SFS Suomen Standardit

 

 

This document provides guidelines on implementation and application of the concept of metrological traceability in measurements supporting the exploration, upgrading, transmission, distribution and use of natural gas, biogas, biomethane and other substitutes. The guidance aims at implementing requirements such as those laid down in ISO/IEC 17025:2017 6.5. The measurement of flow rate, composition, temperature, pressure and natural gas properties are covered. The document also addresses the metrological traceability of properties calculated from other quanties, such as pressure, temperature and composition. This document describes how calibration, quality control and the evaluation of measurement uncertainty aid to establishing and underpinning the metrological traceability of measurement results. Requirements for the certification of traceable calibration gas mixtures and test gases are also addressed in this document. Finally, the guidance extends to the measurement of the quantity and energy supplied or received, such as described in ISO 15112. Whereas it is recognised that the measurement of quantity and energy is in practice often implemented as a computational process using measurement data, this document takes the view that the purpose of the measurement is the quantity and energy, and that the measurements made in gas metering serve the purpose of providing metrologically traceable results as input for the measurement of quantity and energy.

 

This document specifies principles for privacy protection through pseudonymization services, aimed at safeguarding personal health information . It is applicable to organizations implementing pseudonymization processes or claiming trustworthiness in pseudonymization service operations. This document:

- defines foundational principles for pseudonymization

- aligns with updated regulations and standards, such as iso:proj:69373ISO/IEC 20889:2018 , iso:proj:71677ISO/IEC 27559:2022 , and other relevant documents, and methodologies for pseudonymization services

- provides guidance on practical application of pseudonymization , including examples of de-identification process, best practices and case studies

- defines important elements in the concept of pseudonymization, direct and indirect identifiability of personal information, and different types of data variables

- provides guidance on risk assessment for re-identification, and two distinct contexts of re-identification of pseudonymized information, and

- specifies various techniques designed to balance privacy protection with data utility to ensure that the data can be used for analytics, research, or operational needs without revealing personal identities.

 

Additionally, this document addresses new regulatory and ethical frameworks, such as the EU AI Act[1] , IEEE 7000:2021 [2] , and IEEE 7007:2021 [3] , as well as guidance on pseudonymization in AI, considering the impact of emerging technologies on privacy protection.

 

ISO 25237:2017 contains principles and requirements for privacy protection using pseudonymization services for the protection of personal health information. This document is applicable to organizations who wish to undertake pseudonymization processes for themselves or to organizations who make a claim of trustworthiness for operations engaged in pseudonymization services. ISO 25237:2017

- defines one basic concept for pseudonymization (see Clause 5),

- defines one basic methodology for pseudonymization services including organizational, as well as technical aspects (see Clause 6),

- specifies a policy framework and minimal requirements for controlled re-identification (see Clause 7),

- gives an overview of different use cases for pseudonymization that can be both reversible and irreversible (see Annex A),

- gives a guide to risk assessment for re-identification (see Annex B),

- provides an example of a system that uses de-identification (see Annex C),

- provides informative requirements to an interoperability to pseudonymization services (see Annex D), and

- specifies a policy framework and minimal requirements for trustworthy practices for the operations of a pseudonymization service (see Annex E).

 

The primary purpose of ISO/IEC 19788 is to specify metadata elements and their attributes for the description of learning resources. This includes the rules governing the identification of data elements and the specification of their attributes. ISO/IEC 19788 provides data elements for the description of learning resources and resources directly related to learning resources.

 

ISO/IEC 19788-3:2011 is designed to help implementers with a starting point for adopting ISO/IEC 19788, defining an application profile that specifies, through adding constraints to the use of some data elements, how the ISO/IEC 19788-2 element set can be used.

 

 

This document specifies cybersecurity requirements and associated assessment requirements for identity management systems that qualify as products within the meaning of Regulation (EU) 2024/2847. Such products are classified as important products (class 1) according to the implementing regulation Commission Implementing Regulation (EU) 2025/2392.

 

This document covers:
- general description of the product belonging to that category and the product and/or components such product with digital elements; 
- description of their use case; 
- security analysis; 
- definition of applicable risk profiles to be considered for these product with digital elements; 
- applicable cybersecurity requirements for each risk profile; 
- applicable cybersecurity assessment and test requirements for each risk profile.

 

Product not in the scope of this document:
- chip, Embedded OS, Applets; 
- PKI products; 
- cyber security products needed for securing IT infrastructures (VPN, SIEM….); 
- all products that are classified as default such as the anti-fire detectors products. 

 

This document defines cyber security requirements for products with digital elements belonging to product category “Hardware Device with Security Boxes” (hereinafter called “Product” or “HWSB product”).

 

The technical description of “Hardware Devices with Security Boxes” can be found in Annex II of [CRA].

 

The Hardware Devices with Security Boxes in scope are designed for deployment in a range of environments and where the threat landscape includes attackers with various attack potential.

 

HWSB are hardware-based systems intended to provide secure storage, processing and use of sensitive data, including cryptographic assets, within a protected hardware boundary (envelope).

 

This document applies to the HWSB part of the product. The applicability of this document to specific products is determined based on their intended purpose, use case and risk assessment.

 

This document provides guidelines on how to manage the risks and navigate the threats that can arise during the big data life cycle from the various big data characteristics that are unique to big data: volume, velocity, variety, variability, volatility, veracity, validity and value, including when using big data for the design and implementation of artificial intelligence (AI) systems.

 

This document can help organizations build or enhance their big data security and privacy capabilities, including when using big data in the development and use of AI systems. This document is applicable to all organizations that develop or use big data systems, regardless of their type, size or purpose.

 

This document provides a description of anthropometric measurements that can be used as a basis for the creation of physical and digital anthropometric databases. The list of measurements specified in this part ISO 8559-6 is intended to serve as a guide for practitioners in the field of clothing who are required to apply their knowledge to select population market segments and to create size and shape profiles for the development of all contour fitting garment types which extend from the torso and shoulder to the breast and their equivalent fitness. The list provides a guide for how to take anthropometric measurements, as well as give information to clothing product development teams and innerwear manufacturers on the principles of measurement and their underlying anatomical and anthropometrical bases. It is intended to use this part ISO 8559-6 in conjunction with national, regional or international regulations or agreements to ensure harmony in defining population groups and to allow comparison of anthropometric data sets.

 

This document specifies requirements and guidance for the interoperability of data, data sharing mechanisms, and services within data spaces. It covers requirements, criteria and implementation guidance on: - dataset content, use restrictions, licences, data collection methodology, data quality and uncertainty, and on machine-readable formats to find, access and use of data; - data structures, data formats, vocabularies, classification schemes, taxonomies and code lists, and how to describe these elements a publicly available and consistent manner; - technical means to access the data, such as application programming interfaces, and their terms of use and quality of service to enable automatic access and transmission of data between parties; - where applicable, the means to enable the interoperability of tools for automating the execution of data sharing contracts. This document is applicable to all organizations participating in dataspaces, regardless of their size or type.

 

This document provides terminology, concepts, requirements, and guidance for logging of AI systems. It is primarily intended for organizations placing on the market or putting into service AI systems and is not specific to any particular sector.

 

This document contains guidelines for developing and establishing policies and procedures for deletion of personally identifiable information (PII) in organizations by specifying:

—    a harmonized terminology for PII deletion;

—    an approach for defining deletion rules in an efficient way;

—    a description of required documentation;

—    a broad definition of roles, responsibilities and processes.

 

This document is intended to be used by organizations where PII is stored or processed.

 

This document does not address:

—    specific legal provision, as given by national law or specified in contracts;

—    specific deletion rules for particular clusters of PII that are defined by PII controllers for processing PII;

—    deletion mechanisms;

—    reliability, security and suitability of deletion mechanisms;

—    specific techniques for de-identification of data.

 

This document contains guidelines for developing and establishing policies and procedures for deletion of personally identifiable information (PII) in organizations by specifying:

— a harmonized terminology for PII deletion;

— an approach for defining deletion rules in an efficient way;

— a description of required documentation;

— a broad definition of roles, responsibilities and processes.

 

This document is intended to be used by organizations where PII is stored or processed.

 

This document does not address:

— specific legal provision, as given by national law or specified in contracts;

— specific deletion rules for particular clusters of PII that are defined by PII controllers for processing PII;

— deletion mechanisms;

— reliability, security and suitability of deletion processes and mechanisms;

— specific techniques for de-identification of data.

 

Tämä on muutos standardiin ISO/IEC 22237-2:2024 Information technology — Data centre facilities and  infrastructures — Part 2:  Building construction.

 

Alkuperäisen standardin soveltamisala on:

 

This document specifies requirements and recommendations for the construction of buildings and other  structures which provide accommodation for data centres based on the criteria and classification for  “physical security” within ISO/IEC 22237-1 in support of availability.
This document specifies requirements and recommendations for the following:
a) location and site selection (taking in to account natural environment and adjacencies);
b) protection from environmental risks;
c) site configuration;
d) building construction;
e) building configuration;
f) provision of access;
g) physical intrusion protection;
h) physical fire protection;
i) protection against damage from water;
j) quality construction measures.

 

Safety and electromagnetic compatibility (EMC) requirements are outside the scope of this document and  are covered by other standards and regulations. However, information given in this document can be of 
assistance in meeting these standards and regulations.

 

This document specifies terms, general models, related parameters and various requirements of oblivious transfer.

 

Article 20 GDPR and Article 4 and 5 the proposed FIDA Regulation require the data access and portability of customer data. To support this demand CEN/TC 445 will organise the standardisation project with its Working Group 1 in which the following European standardisation deliverable will be developed. European Standard (EN) for the semantic specification of the interfaces The scope of this EN for customer (natural or legal person) data access and portability in the insurance sector should be based on the insurance-specific part of the proposed FIDA Regulation and therefore should contain: • Semantic specifications for the processes to support the data access and portability. These specifications define on the business level the functions and the behaviour for the following process interfaces: - Request of the customer to the data holder for an actual transfer of the customer data (Article 4 FIDA). - Transfer of the requested customer data from the data holder to the requesting customer (Article 4 FIDA). - Request of a data user to a data holder for an actual transfer of customer data under a permission of the customer (Article 5 FIDA). - Transfer of the requested customer data from the data holder to the requesting data user (Article 5 FIDA). • Sematic specifications for the customer data to be transferred by the above processes. The scope of the customer data will be limited to the insurance-specific part of the FIDA proposal defined in the Article 2 (1) and Article 3 (3) of FIDA. These specifications define on the business level each element of the customer data with identification, name, precise definition, and value type (text, number, amount, quantity, percentage, date, etc.). The composition of these data elements forms a semantic data model for the insurance-specific customer data. The data model will consist of the following parts: - General data of the policy holder (including address, contact details, profession, payment means, etc.). - General data of the insurance policy (including policy number, insurance product and coverages, insured period, premium amounts, etc.). - Data specific to the consumers’ insured assets which are collected for the purposes of a demands and needs test. - Data depending on class of business, such as - Motor insurance (details about vehicle, usage, drivers), - Property insurance (details about building, household or other objects), - Liability insurance (details about insured persons and their activities), - Accident insurance (details about insured persons and their activities), - Insurance-based investment products (details about insured persons and the savings, investments, pension rights, etc.). The EN specifies the processes and the data model on the semantic level in a syntax-neutral format, independent from its representation in a concrete implementation syntax.

 

This European Standard applies to rope adjustment devices intended for use in rope access systems. It specifies the requirements, test methods, marking and manufacturer’s instructions and information.

 

This document specifies the technical delivery conditions for corrosion-resistant alloy seamless products for casing, tubing, coupling stock and accessory material (including coupling stock and accessory material from bar) for two product specification levels: PSL-1, which is the basis of this document; PSL-2, which provides additional requirements for a product that is intended to be both corrosion and cracking resistant for the environments and qualification method specified in Annex G and in the ISO 15156 series or NACE MR0175. This document contains no provisions relating to the connection of individual lengths of pipe. Demonstration of conformance to ISO 15156-3:2020 or NACE MR0175-2021 of material affected by end sizing, connection manufacture or welding operations is outside the scope of this document. This document contains provisions relating to marking of tubing and casing after threading. This document is applicable to the following five groups of products: a)       group 1, which is composed of stainless alloys with a martensitic or martensitic/ferritic structure; b)       group 2, which is composed of stainless alloys with a ferritic-austenitic structure, such as duplex and super-duplex stainless alloy; c)        group 3, which is composed of stainless alloys with an austenitic structure (iron base); d)       group 4, which is composed of nickel-based alloys with an austenitic structure (nickel base); e)       group 5, which is composed of bar only (Annex F) in age-hardened (AH) nickel-based alloys with austenitic structure.

 

ISO 10519:2015 specifies a spectrometric method for the determination of the chlorophyll content of rapeseed. It is not applicable to the determination of chlorophyll in oils.