Information technology -- Internet of things -- Methodology for trustworthiness of IoT system/service

ISO/IEC 30147:2021(E) provides system life cycle processes to implement and maintain trustworthiness in an IoT system or service by applying and supplementing ISO/IEC/IEEE 15288:2015. The system life cycle processes are applicable to IoT systems and services common to a wide range of application areas.

Titre manque

General Information

Status
Published
Publication Date
16-Aug-2021
Current Stage
6000 - International Standard under publication
Start Date
17-Aug-2021
Ref Project

Buy Standard

Standard
ISO/IEC 30147:2021 - Information technology -- Internet of things -- Methodology for trustworthiness of IoT system/service
English language
31 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

ISO/IEC 30147
Edition 1.0 2021-05
INTERNATIONAL
STANDARD
Internet of things (IoT) – Integration of IoT trustworthiness activities in
ISO/IEC/IEEE 15288 system engineering processes
ISO/IEC 30147:2021-05(en)
---------------------- Page: 1 ----------------------
THIS PUBLICATION IS COPYRIGHT PROTECTED
Copyright © 2021 ISO/IEC, Geneva, Switzerland

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form

or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from

either IEC or IEC's member National Committee in the country of the requester. If you have any questions about

ISO/IEC copyright or have an enquiry about obtaining additional rights to this publication, please contact the address

below or your local IEC member National Committee for further information.
IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC

The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes

International Standards for all electrical, electronic and related technologies.
About IEC publications

The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the

latest edition, a corrigendum or an amendment might have been published.

IEC publications search - webstore.iec.ch/advsearchform IEC online collection - oc.iec.ch

The advanced search enables to find IEC publications by a Discover our powerful search engine and read freely all the

variety of criteria (reference number, text, technical publications previews. With a subscription you will always

committee, …). It also gives information on projects, replaced have access to up to date content tailored to your needs.

and withdrawn publications.
Electropedia - www.electropedia.org
IEC Just Published - webstore.iec.ch/justpublished
The world's leading online dictionary on electrotechnology,
Stay up to date on all new IEC publications. Just Published
containing more than 22 000 terminological entries in English
details all new publications released. Available online and
and French, with equivalent terms in 18 additional languages.
once a month by email.
Also known as the International Electrotechnical Vocabulary
(IEV) online.
IEC Customer Service Centre - webstore.iec.ch/csc
If you wish to give us your feedback on this publication or
need further assistance, please contact the Customer Service
Centre: sales@iec.ch.
---------------------- Page: 2 ----------------------
ISO/IEC 30147
Edition 1.0 2021-05
INTERNATIONAL
STANDARD
Internet of things (IoT) – Integration of IoT trustworthiness activities in
ISO/IEC/IEEE 15288 system engineering processes
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 35.020; 35.030 ISBN 978-2-8322-9808-4

Warning! Make sure that you obtained this publication from an authorized distributor.

---------------------- Page: 3 ----------------------
– 2 – ISO/IEC 30147:2021 © ISO/IEC 2021
CONTENTS

FOREWORD ........................................................................................................................... 4

INTRODUCTION ..................................................................................................................... 5

1 Scope .............................................................................................................................. 6

2 Normative references ...................................................................................................... 6

3 Terms and definitions ...................................................................................................... 6

4 Abbreviated terms ........................................................................................................... 9

5 IoT systems/services and IoT trustworthiness .................................................................. 9

5.1 Characteristics specific to IoT systems and services ............................................... 9

5.2 IoT trustworthiness ............................................................................................... 11

6 Processes for realizing IoT trustworthiness .................................................................... 12

6.1 General ................................................................................................................. 12

6.2 Agreement processes ........................................................................................... 12

6.2.1 Acquisition process ........................................................................................ 12

6.2.2 Supply process .............................................................................................. 13

6.3 Organizational project-enabling processes ............................................................ 13

6.3.1 Life cycle model management process .......................................................... 13

6.3.2 Infrastructure management process ............................................................... 13

6.3.3 Portfolio management process ....................................................................... 13

6.3.4 Human resource management process .......................................................... 13

6.3.5 Quality management process ......................................................................... 13

6.3.6 Knowledge management process .................................................................. 14

6.4 Technical management processes ........................................................................ 14

6.4.1 Project planning process ............................................................................... 14

6.4.2 Project assessment and control process ........................................................ 14

6.4.3 Decision management process ...................................................................... 15

6.4.4 Risk management process ............................................................................. 15

6.4.5 Configuration management process ............................................................... 16

6.4.6 Information management process .................................................................. 16

6.4.7 Measurement process ................................................................................... 16

6.4.8 Quality assurance process ............................................................................. 17

6.5 Technical processes ............................................................................................. 17

6.5.1 Business or mission analysis process ............................................................ 17

6.5.2 Stakeholder needs and requirements definition process ................................ 17

6.5.3 System requirements definition process ......................................................... 18

6.5.4 Architecture definition process ....................................................................... 19

6.5.5 Design definition process ............................................................................... 19

6.5.6 System analysis process ............................................................................... 20

6.5.7 Implementation process ................................................................................. 20

6.5.8 Integration process ........................................................................................ 20

6.5.9 Verification process ....................................................................................... 21

6.5.10 Transition process ......................................................................................... 22

6.5.11 Validation process ......................................................................................... 22

6.5.12 Operation process ......................................................................................... 23

6.5.13 Maintenance process ..................................................................................... 24

6.5.14 Disposal process ........................................................................................... 24

---------------------- Page: 4 ----------------------
ISO/IEC 30147:2021 © ISO/IEC 2021 – 3 –

Annex A (informative) Examples of risks specific to IoT systems .......................................... 25

A.1 General ................................................................................................................. 25

A.2 Example 1: Security risk ....................................................................................... 25

A.3 Example 2: Reliability risk ..................................................................................... 25

A.4 Example 3: Safety risk .......................................................................................... 25

A.5 Example 4: Privacy risk ......................................................................................... 26

A.6 Example 5: Resilience risk .................................................................................... 26

A.7 Example 6: Risk arising from interconnected IoT trustworthiness factors ............... 26

Annex B (informative) Overview of process and its application ............................................. 27

B.1 Overview of approach toward process for IoT trustworthiness ............................... 27

B.2 Application of process to enhance IoT trustworthiness .......................................... 29

Bibliography .......................................................................................................................... 30

Figure 1 – An IoT system, a system of systems .................................................................... 10

Table B.1 – Relations between typical characteristics of IoT systems and process

bases .................................................................................................................................... 29

---------------------- Page: 5 ----------------------
– 4 – ISO/IEC 30147:2021 © ISO/IEC 2021
INTERNET OF THINGS (IoT) –
INTEGRATION OF IoT TRUSTWORTHINESS ACTIVITIES
IN ISO/IEC/IEEE 15288 SYSTEM ENGINEERING PROCESSES
FOREWORD

1) ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission)

form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC

participate in the development of International Standards through technical committees established by the

respective organization to deal with particular fields of technical activity. ISO and IEC technical committees

collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental,

in liaison with ISO and IEC, also take part in the work.

2) The formal decisions or agreements of IEC and ISO on technical matters express, as nearly as possible, an

international consensus of opinion on the relevant subjects since each technical committee has representation

from all interested IEC and ISO National bodies.

3) IEC and ISO documents have the form of recommendations for international use and are accepted by IEC and

ISO National bodies in that sense. While all reasonable efforts are made to ensure that the technical content of

IEC and ISO documents is accurate, IEC and ISO cannot be held responsible for the way in which they are

used or for any misinterpretation by any end user.

4) In order to promote international uniformity, IEC and ISO National bodies undertake to apply IEC and

ISO documents transparently to the maximum extent possible in their national and regional publications. Any

divergence between any IEC and ISO document and the corresponding national or regional publication shall be

clearly indicated in the latter.

5) IEC and ISO do not provide any attestation of conformity. Independent certification bodies provide conformity

assessment services and, in some areas, access to IEC and ISO marks of conformity. IEC and ISO are not

responsible for any services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this document.

7) No liability shall attach to IEC and ISO or their directors, employees, servants or agents including individual

experts and members of its technical committees and IEC and ISO National bodies for any personal injury,

property damage or other damage of any nature whatsoever, whether direct or indirect, or for costs (including

legal fees) and expenses arising out of the publication, use of, or reliance upon, this ISO/IEC document or any

other IEC and ISO documents.

8) Attention is drawn to the Normative references cited in this document. Use of the referenced publications is

indispensable for the correct application of this document.

9) Attention is drawn to the possibility that some of the elements of this ISO/IEC document may be the subject of

patent rights. IEC and ISO shall not be held responsible for identifying any or all such patent rights.

ISO/IEC 30147 has been prepared by subcommittee 41: Internet of Things and related

technologies, of ISO/IEC joint technical committee 1: Information technology. It is an

International Standard.
The text of this International Standard is based on the following documents:
FDIS Report on voting
JTC1-SC41/210/FDIS JTC1-SC41/221/RVD

Full information on the voting for its approval can be found in the report on voting indicated in

the above table.
The language used for the development of this International Standard is English.
This document was drafted in accordance with ISO/IEC Directives, Part 2, and
developed in accordance with ISO/IEC Directives, Part 1, available at
www.iec.ch/members_experts/refdocs and www.iso.org/directives.
---------------------- Page: 6 ----------------------
ISO/IEC 30147:2021 © ISO/IEC 2021 – 5 –
INTRODUCTION

In the Internet of Things (IoT), all IoT devices are mutually connected to each other and this is

expected to bring new advantages to daily life. On the other hand, traditional system

management devices (thermostats, lighting systems, traffic lights, etc.) which were not

previously connected to the Internet are now being connected without regard to the level of

IoT trustworthiness required by the system-of-interest. Many of these devices are being

connected without the benefit of security controls and processes in place for servers, PCs,

and smartphones. Flaws or failures in these devices caused by lack of IoT trustworthiness can

have a deep impact on the users and system operation. This implies that there are conditions

and characteristics specific to IoT systems and services which are different from those of

other existing IT systems and services. Examples are as follows.
– The extent and the degree of impacts of threats are very wide and big.

– The life time of IoT systems and services, especially in operation and maintenance, is

sometimes very long.
– It can be very difficult to monitor and manage some types of IoT devices.

– It can be difficult for communication entities including IoT devices to sufficiently know the

environments of each other.

– The functions and performances of some IoT devices might be restricted technologically.

– In IoT systems and services, connections between entities can be made which the

developers of the entities did not anticipate.

The purpose of this document is to provide guidance to realize IoT trustworthiness. This is

because existing documents are targeted to each application area and do not necessarily

cover all the challenges faced by the IoT system and service according to the above

conditions and characteristics specific to IoT systems and services. This document provides

system life cycle processes to realize IoT trustworthiness by applying and supplementing

ISO/IEC/IEEE 15288:2015.
---------------------- Page: 7 ----------------------
– 6 – ISO/IEC 30147:2021 © ISO/IEC 2021
INTERNET OF THINGS (IoT) –
INTEGRATION OF IoT TRUSTWORTHINESS ACTIVITIES
IN ISO/IEC/IEEE 15288 SYSTEM ENGINEERING PROCESSES
1 Scope
This document provides system life cycle processes to implement and maintain
trustworthiness in an IoT system or service by applying and supplementing

ISO/IEC/IEEE 15288:2015. The system life cycle processes are applicable to IoT systems and

services common to a wide range of application areas.
2 Normative references

The following documents are referred to in the text in such a way that some or all of their

content constitutes requirements of this document. For dated references, only the edition

cited applies. For undated references, the latest edition of the referenced document (including

any amendments) applies.

IEC 61508 (all parts), Functional safety of electrical/electronic/programmable electronic

safety-related systems

ISO/IEC Guide 51:2014, Safety aspects – Guidelines for their inclusion in standards

ISO/IEC 27005:2018, Information technology – Security techniques – Information security risk

management

ISO/IEC 27031:2011, Information technology – Security techniques – Guidelines for

information and communication technology readiness for business continuity

ISO/IEC 29134:2017, Information technology – Security techniques – Guidelines for privacy

impact assessment

ISO/IEC/IEEE 15288:2015, Systems and software engineering – System life cycle processes

ISO 31000, Risk management – Guidelines
3 Terms and definitions
For the purposes of this document, the terms and definitions given in
ISO/IEC/IEEE 15288:2015, and the following apply.
NOTE The following terms are defined in ISO/IEC/IEEE 15288:2015:

acquirer, acquisition, activity, agreement, architecture, architecture viewpoint, asset, baseline, concept of operation,

concern, customer, design (verb), design (noun), enabling system, environment, incident, information item,

interface, life cycle, life cycle model, operational concept, operator, organization, party, problem, process, product,

project, quality assurance, quality characteristic, quality management, requirement, resource, risk, stage,

stakeholder, supplier, system, system element, system-of-interest, task, user, validation, verification.

---------------------- Page: 8 ----------------------
ISO/IEC 30147:2021 © ISO/IEC 2021 – 7 –

ISO and IEC maintain terminological databases for use in standardization at the following

addresses:
• IEC Electropedia: available at http://www.electropedia.org/
• ISO Online browsing platform: available at http://www.iso.org/obp
3.1
asset

entity (3.6) that has value and is either owned by or under the custody of an individual, an

organization, a government, or other groups
[SOURCE: ISO/IEC 20924:2021[1], 3.1.4]
3.2
availability
property of being accessible and usable on demand by an authorized entity (3.6)

Note 1 to entry: IoT systems can include both human users and service components as "authorized entities".

[SOURCE: ISO/IEC 27000:2018[2], 3.7]
3.3
characteristic
abstraction of a property of an entity (3.6) or of a set of entities
[SOURCE: ISO 18104:2014[3], 3.1.4]
3.4
component

modular, deployable, and replaceable part of a system that encapsulates implementation and

exposes a set of interfaces
[SOURCE: ISO 14813-5:2010[4], B.1.31]
3.5
confidentiality

property that information is not made available or disclosed to unauthorized individuals,

entities (3.6), or processes
[SOURCE: ISO/IEC 27000:2018[2], 3.10]
3.6
entity
thing (physical or non-physical) having a distinct existence

[SOURCE: ISO/IEC 15459-3:2014[5], 3.1, modified – In the definition, "anything" has been

replaced by "thing".]
3.7
integrity
property of accuracy and completeness
[SOURCE: ISO/IEC 27000:2018[2], 3.36]
---------------------- Page: 9 ----------------------
– 8 – ISO/IEC 30147:2021 © ISO/IEC 2021
3.8
Internet of Things
IoT

infrastructure of interconnected entities (3.6), people, systems and information resources

together with services which processes and reacts to information from the physical world and

virtual world
[SOURCE: ISO/IEC 20924:2021[1], 3.2.4]
3.9
IoT device

entity (3.6) of an IoT system that interacts and communicates with the physical world through

sensing or actuating
[SOURCE: ISO/IEC 20924:2021[1], 3.2.6]
3.10
IoT system
system providing functionalities of IoT

Note 1 to entry: An IoT system can include, but not be limited to, IoT devices, IoT gateways, sensors, and

actuators.
[SOURCE: ISO/IEC 20924:2021[1], 3.2.9]
3.11
IoT trustworthiness

trustworthiness of an IoT system with characteristics including security, privacy, safety,

reliability and resilience

Note 1 to entry: The term "trustworthiness" is defined at 3.1.34 in ISO/IEC 20924:2021 as the ability to meet

stakeholder expectations in a demonstrable, verifiable and measurable way

Note 2 to entry: The relative importance of characteristics of IoT trustworthiness, including security, privacy,

safety, reliability and resilience, depends on the nature and the context of the IoT system or service.

[SOURCE: ISO/IEC 20924:2021[1], 3.2.10, modified – Note 1 to entry and Note 2 to entry

have been added.]
3.12
network

infrastructure that connects a set of endpoints, enabling communication of data between the

digital entities (3.6) reachable through them
[SOURCE: ISO/IEC 20924:2021[1], 3.1.26]
3.13
reliability

ability of an item to perform as required, without failure, for a given time interval, under given

conditions

Note 1 to entry: The time interval duration may be expressed in units appropriate to the item concerned, e.g.

calendar time, operating cycles, distance run, etc., and the units should always be clearly stated.

Note 2 to entry: Given conditions include aspects that affect reliability, such as: mode of operation, stress levels,

environmental conditions, and maintenance.
[SOURCE: IEC 60050-192:2015, 192-01-24]
---------------------- Page: 10 ----------------------
ISO/IEC 30147:2021 © ISO/IEC 2021 – 9 –
3.14
resilience

tolerance of a system to malfunctions or capacity to recover functionality after stress

[SOURCE: ISO 18457:2016[6], 3.9]
3.15
security

protection against intentional subversion or forced failure, achieved by a composite of five

attributes – confidentiality, integrity, availability, non-repudiation, and accountability – plus

aspects of a sixth, usability, all of which have the related issue of their assurance

[SOURCE: ISO/IEC/IEEE 15288:2015, 4.1.41, modified – In the definition, the attribute "non-

repudiation" has been added.]
3.16
service
distinct functionality that is provided by an entity (3.6) through interfaces
[SOURCE: ISO/IEC 20924:2021[1], 3.1.30]
4 Abbreviated terms
ATM automated teller machine
ICT information and communication technology
IIoT industrial IoT
OS operating system
OT operational technology
PC personal computer
SoS system of systems
5 IoT systems/services and IoT trustworthiness
5.1 Characteristics specific to IoT systems and services

An IoT service is a service provided by an IoT system which may be a system of systems

(SoS), characterized as operationally and managerially independent of constituent systems

(see 4.1 in ISO/IEC/IEEE 21839:2019[7] , see also Figure 1). Note that there may be a case

where no one is responsible for an IoT system which is an SoS. In such a case, it is a

distinguishing feature of an IoT system that cooperation with other organizations, which

operate and manage constituent systems of the IoT system, is necessary to achieve IoT

trustworthiness. IoT trustworthiness is considered to be achieved if all the requirements of IoT

trustworthiness are satisfied because IoT trustworthiness depends on each system. For

details of IoT systems, a lot of examples are provided in ISO/IEC TR 22417:2017[8].

This document is targeted at users who are responsible for implementation and maintenance

of IoT trustworthiness. When there is no entity responsible for the whole IoT system or service,

this document applies to each constituent system or service for which there is an entity

responsible regardless of whether it consists of multiple subsystems, part(s) of which may be

operated and managed by another entity or entities.
_____________
Numbers in square brackets refer to the Bibliography.
---------------------- Page: 11 ----------------------
– 10 – ISO/IEC 30147:2021 © ISO/IEC 2021

Activities and tasks in each process to realize IoT trustworthiness are included in those for the

IoT system by which the IoT service is provided. Descriptions of activities and tasks are

represented by those for an IoT system, unless otherwise specified. When applied to an IoT

service, choose activities and tasks that are applicable.
Figure 1 – An IoT system, a system of systems

A Thing in an IoT system might be the following status or might have the following issues.

1) Compromised Thing

An intruder could have taken control of the Thing-of-interest and provided data, command

and controls with the intent of disrupting the entire IoT setup resulting in the loss of trust

of the Thing. This results in hacking of flights or automobiles, for example.
2) Incorrectly configured Thing

Because of some fault in command and control, the configuration of the Thing-of-interest

could have exhibited a state that is neither expected nor detected, resulting in loss of IoT

trustworthiness of the Thing. An example of this issue is CO and SO sensors incorrectly

configured in a gas turbine.
3) Damaged Thing
Because of some operational conditions, the Thing-of-interest could have become

damaged, resulting in a situation or state that the Thing-of-interest is not trustworthy. This

can cause a disaster if it is an altitude, speed, or flap sensor in an airplane.
4) Incorrect interactions because of poor interfaces

The interfaces between the Thing-of-interest and other Things could have lost the

compatibility because of various factors (upgrades, incorrect patches, wrong configuration

and so on), resulting in the Thing-of-interest ceasing to be trustworthy. For example,

patches not or incorrectly installed in medical devices can cause a serious healthcare

problem.
5) Incompatibility because of incorrect configuration

The Thing-of-interest could be configured incorrectly (for example, units of measurement,

size of data exchange, nature of data, and so on), resulting in a situation that the

information received from the Thing-of-interest is not useful, which results in the Thing-of-

interest ceasing to be trustworthy. An example is incorrect baud rate used for configuring

the IoT devices.
---------------------- Page: 12 ----------------------
ISO/IEC 30147:2021 © ISO/IEC 2021 – 11 –
6) Failure to respond

The Thing-of-interest may fail to respond in certain situations to other Things because of a

variety of factors (not a known request, not configured to respond, and so on), resulting in

the Thing-of-interest ceasing to be trustworthy from the point of view of the other Things.

The Air France 447 case is considered an example of this.
7) Failure to recognize

The Thing-of-interest may generate a response which is not recognized as a meaningful

interaction because of the incorrect configuration of other Things, resulting in the Thing-of-

interest and the other Things losing mutual trust. For example, altimeter failure results in

discrepancy between the displayed altitudes.

As Things in an IoT system are such as those in the above, IoT systems have specific

conditions and characteristics which are very different from other existing IT systems, such as

the following.

a) The extent and the degree of impacts of threats become very wide and big. The impacts

may include damages to the lives and properties of individuals, leaking of confidential

information of individuals.

b) The life time of IoT systems, especially in operation and maintenance, is sometimes very

long. For example, the lifespan of an IIoT system is more than ten years in general.

c) There are cases where it is very difficult to monitor and manage IoT devices. Unmanaged

IoT devices may connect to IoT systems. Users may not be aware of problems if they

occur. For example, an IoT system suffers from security issues by not being updated or in

relation with firmware issues.

d) It can be difficult for communication entities including IoT devices to sufficiently

understand the environments of each other.
e) The functions and performances of IoT devices are restricted.

f) There are possibilities of connections in IoT systems which the developers did not expect.

After an IoT device is connected to the Internet, the IoT system to which the IoT device

provides data may change. The data owners and users of the IoT system may also change

as time passes.

Because of the above conditions and characteristics, IoT system can have risks shown in

Annex A. Annex B provides an overview of how the above issues are resolved with the

processes in Clause 6.
5.2 IoT trustworthiness

The definition of IoT trustworthiness can apply to the entities within an IoT system if "an IoT

system" in the definition is replaced appropriately. Note that IoT trustworthiness is realized if

IoT trustworthiness of all the entities in the IoT system is achieved.

IoT trustworthiness, especially safety, is not realized only with ICT elements. Only ICT

elements are dealt with
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.