iTeh Standards logo
EURUSD
Your shopping cart is empty.
SIST

SIST EN 17799:2024

(Main)

Personal data protection requirements for processing operations

Personal data protection requirements for processing operations

This document specifies baseline requirements for demonstrating processing activities compliance with the European personal data protection normative framework in accordance with EN ISO/IEC 17065. It does not however apply to products or management systems destined for processing personal data.
This document is applicable to all organizations which, as personal data controllers and/or processors, process personal data, and its objective is to provide a set of requirements enabling such organizations to conform effectively with the European personal data protection normative framework.
An organization can decide that the standard is applicable only to a specific subset of its processing activities if such a decision does not involve failure to conform with the European personal data protection normative framework.
This document also provides indications for conformity assessment with the aforementioned requirements.

Anforderungen an den Datenschutz bei Verarbeitungsvorgängen

Dieses Dokument legt die grundlegenden Anforderungen für den Nachweis fest, dass die Verarbeitungs¬tätigkeiten dem europäischen normativen Bezugsrahmen für den Schutz personenbezogener Daten in Über¬einstimmung mit EN ISO/IEC 17065 entsprechen. Es gilt jedoch nicht für Produkte oder Management¬systeme, die für die Verarbeitung personenbezogener Daten vorgesehen sind.
Dieses Dokument gilt für alle Organisationen, die – als für die Datenverarbeitung Verantwortliche („Verantwortlicher“) und/oder Auftragsverarbeiter – personenbezogene Daten verarbeiten, und sein Ziel ist es, eine Reihe von Anforderungen bereitzustellen, die es diesen Organisationen ermöglichen, sich wirksam an den europäischen normativen Bezugsrahmen für den Schutz personenbezogener Daten anzupassen.
Eine Organisation kann beschließen, dass die Norm nur auf eine bestimmte Untergruppe ihrer Verarbei¬tungstätigkeiten anwendbar ist, wenn eine solche Entscheidung nicht die Nichteinhaltung des normativen europäischen Bezugsrahmens für den Schutz personenbezogener Daten beinhaltet.
Dieses Dokument enthält auch Angaben für die Bewertung der Konformität mit den vorgenannten Anforderungen.

Exigences de protection des données à caractère personnel pour les opérations de traitement

Le présent document spécifie des exigences de base pour démontrer la conformité des activités de traitement au cadre normatif européen de protection des données à caractère personnel, conformément à l'EN ISO/IEC 17065. Il ne s'applique cependant pas aux produits ou systèmes de management destinés au traitement des données à caractère personnel.
Le présent document est applicable à tous les organismes qui, en tant que responsables de traitement et/ou sous-traitants, traitent des données à caractère personnel, et son objectif est de fournir un ensemble d'exigences permettant à ces organismes de se conformer efficacement au cadre normatif européen de protection des données à caractère personnel.
Un organisme peut décider que la norme n'est applicable qu'à un sous-ensemble spécifique de ses activités de traitement si une telle décision n'implique pas une non-conformité avec le cadre normatif européen de protection des données à caractère personnel.
Le présent document fournit également des indications pour l'évaluation de la conformité avec les exigences susmentionnées.

Zahteve za varstvo osebnih podatkov za postopke obdelave

Ta dokument določa osnovne zahteve za podpiranje mehanizma potrjevanja za varstvo podatkov, kot ga zahteva 42. člen splošne uredbe o varstvu podatkov za izkazovanje skladnosti s standardom EN ISO/IEC 17065.
Dokument se ne uporablja za izdelke ali sisteme upravljanja, zasnovane za obdelavo osebnih podatkov.
Ta dokument se uporablja za vse organizacije, ki kot upravljavci in/ali obdelovalci osebnih podatkov
obdelujejo osebne podatke, njegov cilj pa je zagotoviti nabor zahtev, ki podpirajo te organizacije pri izkazovanju skladnosti z normativnim okvirom EU na področju varstva osebnih podatkov.
Ta dokument se uporablja za vse dejavnosti obdelave organizacije ali za poseben podsklop teh dejavnosti, če ta odločitev ne vključuje neskladnosti z normativnim okvirom EU na področju varstva osebnih podatkov.
Ta dokument prav tako določa navedbe za ugotavljanje skladnosti z zgoraj navedenimi zahtevami.

General Information

Status
Published
Public Enquiry End Date
13-Feb-2022
Publication Date
22-Feb-2024
ICS
03.120.20 - Product and company certification. Conformity assessment
03.160 - Law. Administration
35.020 - Information technology (IT) in general
Technical Committee
ITC - Information technology
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
13-Feb-2024
Due Date
19-Apr-2024
Completion Date
23-Feb-2024
Ref Project
EN 17799:2023 - Personal data protection requirements for processing operations
SIST EN 17799:2024SIST EN 17799:2024
PreviousNext
Standard
SIST EN 17799:2024
English language
25 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-april-2024
Zahteve za varstvo osebnih podatkov za postopke obdelave
Personal data protection requirements for processing operations
Anforderungen an den Datenschutz bei Verarbeitungsvorgängen
Exigences de protection des données à caractère personnel pour les opérations de
traitement
Ta slovenski standard je istoveten z: EN 17799:2023
ICS:
03.160 Pravo. Uprava Law. Administration
35.020 Informacijska tehnika in Information technology (IT) in
tehnologija na splošno general
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD EN 17799
NORME EUROPÉENNE
EUROPÄISCHE NORM
October 2023
ICS 03.120.20; 03.160
English version
Personal data protection requirements for processing
operations
Exigences de protection des données à caractère Anforderungen an den Datenschutz bei
personnel pour les opérations de traitement Verarbeitungsvorgängen
This European Standard was approved by CEN on 4 September 2023.

CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for
giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical
references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to
any CEN and CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC
Management Centre has the same status as the official versions.

CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,
Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and United Kingdom.

CEN-CENELEC Management Centre:
Rue de la Science 23, B-1040 Brussels
© 2023 CEN/CENELEC All rights of exploitation in any form and by any means
Ref. No. EN 17799:2023 E
reserved worldwide for CEN national Members and for
CENELEC Members.
Contents Page
European foreword . 4
Introduction . 5
1 Scope . 6
2 Normative references . 6
3 Terms and definitions . 6
4 Overview . 7
5 Planning . 7
5.1 General. 7
5.2 Understanding the needs and expectations of interested parties . 7
5.3 Scope of personal data processing activities . 7
5.3.1 General. 7
5.3.2 Records of data processing activities . 8
5.3.3 Identification of the legal basis . 8
5.3.4 Data minimization . 9
5.3.5 Retention periods . 9
5.4 Policy for personal data protection . 9
5.5 Roles and responsibilities . 10
5.5.1 General. 10
5.5.2 Internal roles . 11
5.5.3 External roles . 11
5.6 Risk management . 12
5.6.1 General. 12
5.6.2 Data protection risk assessment and impact analysis . 12
5.6.3 Evaluation of the impact on data protection . 13
5.6.4 Risk treatment and treatment plan . 14
5.7 Personal data protection by design and by default . 14
6 Operational activities . 15
6.1 General. 15
6.2 Data protection notices and consent . 15
6.2.1 Data protection notices . 15
6.2.2 Consent . 15
6.3 Update of roles . 16
6.4 Personal data protection . 16
6.4.1 Erasure of data . 16
6.4.2 Implementation and maintenance of security measures . 16
6.4.3 Management of personal data breaches . 17
6.5 Data subjects’ requests for the application of their rights. 18
6.5.1 General. 18
6.5.2 Data access . 18
6.5.3 Correction . 18
6.5.4 Erasure. 19
6.5.5 Restriction of processing . 19
6.5.6 Data portability . 19
6.5.7 Objections . 19
6.5.8 Automated decisions, including profiling . 20
6.5.9 Complaints and appeals . 20
6.6 Training and awareness . 20
7 Control . 20
7.1 General . 20
7.2 Internal audits . 20
7.3 Periodical report. 21
7.4 Nonconformities and corrective actions . 22
Annex A (informative) Controllers and processors requirements mapping . 23
Bibliography . 25
European foreword
This document (EN 17799:2023) has been prepared by Technical Committee CEN/CLC/JTC 13
“Cybersecurity and Data Protection”, the secretariat of which is held by DIN.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by April 2024, and conflicting national standards shall be
withdrawn at the latest by April 2024.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
Any feedback and questions on this document should be directed to the users’ national standards body.
A complete listing of these bodies can be found on the CEN website.
According to the CEN-CENELEC Internal Regulations, the national standards organisations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia,
Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland,
Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North
Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and the United
Kingdom.
Introduction
Personal data protection is regulated throughout European Union according to laws, the most important
of which is the EU Regulation 2016/679 (hereafter referred to as “Regulation” or “GDPR”). This regulates
the protection of natural persons with regard to the processing of personal data but does not
contextualise it in a set of consequential or related activities.
Moreover, the Regulation refers to the establishment of data protection certification mechanisms and of
data protection seals and marks, for the purpose of demonstrating compliance with the regulation of
processing operations by controllers and processors.
Those efforts will also provide a solid basis for GDPR conformance and alignment of the European data
protection landscape with global standards. The focus of those standards is fundamentally different since
they are aimed to a management system and not to services and processes as the current document is.
ISO/IEC 27701 has been adopted as an EN, and CEN/CLC JTC 13 is undertaking a new work item on its
“Refinements in European context”. Those efforts will also provide a solid support for GDPR conformance
and alignment of the European data protection landscape with global norms. The focus of those standards
is however fundamentally different since they are aimed at a management system and not to services and
processes as the current document.
1 Scope
This document specifies baseline requirements intended to support the data protection certification
mechanism requested by Article 42 of the GDPR to demonstrate compliance in accordance with
EN ISO/IEC 17065.
It does not however apply to products or management systems destined for processing personal data.
This document is applicable to all organizations which, as personal data controllers and/or processors,
process personal data, and its objective is to provide a set of requirements supporting such organizations
in demonstrating compliance with the EU personal data protection normative framework
This document is applicable to all of an organization’s processing activities or to a specific subset of these
if such a decision does not involve failure to conform with the EU personal data protection normative
framework.
This document also provides indications for conformity assessment with the aforementioned
requirements.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 27000:2020, Information technology — Security techniques — Information security management
systems — Overview and vocabulary
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 27000:2020 and the
following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— IEC Electropedia: available at https://www.electropedia.org/
— ISO Online browsing platform: available at https://www.iso.org/obp
3.1
impact
data protection impact
anything that has an effect on the protection of a data subject and/or group of data subjects
[SOURCE: ISO/IEC 27557]
3.2
consequence
outcome of an event affecting organizational objectives
[SOURCE: ISO/IEC 27557]
4 Overview
This document specifies baseline requirements for the processing of personal data so that an
organization, whether controller or processor, is effectively supported when demonstrating compliance
with EU and applicable national personal data protection normative framework. The separation between
controller and processor activities is based on the requirements within the aforementioned normative
framework.
This document is completed by Annex A which summarizes the applicability of the document clauses to
controllers and processors.
NOTE This document can’t provide direct coverage of all the requirements within EU and applicable national
personal data protection normative framework but is structured to contribute establishing a baseline to allow their
effective fulfilment.
5 Planning
5.1 General
This clause sets out the activities which a controller or processor shall perform, in order to carry out
processing activities aiming at the protection of personal data in a systematic and organized way. Those
activities shall be performed periodically or after relevant changes such as modifications to the applicable
legislation or corporate organization, structural changes in information technology or its characteristics.
NOTE All seven principles listed within article 5 of the Regulation are considered within this and following
chapters, inside dedicated paragraphs or spread in other.
5.2 Understanding the needs and expectations of interested parties
The controller or, where applicable and consistent with the circumstances of the data processing, the
processor shall determine:
a) all interested parties involved in personal data processing activities, including data subjects,
processors and controllers; and
b) the requirements of such interested parties related to personal data processing activities;
c) the mandatory requirements of any applicable legislation and the contractual obligations.
5.3 Scope of personal data processing activities
5.3.1 General
The controller shall determine the limits and applicability of the personal data processing, documenting:
records of data processing activities, their legal basis, the physical locations, organizational structure
(including all interested parties identified in 5.2), information systems and other relevant involved
supporting assets.
5.3.2 Records of data processing activities
The controller or processor shall, to the extent of their applicable responsibilities, identify the personal
data and their flow related to each processing and shall keep them updated in personal data processing
activity records. In particular, the controller or processor shall establish and maintain up-to-date records
of data processing activities identifying:
1) the name and contact details of the controller of the processing and, where applicable, of the joint
controller and the data protection officer;
2) the processes which use personal data;
3) the sources from which personal data originate (only applicable to controllers);
4) the categories of data subjects and personal data being processed (only applicable to controllers);
5) the categories of processing carried out on behalf of each controller (only applicable to processors);
6) the identified legal basis for the processing (see 5.3.3) (only applicable to controllers);
7) the purposes of the processing (only applicable to controllers);
8) the categories of recipients of personal data, including categories of third parties;
10) the information systems involved in the storage of personal data;
11) the general description of technical and organisational security measures used to protect personal
data (ensuring the existence of this description is not itself a security hazard);
12) any transfers of personal data to third parties, international organizations or other countries;
13) the retention period of personal data or the criteria used for determining such period and the type
of measures taken at the end of the period;
14) the physical locations where processing takes place.
NOTE This section is intended to support article 30of the Regulation.
5.3.3 Identification of the legal basis
The controller shall identify the legal basis for the processing of personal data and communicate them to
the data subjects. The controller shall document the legal basis.
NOTE 1 Article 6 of the Regulation specifies the acceptable legal basis for processing personal data.
When special categories of personal data are processed, the controller shall identify, communicate and
document the legal basis for the processing of personal data.
NOTE 2 Article 9 of the Regulation specifies the acceptable legal basis for processing special categories of
personal data.
5.3.4 Data minimization
The controller shall, for all processing, always ensure that:
a) the organization processes the minimum quantity of personal data necessary to fulfil its legitimate
purposes;
b) any other personal data which is not relevant are not gathered unless the provision of such
information is optional and only processed with the consent of the data subject;
c) new systems and processes involving processing of personal data are reviewed as early as during the
design phase in order to guarantee that the processed information is relevant, adequate and limited
to what is necessary in relation to the purposes for which they are processed;
d) any processing activity and the relevant purposes are only performed according to the data
protection notice (see 6.2.1).
5.3.5 Retention periods
Retention periods of personal data, or, where not possible, the criteria used to determine those periods,
shall be:
a) defined by the controller considering the effective need for the purposes of processing and the
periods indicated in the applicable requirements and in the purposes of the processing; and
b) declared in the relevant data protection notices.
The controller shall keep documentation regarding the justifications leading to the definition of such
periods.
NOTE ISO/IEC 27555 “Guidelines on personally Identifiable Information deletion” contains guidance on how
to select and implement retention periods
5.4 Policy for personal data protection
The controller’s or processor’s top management shall establish a policy for personal data protection
which:
a) is consistent with the purposes of the organization;
b) provides a reference framework for setting objectives for the protection of personal data;
c) includes a commitment to fulfil applicable requirements for the protection of personal data in
compliance with the present document and with the reference personal data protection normative
framework;
d) includes a commitment to continuously improve the protection of personal data;
e) is suitable for the organization and its geographical location, the architecture and connection of the
networks and IT systems and the existing policies concerning the exchange of data.
The policy for personal data protection shall:
— be documented;
— be communicated within the organization;
— be made available possibly in a summary form to all relevant interested parties, external and internal,
involved in the processing of personal data; and
— be periodically reviewed and updated if necessary.
The policy for personal data protection shall address the coverage of all processing of personal data of
data subjects (see applicable legislation for additional information).
5.5 Roles and responsibilities
5.5.1 General
The controller’s or processor’s top management shall ensure that the responsibilities and authority of the
relevant roles are assigned and communicated.
The controller’s or processor’s top management shall assign the responsibilities and authority in order
to:
a) ensure that the activities regarding the processing of personal data conform with this document and
with the personal data protection normative framework ; and
b) report the results of such activities to the top management.
Responsibilities shall be duly assigned for:
c) monitoring the compliance of the policy for personal data protection with the personal data
protection normative framework (see applicable legislation for additional information);
d) implementing the objectives for the protection of personal data, including those defined in the
practice regarding the processing of personal data set out or specified in any code of conduct
applicable to the organization;
e) managing the training program and creating awareness;
f) assigning authorizations for the processing of personal data;
g) defining and approving the following documented procedures for processing personal data:
1) gathering and processing of personal data;
2) management and communication of information regarding personal data protection;
3) processing of requests made by data subjects;
4) management of complaints;
5) management of personal data breaches;
6) management of suppliers and other third parties;
7) controls and any transfers of personal data to third parties or international organizations; and
8) monitoring of normative updates and legal developments concerning personal data protection.
5.5.2 Internal roles
5.5.2.1 Data protection manager
At least one member of the controller’s or processor’s management shall be designated as person in
charge of data protection matters for personal data processing activities within the organization to
manage compliance with the data protection requirements and best practices.
prEN 17740 defines competence requirements applicable to the profile and its main characteristics.
5.5.2.2 Data protection officer
If a controller or a processor is required to nominate a data protection officer (article 37 of the
Regulation) or decides to do so owing to specific organizational needs, it shall nominate an adequately
qualified person.
NOTE 1 The assignment of the person’s role is described in article 38 of the Regulation.
NOTE 2 The data protection officer can be internal or external to the organization which nominates it.
The contact details of the data protection officer shall be communicated to the competent supervisory
authority and included in the data protection notices (see 6.2.1).
The data protection officer, or if such figure does not exist, an adequately qualified person, shall ensure
the execution of the assigned tasks.
NOTE Data protection officer’s fundamental tasks are set out in article 39 of the Regulation.
prEN 17740 defines competence requirements applicable to the profile and its main characteristics.
5.5.2.3 Persons authorized to process personal data
Persons authorized to process personal data within a controller’s or processor’s organization shall be
made aware of their role in the processing of this personal data, and of the appropriate procedures that
they need to work within. They shall also be made aware of the consequences of of non-compliance with
the organization’s data protection policies and of not implementing these procedures.
5.5.3 External roles
5.5.3.1 Processors
Interested parties, as defined in 5.2 a), including suppliers or partners, undertaking processing on behalf
of the controller or of another processor without, however, determining the purposes and means of
processing of personal data, shall:
a) demonstrate their capacity to ensure the implementation of technical and organizational measures
which are adequate for the personal data protection (see the following paragraph) and of their
respect for the personal data protection normative framework;
b) possess a contract or other legal act with the organization (controller and processor, as the case may
be), conforming at least with the following clauses:
1) processing the personal data only on documented instructions from the controller;
2) ensuring that persons authorized to process the personal data are committed to respect data
confidentiality;
3) not engaging another processor without written authorization by the controller;
4) applying the same data protection obligations set out in the contract or other legal act to their
processors;
5) assisting the controller in ensuring compliance with the obligations on data breach notification,
communication, data protection impact assessment and prior consultation as applicable;
6) deleting or returning all the personal data to the controller after the end of the contract or legal
act unless retention is required by law;
7) making available to the controller all information necessary to demonstrate compliance with
their obligations, also allowing and contributing to audits and inspections by the controller.
NOTE Article 28 of the Regulation defines the processor’s role.
5.6 Risk management
5.6.1 General
The controller or processor shall consider the requirements set out in 5.2 and shall periodically
determine the risks and opportunities that they face in order to prevent or reduce undesired impact on
the rights and freedoms of natural persons.
5.6.2 Data protection risk assessment and impact analysis
The controller or processor shall define risk assessment and impact analysis o
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

Loading comments...

This May Also Interest You

SIST
SIST EN 15016-2:2023+A1:2026(Main + Amendment)
Railway applications - Technical documents - Part 2: Parts lists
EN 15016-2:2023+A1:2025

This document specifies the preparation and reproduction of design parts. This document defines the basic principles and structure of design parts lists. This document is applicable to all design parts lists for railway applications.

  • Standard
    26 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 16647-1:2026(Main)
Alcohol powered flueless fireplaces - Safety requirements and test methods- Part 1: Manually operated decorative fireplaces for domestic use
EN 16647-1:2025

This document is applicable only to decorative fireplaces that have been manufactured for domestic use, which produce a flame using liquid alcohol, hereafter referred to as fuel.
NOTE 1   The requirements outlined in this document can also be applied for outside domestic settings. In that case, additional or different rules on the use of the fireplaces can apply.
This document is applicable to free-standing, wall-mounted and built-in fireplaces.
This document is applicable to decorative fireplaces that require manual user interaction for ignition, filling, re-filling or extinguishing the fireplace.
NOTE 2   The fireplaces can contain some electric or electronic components.
This document is applicable to fireplaces ready for use, whose fuel box is of one unit or is an integral component of the fireplace but not to fireplaces with a fuel tank separate from the fireplace.
This document does not apply to fireplaces specifically designed for heating food or keeping food warm (rechauds), nor does it apply to fireplaces for use in boats, caravans, other vehicles or outdoor areas.
This document does not apply to fireplaces with a power output higher than 4,5 kW or with a defined heating function.
NOTE 3   National regulations can restrict the power output to less than 4,5 kW.

  • Standard
    41 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 17984-3:2026(Main)
Assistance Dogs - Part 3: Competencies for Assistance Dogs Professionals
EN 17984-3:2025

This document specifies the competencies required of assistance dogs’ professionals. The purpose of this document is to improve and ensure the quality of professionals working in a role within an assistance dog organization. Each speciality of assistance dog requires a specific set of role competencies and there are some common core competencies.
Core competencies in:
-   breeding;
-   puppy raising;
-   dog care;
-   assessors;
-   orientation and mobility;
-   trainers;
-   instructors.
Specific competencies to train:
-   guide dogs;
-   hearing dogs;
-   medical alert dogs;
-   mobility assistance dogs;
-   autism and development disorder dogs;
-   team training instructor.
It is accepted that assistance dog organisations vary greatly in structure and not every organization will have all the roles identified. Where one person performs more than one role, it is expected that they will have the competencies of all the roles they perform e.g. a dog trainer may also have the competencies of a dog care specialist. And there will be some organisations where some of these roles are not required, e.g. those with no breeding programme will not require the associated role competencies.

  • Standard
    35 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 5577:2026(Main)
Non-destructive testing - Ultrasonic testing - Vocabulary (ISO 5577:2025)
EN ISO 5577:2025

This document defines the terms used in ultrasonic non-destructive testing and forms a common basis for standards and general use.
This document does not cover specific terms used in ultrasonic testing with arrays.
NOTE            Terms used in ultrasonic testing with arrays are defined in ISO 23243.

  • Standard
    55 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 2719:2026(Main)
Determination of flash point - Pensky-Martens closed cup method (ISO 2719:2025)
EN ISO 2719:2025

This document specifies three procedures, A, B and C, using the Pensky-Martens closed cup tester, for determining the flash point of combustible liquids, liquids with suspended solids, liquids that tend to form a surface film under the test conditions, biodiesel and other liquids in the temperature range of 40 °C to 370 °C.
NOTE 1        Although, technically, kerosene with a flash point above 40 °C can be tested using this document, it is standard practice to test kerosene according to ISO 13736.[5] Similarly, lubricating oils are normally tested according to ISO 2592.[2]
Procedure A is applicable to distillate fuels (diesel, biodiesel blends, heating oil and turbine fuels), new and in-use lubricating oils, paints and varnishes, and other homogeneous liquids not included in the scope of procedures B or C.
Procedure B is applicable to residual fuel oils, cutback residuals, used lubricating oils, mixtures of liquids with solids, and liquids that tend to form a surface film under test conditions or are of such kinematic viscosity that they are not uniformly heated under the stirring and heating conditions of procedure A.
Procedure C is applicable to fatty acid methyl esters (FAME) as specified in specifications such as EN 14214[11] or ASTM D6751.[13]
This document is not applicable to water-borne paints and varnishes.
NOTE 2        Water-borne paints and varnishes can be tested using ISO 3679.[3] Liquids containing traces of highly volatile materials can be tested using ISO 1523[1] or ISO 3679.

  • Standard
    35 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 18862:2026(Main)
Coffee and coffee products - Determination of acrylamide - Methods using high-performance liquid chromatography with tandem mass spectrometric detection (HPLC-MS/MS) and gas chromatography with mass spectrometric detection (GC-MS) after derivatization (ISO 18862:2025)
EN ISO 18862:2025

This document specifies methods for the determination of acrylamide in coffee and coffee products by extraction with water, clean-up by solid-phase extraction (SPE) and determination by high-performance liquid chromatography with tandem mass spectrometric detection (HPLC-MS/MS) and gas chromatography with mass spectrometric detection (GC-MS) after derivatization. The methods were validated in a validation study for roasted coffee, soluble coffee, coffee substitutes and coffee products with ranges from 53 μg/kg to 612,1 μg/kg.

  • Standard
    32 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TS CEN/TS 18227:2026(Main)
Automotive fuels - E20 petrol - Requirements and test methods
CEN/TS 18227:2025

This document specifies requirements and test methods for E20 petrol marketed and delivered as such, containing a minimum oxygen content of 3,7 % (m/m) and a maximum of 8,0 % (m/m). The fuel has a maximum of 20,0 % (V/V) ethanol.
It is applicable to fuel for use in spark-ignition petrol-fuelled engines and vehicles.
This document is complementary to EN 228, which describes unleaded petrol containing an oxygen content up to 3,7 % (m/m) and a maximum ethanol content of 10 % (V/V).
NOTE 1   For general petrol engine vehicle warranty, E20 petrol might not be suitable for all vehicles and it is advised that the recommendations of the vehicle manufacturer are consulted before use. E20 petrol might need a validation step to confirm the compatibility of the fuel with the vehicle, which for some existing engines might still be needed.
NOTE 2   For the purposes of this document, the terms “% (m/m)” and “% (V/V)” are used to represent respectively the mass fraction, µ, and the volume fraction, φ.

  • Technical specification
    16 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 19085-13:2026(Main)
Woodworking machines - Safety - Part 13: Multi-blade rip sawing machines with manual loading and/or unloading (ISO 19085-13:2025)
EN ISO 19085-13:2025

This document specifies the safety requirements and measures for multi-blade rip sawing machines with manual loading or unloading or both, capable of continuous production use, hereinafter referred to also as “machines”, designed to cut solid wood and materials with similar physical characteristics to wood.
This document deals with all significant hazards, hazardous situations and events as listed in Annex A, relevant to the machines, when operated, adjusted and maintained as intended and under the conditions foreseen by the manufacturer including reasonably foreseeable misuse. Transport, assembly, dismantling, disabling and scrapping phases are also taken into account.
This document does not deal with specific hazards related to the combination of single machines with any other machine as part of a line.
This document is not applicable to machines:
—     intended for use in potentially explosive atmosphere;
—     manufactured prior to its publication.

  • Standard
    59 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 80601-2-70:2026(Main)
Medical electrical equipment - Part 2-70: Particular requirements for basic safety and essential performance of sleep apnoea breathing therapy equipment (ISO 80601-2-70:2025)
EN ISO 80601-2-70:2025

This document is applicable to the basic safety and essential performance of sleep apnoea breathing therapy equipment, hereafter referred to as ME equipment, intended to alleviate the symptoms of patients who suffer from obstructive sleep apnoea by delivering a therapeutic breathing pressure to the respiratory tract of the patient. Sleep apnoea breathing therapy equipment is intended for use in the home healthcare environment by lay operators as well as in professional healthcare institutions.
Sleep apnoea breathing therapy equipment is not considered to utilize a physiologic closed-loop-control system unless it uses a physiological patient variable to adjust the therapy settings.
This document excludes sleep apnoea breathing therapy equipment intended for use with neonates.
This document is applicable to ME equipment or an ME system intended for those patients who are not dependent on artificial ventilation. This document is not applicable to ME equipment or an ME system intended for those patients who are dependent on artificial ventilation such as patients with central sleep apnoea.
This document is also applicable to those accessories intended by their manufacturer to be connected to sleep apnoea breathing therapy equipment, where the characteristics of those accessories can affect the basic safety or essential performance of the sleep apnoea breathing therapy equipment.
Masks and application accessories intended for use during sleep apnoea breathing therapy are additionally addressed by ISO 17510. Refer to Figure AA.1 for items covered further under this document.
If a clause or subclause is specifically intended to be applicable to ME equipment only, or to ME systems only, the title and content of that clause or subclause will say so. If that is not the case, the clause or subclause applies both to ME equipment and to ME systems, as relevant.
Hazards inherent in the intended physiological function of ME equipment or ME systems within the scope of this document are not covered by specific requirements in this document except in 7.2.13 and 8.4.1 of the general standard.
NOTE 2        See also 4.2 of the general standard.
This document does not specify the requirements for:
–    ventilators or accessories intended for critical care ventilators for ventilator-dependent patients, which are given in ISO 80601‑2‑12.
–    ventilators or accessories intended for anaesthetic applications, which are given in ISO 80601-2-13.
–    ventilators or accessories intended for home care ventilators for ventilator-dependent patients, which are given in ISO 80601-2-72.
–    ventilators or accessories intended for emergency and transport, which are given in ISO 80601-2-84.
–    ventilators or accessories intended for home-care ventilatory support, which are given in ISO 80601‑2-79 and ISO 80601‑2‑80.
–    high-frequency ventilators[23], which are given in ISO 80601-2-87.
–    respiratory high flow equipment, which are given in ISO 80601‑2‑90;
NOTE 3      ISO 80601-2-80 ventilatory support equipment can incorporate high-flow therapy operational mode, but such a mode is only for spontaneously breathing patients.
–    user-powered resuscitators, which are given in ISO 10651-4;
–    gas-powered emergency resuscitators, which are given in ISO 10651-5;
–    oxygen therapy constant flow ME equipment; and
–    cuirass or “iron-lung” ventilation equipment.

  • Standard
    89 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 62841-2-20:2026/A11:2026(Amendment)
Electric motor-operated hand-held tools, transportable tools and lawn and garden machinery - Safety - Part 2-20: Particular requirements for hand-held band saws
EN IEC 62841-2-20:2025/A11:2025

2021-12-20: This prAA includes common mods to EN IEC 62841-2-20 (PR=75425)
DOW=DOR+48 months is applied to all parts in EN IEC 62841 series

  • Amendment
    8 pages
    English language
    sale 10% off
    e-Library read for
    1 day