CEN/CLC - CEN/CLC

This document specifies general interface requirements for small-bore connectors that form part of a medical device or accessory that conveys liquids or gases to a patient.
This document also identifies the applications for which these small-bore connectors are intended to be used, which include, but are not limited to:
—     respiratory;
—     enteral;
—     limb cuff inflation;
—     neural;
—     intravascular or hypodermic;
—     other use cases utilizing an ISO 80369-7 small-bore connector.
This document provides the methodology to assess non-interconnectable characteristics of small-bore connectors based on their inherent design in order to reduce the risk of misconnections between medical devices or between accessories for different applications as specified in this document as well as those that can be developed under future parts of the ISO and IEC 80369 series.
NOTE            Clause A.2 contains guidance or rationale for this Clause.

This document gives guidance on auditing management systems, including the principles of auditing, managing an audit programme and conducting management system audits, as well as guidance on the evaluation of competence of individuals involved in the audit process. These individuals include those managing the audit programme, auditors and audit teams.
It is applicable to all organizations that need to plan and conduct audits of management systems or manage an audit programme.
The application of this document to other types of audits is possible, provided that special consideration is given to the specific competence needed and the objectives to be achieved.

This document establishes the general concepts and principles of information technology (IT) security evaluation. It specifies the general model of evaluation given in this document, which in its entirety is intended to be used as the basis for evaluation of security properties of IT products.
This document provides an overview of all parts of the ISO/IEC 15408 series. It describes the various parts of the ISO/IEC 15408 series i.e.
defines the terms and abbreviations used in all parts of the series; establishes the core concept of a Target of Evaluation (TOE);
describes the evaluation context; and
describes the audience to which the evaluation criteria is addressed.
Additionally, this document introduces the basic security concepts necessary for the evaluation of IT products.

This document defines the principles and specifies the requirements and guidelines for unique product identifiers, unique economic operator identifiers, and unique facility identifiers used in digital product passports. It covers the following areas:
a)   global uniqueness;
b)   persistence;
c)   syntax;
d)   granularity;
e)   interoperability;
f)   openness.
This document accommodates unique product identifiers at three granularity levels of specificity: model, batch, or individual item, to support various operational needs.
This document describes identification (ID) schemes that use issuing agencies, self-issuing systems, or a combination of both.

This document specifies requirements and the minimum actions performed by an evaluator in order to conduct an evaluation using the criteria and evaluation evidence defined in the ISO/IEC 15408 series evaluation.

This document specifies requirements and a standardized framework for specifying objective, repeatable and reproducible evaluation methods and evaluation activities.
This document does not specify how to evaluate, adopt, or maintain evaluation methods and evaluation activities. These aspects are a matter for those originating the evaluation methods and evaluation activities in their particular area of interest.

This document specifies requirements for data carriers used in a digital product passport system. This covers: symbology characteristics, format, error correction codes, encoding methods, printing and production quality, and durability.
This document also specifies requirements on graphical or other indicators for easy recognition of DPP data carriers and the indication on the data carrier placement, machine readability, quality checking, links between physical product and digital representation.
The following aspects are out of scope: architecture and use cases, secure elements and any other cryptographic security features.

This document specifies the security assurance requirements of the ISO/IEC 15408 series. It includes the individual assurance components from which the evaluation assurance levels and other packages contained in ISO/IEC 15408-5 are composed, and the criteria for evaluation of Protection Profiles (PPs), PP-Configurations, PP-Modules and Security Targets (STs).

This document aims to standardize the specifications for the API of the digital product passport (DPP) as mandated by the ESPR of the European Commission. The purpose of this API is to facilitate the searchability of DPPs, as well as to provide the necessary means for interactions throughout the lifecycle of a product's DPP.

The scope of this document includes:
-   the semantic description of a product, including its properties where relevant and the semantic aspects to represent the product lifecycle;
-   a common information model allowing for the implementation of data dictionary systems;
-   metadata models and formats to be used in exchange and representation, allowing for the integration of dictionaries;
-   rules on how to systematically use such metadata models when developing product group specific data models and dictionaries;
-   technical and organizational interoperability.
This document follows the approach of standard interoperability layers and proposes the following aspects in this regard.

This document specifies requirements for data storage, archiving, and data persistence of digital product passports, all based on a decentralized approach. The archiving functionality securely stores historical passport data, preserving a comprehensive record of past information. Persistence ensures that data included in the digital product passport remains available even when the economic operator creating the digital product passport is no longer active.
This document also specifies requirements for the replication between economic operators and back-up operators as well as rules for data lifetime definition.

This document specifies requirements for the required structure and content of security functional components for use during a security evaluation. It includes a catalogue of functional components that meet the common security functionality requirements of many IT products.

This document defines a standard for secure and efficient data exchange protocols and data formats to be used for the digital product passport. Data exchange protocols establish the rules and procedures that systems follow when communicating and exchanging information. Data formats define the structure and presentation of that information so it can be understood and processed correctly by the involved systems. Together, protocols and formats ensure that data can be exchanged in a manner that is secure, interoperable, reliable, and compatible across various platforms and sectors.
This will guarantee that data are human and machine-readable, structured, searchable, and transferable through an open, interoperable network without vendor lock-in.
a)   Secure communication:
This document defines protocols that ensure secure and authenticated data exchange between systems, ensuring that data are protected against unauthorised access and, when necessary, only authorized entities can access the information.
b)   Interoperability for data exchange:
The protocols and data formats defined in this document support easy integration with existing data exchange systems, ensure compatibility of protocols and formats across various sectors and supporting a wide range of applications and use cases.
c)   Ease of use and integration:
Ensure that the identified protocols and formats can be implemented easily, especially for mobile devices, and are user-friendly in order to facilitate widespread adoption.
d)   Data integrity:
The protocols and data formats defined in this document ensure the integrity of information linked to physical objects and electronic data throughout the entire value chain, extending to the product's or asset's end-of-life.
e)   Documentation and discoverability:
The protocols and formats are available to individuals without specialized knowledge, enabling broader adoption across sectors.
In order to promote interoperability, reduce costs for businesses, and align with existing European regulations and initiatives, this document considers the data exchange protocols and data formats already in use in other legislations. Relevant existing standards are integrated into the development process to ensure consistency and coherence with industry practices and regulatory frameworks.

This document provides packages of security assurance and security functional requirements that are intended to be useful in support of common usage by stakeholders.
The users of this document can include consumers, developers and evaluators of secure IT products.

This document provides guidance on how and when to address adaptation to climate change in European standardization deliverables. It helps TCs to recognize when climate change or extreme weather may affect a standardization deliverable over its lifespan, understand when new or updated climate and weather data are needed, and incorporate adaptive and flexible solutions into standardization deliverables. This document is applicable to infrastructure, product and service standards. It provides a structured and practical framework to write, review and update standards in light of changing climate conditions.

This document specifies principles and requirements for a body operating certification of persons and includes the development and maintenance of a scheme for certification of persons.
NOTE 1        For the purposes of this document, the term "certification body" is used in place of the full term " body operating certification of persons", and the term "certification scheme" is used in place of the full term “scheme for certification of persons”.
NOTE 2        Annex A contains principles for certification of persons.

There are numerous pathways to produce hydrogen. This document specifies a methodology for different hydrogen production pathways for determining the greenhouse gases (GHG) emissions associated with the hydrogen supply chain from the raw material extraction up to the production gate.
This document considers the GHG emissions associated with hydrogen production up to the production gate. This document applies to and includes every step within the production process up to the production gate (see Figure 2 in the Introduction).
NOTE            Complementary documents in the ISO 19870 series will consider hydrogen conditioning, conversion and transport methods.
ISO 14044 requires the goal and scope of a life cycle assessment (LCA) be clearly defined and be consistent with the intended application. Due to the iterative nature of LCAs, it is possible that the LCA scope needs to be refined during the study. According to ISO 14040:2006, A.2, the goals and scope of LCAs correspond to one of the following two approaches:
an approach that assigns elementary flows and potential environmental impacts to a specific product system, typically as an account of the history of the product (see 4.1.2);
an approach that studies the environmental consequences of possible (future) changes between alternative product systems (see 4.1.3).
In this document, approach a) is referred to as an attributional approach, while approach b) is referred to as a consequential approach. Complementary information is accessible in the ILCD handbook[4].
A carbon footprint of a product (CFP) (3.1.2) or partial CFP (3.1.3) as defined by ISO 14067 can be estimated using either the attributional or the consequential approach, the latter corresponding to the use of “system expansion via substitution” to avoid allocation when a unit process yields multiple co-products. This document applies to the CFP for hydrogen production.

This document contains requirements for the competence and impartiality of bodies performing inspection, and for the consistent operation of their inspection activities.

NOTE 1        There is guidance or rationale for this Clause in A.2.1.
This document specifies the requirements for information supplied by the manufacturer for a medical device or an accessory, as defined in 3.1. This document includes the generally applicable requirements for identification and labels on a medical device or accessory, the packaging, marking of a medical device or accessory, and accompanying information. This document does not specify the means by which the information is to be supplied.
NOTE 2        Some authorities having jurisdiction impose different requirements for the identification, marking and documentation of a medical device or accessory.
Specific requirements of medical device product standards or group standards take precedence over requirements of this document.

This document specifies concepts used in the field of cloud computing. These concepts expand upon the cloud computing vocabulary defined in ISO/IEC 22123-1 and provide a foundation for other documents that are associated with cloud computing.
This document also provides detailed descriptions on the application of these concepts in cloud computing.

This document defines terms used in the field of cloud computing.

This document specifies the cloud computing reference architecture (CCRA).

This document provides terminology, concepts and a description of mechanisms in the field of data exchange focusing on trusted data transactions.
Those elements can be used in the development of standards in support of trusted data transactions and constitute a basis to identify key dimensions and criteria that contribute to the trust in a data transaction between interested parties.
Therefore, those elements constitute a foundational understanding on which trusted data transactions can be based, independently of any architectural choices or technical implementation.

This document defines the policy, functional and security requirements on (qualified) trust services for electronic ledger. This includes requirements to ensure:
-   their provision by one or more trust service providers;
-   the establishment of the origin of data records in the ledger;
-   the unique sequential chronological ordering of data records in the ledger;
-   the recording of data in such a way that any subsequent change to the data is immediately detectable, ensuring their integrity over time.

This document defines and establishes a framework for access management (AM) and the secure management of the process to access information and information and communications technologies (ICT) resources, associated with the accountability of a subject within some contexts.
This document provides concepts, terms and definitions applicable to distributed access management techniques in network environments.
This document also provides explanations about related architecture, components and management functions.
The subjects involved in access management can be uniquely recognized to access information systems, as defined in the ISO/IEC 24760 series.
The nature and qualities of physical access control involved in access management systems are outside the scope of this document.

This document specifies principles and gives guidance for developing normative documents that contain:
specified requirements for the object of conformity assessment;
specific methods and procedures for an individual conformity assessment activity (e.g. test methods);
rules and methodology for conformity assessment (as part of conformity assessment schemes, including provisions for organizations that perform conformity assessment activities).
This document is intended for the following users:
standards developers;
regulatory authorities;
conformity assessment scheme owners;
industry associations and consortia;
conformity assessment bodies;
accreditation bodies;
purchasers;
consumers and non-governmental groups;
other interested parties, e.g. insurance organizations.

This document specifies requirements and gives guidance on the verification of declared sustainability information, including information presented in quantitative and qualitative formats.
NOTE 1        Declared sustainability information can include reporting on environmental, social, governance and other sustainability matters.
NOTE 2        A verification programme can include a combination of validation and verification activities, and result in mixed engagements.

This document specifies general principles and requirements for the validation/verification of declared sustainability information, including reporting on environmental, social, governance and other sustainability matters.
This document is applicable to quantitative and qualitative information.
NOTE            These principles and requirements complement the set of rules and procedures that are provided in validation/verification programmes.
This document is also applicable as the basis for validation/verification activities that support other conformity assessment schemes.
This document is applicable to validation/verification bodies operating in accordance with ISO/IEC 17029.

This document specifies principles and requirements for the competence, consistent operation and impartiality of bodies performing validation/verification of declared sustainability information.
This document is an application of ISO/IEC 17029, which contains general principles and requirements for the competence, consistent operation and impartiality of bodies performing validation/verification as conformity assessment activities.
This document includes specific requirements related to bodies performing validation/verification of declared sustainability information in addition to the requirements of ISO/IEC 17029.
Any programme requirements related to bodies are additional to the requirements of this document.

This Technical Report (TR) provides guidance to contracting authorities on how to determine contract award criteria to meet the accessibility requirements of Directive (EU) 2019/882 (European Accessibility Act, EAA) and Directive (EU) 2016/2102 (Web Accessibility Directive, WAD); and on how to verify the conformance of publicly procured ICT products and services with these requirements. The present document describes how the accessibility requirements for the procured ICT should be specified, documented and assessed in the frame of the procurement process, under the EU Public Procurement Directives1. The different mechanisms for conformity assessment with the applicable accessibility requirements are explained. It is discussed how these mechanisms may be applied both in the pre-procurement research phase and when awarding a contract, as well as part of contract management in the post-award stage. This Technical Report also provides a useful guidance for bidders who prepare an offer for public procurement of ICT products and services, and others aiming to procure accessible ICT.

This document provides guidelines for the use of hydrogen in its gaseous and liquid forms as well as its storage in either of these or other forms (hydrides). This document identifies the basic safety concerns, hazards and risks, and describes the properties of hydrogen that are relevant to safety. Detailed safety requirements associated with specific hydrogen applications are treated in separate International Standards.
“Hydrogen” in this document means protium (the most common isotope of hydrogen) (1H), not deuterium (2H) or tritium (3H).

This document provides the guidelines of CEN and CENELEC’s policy towards building partnerships with European organizations, associations and other recognized stakeholders who have an interest in European standardization and are willing and able to provide added-value knowledge and to actively contribute with inputs and proposals to CEN and/or CENELEC corporate and technical bodies.

This document provides the minimum requirements for the knowledge and skills of assessment body testers and validators performing testing activities and validating activities for a conformance scheme using ISO/IEC 19790 and ISO/IEC 24759.

This document specifies requirements for a valuation of energy related investments (VALERI). It provides a description on how to gather, calculate, evaluate and document information in order to create solid business cases based on Net Present Value calculations for ERIs. The standard is applicable for the valuation of any kind of energy related investment.
The document focusses mainly on the valuation and documentation of the economic impacts of ERIs. However, non-economic effects (e.g. noise reduction) that can occur through undertaking an investment are also considered. Thus, qualitative effects (e.g. impact on the environment) - even if they are non-monetisable - are taken into consideration.

This document provides information security controls for the energy utility industry, based on ISO/IEC 27002:2022, for controlling and monitoring the production or generation, transmission, storage and distribution of electric power, gas, oil and heat, and for the control of associated supporting processes.

This document contains recommendations on how to integrate the principle of ‘data protection and privacy by design’
during the entire lifecycle of biometric access-control products and services, in order to achieve ‘data protection and
privacy by default’.
Biometric facial recognition for access control is covered by this document. Biometric facial recognition for surveillance is
covered by CEN/CLC/JTC 13 TR ‘Video surveillance’.
This document specifies recommendations for the management of data protection and privacy by design in biometricaccess-
control products and services. This document extends ISO/IEC 27552. This document applies to aspects of data
protection and privacy by design. This document is not applicable to non-biometric aspects of access control, or to aspects
not relating to data protection or privacy.

This document establishes an organized set of concepts and relationships to understand the competency requirements for information security conformance-testing and evaluation specialists, thereby establishing a basis for shared understanding of the concepts and principles central to the ISO/IEC 19896 series across its user communities.

This document provides the specialized requirements for individuals to demonstrate competence in performing IT product security evaluations and reviews according to the ISO/IEC 15408 series and ISO/IEC 18045.
NOTE            It is possible that evaluators and testers belong to bodies operating under ISO/IEC 17025 and reviewers belong to bodies operating under ISO/IEC 17065.

This document specifies requirements for establishing, implementing, maintaining and continually improving a privacy information management system (PIMS).
Guidance is also provided to assist in the implementation of the requirements in this document.
This document is intended for personally identifiable information (PII) controllers and PII processors holding responsibility and accountability for PII processing.
This document is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations.

This document specifies requirements and provides guidance for bodies providing audit and certification of a privacy information management system (PIMS) according to ISO/IEC 27701, in addition to the requirements contained within ISO/IEC 17021-1.
The requirements contained in this document are demonstrated in terms of competence and reliability by bodies providing PIMS certification. The guidance contained in this document provides additional interpretation of these requirements for bodies providing PIMS certification.
NOTE       This document can be used as a criteria document for accreditation, peer assessment or other audit processes.

This document specifies the safety requirements of hydrogen gas generation appliances or systems that use electrochemical reactions to electrolyse water to produce hydrogen, herein referred to as hydrogen generators.

This European Standard specifies requirements for Guarantees of Origin of electricity from all energy sources and of gaseous
hydrocarbons, Hydrogen, and heating & cooling.
This standard will establish the relevant terminology and definitions, requirements for registration, issuing, transferring and
cancellation in line with the RED and Cogeneration.
This standard will specify how to create accounts and associated ownership rights.
This standard will also cover measuring methods and auditing procedures.
These Guarantees of Origin may be traded and/or used for Disclosure/Labelling.
This standard is suitable for certification purposes.
This standard will specify the requirements on the issuing bodies and on the auditing bodies.

This document establishes the terms, definitions, symbols and abbreviations used in the fields related to hydrogen in energy systems.
This document is not applicable to the following fields:
—     biological methanation,
—     reactors for hydrogen production from other sources,
—     road, maritime and aviation transport,
—     aeronautics and space.
Note              These fields are foreseen to be covered in future editions of this document.
This document does not apply to carbon capture, storage and utilisation, as well as services.

NOTE         Clause A.2 contains guidance or rationale for this clause.
This document specifies requirements for small-bore connectors intended to be used for connections in neural applications.
This document does not specify requirements for the medical devices or accessories that use these connectors. Such requirements are given in particular standards for specific medical devices or accessories.

This document defines fundamental terminology for blockchain and distributed ledger technologies.

This TS provides requirements and ISO/IEC 17065 interpretations for Conformity Assessment Bodies (CABs) assessing Cloud Services
This TS is intended to be used by the National Accreditation Bodies (NABs), as well as CABs.

This document contains guidelines to be used in the process of drafting requirements of cybersecurity certification schemes for sectoral ICT services and systems. It includes all steps necessary to define, implement and maintain such requirements.

This document contains guidelines for developing and establishing policies and procedures for deletion of personally identifiable information (PII) in organizations by specifying:
—    a harmonized terminology for PII deletion;
—    an approach for defining deletion rules in an efficient way;
—    a description of required documentation;
—    a broad definition of roles, responsibilities and processes.
This document is intended to be used by organizations where PII is stored or processed.
This document does not address:
—    specific legal provision, as given by national law or specified in contracts;
—    specific deletion rules for particular clusters of PII that are defined by PII controllers for processing PII;
—    deletion mechanisms;
—    reliability, security and suitability of deletion mechanisms;
—    specific techniques for de-identification of data.

This document is intended to stablish and define functional and performance requirements and associated tests for Galileo Timing Receivers. This document covers the following topics related to Galileo Timing Receivers:
- GNSS constellations and frequencies processed: Galileo plus additionally GPS, with nominal mode being dual-frequency processing,
- Time scales processed, including at least Galileo System Time and Universal Time Coordinate,
- User dynamics, with two operation modes: static users with well-known and static antenna position and dynamics users with moving antenna,
- Holdover devices,
- Nominal and back-up modes, including single-frequency modes, single-constellation modes and holdover mode.
- Processing of timing integrity information disseminated by the Galileo System,
- Time Receiver Autonomous Integrity Monitoring processing,
- Anti-jamming and anti-spoofing capabilities, including Automatic Gain Control monitoring and Galileo Open Service Navigation Message Authentication processing,
- Robustness to multipath.
In addition, this document gives guidelines for the installation and maintenance of the receiver, including antenna, cabling and receiver installation, initial and periodic receiver calibration, and periodic maintenance.
On top of the functional requirements, performance requirements this document defines in terms of different key performance indicators such as:
- Accuracy, availability, continuity and integrity requirements,
- T-RAIM performances, including time to alert,
- Holdover performances including maximum degradation of the timing solution with time and maximum holdover time,
This document also gives a simple test suite to verify the most fundamental requirements of the Galileo Timing Receivers.