ISO/TC 292/WG 4 - Authenticity, integrity and trust for products and documents

This document gives guidelines for assessing product security-related threats, risks and countermeasures by developing a suitable protection plan, supporting its implementation and monitoring its effectiveness after implementation. This includes consideration of impacts and modifications to, for example, product life cycle, supply chain, manufacturing, data management, brand perception and costs so as to adapt the protection plan accordingly. This document is applicable to all types and sizes of organizations that want to ensure authenticity and integrity in order to support the trustworthiness of products, including documents, data and services related to products. This document supports organizations setting up a process to assess risks and to select and combine individual measures for developing a product protection plan.

This document gives guidelines for the content, security, issuance and examination of physical tax stamps and marks used to indicate that the required excise duty or other applicable taxes identified with an item have been paid and to signify that the item is legitimately on the intended market. Specifically, this document gives guidance on: — defining the functions of a tax stamp; — identifying and consulting with stakeholders; — planning the procurement process and selection of suppliers; — the design and construction of tax stamps; — the overt and covert security features that provide protection of the tax stamp; — the finishing and application processes for the tax stamp; — security of the tax stamp supply chain; — serialization and unique identifier (UID) codes for tax stamps; — examination of tax stamps; — monitoring and assessing tax stamp performance. This document is applicable only to tax stamps that are physical in nature and apparent to the human senses of sight (with the aid of a revealing tool if necessary) or touch, applied to a consumer good or its packaging and which allow material authentication. When the term "authentication" is used in this document, it refers only to the authentication of the tax stamp, not to the product on which the tax stamp is affixed. This document does not apply to systems or procedures that an issuing authority has in place to control and monitor its excise revenue collection, except by reference to them where they have an impact on the design or specification of tax stamps.

This document gives guidelines for establishing interoperability among independently functioning product identification and related authentication systems, as described in ISO 16678. The permanent transfer of data from one system to another is out of the scope of this document. It also gives guidance on how to specify an environment open to existing or new methods of identification and authentication of objects, and which is accessible for legacy systems that may need to remain active. It is applicable to any industry, stakeholder or user group requiring object identification and authentication systems. It can be used on a global scale, or in limited environments. This document supports those involved in planning and establishing interoperation.

This document establishes general principles for an organization to identify the risks related to various types of product fraud and product fraudsters. It provides guidance on how organizations can establish strategic, business countermeasures to prevent or reduce any harm, tangible or intangible loss and cost from such fraudulent attacks in a cost-effective manner. This document is applicable to all organizations regardless of type, size or nature, whether private or public sector. The guidance can be adapted to the needs, objectives, resources and constraints of the organization. This document is intended to promote common understanding in the field of product-related fraud risk and its countermeasures.