SFS Suomen Standardit

 

The primary purpose of ISO/IEC 19788 is to specify metadata elements and their attributes for the description of learning resources. This includes the rules governing the identification of data elements and the specification of their attributes. ISO/IEC 19788 provides data elements for the description of learning resources and resources directly related to learning resources.

 

ISO/IEC 19788-3:2011 is designed to help implementers with a starting point for adopting ISO/IEC 19788, defining an application profile that specifies, through adding constraints to the use of some data elements, how the ISO/IEC 19788-2 element set can be used.

 

This document specifies cybersecurity requirements and associated assessment requirements for identity management systems that qualify as products within the meaning of Regulation (EU) 2024/2847. Such products are classified as important products (class 1) according to the implementing regulation Commission Implementing Regulation (EU) 2025/2392.

 

This document covers:
- general description of the product belonging to that category and the product and/or components such product with digital elements; 
- description of their use case; 
- security analysis; 
- definition of applicable risk profiles to be considered for these product with digital elements; 
- applicable cybersecurity requirements for each risk profile; 
- applicable cybersecurity assessment and test requirements for each risk profile.

 

Product not in the scope of this document:
- chip, Embedded OS, Applets; 
- PKI products; 
- cyber security products needed for securing IT infrastructures (VPN, SIEM….); 
- all products that are classified as default such as the anti-fire detectors products. 

 

This document defines cyber security requirements for products with digital elements belonging to product category “Hardware Device with Security Boxes” (hereinafter called “Product” or “HWSB product”).

 

The technical description of “Hardware Devices with Security Boxes” can be found in Annex II of [CRA].

 

The Hardware Devices with Security Boxes in scope are designed for deployment in a range of environments and where the threat landscape includes attackers with various attack potential.

 

HWSB are hardware-based systems intended to provide secure storage, processing and use of sensitive data, including cryptographic assets, within a protected hardware boundary (envelope).

 

This document applies to the HWSB part of the product. The applicability of this document to specific products is determined based on their intended purpose, use case and risk assessment.

 

This document provides guidelines on how to manage the risks and navigate the threats that can arise during the big data life cycle from the various big data characteristics that are unique to big data: volume, velocity, variety, variability, volatility, veracity, validity and value, including when using big data for the design and implementation of artificial intelligence (AI) systems.

 

This document can help organizations build or enhance their big data security and privacy capabilities, including when using big data in the development and use of AI systems. This document is applicable to all organizations that develop or use big data systems, regardless of their type, size or purpose.

 

This document provides a description of anthropometric measurements that can be used as a basis for the creation of physical and digital anthropometric databases. The list of measurements specified in this part ISO 8559-6 is intended to serve as a guide for practitioners in the field of clothing who are required to apply their knowledge to select population market segments and to create size and shape profiles for the development of all contour fitting garment types which extend from the torso and shoulder to the breast and their equivalent fitness. The list provides a guide for how to take anthropometric measurements, as well as give information to clothing product development teams and innerwear manufacturers on the principles of measurement and their underlying anatomical and anthropometrical bases. It is intended to use this part ISO 8559-6 in conjunction with national, regional or international regulations or agreements to ensure harmony in defining population groups and to allow comparison of anthropometric data sets.

 

This document specifies requirements and guidance for the interoperability of data, data sharing mechanisms, and services within data spaces. It covers requirements, criteria and implementation guidance on: - dataset content, use restrictions, licences, data collection methodology, data quality and uncertainty, and on machine-readable formats to find, access and use of data; - data structures, data formats, vocabularies, classification schemes, taxonomies and code lists, and how to describe these elements a publicly available and consistent manner; - technical means to access the data, such as application programming interfaces, and their terms of use and quality of service to enable automatic access and transmission of data between parties; - where applicable, the means to enable the interoperability of tools for automating the execution of data sharing contracts. This document is applicable to all organizations participating in dataspaces, regardless of their size or type.

 

This document provides terminology, concepts, requirements, and guidance for logging of AI systems. It is primarily intended for organizations placing on the market or putting into service AI systems and is not specific to any particular sector.

 

This document contains guidelines for developing and establishing policies and procedures for deletion of personally identifiable information (PII) in organizations by specifying:

—    a harmonized terminology for PII deletion;

—    an approach for defining deletion rules in an efficient way;

—    a description of required documentation;

—    a broad definition of roles, responsibilities and processes.

 

This document is intended to be used by organizations where PII is stored or processed.

 

This document does not address:

—    specific legal provision, as given by national law or specified in contracts;

—    specific deletion rules for particular clusters of PII that are defined by PII controllers for processing PII;

—    deletion mechanisms;

—    reliability, security and suitability of deletion mechanisms;

—    specific techniques for de-identification of data.

 

This document contains guidelines for developing and establishing policies and procedures for deletion of personally identifiable information (PII) in organizations by specifying:

— a harmonized terminology for PII deletion;

— an approach for defining deletion rules in an efficient way;

— a description of required documentation;

— a broad definition of roles, responsibilities and processes.

 

This document is intended to be used by organizations where PII is stored or processed.

 

This document does not address:

— specific legal provision, as given by national law or specified in contracts;

— specific deletion rules for particular clusters of PII that are defined by PII controllers for processing PII;

— deletion mechanisms;

— reliability, security and suitability of deletion processes and mechanisms;

— specific techniques for de-identification of data.

 

Tämä on muutos standardiin ISO/IEC 22237-2:2024 Information technology — Data centre facilities and  infrastructures — Part 2:  Building construction.

 

Alkuperäisen standardin soveltamisala on:

 

This document specifies requirements and recommendations for the construction of buildings and other  structures which provide accommodation for data centres based on the criteria and classification for  “physical security” within ISO/IEC 22237-1 in support of availability.
This document specifies requirements and recommendations for the following:
a) location and site selection (taking in to account natural environment and adjacencies);
b) protection from environmental risks;
c) site configuration;
d) building construction;
e) building configuration;
f) provision of access;
g) physical intrusion protection;
h) physical fire protection;
i) protection against damage from water;
j) quality construction measures.

 

Safety and electromagnetic compatibility (EMC) requirements are outside the scope of this document and  are covered by other standards and regulations. However, information given in this document can be of 
assistance in meeting these standards and regulations.

 

This document specifies terms, general models, related parameters and various requirements of oblivious transfer.

 

Article 20 GDPR and Article 4 and 5 the proposed FIDA Regulation require the data access and portability of customer data. To support this demand CEN/TC 445 will organise the standardisation project with its Working Group 1 in which the following European standardisation deliverable will be developed. European Standard (EN) for the semantic specification of the interfaces The scope of this EN for customer (natural or legal person) data access and portability in the insurance sector should be based on the insurance-specific part of the proposed FIDA Regulation and therefore should contain: • Semantic specifications for the processes to support the data access and portability. These specifications define on the business level the functions and the behaviour for the following process interfaces: - Request of the customer to the data holder for an actual transfer of the customer data (Article 4 FIDA). - Transfer of the requested customer data from the data holder to the requesting customer (Article 4 FIDA). - Request of a data user to a data holder for an actual transfer of customer data under a permission of the customer (Article 5 FIDA). - Transfer of the requested customer data from the data holder to the requesting data user (Article 5 FIDA). • Sematic specifications for the customer data to be transferred by the above processes. The scope of the customer data will be limited to the insurance-specific part of the FIDA proposal defined in the Article 2 (1) and Article 3 (3) of FIDA. These specifications define on the business level each element of the customer data with identification, name, precise definition, and value type (text, number, amount, quantity, percentage, date, etc.). The composition of these data elements forms a semantic data model for the insurance-specific customer data. The data model will consist of the following parts: - General data of the policy holder (including address, contact details, profession, payment means, etc.). - General data of the insurance policy (including policy number, insurance product and coverages, insured period, premium amounts, etc.). - Data specific to the consumers’ insured assets which are collected for the purposes of a demands and needs test. - Data depending on class of business, such as - Motor insurance (details about vehicle, usage, drivers), - Property insurance (details about building, household or other objects), - Liability insurance (details about insured persons and their activities), - Accident insurance (details about insured persons and their activities), - Insurance-based investment products (details about insured persons and the savings, investments, pension rights, etc.). The EN specifies the processes and the data model on the semantic level in a syntax-neutral format, independent from its representation in a concrete implementation syntax.

 

This European Standard applies to rope adjustment devices intended for use in rope access systems. It specifies the requirements, test methods, marking and manufacturer’s instructions and information.

 

This document specifies performance requirements, methods of test, and marking requirements for automatic and open water spray nozzles. This document is not applicable to sprinklers or water mist nozzles. Factors of installation, such as nozzle spacing, design densities, wind and hot gas velocities, are not intended to be addressed by this document.

 

This document specifies construction requirements, performance requirements, test methods and marking requirements for typical types of pipe hangers and associated components. To include but not limited to: clamps, band hangers, clevis hangers, brackets, ceiling flanges, and anchors.

 

This document specifies the technical delivery conditions for corrosion-resistant alloy seamless products for casing, tubing, coupling stock and accessory material (including coupling stock and accessory material from bar) for two product specification levels: PSL-1, which is the basis of this document; PSL-2, which provides additional requirements for a product that is intended to be both corrosion and cracking resistant for the environments and qualification method specified in Annex G and in the ISO 15156 series or NACE MR0175. This document contains no provisions relating to the connection of individual lengths of pipe. Demonstration of conformance to ISO 15156-3:2020 or NACE MR0175-2021 of material affected by end sizing, connection manufacture or welding operations is outside the scope of this document. This document contains provisions relating to marking of tubing and casing after threading. This document is applicable to the following five groups of products: a)       group 1, which is composed of stainless alloys with a martensitic or martensitic/ferritic structure; b)       group 2, which is composed of stainless alloys with a ferritic-austenitic structure, such as duplex and super-duplex stainless alloy; c)        group 3, which is composed of stainless alloys with an austenitic structure (iron base); d)       group 4, which is composed of nickel-based alloys with an austenitic structure (nickel base); e)       group 5, which is composed of bar only (Annex F) in age-hardened (AH) nickel-based alloys with austenitic structure.

 

ISO 10519:2015 specifies a spectrometric method for the determination of the chlorophyll content of rapeseed. It is not applicable to the determination of chlorophyll in oils.

 

This document establishes the basic principles for the provision of quality legal interpreting (spoken language interpreting or signed language interpreting) for all parties involved in the use of legal services and specifies the competences of legal interpreters. It also describes the various legal settings and the corresponding modes of interpreting. In this document, interpreting refers to the activity performed by human beings to convey spoken or signed content from one language to another. Interpreting generated by artificial intelligence falls outside the scope of this document.

 

The purpose of this document is to provide guidance on the methods to quantify the amount of personal information and to help estimate how easy it might be to re-identify someone in a dataset subjected to de-identification when it contains information about the characteristics of, actions of, or relationships to, natural persons. This guidance can further help organizations make better decisions for privacy protection and for appropriate use, sharing and exchange of such data. This document is a high level, principles-based advisory standard which sets out terms and concepts that can be referenced by organizations. This document does not provide an estimate of how easy it is to identify someone where additional external data is accessible, nor does it provide a way to define whether data is PII or not.

 

This document specifies methods using sieving for the determination of the quantity of coarse particles of binder present in bituminous emulsions and for the determination of storage stability. WARNING - The use of this document can involve hazardous materials, operations and equipment. This document does not purport to address all of the safety problems associated with its use. It is the responsibility of the user of this document to establish appropriate safety and health practices and to determine the applicability of regulatory limitations prior to use. In addition, for environmental aspects, it is important to limit the quantities of products, solvents and energy sources to reduce the emissions in air and water and the wastes to the minimum required for a valid test realization.