Security toolbox protects organizations from cyber-attacks

Geneva, Switzerland, 2015-12-17 – Cyber-attacks are among the greatest risks an organization can face. Having standards and systems in place to keep information safe has therefore never been more important than in today’s digital world. This is why the ISO/IEC 27000 series on security techniques for information technology has been updated to provide organizations with that added value and confidence.

In a global survey conducted by ISACA in 129 countries, only 38 % of respondents felt they were prepared for a cyber-attack – even though 83 % believed these are among the top three threats facing organizations today. With so much personal and sensitive information being handled electronically, there is a lot at stake if it were to be compromised.

Prof. Edward Humphreys, convenor of ISO/IEC Joint Technical Committee (JTC) 1 SC 27: IT security techniques, WG 1: Information security management systems (ISMS), emphasizes, “To ensure security in today’s digital landscape, all organizations, irrespective of size, should put in place a management framework as a starting point to manage cyber risks. ISO/IEC 27001 was designed to help organizations do just that. The Standard is the world’s ‘common language’ when it comes to assessing, treating and managing information-related risks.”

Below are the latest revisions and additions to the ISO/IEC 27000 series – all published in 2015 – which form part of the ISO/IEC 27001 “cyber risk toolbox”, to help keep these risks in check.

Protecting information in the cloud (ISO/IEC 27017)

A new code of practice for information security controls for cloud services, ISO/IEC 27017, has just been published. The cloud is one of the most widely used innovations in today’s fast-paced world of commerce and business. As the service gains currency, users are demanding assurances that data stored and processed in the cloud is safe. Because of its very nature, the marketplace for cloud services is global, with providers dispersed across wide geographical areas, and data is routinely transferred across national boundaries. International guidance is therefore key.

According to Satoru Yamasaki, one of editors who worked on the Standard, “ISO/IEC 27017 will help service providers come to a common understanding with their customers regarding adequate security controls and their implementation guidance. This International Standard for cloud security controls will facilitate the development and expansion of secure cloud computing systems.”

The new guidelines are the result of a joint initiative by the world’s main developers of International Standards – IEC, ISO, and ITU – to guarantee maximum outreach.

Integrated solutions for services (ISO/IEC 27013)

More organizations are choosing to combine an information security management system (ISO/IEC 27001) with a service management system (ISO/IEC 20000-1). An integrated system means an organization can efficiently manage the quality of its services, handle customer feedback and solve problems, while keeping information safe. ISO/IEC 27013 offers a systematic approach to facilitate the integration of an information security management system with a service management system, which results in lower implementation costs and avoids duplication efforts as only one audit, instead of two, is needed when seeking certification.

Inter-sector and inter-organizational communications (ISO/IEC 27010)

When an organization shares information with another organization, how can they be sure that their data will be kept safe? ISO/IEC 27010 is a sector-specific addition to the ISO/IEC 27000 toolbox, which guides the initiation, implementation, maintenance and improvement of information security in inter-organizational and inter-sector communications. It includes general principles on how to meet these requirements using established messaging and other technical methods. The Standard is expected to encourage the growth of global information-sharing communities.

As Dr. Mike Nash, an editor of ISO/IEC 27010, explains, “ISO/IEC 27010 basically customizes and applies ISO/IEC 27001 and ISO/IEC 27002 to communication between organizations. Having the Standard in place gives an organization confidence that the information it has shared with another organization will not be inadvertently disclosed.”

The Standard is particularly relevant for the protection of critical national infrastructure, where exchanging sensitive information securely is of utmost importance. It is also widely used by security incident response teams.

Detecting and preventing cyber-attacks (ISO/IEC 27039)

How can organizations detect and prevent cyber intrusions to their networks, systems and applications? Best practice shows that they have to be able to know when, if and how an intrusion into their network, system or application occurs. They should also be ready to identify what vulnerability was exploited and what controls should be implemented to prevent similar intrusions from taking place in the future. One way to do this is through an Intrusion Detection and Prevention Systems (IDPS).

ISO/IEC 27039 gives guidelines to prepare and deploy an IDPS, covering such crucial aspects as selection, deployment and operation. The Standard is particularly useful in today’s market where there are many commercially available and open-source IDPS products and services based on different technologies and approaches. ISO/IEC 27039 will guide organizations throughout the process.

Audit and certification (ISO/IEC 27006)

More and more organizations are turning to third-party certification audits to demonstrate that they have in place a solid information security management system (ISMS) that conforms to the requirements of ISO/IEC 27001. ISO/IEC 27006 gives the requirements that certification and registration bodies need to meet to be accredited, so they can offer ISO/IEC 27001 certification services.

“ISO/IEC 27006 is an accreditation benchmark for certification bodies that offer ISO/IEC 27001 services,” explains Prof. Humphreys, adding, “This is important because accreditation of certification bodies provides added confidence in the audit process and credibility in the certificate they award.”

About JTC1 ISO/IEC

JTC 1 is the Joint Technical Committee of IEC and ISO for International Information Technology Standards. Created in 1987, JTC 1 currently has 20 Subcommittees, one Study Group and three Working Groups. It has published more than 2800 International Standards. JTC 1 is a consensus-based, globally relevant, voluntary International Standards group. Since 1987, it has brought about a number of very successful and relevant information and communication technologies (ICT) International Standards in many fields: IC cards (smart cards), automatic identification and data capture (AIDC) technologies, information security, biometrics, cloud computing, multimedia (MPEG), database query and programming languages as well as character sets, to name just a few.

ISO and ASTM International unveil framework for creating global additive manufacturing standards

ISO and ASTM International have jointly crafted the Additive Manufacturing Standards Development Structure, a framework which will help meet the needs for new technical standards in this fast-growing field. Additive manufacturing (AM), also known as 3D printing, is the process of joining materials layer upon layer, as opposed to "subtractive manufacturing" methods such as machining.

The new structure will help:

• guide the work of global experts and standards development organizations involved in AM standardization;
• identify standards-related gaps and needs in the AM industry;
• prevent overlap and duplicative efforts in AM standards development;
• ensure cohesion among AM standards;
• prioritize AM standards areas; and,
• improve usability and acceptance among the AM community, including manufacturers, entrepreneurs, consumers, and others.

Based on this structure, standards can be developed at three levels:

• general standards (e.gs., concepts, common requirements, guides, safety);
• standards for broad categories of materials (e.g. metal powders) or processes (e.g. powder bed fusion); and,
• specialized standards for a specific material (e.g. aluminum alloy powders), process (e.g. material extrusion with ABS), or application (e.gs, aerospace, medical, automotive).

“This structure will help experts worldwide interact in a more streamlined and meaningful way, leading to the integration and application of new technologies at an accelerated rate,” said Carl Dekker, president of MET-L-FLO Inc., and chair of ASTM International’s committee on additive manufacturing technologies (F42). “In the future, we could see even more benefits, such as uniform workforce training and a stronger ability to focus on constant quality improvement rather than potential confusion surrounding specifications.”

This structure was jointly approved by F42 and ISO/TC 261 after a July meeting in Tokyo. This reflects progress under the Partner Standards Developing Organization agreement signed five years ago between the two globally-respected standards development organizations. In creating this document, both groups reviewed past, existing, and planned standards development efforts.

The new structure does not confine the scope of work for any standards organization but provides a framework in which the majority of standards needs can be met. A companion guidance document is also being developed to accompany this structure.

This framework is part of the Partner Standards Development Organization (PSDO) cooperation agreement that was approved in 2011 by the respective governing bodies of ISO and ASTM in consultation with the ISO national member body where ASTM has its legal seat (ANSI).

Kier verified by BSI to BIM scheme

Kier Construction achieves Verification Certification to PAS 1192-2 covering Design and Construction for Level 2 BIM

BSI, the business standards company, has verified Kier Construction to its BIM scheme for PAS 1192-2 Information management for the capital/delivery phase of construction projects. Kier has achieved verification from BSI, ahead of the likely October 2016 stretch target which requires all BIM data delivered from the supply chain to be electronically validated.

Kier joins several main contractors including VolkerFitzpatrick, Bechtel and BAM Construct UK, as well as a number of subcontractors, designers and their supply chain.

BIM Level 2 represents a significant opportunity for the UK construction industry which uses digital object-oriented information shared in a collaborative environment. BSI’s scheme for the design and construction phase enables organizations to provide evidence that they have the capability to deliver both private and public projects using Building Information Modelling (BIM).

In order to achieve verification from BSI of their BIM capability, contractors have to demonstrate that they adhere to the requirements of the PAS 1192-2 standard through an independent assessment by BSI. The assessment involves an onsite audit which will assess the documented procedures and systems for all processes in PAS 1192-2, which also includes compliance with BS 1192 and BS 1192-4, and the competency of staff. BSI verification certification for PAS 1192-2 is the first in a series of solutions BSI has developed in order to support BIM Level 2.

Andy Boutle, Senior BIM Manager, Kier Construction said: “We see this certification as a milestone for our entire business – it marks the start of our journey into digital construction and we plan to continue to build upon this success in order to remain ahead of the curve when it comes to BIM and other digital technologies.

“During the verification process, it was important to challenge our own standards and focus on what is most important for our business, how we could make improvements within our supply chain and ultimately deliver what our clients need.

“When we first reviewed the assessment criteria that BSI provided pre-audit (specifically for Tier 1 Contractors), we knew that this would be an extensive task, however BSI focused on the key areas that needed to be scrutinised in order to provide the very best foundation for us to achieve BIM Level 2 as a business.” 

Andy Radley, Group BIM Director, Kier Group, said: “Our success in achieving the standards required to receive the BIM Level 2 for Construction and Design certification is a testament to the investment, belief and support we have received from our senior leadership team. Our future digital aspirations, part of which is a fully integrated BIM offering, cannot be realised without the ongoing efforts of our engaged, enthusiastic and committed BIM team who were instrumental in this process.” 

Andy Butterfield, Product Certification Director of Built Environment at BSI commented: “We are pleased to have presented Kier with certification against PAS 1192-2 for BIM Level 2 for Construction and Design. This is testament to the processes and systems Kier have embedded in order to demonstrate their capability of using BIM in the design and construction of projects. 

“An important part of the assessment is for organizations to demonstrate the competence of their resources, as well as the robustness of systems and processes. This helps to ensure that organizations, such as Kier, are well positioned in delivering services to the construction sector using BIM.” 

PAS 1192-2 was designed with input from influential industry experts. The consensus-based standard sets out how to share information on BIM projects and lists the requirements for Design and Construction BIM Level 2. It makes recommendations for the adoption of industry conventions, challenges project complacency and promotes consistency and transparency of work processes between parties. PAS 1192-2 is one of the series of standards designed to drive cost savings and efficiencies through waste reduction and improved collaboration. 

Making an energy cocktail with sun rays

Summer is here and thirsty solar panels can make an energy cocktail with sun rays thanks to the solar photovoltaic energy system. A solar photovoltaic energy system is a power system designed to supply usable solar power by means of photovoltaics, the conversion of light into electricity using an arrangement of several components, including solar panels to absorb and convert sunlight into electricity.

National incentives, renewable energy sources

These days, not only in Europe but globally, there is an increased demand for photovoltaic modules, largely due to national incentives which encourage electricity production from renewable energy sources. European Standards support the solar photovoltaic energy systems to be cost effective and an important source of alternate energy generation for utilities.
The following standards were developed to be applied to all crystalline silicon terrestrial flat plate modules, being the dominant plate used commercially.

EN 61215-1-1:2016, ‘Terrestrial photovoltaic (PV) modules – Design qualification and type approval – Part 1-1: Special requirements for testing of crystalline silicon photovoltaic (PV) Modules’, identifies requirements for durable terrestrial photovoltaic modules in terms of the design qualification and type. It also determines electrical and thermal characteristics of a photovoltaic module which can endure lengthy exposure in varied climates.

EN 61215-1-1:2016 together with EN 61215-1:2016, ‘Terrestrial photovoltaic (PV) modules – Design qualification and type approval – Part 1: Test requirements’, and EN 61215-2:2016, ‘Terrestrial photovoltaic (PV) modules – Design qualification and type approval – Part 2: Test procedures’, will replace the previous standard, EN 61215:2005, ‘Crystalline silicon terrestrial photovoltaic (PV) modules – Design qualification and type approval’.

EN 62788-1-2:2016, ‘Measurement procedures for materials used in photovoltaic modules – Part 1-2: Encapsulants – Measurement of volume resistivity of photovoltaic encapsulants and other polymeric materials’, provides a method and guidelines for measuring the volume resistivity of materials used as encapsulation, edge seals, front-sheets, backsheets, or any other insulating material in a photovoltaic (PV) module.

Alignment and cooperation with IEC

These two new standards are identical to the IEC 61215-1-1:2016 and IEC 62788-1-2:2016. The standards were supervised by CENELEC/TECHNICAL COMMITTEE 82 ‘Solar photovoltaic energy systems’, in the frame of cooperation with International Electrotechnical Commission/Technical Committee 82 ‘Solar photovoltaic energy systems’. 
As of 24 June 2016, these standards were made available to 33 National Electrotechnical Committees – Members of CENELEC – for implementation by January 2017.

For more information CENELEC’s work on solar photovoltaic energy system

Making an energy cocktail with sun rays

Summer is here and thirsty solar panels can make an energy cocktail with sun rays thanks to the solar photovoltaic energy system. A solar photovoltaic energy system is a power system designed to supply usable solar power by means of photovoltaics, the conversion of light into electricity using an arrangement of several components, including solar panels to absorb and convert sunlight into electricity.

National incentives, renewable energy sources

These days, not only in Europe but globally, there is an increased demand for photovoltaic modules, largely due to national incentives which encourage electricity production from renewable energy sources. European Standards support the solar photovoltaic energy systems to be cost effective and an important source of alternate energy generation for utilities.
The following standards were developed to be applied to all crystalline silicon terrestrial flat plate modules, being the dominant plate used commercially.

EN 61215-1-1:2016, ‘Terrestrial photovoltaic (PV) modules – Design qualification and type approval – Part 1-1: Special requirements for testing of crystalline silicon photovoltaic (PV) Modules’, identifies requirements for durable terrestrial photovoltaic modules in terms of the design qualification and type. It also determines electrical and thermal characteristics of a photovoltaic module which can endure lengthy exposure in varied climates.

EN 61215-1-1:2016 together with EN 61215-1:2016, ‘Terrestrial photovoltaic (PV) modules – Design qualification and type approval – Part 1: Test requirements’, and EN 61215-2:2016, ‘Terrestrial photovoltaic (PV) modules – Design qualification and type approval – Part 2: Test procedures’, will replace the previous standard, EN 61215:2005, ‘Crystalline silicon terrestrial photovoltaic (PV) modules – Design qualification and type approval’.

EN 62788-1-2:2016, ‘Measurement procedures for materials used in photovoltaic modules – Part 1-2: Encapsulants – Measurement of volume resistivity of photovoltaic encapsulants and other polymeric materials’, provides a method and guidelines for measuring the volume resistivity of materials used as encapsulation, edge seals, front-sheets, backsheets, or any other insulating material in a photovoltaic (PV) module.

Alignment and cooperation with IEC

These two new standards are identical to the IEC 61215-1-1:2016 and IEC 62788-1-2:2016. The standards were supervised by CENELEC/TECHNICAL COMMITTEE 82 ‘Solar photovoltaic energy systems’, in the frame of cooperation with International Electrotechnical Commission/Technical Committee 82 ‘Solar photovoltaic energy systems’. 
As of 24 June 2016, these standards were made available to 33 National Electrotechnical Committees – Members of CENELEC – for implementation by January 2017.

For more information CENELEC’s work on solar photovoltaic energy system

European Standard for funeral services gets a second life 

A new CEN Technical Committee on Funeral Services (CEN/TC 448) will develop a revised edition of the European Standard EN 15017, which sets out requirements for the provision of funeral services.

The first edition of the European Standard EN 15017 'Funeral Services – Requirements' was approved and published by CEN in 2005. During the last 11 years, there have been significant developments in the delivery of funeral services, and therefore it is necessary to review and revise this standard.

Following a proposal from the Austrian Standards Institute (ASI), the CEN Technical Board has decided to create a new CEN Technical Committee on Funeral Services.

The role of this new Technical Committee (CEN/TC 448) is to revise EN 15017 and align it with the current state of the art in the funeral services sector. Specific aspects to be addressed include provisions relating to the cross-border transport of deceased persons, storage requirements, provisions for cremation services and equipment needed for good funeral service provision.
The Secretariat of CEN/TC 448 is provided by ASI, which will host the first meeting of the new Technical Committee on 9 and 10 June 2016.

European Standard for funeral services gets a second life 

A new CEN Technical Committee on Funeral Services (CEN/TC 448) will develop a revised edition of the European Standard EN 15017, which sets out requirements for the provision of funeral services.

The first edition of the European Standard EN 15017 'Funeral Services – Requirements' was approved and published by CEN in 2005. During the last 11 years, there have been significant developments in the delivery of funeral services, and therefore it is necessary to review and revise this standard.

Following a proposal from the Austrian Standards Institute (ASI), the CEN Technical Board has decided to create a new CEN Technical Committee on Funeral Services.

The role of this new Technical Committee (CEN/TC 448) is to revise EN 15017 and align it with the current state of the art in the funeral services sector. Specific aspects to be addressed include provisions relating to the cross-border transport of deceased persons, storage requirements, provisions for cremation services and equipment needed for good funeral service provision.
The Secretariat of CEN/TC 448 is provided by ASI, which will host the first meeting of the new Technical Committee on 9 and 10 June 2016.