform to
the appropriate sections and parameters specified in ISO/IEC TR 18046 for performance and
ISO/IEC TR 18047-6 (for ISO/IEC 18000-6, Type C) and ISO/IEC TR 18047-3 (for the ASK interface of
ISO/IEC 18000-3, Mode 3) for conformance.
When, through trading-partner agreement, other specific ISO/IEC 18000 air interfaces are employed (i.e.
ISO/IEC 18000-2, Type A and ISO/IEC 18000-7) the corresponding part of ISO/IEC 18047 shall be used.
3 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
ISO 445, Pallets for materials handling — Vocabulary
ISO 830, Freight containers — Vocabulary
ISO/IEC 15418, Information technology — Automatic identification and data capture techniques — GS1
Application Identifiers and ASC MH10 Data Identifiers and maintenance
ISO/IEC 15434, Information technology — Automatic identification and data capture techniques — Syntax for
high-capacity ADC media
ISO/IEC 15459-4, Information technology — Unique identifiers — Part 4: Individual items
© ISO 2009 – All rights reserved 1

---------------------- Page: 6 ----------------------
ISO 17366:2009(E)
ISO/IEC 15961, Information technology — Radio frequency identification (RFID) for item management — Data
protocol: application interface
ISO/IEC 15962, Information technology — Radio frequency identification (RFID) for item management — Data
protocol: data encoding rules and logical memory functions
ISO/IEC 15963, Information technology — Radio frequency identification for item management — Unique
identification for RF tags
ISO 17364, Supply chain applications of RFID — Returnable transport items (RTIs)
ISO/IEC 18000-3, Information technology — Radio frequency identification for item management — Part 3:
Parameters for air interface communications at 13,56 MHz
ISO/IEC 18000-6, Information technology — Radio frequency identification for item management — Part 6:
Parameters for air interface communications at 860 MHz to 960 MHz
ISO/IEC TR 18001, Information technology — Radio frequency identification for item management —
Application requirements profiles
ISO/IEC TR 18046, Information technology — Automatic identification and data capture techniques — Radio
frequency identification device performance test methods
ISO/IEC TR 18047-3, Information technology — Radio frequency identification device conformance test
methods — Part 3: Test methods for air interface communications at 13,56 MHz
ISO/IEC TR 18047-6, Information technology — Radio frequency identification device conformance test
methods — Part 6: Test methods for air interface communications at 860 MHz to 960 MHz
ISO/IEC 19762-1, Information technology — Automatic identification and data capture (AIDC) techniques —
Harmonized vocabulary — Part 1: General terms relating to AIDC
ISO/IEC 19762-3, Information technology — Automatic identification and data capture (AIDC) techniques —
Harmonized vocabulary — Part 3: Radio frequency identification (RFID)
ISO 21067, Packaging — Vocabulary
ISO/IEC TR 24729-1, Information technology — Radio frequency identification for item management —
Implementation guidelines — Part 1: RFID-enabled labels and packaging supporting ISO/IEC 18000-6C
ANS MH10.8.2, Data Identifiers and Application Identifiers
EPCglobal, Tag Data Standards, Version 1.3
GS1 General Specifications
ICNIRP Guidelines, Guidelines for limiting exposure to time-varying electric, magnetic, and electromagnetic
fields (up to 300 GHz)
IEEE 1451.7, Smart Transducer Interface for Sensors and Actuators — Transducers to Radio Frequency
Identification (RFID) Systems Communication Protocols and Transducer Electronic Data Sheet Formats
IEEE C95-1, IEEE Standard for Safety Levels with Respect to Human Exposure to Radio Frequency
Electromagnetic Fields, 3 kHz to 300 GHz
4 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 445, ISO 830, ISO 17364,
ISO/IEC 19762-1, ISO/IEC 19762-3 and ISO 21067 apply.
2 © ISO 2009 – All rights reserved

---------------------- Page: 7 ----------------------
ISO 17366:2009(E)
5 Concepts
5.1 Supply chain model
Figure 1 gives a graphical representation of the supply chain. It shows a conceptual model of possible supply
chain relationships, not a one-for-one representation of physical things. Although several layers in Figure 1
have clear physical counterparts, some common supply chain physical items fit in several layers depending on
the use case. For example, a repetitively used pallet under constant ownership would be covered by
ISO 17364 as an RTI; a pallet that is part of a consolidated unit load would be covered by ISO 17365 as a
transport unit; and a pallet that is integral to a single item would be covered by this International Standard as
product packaging.
Layers 0 to 4 are addressed within the series of International Standards Supply chain applications of RFID
(see Introduction). Layer 5 is addressed by the work of ISO/TC 204/WG 7.
Layer 1 in Figure 1 and product packaging (as defined in ISO 17364:2009, 4.9) are the subject of this
International Standard.

Figure 1 — Supply chain layers
Once tagged, product packaging layer tags can be distinguished from other layer tags by use of a group
select methodology contained in the RFID interrogator/reader. This group select function allows the
interrogator and supporting automated information systems (AIS) to quickly identify product packaging layer
tags. As depicted in 5.2.2, the groups select methodology is further elaborated in ISO/IEC 15961.
5.2 Unique identification of product packaging
5.2.1 General
Unique product packaging identification is a process that assigns a unique data string to an individual package,
or in this case to an RFID tag that is associated to the product package. The unique data string is called the
unique transport unit identifier. Unique item identification of transport units allows data collection and
© ISO 2009 – All rights reserved 3

---------------------- Page: 8 ----------------------
ISO 17366:2009(E)
management at a granular level. The benefits of granular level data are evident in such areas as maintenance,
warranties and enabling electronic transactions of record. This granularity is possible only if each tagged item
has a unique item identifier.
Product package layer tagging can uniquely identify products, thus providing differentiation between like and
unlike product packages. Product package layer tagging can also be used to identify product packages by
differentiating unlike product packages but not differentiating between like product packages. This is used for
commodities where individualization is impractical or undesirable.
The unique product packaging identifier described above is a unique identifier as described in
ISO/IEC 15459-5. The unique item identifier (UII) provides granular discrimination between like items that are
identified with RFID tags. The unique tag ID (as defined by ISO/IEC 15963) is a mechanism to uniquely
identify RFID tags and is not the unique product packaging identifier defined in this International Standard.
The minimum data elements required for unique identification are an enterprise identifier and a serial number
that is unique within that enterprise identifier. Commonly, a part or model number is also required to achieve
unique identification.
This International Standard uses the following identification mechanisms for unique product package
identification:
⎯ unique identifiers for supply chain items (ISO/IEC 15459-4);
⎯ GS1 Serialized Global Trade Item Number (SGTIN).
5.2.2 International unique identification of product packages
The unique identifier of ISO/IEC 15459 provides identification schemes for various layers of the supply chain,
from layer 0 (products) up to layer 3 (returnable transport items). The unique identification of product
packages shall use ISO/IEC 15459-4. Unique identification is provided by three components:
a) issuing agency code (IAC),
b) company identification number (CIN),
c) serial number (SN),
preceded by an AFI and Data Identifier (DI). The AFI code assignments table in ISO/IEC 15961:2004,
Annex B, permits identification of the supply chain layer, i.e. product = A1 , transport unit = A2 ,
HEX HEX
returnable transport item = A3 and product package = A5 .
HEX HEX
The Data Identifier shall be “25S”. The ISO/IEC 15459 registration authority assigns the IAC. The CIN is
assigned by the issuing agency. The company registered with the issuing agency assigns the serial number.
The serial number shall be no longer than 20 alphanumeric characters.
Table 1 — 1736x AFI Assignments
AFI
Assignment International Standard
(HEX)
A1 17367_Non-EPC ISO 17367 — Supply chain applications of RFID — Product tagging
A2 17365_Non-EPC ISO 17365 — Supply chain applications of RFID — Transport units
A3 17364_Non-EPC ISO 17364 — Supply chain applications of RFID — Returnable transport items (RTIs)
A4 17367_HazMat ISO 17367 — Supply chain applications of RFID — Product tagging (HazMat)
A5 17366_Non-EPC ISO 17366 — Supply chain applications of RFID — Product packaging
A6 17366_HazMat ISO 17366 — Supply chain applications of RFID — Product packaging (HazMat)
A7 17365_HazMat ISO 17365 — Supply chain applications of RFID — Transport units (HazMat)
A8 17364_HazMat ISO 17364 — Supply chain applications of RFID — Returnable transport items (RTIs) (HazMat)
A9 17363_Non-EPC ISO 17363 — Supply chain applications of RFID — Freight containers
AA 17363_HazMat ISO 17363 — Supply chain applications of RFID — Freight containers (HazMat)
4 © ISO 2009 – All rights reserved

---------------------- Page: 9 ----------------------
ISO 17366:2009(E)
When stored on a tag with a technology that supports AFIs, the unique identifier shall also be associated with
an AFI. EPC does not use AFIs; consequently, there are no AFIs used for product packages employed in
retail applications using EPCglobal.
To define its class (in the ISO/IEC 15459 sense), the unique identifier shall have an associated class identifier,
which is the Data Identifier “25S”. For the purposes of this International Standard, a unique identifier of
product packages can be up to 35 alphanumeric characters in length, including the Data Identifier
(an3+an.32). See Table 2.
Table 2 — UII element string
Format of the license plate
Data Identifier IAC, company identification number (CIN), serial number
25S N N N N N N N N N N N N N N N N N . . . N

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 32

5.2.3 Serialized global trade identification number (SGTIN)
The EPCglobal serialized global trade identification number (SGTIN) is a unique item identifier (UII) capable of
providing unique item identification of product packages.
Table 3 — SGTIN element string
Header Filter Value Partition Company Prefix Item Reference Serial Number
Number of bits 8 3 3 20 to 40 24 to 4 38
999 999 to
a b b c d
Reference
0011 0000 — — 9 999 999 to 9 274 877 906 943
c
999 999 999 999
NOTE Maximum decimal value range of Company Prefix and Item Reference fields vary according to the contents of the partition

field.
a
Binary value.
b
Refer to EPCglobal, Tag Data Standards, Version 1.3 for values.
c
Maximum decimal range.
d
Maximum decimal value.

The SGTIN consists of the following information elements:
a) The Header, which is defined in EPCglobal, Tag Data Standards, Version 1.3. It is eight (8) bits long and
for an SGTIN-96 is the value 30 .
HEX
b) The Filter Value, which is defined in EPCglobal, Tag Data Standards, Version 1.3. It is three (3) bits long
and identifies whether an EPC is for a retail trade item, a standard trade item grouping, or a single
shipping/consumer trade item.
c) The Partition, which is defined in EPCglobal, Tag Data Standards, Version 1.3. It is three (3) bits long,
carries one of seven (7) values, and identifies where the subsequent Company Prefix and Item Reference
numbers are divided.
d) The Company Prefix, assigned by GS1 to an organization. The Company Prefix is the same as the
Company Prefix digits within a GS1 GTIN decimal code. The combined Company Prefix and Item
Reference are 44 bits long (13 decimal digits).
© ISO 2009 – All rights reserved 5

---------------------- Page: 10 ----------------------
ISO 17366:2009(E)
e) The Item Reference, assigned by the “Company” entity to a particular product package. The combined
Company Prefix and Item Reference are 44 bits long (13 decimal digits).
f) The Serial Number assigned by the managing entity to an individual object. The EPC representation is
only capable of representing a subset of serial numbers allowed in the GS1 General Specifications.
Specifically, only those Serial Numbers consisting of one or more digits, with no leading zeros, are
permitted. The length of the Serial Number is 38 bits.
5.3 Other identification requirements
This International Standard does not supersede or replace any applicable safety or regulatory marking or
labelling requirements.
This International Standard is meant to satisfy the minimum product packaging identification requirements- of
numerous applications and industry groups. As such, its applicability is to a wide range of industries, each of
which may have specific implementation guidelines for this International Standard. This International Standard
is to be applied in addition to any other mandated labelling requirements.
6 Differentiation within the layer
6.1 Business processes
Business processes such as those described below are illustrative of the applications envisioned by this
International Standard.
⎯ Acquisition: ordering, including the identification of relevant specifications and requirements, can be
facilitated by referencing the item's original acquisition data using the RFID tag's unique ID as a database
key.
⎯ Shipping: where items can have different configurations or capabilities, such as with computer software
loads that differentiate items with otherwise identical form, fit and function, such items can be issued and
shipped with the tag read providing assurance that the correct item was shipped. This level of non-
intrusive tracking and tracing can serve as a front end to higher level in-transit visibility RFID applications
detailed in the other International Standards of this series.
⎯ Receiving: non-intrusive collection of receipt data can shorten data collection times, in support of
automated inventory management systems and provide an electronic transaction of record much earlier
in the process. Earlier knowledge of on-hand inventory can reduce stock outs and the need for expedited
premium transportation.
⎯ Cross docking: in addition to recording inbound receipts and outbound shipments, tagged items can be
sorted. Many items will have exterior marking (tagging) that are used in lieu of reading the product tag.
⎯ Work in process: used to track individual components and the final assembly (bill of material) and to
monitor any item through a fabrication or manufacturing process.
⎯ Maintenance: related to work in progress and differentiated in that it covers functions prior to and
subsequent to the actual work. This includes fault analysis, identification, preparation of packing and
packaging.
⎯ Inventory control: item level serialization yields a granularity of visibility that supports the management of
individual items. This allows data collection, tracking and tracing of individual items and selection at point
of issue.
⎯ Disposal: identification of items that have recycling or other disposal requirements.
6 © ISO 2009 – All rights reserved

---------------------- Page: 11 ----------------------
ISO 17366:2009(E)
⎯ Picking and put-away: selection of items from a package or transport unit prior to placement into shelf
stock in a warehouse situation or other storage situation where a specific asset is desired or knowledge of
the specific item selected is required for issue.
⎯ Pick and place: selection of items from shelf stock in a warehouse situation or other storage situation
where a specific asset is desired or knowledge of the specific item selected is required incident to the
placement of the item into or onto another asset incident to a manufacturing or assembly process.
⎯ Sortation: process that places individual items into groups based upon some selection criteria, often
performed at speed.
⎯ Identification: process that is an inherent part of each of the functions set out above. It allows the positive
differentiation of an item consistent with the business process in use. Identification can be at the discrete
item level for serialized products or by commodity for non-serialized products. Identification is often the
underlying base process that enables the other uses of the tag.
⎯ Network topology: can be used to identify discrete nodes or locations on a network.
⎯ Configuration management: discrete identification of the individual component items that comprise a
higher assembly. This component data can be tiered to cover each of the multiple levels of configuration
(e.g. the circuit board inside the radio installed in the communications suite of an aircraft).
The multitude of different business processes circumscribed by the supply chain will employ distinctly different
groupings of functions and processes outlined above. The reading, writing or erasing of data to/from a tag is
intended to effect identification and data capture about the product and the process involved and shall be
integrated into business processes as required by the business process owner.
6.2 Lot/batch vs. serial number vs. product identification only
Just as different business processes have varying data requirements, different items will have varying
identification requirements. Use of structured or intelligent serialization schemes include additional data such
as part number or lot number in the serialization scheme and should be avoided whenever possible. This
means that the serialization is unique within the enterprise.
The lowest level of identification would be product ID only. Lot and batch type items shall be marked with the
product ID of the item and the lot or batch of that item that this particular item belongs to. Serialized items
shall be marked with a unique serial number in conformance with the appropriate part of ISO/IEC 15459,
which details the differing methods of serialization that provide unique identification.
The need to identify an item at each level is not absolute. Many items are manufactured, sold, and used at the
commodity level. Examples are sand, coal and bulk liquids. These items may be marked at the lot level or
simply as a generic commodity.
Medicines are typical of the type of item that is manufactured and managed at the lot level but sold and used
at the item level. Thus a particular dosage of medicine will require unique identification of that dose and the
ability to reference that back to the original manufacturing lot. Looking up associated information on the
information system can accomplish this reference.
6.3 Consumer products vs. industrial/government
Personal privacy considerations present a unique set of considerations for consumer products as opposed to
products that remain exclusively in the industrial/government sectors. Consumer privacy regulations shall be
considered in the design and operation of every consumer level product packaging scenario. Encryption and
data security are addressed in Clause 8.
© ISO 2009 – All rights reserved 7

---------------------- Page: 12 ----------------------
ISO 17366:2009(E)
7 Data content
7.1 Introduction
Subclauses 7.2 to 7.7 describe the data content of RFID tags for the product packaging layer. They identify,
amongst others,
⎯ the data elements that shall or may be present on the tag,
⎯ the way in which the data elements are identified (semantics),
⎯ the representation of data elements in tag memory, and
⎯ the placement of data elements in the memory of the tag.
7.2 System data elements
7.2.1 Unique product package identification
The first data element on a compliant tag shall be the unique identification described in ISO/IEC 15459-4. The
length and nature of this unique identification is defined in
...