ISO 10008:2022
(Main)Quality management — Customer satisfaction — Guidance for business-to-consumer electronic commerce transactions
Quality management — Customer satisfaction — Guidance for business-to-consumer electronic commerce transactions
This document gives guidance on planning, designing, developing, implementing, maintaining and improving an effective and efficient business-to-consumer electronic commerce transaction (B2C ECT) system within an organization. It is applicable to any organization engaged in, or planning to be engaged in, a B2C ECT, regardless of size, type and activity. The focus of this document is on organizations that directly offer and provide products and services to consumers. This document aims to enable organizations to set up a fair, effective, efficient, transparent and secure B2C ECT system, in order to enhance consumers’ confidence in B2C ECTs and increase the satisfaction of consumers. It is aimed at B2C ECTs concerning consumers as a sub-set of customers. The guidance given in this document can complement an organization’s quality management system.
Management de la qualité — Satisfaction client — Lignes directrices pour les transactions de commerce électronique entre commerçant et consommateur
Le présent document fournit des recommandations relatives à la planification, à la conception, au développement, à la mise en œuvre, à la tenue à jour et à l’amélioration d’un système efficace et efficient de transaction de commerce électronique entre commerçant et consommateur (TCE CC) au sein d’un organisme. Il s’applique à tout organisme engagé ou envisageant de s’engager dans une TCE CC, quels que soient sa taille, son type et son activité. Le présent document se concentre sur les organismes qui offrent et fournissent directement des produits et services aux consommateurs. Le présent document vise à permettre aux organismes de mettre en place un système TCE CC loyal, efficace, efficient, transparent et sûr afin d’améliorer la confiance des consommateurs dans les transactions de type TCE CC et d’accroître la satisfaction des consommateurs. Il a pour objet les transactions de type TCE CC concernant les consommateurs en tant que sous-ensemble des clients. Le respect des recommandations du présent document peut venir en complément du système de management de la qualité d’un organisme.
Vodenje kakovosti - Zadovoljstvo odjemalcev - Napotki za elektronsko poslovanje organizacij s potrošniki
Ta dokument vsebuje smernice za načrtovanje, projektiranje, razvoj, uvajanje, vzdrževanje ter izboljšavo zmogljivega in učinkovitega elektronsko-trgovskega poslovanja podjetja s potrošniki (B2C ECT) v organizaciji.
Uporaben je za vsako organizacijo, ki se ukvarja ali se namerava ukvarjati z elektronsko-trgovskim poslovanjem podjetja s potrošniki, ne glede na velikost, vrsto in dejavnost. Ta dokument se osredotoča na organizacije, ki strankam neposredno ponujajo oziroma zagotavljajo izdelke in storitve.
Namen tega dokumenta je organizacijam omogočiti, da vzpostavijo pošten, zmogljiv, učinkovit, odkrit in varen elektronsko-trgovski sistem poslovanja podjetja s potrošniki, ter povečati zadovoljstvo potrošnikov. Namenjen je elektronsko-trgovskim sistemom poslovanja podjetja s potrošniki kot podrazredu potrošnikov.
Smernice, podane v tem dokumentu, lahko dopolnjujejo sistem vodenja kakovosti organizacije.
General Information
Relations
Standards Content (Sample)
SLOVENSKI STANDARD
01-oktober-2022
Nadomešča:
SIST ISO 10008:2013
Vodenje kakovosti - Zadovoljstvo odjemalcev - Napotki za elektronsko poslovanje
organizacij s potrošniki
Quality management - Customer satisfaction - Guidance for business-to-consumer
electronic commerce transactions
Management de la qualité - Satisfaction client - Lignes directrices pour les transactions
de commerce électronique entre commerçant et consommateur
Ta slovenski standard je istoveten z: ISO 10008:2022
ICS:
03.080.01 Storitve na splošno Services in general
03.120.10 Vodenje in zagotavljanje Quality management and
kakovosti quality assurance
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
INTERNATIONAL ISO
STANDARD 10008
Second edition
2022-08
Quality management — Customer
satisfaction — Guidance for business-
to-consumer electronic commerce
transactions
Management de la qualité — Satisfaction client — Lignes directrices
pour les transactions de commerce électronique entre commerçant et
consommateur
Reference number
© ISO 2022
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Guiding principles . 2
4.1 General . 2
4.2 Commitment . 3
4.3 Capacity . 3
4.4 Competence . 3
4.5 Suitability . 3
4.6 Information integrity . 3
4.7 Transparency . 3
4.8 Choice . 3
4.9 Accessibility . 3
4.10 Responsiveness . 4
4.11 Timeliness . 4
4.12 Consent . 4
4.13 Accountability . 4
4.14 Legality . 4
4.15 Privacy . 4
4.16 Data protection . 4
4.17 Safety. 5
4.18 Sustainability . 5
4.19 Integration. 5
4.20 Customer-focused approach . 5
4.21 Improvement . 5
5 Business-to-consumer electronic commerce transaction system .5
5.1 Context of the organization . . 5
5.2 Framework . 6
5.3 Objectives . 6
5.4 Processes . 7
5.4.1 General . 7
5.4.2 Single-phase processes . 8
5.4.3 Multi-phase processes . 8
5.5 Resources . 9
5.5.1 General . 9
5.5.2 B2C ECT providers . 9
5.5.3 Procedures . 9
5.5.4 Internal and external communication plan. 9
5.6 Connectivity . 10
6 Single-phase processes .10
6.1 Pre-transaction phase . . 10
6.1.1 General . 10
6.1.2 Content creation . 10
6.1.3 Content delivery . 10
6.1.4 Content governance .12
6.2 In-transaction phase . 13
6.2.1 General .13
6.2.2 Initial selection support . 13
6.2.3 Consumer identification . 14
6.2.4 Final quote . 14
iii
6.2.5 Payment selection support . 15
6.2.6 Payment authorization . 16
6.2.7 Order confirmation . 16
6.3 Post-transaction phase . 16
6.3.1 General . 16
6.3.2 Delivery. 17
6.3.3 Correction . 17
6.3.4 Return and exchange . 18
7 Multi-phase processes .18
7.1 Consumer interaction . 18
7.1.1 General . 18
7.1.2 B2C ECT code . 18
7.1.3 Consumer support. 19
7.1.4 Feedback handling . 19
7.1.5 Complaints handling and external dispute resolution . 19
7.2 Consumer data management .20
7.2.1 General .20
7.2.2 Security . . .20
7.2.3 Privacy . 20
8 Maintenance and improvement .21
8.1 Collection of information . 21
8.2 Evaluation of performance of the B2C ECT system . 21
8.3 Satisfaction with the B2C ECT system . 21
8.4 Review of the B2C ECT system . 21
8.5 Continual improvement . 22
Annex A (informative) Customer satisfaction and consumer needs in the B2C ECT context .23
Annex B (informative) Supplementary references .25
Annex C (informative) Guidance on information provision .27
Annex D (informative) Guidance concerning an organization’s B2C ECT code .30
Bibliography .32
iv
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO’s adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 176, Quality management and quality
assurance, Subcommittee SC 3, Supporting technologies.
This second edition cancels and replaces the first edition (ISO 10008:2013), which has been technically
revised.
The main changes are as follows:
— alignment with ISO 9000:2015;
— alignment with ISO 9001:2015;
— improved alignment with ISO 10001, ISO 10002, ISO 10003 and ISO 10004.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
v
Introduction
0.1 General
Electronic commerce offers the convenience of being able to research and select from a wide range of
products and services, but consumers must usually do so without the benefit of face-to-face interactions.
The related transactions can take place across international borders, sometimes without the consumer
realizing this, and the levels of consumer protection can be different from those to which the consumer
is accustomed.
This document provides guidance to organizations for planning, designing, developing, implementing,
maintaining and improving an effective and efficient system concerning business-to-consumer
electronic commerce transactions (B2C ECTs).
An effective and efficient B2C ECT system can assist consumers and organizations in addressing all
aspects of a transaction.
This document gives guidance on how organizations can implement such a B2C ECT system and thereby:
a) provide a basis for consumers to have increased confidence in B2C ECTs;
b) enhance the ability of organizations to satisfy consumers;
c) reduce complaints and disputes.
A B2C ECT involves electronic interactions between the organization and the consumer, when accessed
by the consumer through any device with wired or wireless connectivity (e.g. personal computers,
e-tablets, personal digital assistants, cell phones). For the purposes of this document, a B2C ECT can
also involve other data-based telecommunications networks (e.g. short-text messaging) and various
interfaces, including websites, social media web pages, apps and emails.
1)
NOTE ISO 32111 provides principles and framework for electronic commerce transaction assurance.
The guidance in this document is intended to apply to situations where a substantial part of the B2C
ECT, including at least one in-transaction phase process (e.g. processing of payment, confirmation by
the consumer of the agreement, delivery of products and services) is facilitated by electronic methods.
It also can be useful where no B2C ECT takes place, but there is some online interaction between the
organization and the consumer, such as when an organization advertises online and does not sell
products or services online. Where distance selling does not include an online component (e.g. a mail
order), it is not the subject of this document, but some of the guidance provided can be relevant.
Considered broadly, business-to-consumer e-commerce involves a wide variety of organizations
engaged in many different activities. The focus of this document is on the organizations that directly
offer products and services to consumers, whether via their own platforms or via online marketplaces.
However, the guidance provided can be relevant to other organizations involved in any B2C ECT
transaction, including online marketplaces and price comparison sites. There are also separate
standards for organizations that facilitate transactions between consumers and providers, and
organizations that provide consumers access to publicly accessible processes where they can review
and rate products and services offered by their organizations, and access the reviews and ratings of
other consumers (see ISO 42500 and ISO 20488).
The guidance in this document is not intended to apply to online transactions completed between
individuals (“consumer-to-consumer”). However, the guidance in this document can be relevant to
third-party organizations that provide online services to facilitate consumer-to-consumer transactions
(e.g. online marketplaces).
1) Under preparation. Stage at the time of publication: ISO/DIS 32111:2022.
vi
0.2 Relationship with ISO 9001 and ISO 9004
This document is compatible with ISO 9001 and ISO 9004 and supports the objectives of these two
standards through the effective and efficient application of a B2C ECT system. This document can also
be used independently of ISO 9001 and ISO 9004.
ISO 9001 specifies requirements for a quality management system. A B2C ECT system implemented
in accordance with this document (i.e. ISO 10008) can be used as an element of a quality management
system.
ISO 9004 provides guidance to achieve sustained success of an organization. The use of this document
can enhance performance regarding B2C ECTs, as well as increase the satisfaction of consumers and
other relevant interested parties to facilitate the achievement of sustained success. It can also facilitate
the continual improvement of the quality of products, services and processes based on feedback from
consumers and other relevant interested parties.
NOTE Other relevant interested parties can include customers, providers, industry associations and their
members, consumer organizations, relevant government agencies, regulatory authorities, personnel, owners and
others who are affected by an organization’s B2C ECT system.
0.3 Relationship with ISO 10001, ISO 10002, ISO 10003 and ISO 10004
This document is compatible with ISO 10001, ISO 10002, ISO 10003 and ISO 10004. These five standards
can be used either independently or in conjunction with each other. When used together, the standards
can be part of a broader and integrated framework for enhanced customer satisfaction in both the B2C
and non-B2C contexts.
Organizations can use the guidance contained in ISO 10001 to plan, design, develop, implement,
maintain and improve a B2C ECT code as part of the B2C ECT system. The complaints handling, dispute
resolution and customer satisfaction monitoring and measuring processes described in ISO 10002,
ISO 10003 and ISO 10004, respectively, can form important parts of a B2C ECT system.
vii
INTERNATIONAL STANDARD ISO 10008:2022(E)
Quality management — Customer satisfaction —
Guidance for business-to-consumer electronic commerce
transactions
1 Scope
This document gives guidance on planning, designing, developing, implementing, maintaining and
improving an effective and efficient business-to-consumer electronic commerce transaction (B2C ECT)
system within an organization.
It is applicable to any organization engaged in, or planning to be engaged in, a B2C ECT, regardless of
size, type and activity. The focus of this document is on organizations that directly offer and provide
products and services to consumers.
This document aims to enable organizations to set up a fair, effective, efficient, transparent and secure
B2C ECT system, in order to enhance consumers’ confidence in B2C ECTs and increase the satisfaction
of consumers. It is aimed at B2C ECTs concerning consumers as a sub-set of customers.
The guidance given in this document can complement an organization’s quality management system.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 9000, Quality management systems — Fundamentals and vocabulary
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 9000 and the following apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
business-to-consumer electronic commerce transaction
B2C ECT
set of interactions between an organization (3.2) and a consumer (3.3) for the provision of products and
services, facilitated online
3.2
organization
person or group of people that has its own functions with responsibilities, authorities and relationships
to achieve its objectives
Note 1 to entry: The concept of organization includes, but is not limited to, sole-trader, company, corporation,
firm, enterprise, authority, partnership, association, charity or institution, or part or combination thereof,
whether incorporated or not, public or private.
Note 2 to entry: Additional examples include shop and retailer.
[SOURCE: ISO 9000:2015, 3.2.1, modified — Note 2 to entry has been replaced.]
3.3
consumer
individual member of the general public who is the end user of products and services
Note 1 to entry: For the purposes of this document, use of the term “consumer” includes a range of potential and
existing product or service users, e.g.
— those thinking about using or purchasing a product or a service;
— those who have purchased a one-off product or service;
— those in a short- or long-term product or service contract;
— end users of a product or a service paying directly for the product or service;
— end users of a product or a service not paying for the product or service.
Note 2 to entry: The end user might not be the customer who purchased the product or service, e.g. persons
having a meal at a restaurant that is paid for either by one person in this group or by a different person.
[SOURCE: ISO/IEC Guide 76:2020, 3.5, modified — The phrase “services or service-related goods (e.g. a
smart speaker)” has been replaced by “products and services” and the term “product” has been added
to the term “service” in the notes to entry.]
3.4
business-to-consumer electronic commerce transaction code
B2C ECT code
promise or set of promises made by organizations (3.2) to consumers (3.3), and related provisions in
support of B2C ECTs (3.1)
Note 1 to entry: Promises can include elements of what are commonly referred to as “terms and conditions”.
3.5
business-to-consumer electronic commerce transaction provider
B2C ECT provider
organization (3.2) that supplies a B2C ECT (3.1) process or activity to the organization and that is
external to the organization operating the B2C ECT system
Note 1 to entry: B2C ECT providers include organization reliability assurance providers, financial intermediaries
(e.g. payment card companies), product and service information providers, consumer information protection and
security assurance providers, product and service delivery providers, and dispute resolution providers.
3.6
content
wording, images and related mechanisms
associated with communicating information about the organization (3.2), its products and services, and
the B2C ECT (3.1) system
4 Guiding principles
4.1 General
Effective and efficient planning, design, development, implementation, maintenance and improvement
of an organization’s B2C ECT system is based on adherence to the consumer-focused guiding principles
set out in 4.2 to 4.21. These guiding principles should be used to enhance consumer protection
throughout the B2C ECT system.
NOTE 1 The order of the guiding principles as listed is not intended to reflect their relative importance.
NOTE 2 Annex A provides further guidance on customer satisfaction and consumer needs in the B2C ECT
context.
4.2 Commitment
An organization should be actively committed to the adoption, integration and dissemination of a B2C
ECT system, including the fulfilment of the promises that it is making to consumers in its B2C ECT code.
4.3 Capacity
Sufficient resources should be made available for effectively and efficiently managing an organization’s
B2C ECT system, including its planning, design, development, implementation, maintenance and
improvement.
4.4 Competence
Organization personnel and B2C ECT providers should have the attributes, skills, training, knowledge
and experience necessary to discharge their responsibilities in a manner that meets the needs and
expectations of consumers.
4.5 Suitability
The organization should ensure that the B2C ECT system is appropriate for the type of transaction
involved and any interface that the consumer may be using, taking into consideration such factors as
the characteristics of the consumer, the type of product or service and the nature of any complaint or
concern, as applicable.
NOTE Examples of interfaces include mobile browsers, web browsers and apps.
4.6 Information integrity
An organization should ensure that its B2C ECT system and the information about it are accurate,
not misleading and verifiable, and that data collected are relevant, correct, complete, meaningful and
useful.
4.7 Transparency
Adequate information about the organization’s B2C ECT system should be disclosed to consumers,
personnel and other interested parties, and this information should be easily available and clear.
NOTE Examples of information can include the application of artificial intelligence and product origin.
4.8 Choice
An organization should offer consumers a choice of comparable and realistic options in the application
of its B2C ECT system, where possible.
NOTE 1 See ISO/IEC Guide 76:2020, 6.2.
NOTE 2 Examples of a choice include providing more than one way of contacting the organization, such as
email, telephone and online chat, and offering alternative payment options.
4.9 Accessibility
An organization’s B2C ECT system and the relevant information about it should be easy to find,
understand and use. The B2C ECT system should be planned, designed, developed, implemented,
maintained and improved to take into account the needs of different consumers, including those who
can be at greater risk of detriment due to consumer vulnerability, and those with specific accessibility
requirements.
NOTE 1 ISO/IEC Guide 71 provides further guidance on accessibility.
NOTE 2 ISO 22458 provides further guidance on identifying and responding to consumer vulnerability.
4.10 Responsiveness
In the application of its B2C ECT system, an organization should respond to the needs and expectations
of consumers and the expectations of other relevant interested parties.
4.11 Timeliness
In the application of its B2C ECT system, the organization’s responses to consumers and other relevant
interested parties, including responses to any queries or complaints, should be provided quickly and
efficiently, given the nature of the need and the process in question.
4.12 Consent
An organization should ensure that whenever consumer consent is required in a B2C ECT, it is given
intentionally and based on full information.
NOTE ISO/IEC 29184 provides further guidance related to consent.
4.13 Accountability
An organization should establish and maintain accountability for, and reporting on, the decisions and
actions with respect to its B2C ECT system, including with respect to its B2C ECT providers.
4.14 Legality
An organization should proactively monitor the relevant legislative environment. It should make clear
to the consumer which jurisdictions cover B2C ECTs where purchases are carried out across borders.
4.15 Privacy
Personally identifiable information about the consumer gathered by an organization in the application
of its B2C ECT system should be kept confidential and protected. Disclosure should take place only if it
is essential for completion of the B2C ECT or consent for disclosure is obtained from the consumer.
NOTE 1 Personally identifiable information is information that when associated with an individual can be
used to identify them, and is retrievable by the individual’s name, address, email address, telephone number or
similarly specific identifier. The precise meaning of the term can differ around the world.
NOTE 2 ISO/IEC 29100, ISO/IEC 29184 and the ISO 31700 series provide further guidance on privacy.
4.16 Data protection
The organization should preserve the integrity of consumer data in the B2C ECT system. This should
include implementing security safeguards appropriate to the sensitivity of the information, applying
generally accepted best practices to protect against unauthorized access, obtaining necessary
consent for the use of consumer data, and taking account of the applicable statutory and regulatory
requirements imposed in the jurisdiction of the purchaser.
NOTE Further guidance on information security is provided in ISO/IEC 27001 and ISO/IEC 27002.
4.17 Safety
An organization should take all reasonable steps to ensure the safety of products and services supplied
through its B2C ECT system.
NOTE 1 See ISO/IEC Guide 76:2020, 6.5.
NOTE 2 ISO 10377 provides further guidance on assessing and managing the safety of products.
NOTE 3 ISO 10393 provides further guidance on product recalls.
4.18 Sustainability
An organization’s B2C ECT system should be established and operated in a way that ensures
sustainability.
NOTE 1 See ISO/IEC Guide 76:2020, 6.7.
NOTE 2 ISO 26000 provides further guidance on social responsibility.
NOTE 3 Examples of ensuring sustainability can include treating workers, such as delivery drivers and
warehouse staff, fairly and considering environmental impacts, such as in packaging and delivery.
4.19 Integration
An organization’s B2C ECT system should be integrated with the organization’s quality and other
management systems, where appropriate. This should include online B2C ECT and conventional face-
to-face or distance selling marketplace interactions, where applicable, in a way that is consistent and
comprehensible to all consumers.
NOTE Reference [28] provides further guidance on integration.
4.20 Customer-focused approach
The organization should adopt a customer-focused approach with respect to the B2C ECT system and
should be open to feedback.
4.21 Improvement
Increased effectiveness and efficiency of the B2C ECT system should be a permanent objective of the
organization.
5 Business-to-consumer electronic commerce transaction system
5.1 Context of the organization
In planning, designing, developing, implementing, maintaining and improving the B2C ECT system, the
organization should consider its context by:
— identifying and addressing external and internal issues that are relevant to the organization’s
purpose and that affect its ability to achieve objectives of the B2C ECT system;
— identifying the interested parties that are relevant to the B2C ECT system, and addressing the
relevant needs and expectations of these interested parties;
— identifying the scope of the B2C ECT system, including its boundaries and applicability, and taking
into account the external and internal issues and the needs of interested parties noted above.
5.2 Framework
An organization should establish and apply a framework for decision-making and action in planning,
design, development, implementation, maintenance and improvement of the B2C ECT system. This
framework involves the resource assessment, provision and deployment needed to support the carrying
out of the processes to achieve the objectives of the B2C ECT system. It also includes top management
commitment, assignment of appropriate responsibilities and authorities, and training, in accordance
with the guiding principles stated in Clause 4.
In planning, design, development, implementation, maintenance and improvement of its B2C ECT
system, the organization should gather and assess information concerning:
— the needs and expectations of consumers;
— the issues associated with B2C ECTs (e.g. privacy, security, responsiveness, accuracy);
— statutory and regulatory requirements associated with dealing with these issues (see Annex B);
— how these issues arise, their potential effects and how they are addressed;
— how other organizations are dealing with these issues.
It is important for the organization to obtain and assess the input from relevant interested parties
(e.g. customers, providers, industry associations and their members, consumer organizations, relevant
government agencies, regulatory authorities, personnel, owners) concerning B2C ECTs.
When establishing and using a B2C ECT system, the organization should consider and address risks and
opportunities that can arise. This involves:
— monitoring and evaluating processes and external and internal factors concerning risks and
opportunities;
— identifying and assessing specific risks and opportunities;
— planning, designing, developing, implementing and reviewing corrective actions and improvements
pertaining to identified and assessed risks and opportunities.
As defined in ISO 9000:2015, 3.7.9, risk is the effect of uncertainty, which can be negative or positive. In
the context of the B2C ECT system, an example of a negative effect is customer dissatisfaction resulting
from a lack of information provided regarding the expected product delivery date. An example of a
positive effect is the enhancement of customer satisfaction due to the possibility to deliver the product
before the expected date, if desired by the consumer. These risks can be addressed by reviewing the
allocation and deployment of resources leading to the introduction of a delivery tracking module and
improvement of the B2C ECT system.
An opportunity is related to identification of a new possible way of realizing positive outcomes, which
does not necessarily arise from the organization’s existing risks. For example, the organization can
identify a new product, service or process as a result of customer feedback provided in the course of a
B2C ECT.
5.3 Objectives
The organization should determine the objectives to be achieved by the B2C ECT system. These
objectives should be consistent with the overall organizational objectives, and their fulfilment should
be measurable using suitable performance indicators. These objectives should be reviewed at regular
intervals and updated as necessary.
The organization should prepare quantitative and qualitative performance indicators designed
to evaluate and assist in understanding whether the organization’s B2C ECT system is successful in
fulfilling its objectives.
NOTE Examples of performance indicators relating to the B2C ECT system include:
— the percentage of successful finalized sales in relation to the visits of the website;
— the percentage of returns in relation to the total deliveries;
— the percentage of returning consumers in relation to the total;
— loss and damage relative to total deliveries;
— the percentage of deliveries completed on time in relation to the total;
— the number of internal site/platform system failures;
— grading or ranking from surveys measuring the satisfaction of consumers;
— statistics regarding complaints and their resolution;
— the timeliness of responses to feedback.
5.4 Processes
5.4.1 General
An organization should plan, design, develop, implement, maintain and improve:
a) single-phase processes;
b) multi-phase processes.
A B2C ECT typically goes through three distinct phases:
— a pre-transaction phase;
— an in-transaction phase;
— a post-transaction phase.
A single-phase process applies to only one of the three phases of the B2C ECT. For example, the final
quote process is specific to the in-transaction phase.
A multi-phase process applies to all three phases. The relationship betwe
...
INTERNATIONAL ISO
STANDARD 10008
Second edition
2022-08
Quality management — Customer
satisfaction — Guidance for business-
to-consumer electronic commerce
transactions
Management de la qualité — Satisfaction client — Lignes directrices
pour les transactions de commerce électronique entre commerçant et
consommateur
Reference number
© ISO 2022
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Guiding principles . 2
4.1 General . 2
4.2 Commitment . 3
4.3 Capacity . 3
4.4 Competence . 3
4.5 Suitability . 3
4.6 Information integrity . 3
4.7 Transparency . 3
4.8 Choice . 3
4.9 Accessibility . 3
4.10 Responsiveness . 4
4.11 Timeliness . 4
4.12 Consent . 4
4.13 Accountability . 4
4.14 Legality . 4
4.15 Privacy . 4
4.16 Data protection . 4
4.17 Safety. 5
4.18 Sustainability . 5
4.19 Integration. 5
4.20 Customer-focused approach . 5
4.21 Improvement . 5
5 Business-to-consumer electronic commerce transaction system .5
5.1 Context of the organization . . 5
5.2 Framework . 6
5.3 Objectives . 6
5.4 Processes . 7
5.4.1 General . 7
5.4.2 Single-phase processes . 8
5.4.3 Multi-phase processes . 8
5.5 Resources . 9
5.5.1 General . 9
5.5.2 B2C ECT providers . 9
5.5.3 Procedures . 9
5.5.4 Internal and external communication plan. 9
5.6 Connectivity . 10
6 Single-phase processes .10
6.1 Pre-transaction phase . . 10
6.1.1 General . 10
6.1.2 Content creation . 10
6.1.3 Content delivery . 10
6.1.4 Content governance .12
6.2 In-transaction phase . 13
6.2.1 General .13
6.2.2 Initial selection support . 13
6.2.3 Consumer identification . 14
6.2.4 Final quote . 14
iii
6.2.5 Payment selection support . 15
6.2.6 Payment authorization . 16
6.2.7 Order confirmation . 16
6.3 Post-transaction phase . 16
6.3.1 General . 16
6.3.2 Delivery. 17
6.3.3 Correction . 17
6.3.4 Return and exchange . 18
7 Multi-phase processes .18
7.1 Consumer interaction . 18
7.1.1 General . 18
7.1.2 B2C ECT code . 18
7.1.3 Consumer support. 19
7.1.4 Feedback handling . 19
7.1.5 Complaints handling and external dispute resolution . 19
7.2 Consumer data management .20
7.2.1 General .20
7.2.2 Security . . .20
7.2.3 Privacy . 20
8 Maintenance and improvement .21
8.1 Collection of information . 21
8.2 Evaluation of performance of the B2C ECT system . 21
8.3 Satisfaction with the B2C ECT system . 21
8.4 Review of the B2C ECT system . 21
8.5 Continual improvement . 22
Annex A (informative) Customer satisfaction and consumer needs in the B2C ECT context .23
Annex B (informative) Supplementary references .25
Annex C (informative) Guidance on information provision .27
Annex D (informative) Guidance concerning an organization’s B2C ECT code .30
Bibliography .32
iv
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO’s adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 176, Quality management and quality
assurance, Subcommittee SC 3, Supporting technologies.
This second edition cancels and replaces the first edition (ISO 10008:2013), which has been technically
revised.
The main changes are as follows:
— alignment with ISO 9000:2015;
— alignment with ISO 9001:2015;
— improved alignment with ISO 10001, ISO 10002, ISO 10003 and ISO 10004.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
v
Introduction
0.1 General
Electronic commerce offers the convenience of being able to research and select from a wide range of
products and services, but consumers must usually do so without the benefit of face-to-face interactions.
The related transactions can take place across international borders, sometimes without the consumer
realizing this, and the levels of consumer protection can be different from those to which the consumer
is accustomed.
This document provides guidance to organizations for planning, designing, developing, implementing,
maintaining and improving an effective and efficient system concerning business-to-consumer
electronic commerce transactions (B2C ECTs).
An effective and efficient B2C ECT system can assist consumers and organizations in addressing all
aspects of a transaction.
This document gives guidance on how organizations can implement such a B2C ECT system and thereby:
a) provide a basis for consumers to have increased confidence in B2C ECTs;
b) enhance the ability of organizations to satisfy consumers;
c) reduce complaints and disputes.
A B2C ECT involves electronic interactions between the organization and the consumer, when accessed
by the consumer through any device with wired or wireless connectivity (e.g. personal computers,
e-tablets, personal digital assistants, cell phones). For the purposes of this document, a B2C ECT can
also involve other data-based telecommunications networks (e.g. short-text messaging) and various
interfaces, including websites, social media web pages, apps and emails.
1)
NOTE ISO 32111 provides principles and framework for electronic commerce transaction assurance.
The guidance in this document is intended to apply to situations where a substantial part of the B2C
ECT, including at least one in-transaction phase process (e.g. processing of payment, confirmation by
the consumer of the agreement, delivery of products and services) is facilitated by electronic methods.
It also can be useful where no B2C ECT takes place, but there is some online interaction between the
organization and the consumer, such as when an organization advertises online and does not sell
products or services online. Where distance selling does not include an online component (e.g. a mail
order), it is not the subject of this document, but some of the guidance provided can be relevant.
Considered broadly, business-to-consumer e-commerce involves a wide variety of organizations
engaged in many different activities. The focus of this document is on the organizations that directly
offer products and services to consumers, whether via their own platforms or via online marketplaces.
However, the guidance provided can be relevant to other organizations involved in any B2C ECT
transaction, including online marketplaces and price comparison sites. There are also separate
standards for organizations that facilitate transactions between consumers and providers, and
organizations that provide consumers access to publicly accessible processes where they can review
and rate products and services offered by their organizations, and access the reviews and ratings of
other consumers (see ISO 42500 and ISO 20488).
The guidance in this document is not intended to apply to online transactions completed between
individuals (“consumer-to-consumer”). However, the guidance in this document can be relevant to
third-party organizations that provide online services to facilitate consumer-to-consumer transactions
(e.g. online marketplaces).
1) Under preparation. Stage at the time of publication: ISO/DIS 32111:2022.
vi
0.2 Relationship with ISO 9001 and ISO 9004
This document is compatible with ISO 9001 and ISO 9004 and supports the objectives of these two
standards through the effective and efficient application of a B2C ECT system. This document can also
be used independently of ISO 9001 and ISO 9004.
ISO 9001 specifies requirements for a quality management system. A B2C ECT system implemented
in accordance with this document (i.e. ISO 10008) can be used as an element of a quality management
system.
ISO 9004 provides guidance to achieve sustained success of an organization. The use of this document
can enhance performance regarding B2C ECTs, as well as increase the satisfaction of consumers and
other relevant interested parties to facilitate the achievement of sustained success. It can also facilitate
the continual improvement of the quality of products, services and processes based on feedback from
consumers and other relevant interested parties.
NOTE Other relevant interested parties can include customers, providers, industry associations and their
members, consumer organizations, relevant government agencies, regulatory authorities, personnel, owners and
others who are affected by an organization’s B2C ECT system.
0.3 Relationship with ISO 10001, ISO 10002, ISO 10003 and ISO 10004
This document is compatible with ISO 10001, ISO 10002, ISO 10003 and ISO 10004. These five standards
can be used either independently or in conjunction with each other. When used together, the standards
can be part of a broader and integrated framework for enhanced customer satisfaction in both the B2C
and non-B2C contexts.
Organizations can use the guidance contained in ISO 10001 to plan, design, develop, implement,
maintain and improve a B2C ECT code as part of the B2C ECT system. The complaints handling, dispute
resolution and customer satisfaction monitoring and measuring processes described in ISO 10002,
ISO 10003 and ISO 10004, respectively, can form important parts of a B2C ECT system.
vii
INTERNATIONAL STANDARD ISO 10008:2022(E)
Quality management — Customer satisfaction —
Guidance for business-to-consumer electronic commerce
transactions
1 Scope
This document gives guidance on planning, designing, developing, implementing, maintaining and
improving an effective and efficient business-to-consumer electronic commerce transaction (B2C ECT)
system within an organization.
It is applicable to any organization engaged in, or planning to be engaged in, a B2C ECT, regardless of
size, type and activity. The focus of this document is on organizations that directly offer and provide
products and services to consumers.
This document aims to enable organizations to set up a fair, effective, efficient, transparent and secure
B2C ECT system, in order to enhance consumers’ confidence in B2C ECTs and increase the satisfaction
of consumers. It is aimed at B2C ECTs concerning consumers as a sub-set of customers.
The guidance given in this document can complement an organization’s quality management system.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 9000, Quality management systems — Fundamentals and vocabulary
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 9000 and the following apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
business-to-consumer electronic commerce transaction
B2C ECT
set of interactions between an organization (3.2) and a consumer (3.3) for the provision of products and
services, facilitated online
3.2
organization
person or group of people that has its own functions with responsibilities, authorities and relationships
to achieve its objectives
Note 1 to entry: The concept of organization includes, but is not limited to, sole-trader, company, corporation,
firm, enterprise, authority, partnership, association, charity or institution, or part or combination thereof,
whether incorporated or not, public or private.
Note 2 to entry: Additional examples include shop and retailer.
[SOURCE: ISO 9000:2015, 3.2.1, modified — Note 2 to entry has been replaced.]
3.3
consumer
individual member of the general public who is the end user of products and services
Note 1 to entry: For the purposes of this document, use of the term “consumer” includes a range of potential and
existing product or service users, e.g.
— those thinking about using or purchasing a product or a service;
— those who have purchased a one-off product or service;
— those in a short- or long-term product or service contract;
— end users of a product or a service paying directly for the product or service;
— end users of a product or a service not paying for the product or service.
Note 2 to entry: The end user might not be the customer who purchased the product or service, e.g. persons
having a meal at a restaurant that is paid for either by one person in this group or by a different person.
[SOURCE: ISO/IEC Guide 76:2020, 3.5, modified — The phrase “services or service-related goods (e.g. a
smart speaker)” has been replaced by “products and services” and the term “product” has been added
to the term “service” in the notes to entry.]
3.4
business-to-consumer electronic commerce transaction code
B2C ECT code
promise or set of promises made by organizations (3.2) to consumers (3.3), and related provisions in
support of B2C ECTs (3.1)
Note 1 to entry: Promises can include elements of what are commonly referred to as “terms and conditions”.
3.5
business-to-consumer electronic commerce transaction provider
B2C ECT provider
organization (3.2) that supplies a B2C ECT (3.1) process or activity to the organization and that is
external to the organization operating the B2C ECT system
Note 1 to entry: B2C ECT providers include organization reliability assurance providers, financial intermediaries
(e.g. payment card companies), product and service information providers, consumer information protection and
security assurance providers, product and service delivery providers, and dispute resolution providers.
3.6
content
wording, images and related mechanisms
associated with communicating information about the organization (3.2), its products and services, and
the B2C ECT (3.1) system
4 Guiding principles
4.1 General
Effective and efficient planning, design, development, implementation, maintenance and improvement
of an organization’s B2C ECT system is based on adherence to the consumer-focused guiding principles
set out in 4.2 to 4.21. These guiding principles should be used to enhance consumer protection
throughout the B2C ECT system.
NOTE 1 The order of the guiding principles as listed is not intended to reflect their relative importance.
NOTE 2 Annex A provides further guidance on customer satisfaction and consumer needs in the B2C ECT
context.
4.2 Commitment
An organization should be actively committed to the adoption, integration and dissemination of a B2C
ECT system, including the fulfilment of the promises that it is making to consumers in its B2C ECT code.
4.3 Capacity
Sufficient resources should be made available for effectively and efficiently managing an organization’s
B2C ECT system, including its planning, design, development, implementation, maintenance and
improvement.
4.4 Competence
Organization personnel and B2C ECT providers should have the attributes, skills, training, knowledge
and experience necessary to discharge their responsibilities in a manner that meets the needs and
expectations of consumers.
4.5 Suitability
The organization should ensure that the B2C ECT system is appropriate for the type of transaction
involved and any interface that the consumer may be using, taking into consideration such factors as
the characteristics of the consumer, the type of product or service and the nature of any complaint or
concern, as applicable.
NOTE Examples of interfaces include mobile browsers, web browsers and apps.
4.6 Information integrity
An organization should ensure that its B2C ECT system and the information about it are accurate,
not misleading and verifiable, and that data collected are relevant, correct, complete, meaningful and
useful.
4.7 Transparency
Adequate information about the organization’s B2C ECT system should be disclosed to consumers,
personnel and other interested parties, and this information should be easily available and clear.
NOTE Examples of information can include the application of artificial intelligence and product origin.
4.8 Choice
An organization should offer consumers a choice of comparable and realistic options in the application
of its B2C ECT system, where possible.
NOTE 1 See ISO/IEC Guide 76:2020, 6.2.
NOTE 2 Examples of a choice include providing more than one way of contacting the organization, such as
email, telephone and online chat, and offering alternative payment options.
4.9 Accessibility
An organization’s B2C ECT system and the relevant information about it should be easy to find,
understand and use. The B2C ECT system should be planned, designed, developed, implemented,
maintained and improved to take into account the needs of different consumers, including those who
can be at greater risk of detriment due to consumer vulnerability, and those with specific accessibility
requirements.
NOTE 1 ISO/IEC Guide 71 provides further guidance on accessibility.
NOTE 2 ISO 22458 provides further guidance on identifying and responding to consumer vulnerability.
4.10 Responsiveness
In the application of its B2C ECT system, an organization should respond to the needs and expectations
of consumers and the expectations of other relevant interested parties.
4.11 Timeliness
In the application of its B2C ECT system, the organization’s responses to consumers and other relevant
interested parties, including responses to any queries or complaints, should be provided quickly and
efficiently, given the nature of the need and the process in question.
4.12 Consent
An organization should ensure that whenever consumer consent is required in a B2C ECT, it is given
intentionally and based on full information.
NOTE ISO/IEC 29184 provides further guidance related to consent.
4.13 Accountability
An organization should establish and maintain accountability for, and reporting on, the decisions and
actions with respect to its B2C ECT system, including with respect to its B2C ECT providers.
4.14 Legality
An organization should proactively monitor the relevant legislative environment. It should make clear
to the consumer which jurisdictions cover B2C ECTs where purchases are carried out across borders.
4.15 Privacy
Personally identifiable information about the consumer gathered by an organization in the application
of its B2C ECT system should be kept confidential and protected. Disclosure should take place only if it
is essential for completion of the B2C ECT or consent for disclosure is obtained from the consumer.
NOTE 1 Personally identifiable information is information that when associated with an individual can be
used to identify them, and is retrievable by the individual’s name, address, email address, telephone number or
similarly specific identifier. The precise meaning of the term can differ around the world.
NOTE 2 ISO/IEC 29100, ISO/IEC 29184 and the ISO 31700 series provide further guidance on privacy.
4.16 Data protection
The organization should preserve the integrity of consumer data in the B2C ECT system. This should
include implementing security safeguards appropriate to the sensitivity of the information, applying
generally accepted best practices to protect against unauthorized access, obtaining necessary
consent for the use of consumer data, and taking account of the applicable statutory and regulatory
requirements imposed in the jurisdiction of the purchaser.
NOTE Further guidance on information security is provided in ISO/IEC 27001 and ISO/IEC 27002.
4.17 Safety
An organization should take all reasonable steps to ensure the safety of products and services supplied
through its B2C ECT system.
NOTE 1 See ISO/IEC Guide 76:2020, 6.5.
NOTE 2 ISO 10377 provides further guidance on assessing and managing the safety of products.
NOTE 3 ISO 10393 provides further guidance on product recalls.
4.18 Sustainability
An organization’s B2C ECT system should be established and operated in a way that ensures
sustainability.
NOTE 1 See ISO/IEC Guide 76:2020, 6.7.
NOTE 2 ISO 26000 provides further guidance on social responsibility.
NOTE 3 Examples of ensuring sustainability can include treating workers, such as delivery drivers and
warehouse staff, fairly and considering environmental impacts, such as in packaging and delivery.
4.19 Integration
An organization’s B2C ECT system should be integrated with the organization’s quality and other
management systems, where appropriate. This should include online B2C ECT and conventional face-
to-face or distance selling marketplace interactions, where applicable, in a way that is consistent and
comprehensible to all consumers.
NOTE Reference [28] provides further guidance on integration.
4.20 Customer-focused approach
The organization should adopt a customer-focused approach with respect to the B2C ECT system and
should be open to feedback.
4.21 Improvement
Increased effectiveness and efficiency of the B2C ECT system should be a permanent objective of the
organization.
5 Business-to-consumer electronic commerce transaction system
5.1 Context of the organization
In planning, designing, developing, implementing, maintaining and improving the B2C ECT system, the
organization should consider its context by:
— identifying and addressing external and internal issues that are relevant to the organization’s
purpose and that affect its ability to achieve objectives of the B2C ECT system;
— identifying the interested parties that are relevant to the B2C ECT system, and addressing the
relevant needs and expectations of these interested parties;
— identifying the scope of the B2C ECT system, including its boundaries and applicability, and taking
into account the external and internal issues and the needs of interested parties noted above.
5.2 Framework
An organization should establish and apply a framework for decision-making and action in planning,
design, development, implementation, maintenance and improvement of the B2C ECT system. This
framework involves the resource assessment, provision and deployment needed to support the carrying
out of the processes to achieve the objectives of the B2C ECT system. It also includes top management
commitment, assignment of appropriate responsibilities and authorities, and training, in accordance
with the guiding principles stated in Clause 4.
In planning, design, development, implementation, maintenance and improvement of its B2C ECT
system, the organization should gather and assess information concerning:
— the needs and expectations of consumers;
— the issues associated with B2C ECTs (e.g. privacy, security, responsiveness, accuracy);
— statutory and regulatory requirements associated with dealing with these issues (see Annex B);
— how these issues arise, their potential effects and how they are addressed;
— how other organizations are dealing with these issues.
It is important for the organization to obtain and assess the input from relevant interested parties
(e.g. customers, providers, industry associations and their members, consumer organizations, relevant
government agencies, regulatory authorities, personnel, owners) concerning B2C ECTs.
When establishing and using a B2C ECT system, the organization should consider and address risks and
opportunities that can arise. This involves:
— monitoring and evaluating processes and external and internal factors concerning risks and
opportunities;
— identifying and assessing specific risks and opportunities;
— planning, designing, developing, implementing and reviewing corrective actions and improvements
pertaining to identified and assessed risks and opportunities.
As defined in ISO 9000:2015, 3.7.9, risk is the effect of uncertainty, which can be negative or positive. In
the context of the B2C ECT system, an example of a negative effect is customer dissatisfaction resulting
from a lack of information provided regarding the expected product delivery date. An example of a
positive effect is the enhancement of customer satisfaction due to the possibility to deliver the product
before the expected date, if desired by the consumer. These risks can be addressed by reviewing the
allocation and deployment of resources leading to the introduction of a delivery tracking module and
improvement of the B2C ECT system.
An opportunity is related to identification of a new possible way of realizing positive outcomes, which
does not necessarily arise from the organization’s existing risks. For example, the organization can
identify a new product, service or process as a result of customer feedback provided in the course of a
B2C ECT.
5.3 Objectives
The organization should determine the objectives to be achieved by the B2C ECT system. These
objectives should be consistent with the overall organizational objectives, and their fulfilment should
be measurable using suitable performance indicators. These objectives should be reviewed at regular
intervals and updated as necessary.
The organization should prepare quantitative and qualitative performance indicators designed
to evaluate and assist in understanding whether the organization’s B2C ECT system is successful in
fulfilling its objectives.
NOTE Examples of performance indicators relating to the B2C ECT system include:
— the percentage of successful finalized sales in relation to the visits of the website;
— the percentage of returns in relation to the total deliveries;
— the percentage of returning consumers in relation to the total;
— loss and damage relative to total deliveries;
— the percentage of deliveries completed on time in relation to the total;
— the number of internal site/platform system failures;
— grading or ranking from surveys measuring the satisfaction of consumers;
— statistics regarding complaints and their resolution;
— the timeliness of responses to feedback.
5.4 Processes
5.4.1 General
An organization should plan, design, develop, implement, maintain and improve:
a) single-phase processes;
b) multi-phase processes.
A B2C ECT typically goes through three distinct phases:
— a pre-transaction phase;
— an in-transaction phase;
— a post-transaction phase.
A single-phase process applies to only one of the three phases of the B2C ECT. For example, the final
quote process is specific to the in-transaction phase.
A multi-phase process applies to all three phases. The relationship between processes is dynamic and
should not be viewed in a strictly sequential way. For example, an organization can prepare a multi-
phase process, such as establishing a B2C ECT code, prior to the preparation of pre-transaction, in-
transaction and post-transaction phase processes.
Figure 1 illustrates these processes and the related activities.
The planning, design and development of each of these processes is integral to their successful
implementation. The organization should test its B2C ECT system prior to implementation in order to
determine the need for adjustments.
Guidance on planning, design, development and implementation of pre-transaction, in-transaction and
post-transaction phase processes is provided in Clause 6.
Guidance on planning, design, development and implementation of multi-phase processes is provided
in Clause 7. Guidance on maintenance and improvement of the B2C ECT system is provided in Clause 8.
Figure 1 — Processes of the B2C ECT system
5.4.2 Single-phase processes
An organization should recognize the distinct activities and issues associated with the pre-transaction,
in-transaction and post-transaction phases.
In the pr
...
NORME ISO
INTERNATIONALE 10008
Deuxième édition
2022-08
Management de la qualité —
Satisfaction client — Lignes
directrices pour les transactions
de commerce électronique entre
commerçant et consommateur
Quality management — Customer satisfaction — Guidance for
business-to-consumer electronic commerce transactions
Numéro de référence
DOCUMENT PROTÉGÉ PAR COPYRIGHT
© ISO 2022
Tous droits réservés. Sauf prescription différente ou nécessité dans le contexte de sa mise en œuvre, aucune partie de cette
publication ne peut être reproduite ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique,
y compris la photocopie, ou la diffusion sur l’internet ou sur un intranet, sans autorisation écrite préalable. Une autorisation peut
être demandée à l’ISO à l’adresse ci-après ou au comité membre de l’ISO dans le pays du demandeur.
ISO copyright office
Case postale 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Genève
Tél.: +41 22 749 01 11
E-mail: copyright@iso.org
Web: www.iso.org
Publié en Suisse
ii
Sommaire Page
Avant-propos .v
Introduction . vi
1 Domaine d’application . 1
2 Références normatives .1
3 Termes et définitions . 1
4 Principes directeurs . 3
4.1 Généralités . 3
4.2 Engagement . 3
4.3 Capacité . 3
4.4 Compétence . 3
4.5 Adéquation . 3
4.6 Intégrité des informations . 3
4.7 Transparence . 4
4.8 Choix . 4
4.9 Accessibilité. 4
4.10 Réactivité. 4
4.11 Rapidité . 4
4.12 Consentement . 4
4.13 Responsabilité . 4
4.14 Légalité . 5
4.15 Respect de la vie privée . 5
4.16 Protection des données . 5
4.17 Sécurité . 5
4.18 Développement durable . 5
4.19 Intégration. 6
4.20 Approche axée sur le client . 6
4.21 Amélioration . 6
5 Système de transaction de commerce électronique entre commerçant et
consommateur .6
5.1 Contexte de l’organisme . 6
5.2 Cadre. 6
5.3 Objectifs . 7
5.4 Processus . 8
5.4.1 Généralités . 8
5.4.2 Processus associés à une seule phase . 9
5.4.3 Processus associés à plusieurs phases . 9
5.5 Ressources . 10
5.5.1 Généralités . 10
5.5.2 Fournisseurs TCE CC . 10
5.5.3 Procédures . 10
5.5.4 Plan de communication interne et externe . . 10
5.6 Connectivité . 11
6 Processus associés à une seule phase .11
6.1 Phase pré-transactionnelle . 11
6.1.1 Généralités . 11
6.1.2 Création du contenu . 11
6.1.3 Diffusion du contenu .12
6.1.4 Gestion du contenu . 14
6.2 Phase transactionnelle . 14
6.2.1 Généralités . 14
6.2.2 Aide à la sélection initiale . . 15
6.2.3 Identification du consommateur . 15
iii
6.2.4 Indication du prix final . 16
6.2.5 Aide au choix du mode de paiement . 17
6.2.6 Ordre de paiement . 17
6.2.7 Confirmation de la commande . 18
6.3 Phase post-transactionnelle . 18
6.3.1 Généralités . 18
6.3.2 Livraison . 18
6.3.3 Correction . 19
6.3.4 Retour et échange . 20
7 Processus associés à plusieurs phases .20
7.1 Interaction avec le consommateur . 20
7.1.1 Généralités .20
7.1.2 Code TCE CC . 20
7.1.3 Assistance au consommateur . 21
7.1.4 Traitement des retours d’information . 21
7.1.5 Traitement des réclamations et résolution externe des conflits . 21
7.2 Gestion des données relatives aux consommateurs . 22
7.2.1 Généralités .22
7.2.2 Sécurité . 22
7.2.3 Respect de la vie privée . 22
8 Tenue à jour et amélioration .23
8.1 Collecte d’informations .23
8.2 Évaluation des performances du système TCE CC . 23
8.3 Satisfaction associée au système TCE CC . 23
8.4 Revue du système TCE CC . 24
8.5 Amélioration continue . 24
Annexe A (informative) Satisfaction du client et besoins des consommateurs dans le
contexte de transactions TCE CC .25
Annexe B (informative) Références supplémentaires .27
Annexe C (informative) Recommandations relatives à la fourniture d’informations .29
Annexe D (informative) Recommandations concernant le code TCE CC d’un organisme .32
Bibliographie .34
iv
Avant-propos
L'ISO (Organisation internationale de normalisation) est une fédération mondiale d'organismes
nationaux de normalisation (comités membres de l'ISO). L'élaboration des Normes internationales est
en général confiée aux comités techniques de l'ISO. Chaque comité membre intéressé par une étude
a le droit de faire partie du comité technique créé à cet effet. Les organisations internationales,
gouvernementales et non gouvernementales, en liaison avec l'ISO participent également aux travaux.
L'ISO collabore étroitement avec la Commission électrotechnique internationale (IEC) en ce qui
concerne la normalisation électrotechnique.
Les procédures utilisées pour élaborer le présent document et celles destinées à sa mise à jour sont
décrites dans les Directives ISO/IEC, Partie 1. Il convient, en particulier, de prendre note des différents
critères d'approbation requis pour les différents types de documents ISO. Le présent document a
été rédigé conformément aux règles de rédaction données dans les Directives ISO/IEC, Partie 2 (voir
www.iso.org/directives).
L'attention est attirée sur le fait que certains des éléments du présent document peuvent faire l'objet de
droits de propriété intellectuelle ou de droits analogues. L'ISO ne saurait être tenue pour responsable
de ne pas avoir identifié de tels droits de propriété et averti de leur existence. Les détails concernant
les références aux droits de propriété intellectuelle ou autres droits analogues identifiés lors de
l'élaboration du document sont indiqués dans l'Introduction et/ou dans la liste des déclarations de
brevets reçues par l'ISO (voir www.iso.org/brevets).
Les appellations commerciales éventuellement mentionnées dans le présent document sont données
pour information, par souci de commodité, à l’intention des utilisateurs et ne sauraient constituer un
engagement.
Pour une explication de la nature volontaire des normes, la signification des termes et expressions
spécifiques de l'ISO liés à l'évaluation de la conformité, ou pour toute information au sujet de l'adhésion
de l'ISO aux principes de l’Organisation mondiale du commerce (OMC) concernant les obstacles
techniques au commerce (OTC), voir www.iso.org/avant-propos.
Le présent document a été élaboré par le comité technique ISO/TC 176, Management et assurance de la
qualité, sous-comité SC 3, Techniques de soutien.
Cette deuxième édition annule et remplace la première édition (ISO 10008:2013), qui a fait l’objet d’une
révision technique.
Les principales modifications sont les suivantes:
— alignement sur l’ISO 9000:2015;
— alignement sur l’ISO 9001:2015;
— un meilleur alignement sur l’ISO 10001, l’ISO 10002, l’ISO 10003 et l’ISO 10004.
Il convient que l’utilisateur adresse tout retour d’information ou toute question concernant le présent
document à l’organisme national de normalisation de son pays. Une liste exhaustive desdits organismes
se trouve à l’adresse www.iso.org/fr/members.html.
v
Introduction
0.1 Généralités
Le commerce électronique offre la facilité de pouvoir rechercher et choisir parmi une large gamme
de produits et de services, mais les consommateurs doivent généralement le faire sans l’avantage
d’interactions directes. Les transactions correspondantes peuvent avoir lieu par-delà les frontières
internationales, parfois sans que le consommateur s’en rende compte, et les niveaux de protection des
consommateurs peuvent être différents de ceux auxquels le consommateur est habitué.
Le présent document fournit aux organismes des recommandations pour la planification, la conception,
le développement, la mise en œuvre, la tenue à jour et l’amélioration d’un système efficace et efficient
concernant les transactions de commerce électronique entre commerçant et consommateur (TCE CC).
Un système TCE CC efficace et efficient peut aider les consommateurs et les organismes à aborder tous
les aspects d’une transaction.
Le présent document fournit aux organismes des recommandations relatives à la manière de mettre
en œuvre un tel système TCE CC et ainsi:
a) contribuer à améliorer la confiance des consommateurs dans les transactions de type TCE CC;
b) améliorer la capacité des organismes à satisfaire les consommateurs;
c) réduire le nombre de réclamations et de conflits.
Une transaction de type TCE CC implique des interactions électroniques entre l’organisme et le
consommateur, initiées par le consommateur au moyen de tout dispositif disposant d’une connexion
par câble ou sans fil (par exemple ordinateurs personnels, tablettes électroniques, assistants
numériques personnels [PDA], téléphones mobiles). Pour les besoins du présent document, une
transaction de type TCE CC peut également impliquer d’autres réseaux de télécommunications de
données (par exemple service d’envoi de messages courts [SMS]) et diverses interfaces, y compris des
sites web, des pages web de médias sociaux, des applications et des messageries électroniques.
1)
NOTE L’ISO 32111 fournit des principes et un cadre pour l’assurance des transactions de commerce
électronique.
Les recommandations du présent document sont destinées à s’appliquer à des situations dans
lesquelles une partie importante de la transaction de type TCE CC, incluant au moins un processus
associé à la phase transactionnelle (par exemple traitement du paiement, confirmation de l’accord
par le consommateur, livraison des produits et services), est facilitée par des méthodes électroniques.
Elles peuvent également être utiles lorsqu’aucune transaction de type TCE CC n’intervient, mais qu’il
existe une certaine interaction en ligne entre l’organisme et le consommateur, par exemple lorsqu’un
organisme fait une publicité en ligne, mais ne vend pas ses produits ou services en ligne. Une vente à
distance ne contenant pas d’élément en ligne (par exemple une vente par correspondance) n’est pas
concernée par le présent document, mais certaines des recommandations peuvent être pertinentes.
Considéré au sens large, le commerce électronique entre commerçant et consommateur implique une
grande variété d’organismes engagés dans de nombreuses activités différentes. Le présent document
se concentre sur les organismes qui offrent directement des produits et services aux consommateurs,
que ce soit par l’intermédiaire de leurs propres plateformes ou par l’intermédiaire de places de marché
en ligne. Cependant, les recommandations fournies peuvent être pertinentes pour d’autres organismes
impliqués dans des transactions de type TCE CC, y compris les places de marché en ligne et les sites
de comparaison de prix. Il existe également des normes distinctes pour les organismes qui facilitent
les transactions entre les consommateurs et les fournisseurs, et pour les organismes qui fournissent
aux consommateurs un accès à des processus accessibles au public où ils peuvent évaluer et noter les
produits et services offerts par ces organismes, et accéder aux avis et notations d’autres consommateurs
(voir l’ISO 42500 et l’ISO 20488).
1) En préparation. Stade au moment de la publication: ISO/DIS 32111:2022.
vi
Les recommandations du présent document ne sont pas destinées à s’appliquer aux transactions en ligne
conclues entre des particuliers («consommateur à consommateur»). Toutefois, les recommandations
du présent document peuvent être pertinentes pour des organismes tiers offrant des services en ligne
pour faciliter les transactions de consommateur à consommateur (par exemple les places de marché
en ligne).
0.2 Relation avec l’ISO 9001 et l’ISO 9004
Le présent document est compatible avec l’ISO 9001 et l’ISO 9004 et vient à l’appui des objectifs de
ces deux normes par l’application efficace et efficiente d’un système TCE CC. Le présent document peut
également être utilisé indépendamment de l’ISO 9001 et de l’ISO 9004.
L’ISO 9001 spécifie les exigences relatives à un système de management de la qualité. Un système
TCE CC mis en œuvre conformément au présent document (c’est-à-dire l’ISO 10008) peut être utilisé
comme un élément d’un système de management de la qualité.
L’ISO 9004 fournit des recommandations pour permettre à un organisme d’obtenir des performances
durables. L’utilisation du présent document peut permettre d’améliorer les performances concernant
les transactions de type TCE CC, ainsi que d’accroître la satisfaction des consommateurs et des autres
parties intéressées pertinentes afin de faciliter l’obtention de performances durables. Elle peut
également faciliter l’amélioration continue de la qualité des produits, des services et des processus sur
la base des retours d’information des consommateurs et des autres parties intéressées pertinentes.
NOTE Les autres parties intéressées pertinentes peuvent inclure les clients, les fournisseurs, les associations
professionnelles et leurs membres, les organisations de consommateurs, les agences gouvernementales
pertinentes, les autorités de régulation, le personnel, les propriétaires et les autres personnes concernées par le
système TCE CC d’un organisme.
0.3 Relation avec l’ISO 10001, l’ISO 10002, l’ISO 10003 et l’ISO 10004
Le présent document est compatible avec l’ISO 10001, l’ISO 10002, l’ISO 10003 et l’ISO 10004. Ces
cinq normes peuvent être utilisées indépendamment ou conjointement. Lorsqu’elles sont utilisées
conjointement, les normes peuvent faire partie d’un cadre intégré plus étendu visant à accroître
la satisfaction du client dans des contextes commerçant-consommateur et non commerçant-
consommateur.
Les organismes peuvent utiliser les lignes directrices contenues dans l’ISO 10001 pour planifier,
concevoir, développer, mettre en œuvre, tenir à jour et améliorer un code TCE CC dans le cadre
d’un système TCE CC. Le traitement des réclamations, la résolution des conflits et les processus de
surveillance et de mesurage de la satisfaction du client décrits respectivement dans l’ISO 10002,
l’ISO 10003 et l’ISO 10004 peuvent former des parties importantes d’un système TCE CC.
vii
NORME INTERNATIONALE ISO 10008:2022(F)
Management de la qualité — Satisfaction client —
Lignes directrices pour les transactions de commerce
électronique entre commerçant et consommateur
1 Domaine d’application
Le présent document fournit des recommandations relatives à la planification, à la conception,
au développement, à la mise en œuvre, à la tenue à jour et à l’amélioration d’un système efficace
et efficient de transaction de commerce électronique entre commerçant et consommateur (TCE CC) au
sein d’un organisme.
Il s’applique à tout organisme engagé ou envisageant de s’engager dans une TCE CC, quels que soient
sa taille, son type et son activité. Le présent document se concentre sur les organismes qui offrent
et fournissent directement des produits et services aux consommateurs.
Le présent document vise à permettre aux organismes de mettre en place un système TCE CC loyal,
efficace, efficient, transparent et sûr afin d’améliorer la confiance des consommateurs dans les
transactions de type TCE CC et d’accroître la satisfaction des consommateurs. Il a pour objet les
transactions de type TCE CC concernant les consommateurs en tant que sous-ensemble des clients.
Le respect des recommandations du présent document peut venir en complément du système de
management de la qualité d’un organisme.
2 Références normatives
Les documents suivants sont cités dans le texte de sorte qu’ils constituent, pour tout ou partie de leur
contenu, des exigences du présent document. Pour les références datées, seule l’édition citée s’applique.
Pour les références non datées, la dernière édition du document de référence s'applique (y compris les
éventuels amendements).
ISO 9000, Systèmes de management de la qualité — Principes essentiels et vocabulaire
3 Termes et définitions
Pour les besoins du présent document, les termes et les définitions de l’ISO 9000 ainsi que les suivants
s’appliquent.
L’ISO et l’IEC tiennent à jour des bases de données terminologiques destinées à être utilisées en
normalisation, consultables aux adresses suivantes:
— ISO Online browsing platform: disponible à l’adresse https:// www .iso .org/ obp
— IEC Electropedia: disponible à l’adresse https:// www .electropedia .org/
3.1
transaction de commerce électronique entre commerçant et consommateur
TCE CC
ensemble d’interactions entre un organisme (3.2) et un consommateur (3.3) en vue de la fourniture
de produits et de services, facilitée en ligne
3.2
organisme
personne ou groupe de personnes ayant un rôle avec les responsabilités, l’autorité et les relations
lui permettant d’atteindre ses objectifs
Note 1 à l'article: Le concept d’organisme englobe sans s’y limiter, les travailleurs indépendants, les compagnies,
les sociétés, les firmes, les entreprises, les administrations, les partenariats, les associations, les organisations
caritatives ou les institutions, ou bien une partie ou une combinaison des entités précédentes, à responsabilité
limitée ou ayant un autre statut, de droit public ou privé.
Note 2 à l'article: D’autres exemples incluent les magasins et les détaillants.
[SOURCE: ISO 9000:2015, 3.2.1, modifié — La Note 2 à l’article a été remplacée.]
3.3
consommateur
particulier qui est l’utilisateur final des produits et services
Note 1 à l'article: Pour les besoins du présent document, le terme «consommateur» est utilisé pour un éventail
d’utilisateurs de produits ou de services potentiels et existants, par exemple:
— ceux qui envisagent d’utiliser ou d’acheter un produit ou un service;
— ceux qui ont acheté un produit ou un service unique;
— ceux qui ont conclu un contrat de produit ou de service à court ou long terme;
— les utilisateurs finaux d’un produit ou d’un service payant directement pour le produit ou le service;
— les utilisateurs finaux d’un produit ou d’un service ne payant pas pour le produit ou le service.
Note 2 à l'article: L’utilisateur final peut ne pas être le client qui a acheté le produit ou le service, par exemple
les personnes prenant un repas dans un restaurant qui est payé soit par une seule personne de ce groupe, soit par
une autre personne.
[SOURCE: ISO/IEC Guide 76:2020, 3.5, modifié — L’expression «des services ou des biens liés aux
services (une enceinte intelligente, par exemple)» a été remplacée par «des produits et services» et le
terme «produit» a été ajouté au terme «service» dans les notes à l’article.]
3.4
code de transaction de commerce électronique entre commerçant et consommateur
code TCE CC
promesse ou ensemble de promesses fait(e) par des organismes (3.2) aux consommateurs (3.3) et
dispositions connexes à l’appui de transactions de type TCE CC (3.1)
Note 1 à l'article: Les promesses peuvent inclure des éléments de ce qui est communément appelé les «conditions
générales».
3.5
fournisseur de transaction de commerce électronique entre commerçant et consommateur
fournisseur TCE CC
organisme (3.2) qui fournit un processus ou une activité TCE CC (3.1) à l’organisme et qui est externe
à l’organisme utilisant le système TCE CC
Note 1 à l'article: Les fournisseurs TCE CC comprennent les assureurs en matière de responsabilité de
l’organisme, les intermédiaires financiers (par exemple les sociétés de cartes de paiement), les fournisseurs
d’informations relatives aux produits et aux services, les prestataires assurant la protection et la sécurité des
informations relatives aux consommateurs, les prestataires assurant la livraison des produits et des services, et
les prestataires chargés de la résolution des conflits.
3.6
contenu
texte, images et
mécanismes associés à la communication d’informations sur l’organisme (3.2), ses produits et services,
et le système TCE CC (3.1)
4 Principes directeurs
4.1 Généralités
La planification, la conception, le développement, la mise en œuvre, la tenue à jour et l’amélioration
efficaces et efficients du système TCE CC d’un organisme reposent sur l’adhésion aux principes
directeurs orientés consommateur énoncés de 4.2 à 4.21. Il convient d’utiliser ces principes directeurs
pour améliorer la protection du consommateur dans l’ensemble du système TCE CC.
NOTE 1 L’ordre dans lequel les principes directeurs sont énumérés n’est pas destiné à refléter leur importance
relative.
NOTE 2 Voir l’Annexe A pour des recommandations supplémentaires concernant la satisfaction du client et les
besoins des consommateurs dans le cadre de transactions de type TCE CC.
4.2 Engagement
Il convient qu’un organisme s’engage activement dans l’adoption, l’intégration et la dissémination d’un
système TCE CC, y compris le respect des promesses qu’il fait aux consommateurs dans son code TCE CC.
4.3 Capacité
Il convient de disposer de ressources suffisantes pour gérer le système TCE CC d’un organisme de
manière efficace et efficiente, y compris sa planification, sa conception, son développement, sa mise
en œuvre, sa tenue à jour et son amélioration.
4.4 Compétence
Il convient que le personnel de l’organisme et les fournisseurs TCE CC disposent des qualités, du savoir-
faire, de la formation, des connaissances et de l’expérience nécessaires pour s’acquitter de leurs
responsabilités de manière à répondre aux besoins et aux attentes des consommateurs.
4.5 Adéquation
Il convient que l’organisme s’assure que le système TCE CC est adapté au type de transaction
concerné et à toute interface que le consommateur peut utiliser, compte tenu de facteurs tels que les
caractéristiques du consommateur, le type de produit ou service et la nature des réclamations ou des
préoccupations, selon le cas.
NOTE Les exemples d’interfaces comprennent les navigateurs mobiles, les navigateurs Internet et les
applications.
4.6 Intégrité des informations
Il convient qu’un organisme s’assure que son système TCE CC ainsi que les informations le concernant
sont exacts, non trompeurs et vérifiables, et que les données collectées sont pertinentes, correctes,
complètes, probantes et utiles.
4.7 Transparence
Il convient que des informations adéquates sur le système TCE CC de l’organisme soient fournies
aux consommateurs, au personnel et aux autres parties intéressées et que ces informations soient
claires et facilement accessibles.
NOTE Les informations peuvent inclure, par exemple, l’application de l’intelligence artificielle et l’origine des
produits.
4.8 Choix
Il convient, dans la mesure du possible, qu’un organisme offre aux consommateurs un choix d’options
comparables et réalistes dans le cadre de la mise en œuvre de son système TCE CC.
NOTE 1 Voir l’ISO/IEC Guide 76:2020, 6.2.
NOTE 2 Les exemples de choix comprennent le fait de fournir plus d’un moyen de contacter l’organisme,
comme le courriel, le téléphone et le chat en ligne, et de proposer différentes options de paiement.
4.9 Accessibilité
Il convient que le système TCE CC d’un organisme ainsi que les informations pertinentes le concernant
soient faciles à trouver, comprendre et utiliser. Il convient que le système TCE CC soit planifié, conçu,
développé, mis en œuvre, tenu à jour et amélioré pour tenir compte des besoins des différents
consommateurs, y compris ceux qui peuvent être plus exposés à un préjudice en raison de leur
vulnérabilité, et ceux qui ont des exigences spécifiques en matière d’accessibilité.
NOTE 1 L’ISO/IEC Guide 71 fournit des recommandations supplémentaires relatives à l’accessibilité.
NOTE 2 L’ISO 22458 fournit des recommandations supplémentaires sur l’identification et la réponse à la
vulnérabilité des consommateurs.
4.10 Réactivité
Dans le cadre de la mise en œuvre de son système de TCE CC, il convient qu’un organisme réponde
aux besoins et aux attentes des consommateurs, ainsi qu’aux attentes des autres parties intéressées
pertinentes.
4.11 Rapidité
Dans le cadre de la mise en œuvre de son système TCE CC, il convient que l’organisme réponde aux
consommateurs et aux autres parties intéressées pertinentes, y compris aux questions ou aux
réclamations, dans les meilleurs délais, compte tenu de la nature du besoin et du processus concerné.
4.12 Consentement
Il convient qu’un organisme s’assure que, chaque fois que le consentement du consommateur est requis
dans une transaction TCE CC, ce consentement est volontaire et éclairé.
NOTE L’ISO/IEC 29184 fournit des recommandations supplémentaires concernant le consentement.
4.13 Responsabilité
Il convient qu’un organisme établisse et maintienne la responsabilité et l’établissement de rapports
sur les décisions et les actions relatives à son système TCE CC, y compris en ce qui concerne les
fournisseurs TCE CC de l’organisme.
4.14 Légalité
Il convient qu’un organisme assure une surveillance proactive du cadre législatif pertinent. Il convient
d’indiquer clairement au consommateur quelles juridictions couvrent les TCE CC lorsque les achats
sont effectués au-delà des frontières.
4.15 Respect de la vie privée
Il convient que les renseignements personnellement identifiables relatifs au consommateur collectés
par un organisme dans le cadre de la mise en œuvre de son système TCE CC restent confidentiels et
soient protégés. Il convient de ne divulguer les renseignements que s’ils sont essentiels à la réalisation de
la transaction de type TCE CC ou si le consentement de divulgation est obtenu auprès du consommateur.
NOTE 1 Les renseignements personnellement identifiables sont des renseignements qui, lorsqu’ils sont
associés à un individu, peuvent être utilisés pour l’identifier, et qui peuvent être retrouvés grâce au nom, à
l’adresse, à l’adresse électronique, au numéro de téléphone ou à tout autre identifiant spécifique similaire de
l’individu. La signification précise de ce terme peut varier à travers le monde.
NOTE 2 L’ISO/IEC 29100, l’ISO/IEC 29184 et la série ISO 31700 fournissent des recommandations
supplémentaires relatives à la vie privée.
4.16 Protection des données
Il convient que l’organisme préserve l’intégrité des données relatives aux consommateurs dans le
système TCE CC. Il convient que cela inclue la mise en œuvre de mécanismes de sécurité adaptés à la
sensibilité des informations, l’application des meilleures pratiques généralement acceptées afin de se
protéger contre un accès non autorisé, l’obtention du consentement nécessaire pour l’utilisation des
données des consommateurs, et la prise en compte des exigences légales et réglementaires applicables
imposées dans la juridiction de l’acheteur.
NOTE Des recommandations supplémentaires concernant la sûreté des informations sont fournies dans
l’ISO/IEC 27001 et l’ISO/IEC 27002.
4.17 Sécurité
Il convient qu’un organisme prenne toutes les mesures raisonnables pour garantir la sécurité
des produits et services fournis par le biais de son système TCE CC.
NOTE 1 Voir l’ISO/IEC Guide 76:2020, 6.5.
NOTE 2 L’ISO 10377 fournit des recommandations supplémentaires concernant l’appréciation et le
management de la sécurité des produits.
NOTE 3 L’ISO 10393 fournit des recommandations supplémentaires relatives aux rappels de produits.
4.18 Développement durable
Il convient que le système TCE CC d’un organisme soit être mis en place et exploité de manière à garantir
la durabilité.
NOTE 1 Voir l’ISO/IEC Guide 76:2020, 6.7.
NOTE 2 L’ISO 26000 fournit des recommandations supplémentaires relatives à la responsabilité sociétale.
NOTE 3 Garantir la durabilité peut inclure, par exemple, de traiter équitablement les travailleurs, tels
que les chauffeurs chargés des livraisons et le personnel d’entrepôt, et de prendre en compte les impacts
environnementaux, notamment en matière d’emballage et de livraison.
4.19 Intégration
Il convient que le système TCE CC d’un organisme soit intégré au système de management de la
qualité et, le cas échéant, à d’autres systèmes de management de l’organisme. Il convient d’inclure les
interactions entre le TCE CC en ligne et le marché conventionnel de la vente directe ou à distance, le cas
échéant, d’une manière cohérente et compréhensible pour tous les consommateurs.
NOTE La référence [28] fournit des recommandations supplémentaires relatives à l’intégration.
4.20 Approche axée sur le client
Il convient que l’organisme adopte une approche axée sur le client en ce qui concerne le système TCE CC
et qu’il soit ouvert aux retours d’information.
4.21 Amélioration
Il convient que l’amélioration de l’efficacité et de l’efficience du système TCE CC soit un objectif
permanent de l’organisme.
5 Système de transaction de commerce électronique entre commerçant et
consommateur
5.1 Contexte de l’organisme
Lors de la planification, de la conception, du développement, de la mise en œuvre, de la tenue à jour et
de l’amélioration de son système TCE CC, il convient que l’organisme prenne en compte son contexte en:
— identifiant et traitant les enjeux externes et internes qui sont pertinents pour la finalité de
l’organisme et qui ont une incidence sur sa capacité à atteindre les objectifs du système TCE CC;
— identifiant les parties intéressées qui sont pertinentes pour le système TCE CC, et en répondant
aux besoins et attentes pertinents de ces parties intéressées;
— identifiant le périmètre du système TCE CC, y compris ses limites et son applicabilité, et en prenant
en compte les enjeux externes et internes et les besoins des parties intéressées mentionnés ci-
dessus.
5.2 Cadre
Il convient qu’un organisme établisse et applique un cadre pour la prise de décision et l’action dans
le contexte de la planification, de la conception, du développement, de la mise en œuvre, de la tenue
à jour et de l’amélioration du système TCE CC. Ce cadre implique l’évaluation, la fourniture et le
déploiement des ressources nécessaires à la réalisation des processus pour atteindre les objectifs du
système TCE CC. Il inclut également l’engagement de la direction, l’attribution des responsabilités et des
autorités appropriées et la formation, conformément aux principes directeurs énoncés à l’Article 4.
Lors de la planification, de la conception, du développement, de la mise en œuvre, de la tenue à jour et
de l’amélioration de son système TCE CC, il convient que l’organisme collecte et évalue les informations
concernant:
— les besoins et les attentes des consommateurs;
— les problèmes associés aux transactions de type TCE CC (par exemple respect de la vie privée, sûreté,
réactivité, exactitude);
— les exigences légales et réglementaires associées au traitement de ces problèmes (voir l’Annexe B);
— la manière dont ces problèmes surviennent, leurs effets potentiels et la manière dont ils sont traités;
— la manière dont d’autres organismes traitent ces problèmes.
Il est important pour l’organisme d’obtenir des parties intéressées pertinentes (par exemple
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.
Loading comments...