如果没有干净安全的饮用水,我们会做什么? 我们把家中清洁的水供应看作是是理所当然的事情。 然而我们之所以能够给孩子提供一杯水、煮蔬菜、早上洗澡、给植物浇水,这还要归功于标准和规定的使用来确定清洁、安全的供水要求。
正确使用化学品处理我们的水是非常重要的,任何化学品的不正确使用或不当的剂量都会对我们的健康产生负面影响。
为了解决这个问题,CEN/TC 164—— 供水部门制定了一个欧洲标准:EN 17034:2018用于处理人类饮用水的化学品。 该标准适用于在处理水时使用氯化铝的方法。 它描述了相关的特性并规定了安全处理和使用这些铝盐的要求,并提到了相应的分析方法。
这些行动有助于使欧洲的水更安全,从而供所有人消费。
本欧洲标准技术秘书由AFNOR – 法国国家标准化协会所有。
如果没有干净安全的饮用水,我们会做什么? 我们把家中清洁的水供应看作是是理所当然的事情。 然而我们之所以能够给孩子提供一杯水、煮蔬菜、早上洗澡、给植物浇水,这还要归功于标准和规定的使用来确定清洁、安全的供水要求。
正确使用化学品处理我们的水是非常重要的,任何化学品的不正确使用或不当的剂量都会对我们的健康产生负面影响。
为了解决这个问题,CEN/TC 164—— 供水部门制定了一个欧洲标准:EN 17034:2018用于处理人类饮用水的化学品。 该标准适用于在处理水时使用氯化铝的方法。 它描述了相关的特性并规定了安全处理和使用这些铝盐的要求,并提到了相应的分析方法。
这些行动有助于使欧洲的水更安全,从而供所有人消费。
本欧洲标准技术秘书由AFNOR – 法国国家标准化协会所有。
通用数据保护条例(GDPR)将于5月25日在欧盟全面生效,这意味着数据隐私法规的重大变化。 对于企业来说,不遵守GDPR的高昂成本可高达全球年营业额的4%或2000万欧元。目前有三项标准涉及相关内容,它们是ISO / IEC 27001 、/ ISO / IEC 27018、和 BS
10012——通用数据保护法规包,遵守这三项自愿性协商一致标准指南有助于符合新法规的法律要求。
尽管GDPR将应用于欧盟内部的组织,但是如果它们向欧盟数据主体提供商品或服务或监控其行为,它也会影响欧盟以外的组织。该条例取代了数据保护的95/46 / EC指令,旨在协调整个欧洲的数据隐私法律,保护和授权所有欧盟公民的数据隐私,并重新制定整个地区
的组织机构处理数据隐私的方式。
ISO / IEC 27001,ISO / IEC 27018和BS 10012三项标准—可以帮助企业充分遵守GDPR。这些标准提供了采用欧洲GDPR所有必要的指南,因为标准中包括管理安全技术,个人可识别信息和数据保护。
ISO/IEC 27001:2013,信息技术——安全技术——信息安全管理体系——要求,明确了在组织范围内建立、实施、维护和持续改进信息安全管理体系的要求。它还包括根据组织的需要评估和处理信息安全风险的要求。
ISO/IEC 27018:2014,信息技术-安全技术-用于保护作为PII处理器的公共云中的个人可识别信息(PII)的规程,根据ISO/IEC 29100关于公共云计算环境的隐私原则,确立了共同接受的控制目标、控制和实施措施的指南,以保护个人可识别信息(PII)。
BS 10012:2017,数据保护,个人信息管理体系规范的制定是为了有效实施GDPR,该项标准的施行将为各组织实施恰当的“信息治理”战略提供支持。
The General Data Protection Regulation (GDPR), which goes into effect on May 25 across the European Union, means major changes in data privacy regulation. For businesses, the high cost of non-compliance with the GDPR is a fine of up to 4 percent of annual global turnover—or €20 Million. Three standards, available as the ISO/IEC 27001 / ISO/IEC 27018 / BS 10012 – General Data Protection Regulation Package, and adherence to their voluntary consensus guidelines can help to comply with the legislative requirements of the new regulation.
While the GDPR will apply to organizations located within the EU, it will also impact organizations located outside of the EU if they offer goods or services to, or monitor the behavior of EU data subjects. The regulationreplaces the Data Protection Directive 95/46/EC, and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens' data privacy, and to reformulate the way organizations across the region approach data privacy.
The standards ISO/IEC 27001, ISO/IEC 27018, and BS 10012—can help organizations adequately adhere to the GDPR. The standards provide all of the necessary guidance required to employ the European GDPR, as they include security techniques for management, personally identifiable information, and data protection.
The standard ISO/IEC 27001:2013, Information Technology-Security Techniques-Information security management systems-Requirements, specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.
ISO/IEC 27018:2014, Information technology-Security techniques-Code of practice for practice for protection of personally identifiable information (PII) in public clouds acting as PII processors, establishes commonly accepted control objectives, controls, and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.
BS 10012:2017, Data protection. Specification for a personal information management system, was written in recognition of the publication of the GDPR, and utilization of the standard will support organizations in their implementation of an appropriate “Information Governance” strategy
通用数据保护条例(GDPR)将于5月25日在欧盟全面生效,这意味着数据隐私法规的重大变化。 对于企业来说,不遵守GDPR的高昂成本可高达全球年营业额的4%或2000万欧元。目前有三项标准涉及相关内容,它们是ISO / IEC 27001 、/ ISO / IEC 27018、和 BS
10012——通用数据保护法规包,遵守这三项自愿性协商一致标准指南有助于符合新法规的法律要求。
尽管GDPR将应用于欧盟内部的组织,但是如果它们向欧盟数据主体提供商品或服务或监控其行为,它也会影响欧盟以外的组织。该条例取代了数据保护的95/46 / EC指令,旨在协调整个欧洲的数据隐私法律,保护和授权所有欧盟公民的数据隐私,并重新制定整个地区
的组织机构处理数据隐私的方式。
ISO / IEC 27001,ISO / IEC 27018和BS 10012三项标准—可以帮助企业充分遵守GDPR。这些标准提供了采用欧洲GDPR所有必要的指南,因为标准中包括管理安全技术,个人可识别信息和数据保护。
ISO/IEC 27001:2013,信息技术——安全技术——信息安全管理体系——要求,明确了在组织范围内建立、实施、维护和持续改进信息安全管理体系的要求。它还包括根据组织的需要评估和处理信息安全风险的要求。
ISO/IEC 27018:2014,信息技术-安全技术-用于保护作为PII处理器的公共云中的个人可识别信息(PII)的规程,根据ISO/IEC 29100关于公共云计算环境的隐私原则,确立了共同接受的控制目标、控制和实施措施的指南,以保护个人可识别信息(PII)。
BS 10012:2017,数据保护,个人信息管理体系规范的制定是为了有效实施GDPR,该项标准的施行将为各组织实施恰当的“信息治理”战略提供支持。
The General Data Protection Regulation (GDPR), which goes into effect on May 25 across the European Union, means major changes in data privacy regulation. For businesses, the high cost of non-compliance with the GDPR is a fine of up to 4 percent of annual global turnover—or €20 Million. Three standards, available as the ISO/IEC 27001 / ISO/IEC 27018 / BS 10012 – General Data Protection Regulation Package, and adherence to their voluntary consensus guidelines can help to comply with the legislative requirements of the new regulation.
While the GDPR will apply to organizations located within the EU, it will also impact organizations located outside of the EU if they offer goods or services to, or monitor the behavior of EU data subjects. The regulationreplaces the Data Protection Directive 95/46/EC, and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens' data privacy, and to reformulate the way organizations across the region approach data privacy.
The standards ISO/IEC 27001, ISO/IEC 27018, and BS 10012—can help organizations adequately adhere to the GDPR. The standards provide all of the necessary guidance required to employ the European GDPR, as they include security techniques for management, personally identifiable information, and data protection.
The standard ISO/IEC 27001:2013, Information Technology-Security Techniques-Information security management systems-Requirements, specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.
ISO/IEC 27018:2014, Information technology-Security techniques-Code of practice for practice for protection of personally identifiable information (PII) in public clouds acting as PII processors, establishes commonly accepted control objectives, controls, and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.
BS 10012:2017, Data protection. Specification for a personal information management system, was written in recognition of the publication of the GDPR, and utilization of the standard will support organizations in their implementation of an appropriate “Information Governance” strategy
“技术飞快发展和互联网的全球特性需要一种能够对数据进行电子认证的各种技术和服务开放的方法。”(来源: 1999/93/EC指令)
电子签名是个人对签名所涉及的文件内容或一组数据表示同意的电子证明。电子签字与离线世界中的手写签字一样,电子签字是一个法律概念,反映了签字人希望受已签署文件条款约束。(来源: CEF 数字)
CEN/TC 224 关于“多部门环境中具有安全因素、系统、操作和隐私的个人身份识别和相关个人设备”将很快发布两个电子签名领域的技术报告:
CEN/TR 419040:2018:电子签名标准化的合理化结构 – 市民指南
本技术报告旨在帮助市民了解在日常生活中使用电子签名的相关性。并且它还解释了电子签名的法律和技术背景。本文件为电子签名的使用提供指导,并解决市民可能就如何进行电子签名以及如何找到合适的应用程序和材料的典型实际问题。
CEN/TR 419030:2018:电子签名标准化的合理化结构 – 中小企业的典例
本技术报告旨在成为任何正在考虑对纸质工作流程实现非物质化的中小企业的电子签名各方面的切入点,并寻求完善的法律和技术基础,以便在此过程中集成电子签名或电子印章。它的目的不在于积极开发电子签名产品和服务的中小企业的指南 – 他们应该依赖ETSI EN 319系列来建立他们的报价 – 但它是中小企业消费电子签名产品和服务的指南。
CEN / TC 224技术秘书处由AFNOR – 法国标准化协会承办。
“技术飞快发展和互联网的全球特性需要一种能够对数据进行电子认证的各种技术和服务开放的方法。”(来源: 1999/93/EC指令)
电子签名是个人对签名所涉及的文件内容或一组数据表示同意的电子证明。电子签字与离线世界中的手写签字一样,电子签字是一个法律概念,反映了签字人希望受已签署文件条款约束。(来源: CEF 数字)
CEN/TC 224 关于“多部门环境中具有安全因素、系统、操作和隐私的个人身份识别和相关个人设备”将很快发布两个电子签名领域的技术报告:
CEN/TR 419040:2018:电子签名标准化的合理化结构 – 市民指南
本技术报告旨在帮助市民了解在日常生活中使用电子签名的相关性。并且它还解释了电子签名的法律和技术背景。本文件为电子签名的使用提供指导,并解决市民可能就如何进行电子签名以及如何找到合适的应用程序和材料的典型实际问题。
CEN/TR 419030:2018:电子签名标准化的合理化结构 – 中小企业的典例
本技术报告旨在成为任何正在考虑对纸质工作流程实现非物质化的中小企业的电子签名各方面的切入点,并寻求完善的法律和技术基础,以便在此过程中集成电子签名或电子印章。它的目的不在于积极开发电子签名产品和服务的中小企业的指南 – 他们应该依赖ETSI EN 319系列来建立他们的报价 – 但它是中小企业消费电子签名产品和服务的指南。
CEN / TC 224技术秘书处由AFNOR – 法国标准化协会承办。
BSI已经修订了其测试和校准实验室能力标准,ISO 17025测试和校准实验室能力的一般要求。
该项标准的制定旨在提高对实验室运作的信心。此项标准规定了实验室的能力、公正性和实验室一致操作的一般要求;这些要求包括要求实验室证明其能够胜任工作,并能够产生有效的结果。
监管机构、实验室客户、组织和使用同行评估的方案、认证机构和其他机构将使用ISO 17025来确认或承认实验室的能力。
该项标准的上一个版本ISO 17025:2005已被撤销,并被修订版所取代。
与以前版本相比,主要变化是:
——本版采用了基于风险的思想,这使得规定性要求得以降低,并被基于性能的要求所取代。
——在对流程、过程、文件信息和组织责任的要求方面,具有更大的灵活性。
——增加关于实验室的定义。
BSI治理和弹性部负责人安妮.海斯(Anne Hayes)表示:“最近修订的ISO 17025是测试校准实验室的任何组织或个人——尤其是监管机构——必须具备的标准。 ISO 17025适用于所有从事实验室活动的组织,不论其人数如何。”
该项标准涉及风险和机会,为提高管理体系的有效性、取得更好的成果和防止负面影响奠定了基础。实验室负责决定哪些风险和机会需要解决。
标准中有“过程要求”部分,涉及报告的通用要求和具体要求(测试、校准或抽样);校准证书的要求;报告符合性声明。 同时符合本文件的实验室也将按照ISO 9001中的原则运作。
下列组织作为推进委员会成员参与了ISO 17025的制定:BMTA(英国测量和测试协会); CSA集团; EMCTLA(EMC测试实验室协会); 环境署; 是德科技英国有限公司; 国家物理实验室(NPL); UKAS(UK认证服务)。
International standard for competency testing of laboratories revised
BSI, the business standards company, has revised its standard for competency of testing and calibration laboratories, ISO 17025 General requirements for the competence of testing and calibration laboratories.
The standard was developed with the objective of promoting confidence in the operation of laboratories. It specifies the general requirements for the competence, impartiality and consistent operation of laboratories; these include requirements for laboratories to demonstrate that they operate competently, and are able to generate valid results.
Regulatory authorities, laboratory customers, organizations and schemes using peer-assessment, accreditation bodies, and others will use ISO 17025 in confirming or recognizing the competence of laboratories.
The previous version of this standard, ISO 17025:2005, has been withdrawn and is superseded by the revised version.
The main changes compared to the previous edition of this standard are:
– An adoption of risk-based thinking applied in this edition, which has enabled some reduction in prescriptive requirements, and their replacement by performance-based requirements
– There is greater flexibility than in the previous edition in the requirements for processes, procedures, documented information and organizational responsibilities
– A definition of laboratory has been added
Anne Hayes, Head of Governance and Resilience at BSI, said: “Recently revised ISO 17025 is a must-have standard for any organization or individual that tests calibration laboratories – in particular regulatory authorities. ISO 17025 is applicable to all organizations performing laboratory activities, regardless of the number of personnel.”
The standard addresses both risks and opportunities, establishing a basis for increasing the effectiveness of the management system, achieving improved results and preventing negative effects. The laboratory is responsible for deciding which risks and opportunities need to be addressed.
There is a section in the standard for “process requirements”, which covers common and specific requirements for reports (test, calibration or sampling); requirements for calibration certificates; and reporting statements of conformity. Laboratories that conform to this document will also operate generally in accordance with the principles in ISO 9001.
The following organizations were involved in the development of ISO 17025 as members of the steering committee: BMTA (British Measurement & Testing Association); CSA Group; EMCTLA (EMC Test Labs Association); Environment Agency; Keysight Technologies UK Ltd; National Physical Laboratory (NPL); UKAS (UK Accreditation Service).
英国标准协会(BSI)发布了一项新的有效检查年龄的规程,,以保护儿童免于在网上浏览成人内容。
新的规程帮助在线服务提供商(如约会、赌博及成人娱乐公司)在无需获得个人全部身份的情况下便可验证个人年龄。
新的规程受到数字策略联盟的支持,出台非常及时,英国99%的儿童有上网行为[1],其中一半的儿童只有三岁,会定期获得网上内容[2],而10岁至15岁的儿童中,只有8%的家长在其上网时起到监督作用[3]。
新规程——PAS 1296: 2018年上网年龄检测——网上年龄检测服务规定及用途——规程,提供建议,防止未达到年龄要求的用户:
数据保密问题及网上卖主如何保护保密信息在指南中名为“数据屏蔽”的部分中有所陈述(先于下月一般数据保护条例(GDPR)最后限期)。这保证推荐的步骤,通过相关措施如数据缩小、透明、同意及假名化,与一般数据保护条例中“隐私设计”原则一致。
BSI的标准主任斯科特.斯蒂德曼(Scott Steedman)指出:“家长、企业及监管者一致同意,必须采取更多措施,保护18岁以下的人免于在网上获得有年龄限制的内容。该指南将帮助企业降低风险——让儿童进入在不该访问的内容中,同时仍尊重守法成年消费者的隐私权。”
推动PAS规程制定的数字策略联盟()主席埃罗尔(Earl of Errol)伯爵:“我们很快意识到有必要复制现实世界中已有的关于成人和儿童的保护措施。重要的是要知道你在和一个适合年龄的人打交道,关于这点,PAS会给出一些常识指导。PAS 1296的制定是为了避免儿童偶然碰到不合适的成人娱乐,DPA会继续支持年龄检测,以保护儿童免受网络世界对所有年龄层都有限制的商品及服务的影响。”
PAS将帮助那些需要遵守年龄检测相关法律要求的企业。不遵守相关法律或相关合规体制不完善所带来的风险包括行政处分、民事或刑事诉讼及声誉受损。
新的指南承认组织有必要采取量身定制的方法解决网上年龄核对检查问题,而不是采取“一刀切”的方法,这是因为企业的性质千差万别,如在线赌博网站,相比售卖12级电影的网站来说,应该拥有更加严格的年龄检查手段。例如,年龄限制的指南也会阻止40岁的成年人报名参加16岁以下的俱乐部。
以下组织参与PAS 1296推动委员会的相关工作:年龄检查、年龄验证供应商协会、亚里士多德国际、Avoco、监管交付办公室、英美烟草公司、BSI消费者与公共利益网络、Co-opted members、数字策略联盟、ICM注册公司、Nicoventures、BAT集团、波特兰广播有限公司、信任提升、Verime (Telecom2 Ltd)和Yoti。
以下机构也为制定PAS提供了额外支持:Brickchain 有限公司、GBG PLC及律商联讯。
New guidance to protect children from viewing adult content online
A new code of practice for effective age checks to protect children from viewing adult content online has been published by BSI, the UK’s National Standards Body.
The guidance assists online service providers – such as dating, gambling and adult entertainment firms – to verify an individual’s age without being able to access their full identity.
Backed by the Digital Policy Alliance, the guidance is timely given that 99% of children in the UK are now online[1]. Half of children as young as three regularly access online content[2], and of 10 to 15 year olds, just 8% of parents supervise them while online[3].
The guidance – PAS 1296: 2018 Online age checking – provision and use of online age checks services – code of practice – provides recommendations to prevent ineligible users from:
a.) Buying age-restricted goods online
b.) Accessing age-restricted content online (e.g. adult content)
c.) Using age-restricted online services (e.g. dating agencies)
d.) Accessing harmful content on platforms and apps
Data privacy concerns – ahead of next month’s GDPR deadline – are addressed in the guidance with a section covering ‘data masking’, and how an online vendor can protect confidential information. This ensures that the processes recommended adhere to the GDPR “privacy by design” principle, through measures such as data minimization, transparency and consent and pseudonymization.
Scott Steedman, Director of Standards at BSI, said: “Parents, businesses and regulators agree that more must be done to protect those under 18 from accessing age-restricted content online. This guidance will help organizations to reduce the risk of children being exposed to material they shouldn’t be able to access, whilst still respecting the privacy rights of law-abiding adult consumers.”
Earl of Erroll, Chair of the Digital Policy Alliance, which facilitated development of the PAS, said: “We rapidly realized the requirement to replicate some of the protections that exist for children and adults in the real world. It is essential to know that you are dealing with someone of the right age and this PAS gives common sense guidance on how to do that. PAS 1296 was created to avoid children stumbling across inappropriate adult entertainment, and the DPA will continue to champion age checking to protect children from all age restricted goods and services in the online world.”
The PAS will assist businesses that are required to comply with the legal requirements involved in conducting age checks. Risks for non-compliance or for those with inadequate compliance systems include disciplinary sanctions, civil or criminal action against the business, and reputational damage.
The new guidance recognizes the need for organizations to adopt a tailored approach to online age verification checks, rather than a ‘one-size-fits-all’ process. This is due to the varying natures of these businesses, such as an online gambling website, which should have more stringent age-checking measures than a website selling 12-rated films. The age restricted guidance would also prevent a 40 year old from attempting to sign up to an under 16s club, for example.
The following organizations were involved in the steering committee for PAS 1296: AgeChecked; Age Verification Providers Association; Aristotle International; Avoco; Better Regulation Delivery Office; British American Tobacco; BSI Consumer & Public Interest Network; Co-opted members; Digital Policy Alliance; ICM Registry; Nicoventures, BAT Group; Portland Broadcasting Ltd; Trust Elevate; Verime (Telecom2 Ltd); Yoti.
Additional support for the development of this PAS was also provided by: Brickchain Limited; GBG PLC; LexisNexis Solutions.
美国国家标准协会(ANSI)邀请所有感兴趣的利益相关方注册参与为期两天的个人资格认证研讨会,举办时间为2018年6月14日及15日,地点是位于华盛顿的ANSI总部。
该研讨会旨在向感兴趣的利益相关方介绍国际标准ANSI/ISO/IEC 17024—对实施个人认证方案的机构的一般要求,包括2012版本中修订的和最新要求。讨论将围绕推动对标准要求的理解、其好处及其成为个人资格基础的缘由。这些会议面向所有考虑获得ANSI ISO/IEC 17024标准认证的组织,该项标准是国际标准,逐渐受到美国政府、认证行业及雇主的日益认可。
请立即注册6月份的课程。研讨会时间为6月14日上午9点至下午5点,15日上午9点至下午4点。
研讨会旨在向那些正在考虑由ANSI认可的组织介绍该项国际标准的组织。注册者将会参加演示、小组讨论及练习,以便更好地了解ANSI期望所有组织该提供什么内容来展示其符合每项要求。另外,与会者将能够自行评价本组织的运营情况,并在申请ANSI认证前需要确定改进的领域。
利益相关者包括:
—来自公司、组织、政府机构和其他经营认证项目的人员,以及希望更多地了解认证如何为他们的计划增加价值的人士。
—正在考虑制定人员认证计划的组织。
—考虑是否要获得ANSI认可,并希望了解认可的好处和用途的组织。
—通过ANSI认可过程的组织。
—目前已被认可的组织。
—通过测试、营销、IT及其它服务支持认可程序的组织。
美国国家标准协会(ANSI)于2018年5月又认可了9个新成员,这9个新成员如下:
1、Axxess
2、Consensys Systems, Inc.
3、Fluence Automation
4、HMC Holdings LLC
5、Innovative Solutions
6、KeyBank National Association
7、Office of the Texas State Chemist
8、Samsung Semiconductor, Inc.
9、Tapeswitch Corporation
这些组织加入的是一个代表并服务于超过270000家公司和30000000名专业人员利益的联盟。在ANSI的保护伞下,各种不同的组织共同努力,通过开发、制定及发布自愿性协商一致标准及相关的合格评定体系,加强在全球市场中商业运营的竞争力,提高所有公民的生活质量。
“积极参与ANSI及其相关项目,这些可作为组织的战略资产及有形资产,”ANSI主席兼CEO邱•巴提亚(Joe Bhatia)表示。“这些组织不仅会获得别处无法提供的相关信息及商业情报,还会享受许多产品及服务。同样重要的是,这些组织可以建立联系,这赋予他们发言权,并影响那些会直接影响其业务的标准化和合格评定决策。”
标准2025