Europaweite Zertifizierung von Cloud-Diensten

DIN SPEC als Basis für Europäische Normungsarbeit

Ziel des Forschungsprojekts „AUDITOR“ ist die Konzeptionierung, exemplarische Umsetzung und Erprobung einer nachhaltig anwendbaren EU-weiten Datenschutzzertifizierung von Cloud-Diensten. Um eine nachhaltige Datenschutzzertifizierung zu konzipieren, wird zunächst ein Kriterienkatalog für die Zertifizierung von Cloud-Diensten nach der DSGVO entwickelt und eine entsprechende Standardisierung in Form einer DIN SPEC angestrebt. Diese DIN SPEC bildet die Grundlage für die Europäische Normung und die Entwicklung eines EU-weit anerkannten Datenschutz-Zertifizierungsschemas.

Lesen Sie mehr zu diesem Thema auf der Website der Uni-Kassel

New edition of ISO/IEC 17025 just published

The most popular standard for the competence of testing and calibration laboratories has just been updated, taking into account the latest changes in laboratory environment and work practices.

ISO/IEC 17025:2017, General requirements for the competence of testing and calibration laboratories, is the international reference for laboratories carrying out calibration and testing activities around the world.

Producing valid results that are widely trusted is at the heart of laboratory activities. ISO/IEC 17025:2017 allows laboratories to implement a sound quality system and demonstrate that they are technically competent and able to produce valid and reliable results.

ISO/IEC 17025 also helps facilitate cooperation between laboratories and other bodies by generating wider acceptance of results between countries. Test reports and certificates can be accepted from one country to another without the need for further testing, which, in turn, improves international trade.

In order to reflect the latest changes in market conditions and technology, the new edition of the standard encompasses the activities and new ways of working of laboratories today. It covers technical changes, vocabulary and developments in IT techniques and takes into consideration the latest version of ISO 9001 on quality management.

The three Convenors of CASCO working group 44 (CASCO/WG 44) that revised the standard tell us why the new version of ISO/IEC 17025 is so important for laboratories:

Laboratories already accredited to ISO/IEC 17025:2005 will need to transition their processes to the new version within a three-year period from the publication date of the new standard. The Joint ILAC-ISO Communiqué explains this timeframe transition.

ISO/IEC 17025:2017 was developed jointly by ISO and the International Electrotechnical Commission (IEC) under the responsibility of the ISO Committee on conformity assessment (CASCO).

What are the main changes in the 2017 version?

.   The scope has been revised to cover testing, calibration and sampling associated with subsequent calibration and testing.

.   The process approach now matches that of newer standards such as ISO 9001 (quality management), ISO 15189 (quality of medical laboratories) and ISO/IEC 17021-1 (requirements for audit and certification bodies).

.   The standard has now a stronger focus on information technologies and incorporates the use of computer systems, electronic records and the production of electronic results and reports.

.   A new chapter introduces the concept of risk-based thinking.

Highlighting the importance of standards on World Aids Day

Today is World AIDS Day, a day to show support for people living with HIV, the Human Immunodeficiency Virus. It’s also a day to raise awareness about condom safety.

Condoms are highly effective in providing protection against HIV, that attacks the body’s immune system and can lead to AIDS, according to the World Health Organization (WHO). And to make sure that condoms indeed function in this capacity, they are manufactured and tested to the highest ISO standards to ensure that they don’t break or leak when used.

ISO’s work on condoms is carried out by technical committee ISO/TC 157 on non-systemic contraceptives and STI barrier prophylactics. The standards it develops aim to ensure that condoms fit properly, are free from holes, have adequate physical strength so as not to rip during use, are adequately packaged for protection during storage and are correctly labelled. They also give essential information for the condom user, including instructions for use.

For it to be effective, the quality of the condom is very important. Before any production, the raw material, the latex, already undergoes quality tests. Next, tests are carried out on random individual specimens from each batch. A batch typically represents 150 000 condoms under just one series number.

Condoms also protect from various viruses, not least hepatitis C, a liver-destroying disease. To minimize the risk of viral transmission, ISO/TC 157 has developed a new test procedure for confirming the barrier properties of materials.

“Manufacturers are required to confirm that these condoms are effective viral barriers,” explains Bill Potter from the ISO working group. He adds that the testing of condoms is done from three production lots during the validation stage for any new or modified products. Details of the tests are included in ISO 25841:2017 for female condoms (and the earlier 2011 and 2014 editions) and ISO 23409:2011 for male condoms made from synthetic materials.

Most of the products under the responsibility of ISO/TC 157 are classified as medical devices, and range from the single-use male condom to multiple-use female intra-uterine devices that provide long-term protection. These standards are being developed by ISO/TC 157, whose secretariat is currently held by DSM, the ISO member for Malaysia.

World AIDS Day is held on 1 December each year. It is an opportunity for people worldwide to unite in the fight against HIV, commemorate those who have passed on and celebrate how far we have come in conquering this deadly disease.

l  淋浴设备

l  水龙头设备

l  流量控制器

l  洁具

l  小便器

l  洗碗机

l  洗衣机

l  用水来干燥的组合式洗衣/干衣机的干衣功能

澳大利亚标准协会的提案已由国际标准化组织（ISO）注册。目前161个ISO成员机构将在该提案投入使用前对其进行审议和评估。

Increasing the efficiency of our water use

Standards Australia has submitted a proposal for a new International Standard on water efficiency labelling with the help of Singapore, Malaysia, China and New Zealand. This aims to further reduce domestic water wastage, support the government’s Water Efficiency Labelling and Standards (WELS) scheme and make it easier for more countries to benefit from using water efficient products.

Water is the world’s most precious resource and we all have a responsibility to use it wisely. The UN's Sustainable Development Goal 6 (SDG6) notes that access to safe water and sanitation is essential to human health, sustainability and economic growth.

As part of Australia’s commitment to greater water efficiency, the Department of Agriculture and Water Resources manages the WELS scheme. WELS reduces demand for high quality drinkable water by informing consumers about water efficiency at the point of sale.

The new proposal follows Standards Australia’s development of the joint Australian and New Zealand Standard AS/NZS 6400, Water efficient products – Rating and labelling, through the technical committee WS-032, Water Efficient Appliances. This standard contributes to a more water efficient Australia and helps consumers identify which products are “best-of-breed” when it comes to water usage.

The proposed International Standard would assist manufacturers of specified products to transact in a common market, enabling competition and encouraging best practice. It would also empower consumers to use water more wisely.

The WELS Regulator in the Department of Agriculture and Water Resources, Mr Paul Morris, said an international standard would benefit both consumers and business in reducing water wastage globally

 “Australia’s WELS scheme has been very successful in reducing domestic water use in Australia. Consumers use the information on the WELS label to make informed purchasing decisions that save water and save money on utility bills,” said Mr Morris.

“By 2021 it is estimated that use of water efficient products will help to reduce domestic water use by nearly 150,000 megalitres each year—enough water to fill 60,000 Olympic swimming pools.

“In addition, Australians will save more than one billion dollars overall through reduced water and energy bills.

 “An international standard will benefit Australian consumers and manufacturers by reducing manufacturing costs, and will help other countries implement water efficiency schemes that can save water and reduce the need for costly water infrastructure.”

Standards Australia CEO, Dr Bronwyn Evans, applauded the committee for positioning Australia as a leader for this initiative.

 “An international standard would harmonise existing national systems and help facilitate a common market.

 “With Australia driving this important area of work, we are shaping the way the world works together to reduce our global impact,” said Dr Evans.

The standard relates to the following range of products:

• Showers

• Tap equipment

• Flow controllers

• Lavatory equipment

• Urinal equipment

• Dishwashers

• Clothes washing machines

• The dryer function of combination washer/dryers, where they use water to dry a load

Standards Australia’s submission has been registered with the International Organization for Standardization (ISO). The 161 member bodies of ISO will now consider and assess the proposal before commencing work.

BSI launches new code of practice to protect vulnerable customers from fraud and financial abuse

BSI, the business standards company, has launched a new code of practice that gives recommendations to organizations for protecting vulnerable customers from financial harm that might occur as a result of fraud or financial abuse.

Sponsored by NatWest, the code of practice, PAS 17271: Protecting customers from financial harm as a result of fraud or financial abuse, gives guidance on how to recognize customers who might be at particular risk from fraud and financial abuse and how to assess the potential risks to the individual. This can include those in vulnerable circumstances, either temporarily or permanently, which can affect their ability to communicate, understand, make decisions, or take actions that are in their best interests.

The guidance in BSI’s new code of practice distinguishes between fraud – a criminal act involving deception intended to result in financial gain, such as ID theft or online scams – and financial abuse. Financial abuse is the criminal act of controlling a person’s property, money, pension book or other valuables intended to result in the financial or personal gain of the abuser. It is typically carried out by people in a position of trust, such as partners, relatives, friends of carers.

How an organization treats its customers can contribute to levels of financial harm.  Inadequate systems and procedures that fail to identity, inform, protect and support customers can make it more likely that vulnerable customers are susceptible to fraud or financial harm. The code of practice provides detailed recommendations, guidance and a comprehensive checklist to organizations that want to implement change, to achieve or maintain levels of good practice. Recommendations cover organizational principles, culture and strategy.

In cases where fraud or financial abuse has already occurred, PAS 17271 gives guidance on how to help and support customers, and how to minimize future risks. Fraud and financial abuse are widespread; in 2016, there were over 1.85 million cases of financial fraud in the UK. During 2016, financial fraud losses across payment cards, remote banking and cheques totalled £768.8 million, an increase of 2% over the prior year.^[1] Experts believe this is only the tip of the iceberg, with only a fraction of all fraud cases reported.^[2]

The code of practice is applicable to organizations of all types and sizes operating in the UK that manages the money or other financial assets of UK consumers – in particular banks, building societies, credit card providers, credit unions, and pension providers.

Anne Hayes, Head of Governance and Resilience at BSI, said: “Financial institutions have a responsibility to assist the vulnerable. Anyone can be a victim of fraud or financial abuse – but we know from experience that some people are uniquely at risk. Individuals with a

history of financial problems; learning difficulties; those recovering from addictions; and the young are just some of the diverse types of people most susceptible.

“PAS 17271 was created to help organizations protect customers from financial harm. The bottom line is that best practice in systems and procedures can help prevent and detect fraud and financial abuse.”

David Lowe, Head of Fraud Prevention at NatWest said: “Being victim of fraud can be devastating and sadly we are seeing the complexity and sophistication of these crimes increase. We know that it is our collective responsibility to support consumers and help prevent

them from falling victim to fraud which is why we took the initiative to sponsor a BSI PAS in 2016. The BSI PAS provides the best platform to join forces with the government, other banks and industry partners to work towards a common goal.’’

Ben Wallace, Security Minister at the Home Office, said: “Protecting vulnerable people from becoming victims of fraud or financial harm is a key priority for this Government and I really welcome this new guidance which will drive best practice in this area.

“It is an excellent example of the collaborative nature of the Joint Fraud Taskforce which sees Government, law enforcement and industry working together to tackle some of the toughest fraud issues in order to protect the public, particularly those that are at a higher risk

of becoming victims.

“The national Take Five to Stop Fraud campaign raises further awareness of how the public can take simple steps to protect themselves against the most common types of fraud.”

The development of Pas 17271 was sponsored by NatWest, with a steering group comprising financial institutions and consumer bodies. The broad consensus and buy-in from industry includes involvement in the development of the PAS by: Barclays; Building

Societies Association; Consumer & Public Interest Network; Financial Fraud Action UK; Home Office Joint Task Force; KMB Telemarketing Ltd; Metropolitan Police; National Trading Standards; Office of the Public Guardian; Santander UK plc; Scottish Business

Resilience Centre; The Co-Operative Bank plc. 

Solving market fragmentation through standards in the Security sector 

CEN and CENELEC were present at the high-level event ‘Security Research, Innovation and Education Event’ (SRIEE 2017), organized by the Estonian presidency and the European Commission which took place in Tallinn on 14-15 November. The main focus of the discussions was how to reduce the gap between research and the market, so that innovative solutions can meet the needs of practitioners and other users. Participants included researchers, industry representatives, public security providers and practitioners (i.e. fire departments, intelligence agencies, etc.) and policy makers from across Europe.

Estonian Prime Minister Jüri Ratas opened the event and gave the welcoming speech emphasizing the need to identify ways to improve innovation uptake.

Two high-level panels focusing on "Conveying the future needs of Practitioners to the Research Community" and on "The future of security research" took place following the welcoming speech.
Elena Santiago Cid, CEN and CENELEC Director General, was invited as a speaker in High-level Panel 1 – From Research to Practitioners and End-users.

The panellists focused on the fragmentation of the European security market and what European research in the security sector can do to increase competitiveness and offer harmonized solutions.

In response to these concerns, Ms Santiago explained that market segmentation can be reduced through standards. She confirmed the important role that standardization plays as a voluntary tool that can deploy or bring innovation to the market and the strength of the CEN and CENELEC systems to bring all stakeholders together to reach consensus.

Addressing the role of standardization in Horizon2020 research projects, Ms Santiago shared the approach taken by ZONeSEC, an FP7 security research project which is in the process of initiating a CEN-CENELEC Workshop (CWA) on the ‘Interoperability of Security Systems for the Surveillance of Widezones’.

Widezones are critical public infrastructures such as highways, energy lines or pipelines (i.e. gas pipelines), etc. that spread over large areas covering wide geographic zones. The kick-off meeting of the CWA for ZONeSEC will take place in Athens on 11 December.

Concluding her contribution to the high level panel of SRIEE, Ms Santiago invited the security sector to reach out to the standardization community and join forces in developing solutions which support the competitiveness of the sector in Europe.

Solving market fragmentation through standards in the Security sector 

CEN and CENELEC were present at the high-level event ‘Security Research, Innovation and Education Event’ (SRIEE 2017), organized by the Estonian presidency and the European Commission which took place in Tallinn on 14-15 November. The main focus of the discussions was how to reduce the gap between research and the market, so that innovative solutions can meet the needs of practitioners and other users. Participants included researchers, industry representatives, public security providers and practitioners (i.e. fire departments, intelligence agencies, etc.) and policy makers from across Europe.

Estonian Prime Minister Jüri Ratas opened the event and gave the welcoming speech emphasizing the need to identify ways to improve innovation uptake.

Two high-level panels focusing on "Conveying the future needs of Practitioners to the Research Community" and on "The future of security research" took place following the welcoming speech.
Elena Santiago Cid, CEN and CENELEC Director General, was invited as a speaker in High-level Panel 1 – From Research to Practitioners and End-users.

The panellists focused on the fragmentation of the European security market and what European research in the security sector can do to increase competitiveness and offer harmonized solutions.

In response to these concerns, Ms Santiago explained that market segmentation can be reduced through standards. She confirmed the important role that standardization plays as a voluntary tool that can deploy or bring innovation to the market and the strength of the CEN and CENELEC systems to bring all stakeholders together to reach consensus.

Addressing the role of standardization in Horizon2020 research projects, Ms Santiago shared the approach taken by ZONeSEC, an FP7 security research project which is in the process of initiating a CEN-CENELEC Workshop (CWA) on the ‘Interoperability of Security Systems for the Surveillance of Widezones’.

Widezones are critical public infrastructures such as highways, energy lines or pipelines (i.e. gas pipelines), etc. that spread over large areas covering wide geographic zones. The kick-off meeting of the CWA for ZONeSEC will take place in Athens on 11 December.

Concluding her contribution to the high level panel of SRIEE, Ms Santiago invited the security sector to reach out to the standardization community and join forces in developing solutions which support the competitiveness of the sector in Europe.

Gesicherte Qualität

Neue Normenreihe DIN 77200 ermöglicht erstmals die Zertifizierung von Wach- und Sicherheitsdienstleistungen

Die Normenreihe DIN 77200 „Sicherungsdienstleistungen“ soll die Qualität von Dienstleistungen im Wach- und Sicherheitsbereich nachhaltig erhöhen. Im November hat DIN die Teile eins und drei der Reihe veröffentlicht: Teil 1 beschreibt Mindestanforderungen und Qualitätskriterien für Sicherheitsdienstleister, Teil 3, wie akkreditierte Zertifizierungsstellen diese Kriterien prüfen. Der Normteil DIN 77200-2 enthält weitere Anforderungen an Sicherheitsdienstleister für besondere Leistungsbereiche, beispielsweise öffentliche Veranstaltungen und den Personenverkehr, und ist derzeit noch in Bearbeitung. Der Norm-Entwurf wird voraussichtlich im Sommer 2018 veröffentlicht.

Die neue Normenreihe DIN 77200 formuliert klare Anforderungen, nach denen sich Sicherheitsdienstleister zertifizieren lassen können“, erklärt Sven Middelhauve, Referent und Leiter der Rechtsabteilung der Securitas Deutschland und Obmann des für die Normenreihe zuständigen Arbeitsausschusses. „Sie fördert das einheitliche Verständnis zwischen Sicherheitsfirmen und deren Auftraggebern, sorgt für Transparenz bei der Definition des Auftragsumfangs, steigert die Qualität der angebotenen Leistungen und kann damit letztlich auch das Vertrauen in die Sicherheitsbranche steigern.“ Die Normenreihe deckt Wach- und Sicherheitsdienstleistungen ab, die unterschiedlichen Zwecken dienen können, beispielsweise zur Abwehr von Gefahren durch Straftaten, durch Betriebsausfälle oder Naturereignisse.

Der Normteil DIN 77200-1 enthält Mindestanforderungen an Sicherheitsdienstleister und deren Niederlassungen in Bezug auf Organisation, Prozesse und Personal. So müssen sie unter anderem nachweisen können, dass ihre mit Sicherheitsdienstleistungen beauftragten Mitarbeiter die Sachkundeprüfung nach § 34a GewO erfolgreich abgelegt haben. Ebenso müssen sie belegen, dass sie über ein schriftlich dokumentiertes Verfahren verfügen, um die Aus- und Weiterbildung der Mitarbeiter sicherzustellen. Normteil DIN 77200-3 beschreibt die Anforderungen an Zertifizierungsstellen und den Ablauf des Verfahrens, mit dem sich prüfen lässt, ob die in Teil 1 beschriebenen Kriterien eingehalten werden.

Informationsveranstaltungen zur Norm

Die DIN-Akademie bietet drei Informationsveranstaltungen an, bei denen Teilnehmer aus erster Hand wichtige Informationen rund um die Anwendung der Normenteile DIN 77200-1 und DIN 77200-3 erhalten. Wissensvermittlung, Diskussion und praktischer Austausch stehen im Fokus der Veranstaltungen.

New draft of ISO 50001 energy management standard

Since 2011, organizations have been able to follow a systematic approach in achieving continual improvement of energy performance, including energy efficiency, energy use and consumption, thanks to ISO 50001.

Like all International Standards, ISO 50001 has come under periodic review to ensure that it continues to meet the rapidly changing needs of the energy sector. This work is being carried out by the ISO technical committee responsible for energy management and energy savings (ISO/TC 301), whose secretariat is held by ANSI, ISO’s member for the USA, in a twinning arrangement with the ISO member for China, SAC. Here, we explain the main changes with the help of Deann Desai, Professor at the Georgia Institute of Technology and Convenor of the working group tasked with revising the standard. 

“Perhaps the most important change for the 2018 version is the incorporation of the high-level structure, which provides for improved compatibility with other management system standards.” The high-level structure (HLS) is a simple and effective concept. “Because organizations often implement a number of management system standards, the use of a shared structure, as well as many of the same terms and definitions, helps to keep things simple,” explains Prof. Desai. This is particularly useful for those organizations that choose to operate a single (sometimes called “integrated”) management system that can meet the requirements of two or more management system standards simultaneously.

Prof. Desai continues: “There are other improvements in the 2018 version to help ensure that the key concepts related to energy performance are clear for small and mid-sized businesses (SMEs).” This is important in encouraging uptake of the use of management system standards by SMEs, which sometimes assume that the benefits of International Standards mostly apply to multinational businesses. That’s not the case, with SMEs around the world using ISO standards to build customer confidence and reduce costs across all aspects of their business, including meeting regulation requirements.

With energy efficiency playing such a key role in meeting social and environmental targets for all sizes of business, promoting uptake of ISO 50001 is also an important part of Prof. Desai’s work. She tells us about a number of different initiatives that have helped increase the use of ISO 50001 around the world, including the Clean Energy Ministerial (CEM) and the United Nations Industrial Development Organization (UNIDO). 

The Clean Energy Ministerial is a global awards programme that recognizes leading organizations for their energy management achievements and use of ISO 50001 to address energy and climate challenges. Organizations certified to ISO 50001 are invited to submit case studies for recognition. If that sounds like your organization, then you should know that the Clean Energy Ministerial is now accepting entries for its 2018 Energy Management Leadership Awards.