ISO developes standard on product security
ISO/TC 292 has recently launched a project with the title ISO 22384 Security and resilience - Authenticity, integrity and trust for products and documents - Guidelines to establish and monitor a protection plan and its implementation. This Project is based on the German National Standard DIN 66405 and will result in an International Standard intended for organizations facing product related threats, to become more resilient. It will guide organisations taking the right steps to protect with appropriate organizational, technical and judical measures
Innovative, competitive or market leading products are increasingly target of physical and digital attacks. These products can be medical devices, electronic components, or even complex machinery equipment. Product related threats affect manufacturers, distributors, service providers and consumers in many ways. The potential damage of such threats includes:
- danger to health and safety of consumers,
- decreased sales,
- damage to reputation or brand equity,
- loss of innovation leadership,
- loss of jobs,
- tax losses and
- environmental issues.
Steffen Zimmermann (Germany), the responsible project leader for the development of ISO 22384, explains the need for such a guidance on “Product Security”:
"The increased level of interconnection of the global economy, the growing availability of complex manufacturing processes and protectionist efforts lead to a growing motivation and ability for product related threats.
Measures taken by affected organizations are often reactive, uncoordinated or even mutually contradictory. For a sustainable approach it is necessary to follow an established, project-oriented methodology for assessing product security related threats, risks and countermeasures.
The intended International Standard will guide organizations developing their own protection plan, supporting its implementation and monitoring its effectiveness after implementation. It will cover common product-related threats and aspects regarding product lifecycle and supply chain."
In ISO/TC 292, the work have been placed in Working Group 4 and has currently reached the CD stage.