Using and Referencing ISO and IEC standards for Technical Regulations

by Rick Jelliffe

Using and Referencing ISO and iEC standards for Technical Regulations is the name of a new report just out (late Sept 2007) from ISO and IEC. I think it gives a really useful introduction to ISO and IEC and the breadth of standards (indeed, the vision of standards: it is written primarily for regulators, but it is good for the rest of us too, I think. (Its free, in glossy PDF.)

It is interesting to see the continuing emphasis on environmental considerations: now it is in the first of the bullet lists for how ISO and IEC want to position their standards. The report takes seriously that different countries may have different requirements,
At first sight .... Any goods and services that have the potential to cause serious harm to the health or safety of the population, or to the environment, would seem to be obvious candidates for technical regulation. However, the differences between countries mean that this concept can be applied differently.

The report details the increasing adoption of ISO and IEC standards: both because more societies are industrializing and because more standards are dealing with issues for even poorer societies.

I won't try to read between the lines here, but obviously some of the issues that came up in various parts of the world concerning Office Open XML and ODF were in the mix of things that have influenced this document. (ISO had their 30th general assembly recently.) However, I know that last week's JTC1 meeting in Australia explicitly devoted time to considering some matters arising over the year from fast-tracked standards; I have talked informally with a delegate, but I won't comment until there are some public documents from JTC1: lets just say that JTC1 has clarified some issues that other people have thought were cloudy or murky! (Watch this blog!)

Let me just quote this part of the document (and remembering that ISO and IEC standards may be more about health, safety, environment and so on, while IT issues are often delegated to ISO/IEC JTC1 which is for most purposes a separate organization):

In some countries, for example, the response by authorities to a specific need for technical regulation may be a general declaration that certain standards in a subject area must be mandatory. It is therefore vital that a portfolio of ISO and IEC standards exists to help such countries.

However, the big issue is to tackle a central wrinkle with ISO standards, They are voluntary standards, yet many countries adopt them as regulation or require or favour them. So they are developed with one set of requirements but may be used with another. I think section 6.1 is really important, and it is something I have been banging on about: in particular
Regulators will need to decide what level of checks they wish to put in place to ensure the standard is suitable for use and addresses their needs.

In other words, adopting a standard because it is an ISO standard is not good enough: a regulator needs to be able to justify why it is the suitable and effective standard for their use. Bingo. ISO does not replace or supplant government. It does not set government policy (even though many international standards constitute public policy which is why they are suitable.) And again in s7.1

Using ISO and IEC standards for technical regulation does not imply that regulators have reduced power or that they delegate responsibility to other parties.

The section on conformity assessment was interesting to me, because it has come hot on the heels of some email with an interesting Swedish open-source activist discussing whether ISO allows reference implementations (I gather that it does not, because it is verboten to have alternative specifications for the same thing, but I am open to counter-examples) . He raised the example of SQL, where NIST abandoned their test suite, on cost basis. Governments are so shortsighted on standards and conformance: all the major economic advantages of IT have come through standards of all sorts for more than a decade now, and governments still do things on a shoestring. Why aren't procurement departments aggressively investing in standards development and conformance testing efforts, for example? Why aren't the politicians and governance officers insisting on it? I expect they will come to the party, but it is already later rather than sooner!

The last part of the report gives examples of how standards fit in to various national contexts: one thing that hit home with me during all my travels earlier in the year was how each different country has a different history and approach to standards. However, in all of them the trend was clear: they thought standards can be helpful and want to encourage their development and adoption as appropriate for each nation. I think this is a very useful little report, especially for giving some balance to those of us participating in a debates that can get quite heated.


Rick Jelliffe
2007-10-16 09:26:35
By way of an update, because this is pretty difficult to track down, people who are interested in standards and their interaction with trade and treaties might care to look at WTO Agreement on Technical Barriers to Trade which deals with technical regulations and standards, among other things.

Annex 3, the Code of Good Practice for the Preparation, Adoption and Application of Standards is being adopted by more countries.

There is some jargon: "harmonization" refers to differences with national standards, for example. It is not really the same "harmonization" as would be used for saying that ODF and Open XML should be somehow merged or married, for example.

Rick Jelliffe
2007-10-16 09:31:57
And by way of jotting down other research, this time for Australians: the Guide for Standards Australia in this area is SG-007 Adoption of International Standards