ISO developes standard on product security

Innovative, competitive or market leading products are increasingly target of physical and digital attacks. These products can be medical devices, electronic components, or even complex machinery equipment. Product related threats affect manufacturers, distributors, service providers and consumers in many ways. The potential damage of such threats includes:

• danger to health and safety of consumers,
• decreased sales,
• damage to reputation or brand equity,
• loss of innovation leadership,
• loss of jobs,
• tax losses and
• environmental issues.

Steffen Zimmermann (Germany), the responsible project leader for the development of ISO 22384, explains the need for such a guidance on “Product Security”:

"The increased level of interconnection of the global economy, the growing availability of complex manufacturing processes and protectionist efforts lead to a growing motivation and ability for product related threats. 

Measures taken by affected organizations are often reactive, uncoordinated or even mutually contradictory. For a sustainable approach it is necessary to follow an established, project-oriented methodology for assessing product security related threats, risks and countermeasures.

The intended International Standard will guide organizations developing their own protection plan, supporting its implementation and monitoring its effectiveness after implementation. It will cover common product-related threats and aspects regarding product lifecycle and supply chain."

In ISO/TC 292, the work have been placed in Working Group 4 and has currently reached the CD stage.