June 21, 2021
An international standard aimed at ensuring the safety and security of IoT systems has been published based on the "IoT Security Guidelines" and "IoT Safety/Security Development Guidelines" formulated by Japan.
This standard is expected to be widely used in the development and maintenance of IoT products and services, and to contribute to the safe and secure development of a connected world.
As the Internet of Things (IoT) evolves, a variety of devices are being connected to the Internet and new products and services are being offered. However, there are concerns about increasing risks to safety and security. Although people involved in developing and running these products and services have been taking action toward safety and security individually in relation to design, maintenance, and operation, there have never been any international standards.
Source: IoT Safety/Security Development Guidelines (IPA)
With a view toward the arrival of a full-fledged IoT society, in Japan, the National Center of Incident Readiness and Strategy for Cybersecurity formulated and published a "General Framework for Secure IoT Systems" in March 2016, and the IoT Acceleration Consortium published a set of "IoT Security Guidelines" in July 2016. These also include the content of the "IoT" series published by the IT Knowledge Center of the Information-technology Promotion Agency (IPA).
With the need for standards aimed at ensuring the safety and security of an IoT society being recognized internationally, Japan proposed a standard based on the IoT Security Guidelines, etc. and a standard based on the IoT Security Guidelines, General Framework for Secure IoT Systems, and the IPA's "IoT" series. The former was proposed to ISO/IEC JTC 1/SC 27 (Information security, cybersecurity and privacy protection), and the latter to ISO/IEC JTC1/SC41 (Internet of things and digital twin). (ISO is the abbreviation for the International Organization for Standardization.) Activities toward standardization have been moving forward progressively following these proposals. Among these activities, "ISO/IEC 30147:2021 Internet of Things (IoT) - Integration of IoT trustworthiness activities in ISO/IEC/IEEE 15288 system engineering processes" (which was proposed to JTC1/SC41) has been established as an international standard. It was published in May 2021.
2. Outline of the standardISO/IEC 30147 provides system life cycle processes for implementing and maintaining trustworthiness in IoT products and services, and applies and supplements the international standard ISO/IEC/IEEE 15288:2015 for general system life cycle processes. Here, trustworthiness refers to the ability of a system to meet the expectations of its stakeholders through security, privacy, safety, reliability, resilience, etc.
|International standards||Relevant JIS||Provisions contained in the standards|
|ISO/IEC/IEEE 15288:2015||X0170||General system life cycle processes
(Processes, tasks, and actions for developing and using systems)
|ISO/IEC 30147:2021||-||System life cycle processes for implementing and maintaining trustworthiness in IoT products and services
(Supplements ISO/IEC/IEEE 15288:2015)
3. Expected effects
This standard is expected to be widely used in the development and maintenance of IoT products and services, and to contribute to the safe and secure development of society.
Links to related information
- Building safeguards for reliable and affordable Internet of Things (IoT) environments (IPA website)
- IoT Safety/Security Development Guidelines(Second Edition) : Important Points to be understood by Software Developers toward the Smart-society (IPA website)
Division in Charge
International Electrotechnology Standardization Division, Industrial Science and Technology Policy and Environment Bureau