Through the revision of ISO 12931 into this new standard, TC 292 is improving the performance criteria and evaluation methodology for authentication solutions used to establish material good authenticity throughout the entire material good life cycle.
Despite the growing number of conformity regulations, the development of global trade and the reduction of physical controls at borders has increased the risks of bigger volumes of counterfeited products in circulation. The revised standard is aimed at contributing to further strengthen such controls, by giving useful authentication principles, features and processes.
Christophe Renard, the project leader responsible for the development of ISO 22383, explain the revision process:
"The Working Group 4 has been revisiting the former ISO 12931 standard by considering both the emergence of new technologies (material, digital and combined) and also the new threats they may bring: with the risk that counterfeited products become less detectable and more damaging, new technologies must be considered by legitimate manufacturers and economic operators, by law enforcement inspectors, and also by consumers.
More and more, authentication solutions need to consider several combined elements to be more robust against tampering. They need to incorporate data-related features such as reliable data capture and retrieval along the product’s life cycle, and possibly also add authentication elements directly into the component parts of the product."
ISO 22383:2020, Security and resilience — Authenticity, integrity and trust for products and documents - Guidelines for selection and performance evaluation of authentication solutions for material goods , is available from ISO national member institutes. It may also be obtained directly from the ISO Central Secretariat, respectively through the ISO Store or by contacting the Marketing, Communication & Information department.
ISO 22383 – Frequently Asked Questions
1. Why was the ISO 12931 revised?
The ISO 12931 was published in 2012, however over the past 8 years, the growth of counterfeiting methods required an updated standard to take into consideration the evolving technologies and approaches in order to further strengthen authentication activities, both for the public authorities and the private sector.
2. What are the main changes in the new version compared to the 2012 version?
There are 3 main areas of change:
- Terminology – It has been modernized and adapted, and is fully aligned with the revised ISO 22300 standard.
- Structure – Sections have been re-positioned, merged or added to more clearly separate the steps required to select and implement authentication solutions, and conduct authentication activities through a risk management perspective.
- Simplification – The review has resulted in a document that is easier to read and adopt. This new standard remains a guidance standard; The working group aims has been to brings efficiency and effectiveness.
3. Who was involved in the revision ?
ISO 22383 was revised by a working group 4 of ISO Technical Committee 292 on Security and resilience (ISO/TC 292). This working group focuses on “Authenticity, integrity and trust for products and documents” and has already published 3 standards : ISO 22380 ” General principles for product fraud risk and countermeasures”, ISO 22381 “Guidelines for establishing interoperability among object identification systems to deter counterfeiting and illicit trade”, and ISO 22382 “Guidelines for the content, security, issuance and examination of excise tax stamps”. This working group is currently drafting future standards to respond to the market needs; they are related to protection plan, brand protection, artefact metrics, or supply chain integrity with blockchains.
4. My organization required us to follow the ISO 12931 guidance; will this revision have an impact on this?
This revision will bring further clarify and guidance on how to choose, implement, perform and assess authentication solutions. It has been written to be practical and self-explanatory.
5. Does ISO 22383 apply to all organizations (in scale, type and industry)?
Yes, the scope of this standard covers all organizations.
6. If my organization already holds ISO certifications, is this revised standard useful?
Each standard is selected and implement for a purpose. This a “guidance” standard designed for the selection and performance evaluation of authentication solutions which does not exist in other ISO standards. It can easily complement other standards already in place.
7. Can I still use ISO 12931 version?
Technically that is possible though anyone interested by authentication solutions should acquire this new standard that addresses some issues of ISO 12931. It includes a risk management approach and takes into consideration the new technologies and models that have emerged since 2012.