CEN/CLC - CEN/CLC

This TS provides requirements and ISO/IEC 17065 interpretations for Conformity Assessment Bodies (CABs) assessing Cloud Services
This TS is intended to be used by the National Accreditation Bodies (NABs), as well as CABs.

This document contains guidelines to be used in the process of drafting requirements of cybersecurity certification schemes for sectoral ICT services and systems. It includes all steps necessary to define, implement and maintain such requirements.

The standard contains guidelines for developing and establishing policies and procedures for deletion
of PII in organizations by specifying:
—   a harmonized terminology for PII deletion;
—   an approach for defining deletion rules in an efficient way;
—   a description of required documentation; and
—   a broad definition of roles, responsibilities and processes.
This document is intended to be used by organizations where PII are stored or processed.
This document does not address:
—   specific legal provision, as given by national law or specified in contracts;
—   specific deletion rules for particular clusters of PII as are to be defined by PII controllers for
—   processing PII;
—   deletion mechanisms;
—   reliability, security and suitability of deletion mechanisms;
—   specific techniques for de-identification of data.

This document provides the guidelines of CEN and CENELEC’s policy towards building partnerships with
European organizations, associations and other recognized stakeholders who have an interest in European
standardization and are willing and able to provide added-value knowledge and to actively contribute with
inputs and proposals to CEN and/or CENELEC corporate and technical bodies.

This document is intended to stablish and define functional and performance requirements and associated tests for Galileo Timing Receivers. This document covers the following topics related to Galileo Timing Receivers:
- GNSS constellations and frequencies processed: Galileo plus additionally GPS, with nominal mode being dual-frequency processing,
- Time scales processed, including at least Galileo System Time and Universal Time Coordinate,
- User dynamics, with two operation modes: static users with well-known and static antenna position and dynamics users with moving antenna,
- Holdover devices,
- Nominal and back-up modes, including single-frequency modes, single-constellation modes and holdover mode.
- Processing of timing integrity information disseminated by the Galileo System,
- Time Receiver Autonomous Integrity Monitoring processing,
- Anti-jamming and anti-spoofing capabilities, including Automatic Gain Control monitoring and Galileo Open Service Navigation Message Authentication processing,
- Robustness to multipath.
In addition, this document gives guidelines for the installation and maintenance of the receiver, including antenna, cabling and receiver installation, initial and periodic receiver calibration, and periodic maintenance.
On top of the functional requirements, performance requirements this document defines in terms of different key performance indicators such as:
- Accuracy, availability, continuity and integrity requirements,
- T-RAIM performances, including time to alert,
- Holdover performances including maximum degradation of the timing solution with time and maximum holdover time,
This document also gives a simple test suite to verify the most fundamental requirements of the Galileo Timing Receivers.

NOTE            Clause A.2 contains guidance or rationale for this clause.
This document specifies the common test methods to evaluate the performance requirements for small-bore connectors specified in the ISO and IEC 80369 series as well as the ISO 18250 series.

This document specifies the reference architecture for a hyperloop system. It specifies the functions of each (sub)system classifying them in different functional blocks, their different possible implementations, and highlights the interactions between them.
The interfaces of the transportation system based on interactions are listed, whether it be internal interfaces or exterior interfaces. The characterization considers the technical as well as operational features of the transport service.

Scope of this NWI is to give keys and to propose methods to GNSS-specialized laboratories, enabling them to design and produce valuable scenario using the "record and replay" technique in order to assess GNSS-based positioning system.
Already published parts (1-2-3) are mainly dedicated to respectively :
-Definitions and system engineering procedures for the establishment and assessment of performances
-Assessment of basic performances of GNSS-based positioning terminals
-Assessment of security performances of GNSS-based positioning terminals
Part4- Definitions and system engineering procedures for the design and validation of test scenarios- will be based on outcomes from GPSTART2 (SA-CEN/2018-12) which was funded by EC to tackle this specific focus (among others).

This document complements and supplements the procedures and general requirements found in ISO/IEC 17025:2017 for laboratories performing testing based on ISO/IEC 19790 and ISO/IEC 24759.

The objective of this document is to present the results of the tests defined in the IEC 61108-7 draft [1] performed with a maritime receiver updated based on the SBAS maritime guidelines [2] and other GNSS SBAS receivers.
The list of test scenarios prepared, the receiver analysed, the configuration used and procedures are included in Clause 4. In Clause 5, graphical and numerical results for each of the test performed are presented, including if the tests are passed or failed. Annex A provides additional information on the test case setup.

This document complements and supplements the procedures and general requirements found in ISO/IEC 17025:2017 for laboratories performing evaluations based on the ISO/IEC 15408 series and ISO/IEC 18045.

This document specifies the design and dimensions for two small-bore connectors intended to be used for connections in respiratory applications of medical devices and accessories. One connector (R1) is intended for use on medical devices and accessories subjected to pressures up to 15 kPa (e.g. a breathing system). The other connector (R2) is intended for use on medical devices and accessories subjected to higher pressures between 15 kPa and 600 kPa (e.g. oxygen therapy tubing).
NOTE 1        The pressure is related to pressure available at the source to which the medical device is connected.
NOTE 2        The intended application does not preclude the use of other connectors on medical devices or accessories within this application.
NOTE 3        Requirements for alternative connectors for this intended application are specified in ISO 80369-1.
This document does not specify requirements for the medical devices or accessories that use these connectors. Such requirements are given in device-specific standards.
NOTE 4        If a device-specific standard does not exist, the performance and material requirements specified in ISO 80369-1 can be used as guidance.

Common security requirements for internet connected radio equipment that equipment enables the holder or user to transfer money, monetary value or virtual currency. This document provides technical specifications for radio equipment processing virtual money or monetary value, which apply to electrical or electronic products that are capable to communicate over the internet, regardless of whether these products communicate directly or via any other equipment.

This document specifies common security requirements for internet-connected radio equipment. This document provides technical specifications for radio equipment, which concerns electrical or electronic products that are capable to communicate over the internet, regardless of whether these products communicate directly or via any other equipment.

Common security requirements for radio equipment processing personal data or traffic data or location data being either internet connected radio equipment, radio equipment designed or intended exclusively for childcare; toys and wearable radio equipment. The standard provides technical specifications for radio equipment processing personal data, traffic data or location data, which concerns electrical or electronic products that are capable to communicate over the internet, regardless of whether these products communicate directly or via any other equipment, childcare, toys or wearable radio equipment.
The scope does not apply to 5G network equipment used by providers of public electronic communications networks and publicly available electronic communications services within the meaning of in Directive (EU) 2018/1972 of the European Parliament and of the Council as defined in that Regulation.

This document provides guidance to assist organizations to:
—    fulfil the requirements of ISO/IEC 27001 concerning actions to address information security risks;
—    perform information security risk management activities, specifically information security risk assessment and treatment.
This document is applicable to all organizations, regardless of type, size or sector.

This Technical Specification (TS) provides a set of cybersecurity requirements for cloud services.
This TS is applicable to organizations providing cloud services and their subservice organizations

Hyperloop transport services are designed to support passenger transport and cargo transport. For each of the transport service user/customer requirements and expectations are different.
This document defines the hyperloop transport services supported by a hyperloop system and provides means for characterization and description of these services. The characterization considers the technical as well as operational / commercial features of each transport service.

This CEN-CENELEC Guide provides mechanisms and details the characteristics and development process of the CEN and/or CENELEC deliverable known as the 'CEN and/or CENELEC Workshop Agreement'.

This document specifies requirements and provides guidance for bodies providing audit and certification of an information security management system (ISMS), in addition to the requirements contained within ISO/IEC 17021-1.
The requirements contained in this document are demonstrated in terms of competence and reliability by bodies providing ISMS certification. The guidance contained in this document provides additional interpretation of these requirements for bodies providing ISMS certification.
NOTE       This document can be used as a criteria document for accreditation, peer assessment or other audit processes.

This Guide sets out the policy for the distribution, sale, copyright and therefore any Reproduction of Content.
Compliance with this Guide is mandatory for CEN, CENELEC, their respective Members, Organizations having
a cooperation framework or partnership agreement with CEN or CENELEC, CEN and CENELEC staff
members, experts, delegates, and other contributors to the work of Technical Committees or Working Groups
and other parties recognized by the CEN and CENELEC Rules.
Reproducing the Content, including structured data related to Publications, does not only fulfil the objective of
disseminating and encouraging the application of Publications throughout Europe and the rest of the world. It
is also the primary funding mechanism for standardization activities for many of the Members and a cornerstone
of the sustainability of the CEN and CENELEC standardization system. Therefore, the Reproduction of the
Content must be based on commercial principles and conducted in a way that secures the value of the Content
to CEN, CENELEC, their respective Members and the End-Users.
This Guide establishes practices in line with European Union (EU) competition law. As a result, this Guide is
not intended to give rise to or encourage any direct or indirect price fixing, market sharing and/or exchange of
commercially sensitive information between CEN, CENELEC and their respective Members. This Guide also
complies with the World Trade Organization (WTO) principles regarding dissemination of adopted standards,
including voluntary application, openness, effectiveness, and relevance in terms of availability to End-Users.
Any issue regarding the Reproduction of the Content that is not covered by this Guide or related documents, or
may require specification, shall be referred to the CEN and CENELEC Director General, who shall reasonably
seek the advice of the relevant governing bodies of CEN and CENELEC.
Any issue regarding compliance with this Guide shall be addressed to CCMC. In case of non-compliance with
this Guide, CCMC will take appropriate action according to the CEN and CENELEC Rules. In particular,
Members that do not comply with this Guide may ultimately be expelled from CEN or CENELEC according to
article 9.1.2 of the Statutes of CEN or CENELEC. Organizations having a cooperation framework or partnership
agreement with CEN or CENELEC, technical experts, delegates or other contributors to the work of Technical
Committees or Working Groups may be excluded from CEN and CENELEC activities, in accordance with the
CEN and CENELEC Rules.

This activity w ill be the parallel development of EN 16603-20-40 and ECSS-E-ST-20-40C.
The scope shall cover the areas of existing ASIC and FPGA engineering chapter 5 of ECSS-Q-ST-60-02C, but w ith w ider breadth and greater depth, covering engineering requirements of end-to-end development flow s, from specification of requirements to validation of prototypes, of the follow ing monolithic devices for its use in space:
• ASICs (distinguishing digital, analogue and mixed-signal development flow s)
• FPGAs (distinguishing three technology families: SRAM, FLASH and anti-fuse technologies)
• ASIC and FPGA System-on-Chip embedding processor cores w hich have external “softw are programme” dependencies to be addressed during the SoC development, resulting in SW-HW co-design requirements.

This document defines the primary space debris mitigation requirements applicable to all elements of unmanned systems launched into, or passing through, near-Earth space, including launch vehicle orbital stages, operating spacecraft and any objects released as part of normal operations.

This document provides packages of security assurance and security functional requirements that have been identified as useful in support of common usage by stakeholders.
EXAMPLE Examples of provided packages include the evaluation assurance levels (EAL) and the composed assurance packages (CAPs).

This document establishes the general concepts and principles of IT security evaluation and specifies the general model of evaluation given by various parts of the standard which in its entirety is meant to be used as the basis for evaluation of security properties of IT products.
This document provides an overview of all parts of the ISO/IEC 15408 series. It describes the various parts of the ISO/IEC 15408 series; defines the terms and abbreviations to be used in all parts of the standard; establishes the core concept of a Target of Evaluation (TOE); describes the evaluation context and describes the audience to which the evaluation criteria is addressed. An introduction to the basic security concepts necessary for evaluation of IT products is given.
This document introduces:
—    the key concepts of Protection Profiles (PP), PP-Modules, PP-Configurations, packages, Security Targets (ST), and conformance types;
—    a description of the organization of security components throughout the model;
—    the various operations by which the functional and assurance components given in ISO/IEC 15408‑2 and ISO/IEC 15408‑3 can be tailored through the use of permitted operations;
—    general information about the evaluation methods given in ISO/IEC 18045;
—    guidance for the application of ISO/IEC 15408‑4 in order to develop evaluation methods (EM) and evaluation activities (EA) derived from ISO/IEC 18045;
—    general information about the pre-defined Evaluation Assurance Levels (EALs) defined in ISO/IEC 15408‑5;
—    information in regard to the scope of evaluation schemes.

This document defines the required structure and content of security functional components for the purpose of security evaluation. It includes a catalogue of functional components that will meet the common security functionality requirements of many IT products.

This document defines the assurance requirements of the ISO/IEC 15408 series. It includes the individual assurance components from which the evaluation assurance levels and other packages contained in ISO/IEC 15408-5 are composed, and the criteria for evaluation of Protection Profiles (PPs),  PP-Configurations, PP-Modules, and Security Targets (STs).

The ISO/IEC 15408 series permits comparability between the results of independent security evaluations. The ISO/IEC 15408 series does so by providing a common set of requirements for the security functionality of IT products and for assurance measures applied to these IT products during a security evaluation. ISO/IEC 18045 provides a companion methodology for some of the assurance requirements specified in the ISO/IEC 15408 series, ISO/IEC 15408-1 and ISO/IEC 18045 also allow that more specific Evaluation Activities (EAs) may be derived for use in particular evaluation contexts. Specification of such Evaluation Activities is already occurring amongst practitioners and this creates a need for a specification for defining such Evaluation Activities.
This document, ISO/IEC 15408-4, provides a standardised framework for specifying objective, repeatable and reproducible Evaluation Methods (EMs), and Evaluation Activities.

This document specifies refinements for an application of ISO/IEC 27701 in a European context.
An organization can use this document for the implementation of the generic requirements and controls of ISO/IEC 27701 according to its context and its applicable obligations.
Certification bodies can use the specifications in this document as a basis for certification criteria verifying conformity to ISO/IEC 27701.
Certification criteria based on these specifications can provide a certification model under ISO/IEC 17065 for processing operations performed within the scope of a Privacy Information Management System according to ISO/IEC 27701, which can be combined with certification requirements for ISO/IEC 27701 under ISO/IEC 17021.
Accreditation bodies or regulatory authorities can use provisions in this document as criteria to establish certification mechanisms.

Scope remains unchanged.
This Standard establishes the basic rules and general principles applicable to the electrical, electronic, electromagnetic, microwave and engineering processes. It specifies the tasks of these engineering processes and the basic performance and design requirements in each discipline.
It defines the terminology for the activities within these areas.
It defines the specific requirements for electrical subsystems and payloads, deriving from the system engineering requirements laid out in EN 16603-10 (equivalent of ECSS-E-ST-10 "Space engineering - System engineering general requirements".)

This document describes a cybersecurity evaluation methodology, named SESIP, for components of connected ICT products. Security claims in SESIP are made based on the security services offered by those components. Components can be in hardware and software. SESIP aims to support comparability between and reuse of independent security evaluations. SESIP provides a common set of requirements for the security functionality of components which apply to the foundational components of devices that are not application specific. The methodology describes the re-use of evaluation results.

This document defines the minimum actions to be performed by an evaluator in order to conduct an ISO/IEC 15408 series evaluation, using the criteria and evaluation evidence defined in the ISO/IEC 15408 series.

This document specifies baseline requirements for demonstrating processing activities compliance with the European personal data protection normative framework in accordance with EN ISO/IEC 17065. It does not however apply to products or management systems destined for processing personal data.
This document is applicable to all organizations which, as personal data controllers and/or processors, process personal data, and its objective is to provide a set of requirements enabling such organizations to conform effectively with the European personal data protection normative framework.
An organization can decide that the standard is applicable only to a specific subset of its processing activities if such a decision does not involve failure to conform with the European personal data protection normative framework.
This document also provides indications for conformity assessment with the aforementioned requirements.

The standard defines the requirements related to the professional activity of subjects active in the processing and protection of
personal data, namely the intellectual profession that is pursued at different levels of complexity and in different organizational
contexts, both public and private.
These requirements are specified, starting from the specific tasks and activities identified, in terms of knowledge, skills and
competence, in accordance with the European Qualifications Framework - EQF and are expressed in such a way as to facilitate and
contribute to harmonize, as far as possible, evaluation and validation processes of learning outcomes.

This Standard specifies the general requirements for the qualification, procurement, storage and delivery of photovoltaic assemblies, solar cell assemblies, bare solar cells, coverglasses and protection diodes suitable for space applications.
This standard does not cover the particular qualification requirements for a specific mission.
This Standard primarily applies to qualification approval for photovoltaic assemblies, solar cell assemblies, bare solar cells, coverglasses and protection diodes, and to the procurement of these items.
This standard is limited to crystaline Silicon and single and multi-junction GaAs solar cells with a thickness of more than 50 m and does not include thin film solar cell technologies and poly-crystaline solar cells.
This Standard does not cover the concentration technology, and especially the requirements related to the optical components of a concentrator (e.g. reflector and lens) and their verification (e.g. collimated light source).
This Standard does not apply to qualification of the solar array subsystem, solar panels, structure and solar array mechanisms.

This document specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. This document also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in this document are generic and are intended to be applicable to all organizations, regardless of type, size or nature. Excluding any of the requirements specified in Clauses 4 to 10 is not acceptable when an organization claims conformity to this document.

2021-04-21: This EN is based on ECSS-Q-ST-60-13C Rev.1

The Scope of the Standard remains unchanged.
This standard defines the requirements for selection, control, procurement and usage of EEE components for space projects.
This standard differentiates between three classes of components through three different sets of standardization requirements (clauses) to be met.
The three classes provide for three levels of trade-off between assurance and risk. The highest assurance and lowest risk is provided by class 1 and the lowest assurance and highest risk by class 3. Procurement costs are typically highest for class 1 and lowest for class 3. Mitigation and other engineering measures may decrease the total cost of ownership differences between the three classes. The project objectives, definition and constraints determine which class or classes of components are appropriate to be utilised within the system and subsystems.
a.   Class 1 components are described in Clause 4.
b.   Class 2 components are described in Clause 5
c.   Class 3 components are described in Clause 6.
The requirements of this document apply to all parties involved at all levels in the integration of EEE components into space segment hardware and launchers.

2021-04-21: This EN is based on ECSS-Q-ST-70-40C

This document specifies general requirements for the competence and impartiality of proficiency
testing (PT) providers and consistent operation of all proficiency testing schemes. This document can
be used as a basis for specific technical requirements for particular fields of application.
Users of proficiency testing schemes, regulatory authorities, organizations and schemes using peer-
assessment, accreditation bodies and others can use these requirements in confirming or recognizing
the competence of proficiency testing providers.

This document specifies controls which shape the content and the structure of online privacy notices as well as the process of asking for consent to collect and process personally identifiable information (PII) from PII principals.
This document is applicable in any online context where a PII controller or any other entity processing PII informs PII principals of processing.

ISO/IEC 29146:2016 defines and establishes a framework for access management (AM) and the secure management of the process to access information and Information and Communications Technologies (ICT) resources, associated with the accountability of a subject within some context.
This International Standard provides concepts, terms and definitions applicable to distributed access management techniques in network environments.
This International Standard also provides explanations about related architecture, components and management functions.
The subjects involved in access management might be uniquely recognized to access information systems, as defined in ISO/IEC 24760.
The nature and qualities of physical access control involved in access management systems are outside the scope of this International Standard.

This document contains recommendations on how to integrate the principle of ‘data protection and privacy by design’ during the entire lifecycle of video-surveillance products and services, in order to achieve ‘data protection and privacy by default’.

This document specifies requirements for safety and performance of active implantable circulatory support devices, including type tests, animal studies and clinical evaluation requirements.
NOTE    The device that is commonly referred to as an active implantable medical device can in fact be a single device, a combination of devices, or a combination of a device or devices and one or more accessories. Not all of these parts are required to be either partially or totally implantable, but there is a need to specify main requirements of non-implantable parts and accessories if they could affect the safety or performance of the implantable device.
The tests that are specified in this document are type tests and are to be carried out on a sample of a device to assess device behavioural responses and are not intended to be used for the routine testing of manufactured products.
Included in the scope of this document are:
—     ventricular assist devices (VAD), left or right heart support;
—     total artificial hearts (TAH);
—     biventricular assist devices (biVAD);
—     percutaneous assist devices;
—     paediatric assist devices.

ISO 14708-3:2017 is applicable to active implantable medical devices intended for electrical stimulation of the central or peripheral nervous system.
The tests that are specified in this document are type tests and are to be carried out on a sample of a device to assess device behavioural responses, and are not intended to be used for the routine testing of manufactured products.

This document specifies requirements that are applicable to those active implantable medical devices that are intended to treat hearing impairment via electrical stimulation of the auditory pathways. Devices which treat hearing impairment via means other than electrical stimulation are not covered by this document.
The tests that are specified in this document are type tests and are to be carried out on samples of a device to show compliance.
This document is also applicable to non-implantable parts and accessories of the devices (see NOTE).
The electrical characteristics of the implantable part are determined by either the appropriate method detailed in this document or by any other method demonstrated to have an accuracy equal to, or better than, the method specified. In the case of dispute, the method detailed in this document applies.
NOTE       A device that is commonly referred to as an active implantable medical device can in fact be a single device, a combination of devices, or a combination of a device or devices and one or more accessories. Not all of these parts are required to be either partially or totally implantable, this document specifies those requirements of non-implantable parts and accessories which could affect the safety or performance of the implantable part.