ISO 22384:2020 pdf download

ISO 22384:2020 pdf download.Security and resilience — Authenticity, integrity and trust for products and documents — Guidelines to establish and monitor a protection plan and its implementation
1 Scope
This document gives guidelines for assessing product security-related threats, risks and countermeasures by developing a suitable protection plan, supporting its implementation and monitoring its effectiveness after implementation. This includes consideration of impacts and modifications to, for example, product life cycle, supply chain, manufacturing, data management, brand perception and costs so as to adapt the protection plan accordingly. This document is applicable to all types and sizes of organizations that want to ensure authenticity and integrity in order to support the trustworthiness of products, including documents, data and services related to products. This document supports organizations setting up a process to assess risks and to select and combine individual measures for developing a product protection plan.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 22300, Security and resilience — Vocabulary
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 22300 and the following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1 brand
intangible asset, including but not limited to, names, terms, signs, symbols, logos and designs, or a combination of these, intended to identify goods, services or entities, or a combination of these,creating distinctive images and associations in the minds of stakeholders, thereby generating
economic benefit/values [SOURCE: ISO 20671:2019, 3.1]
3.2 brand piracy
use of a brand (3.1) without the brand owner’s permission
5.2 Identify assets to protect
The organization should specify what assets need protection. These assets can include:
— know-how;
— products;
— procedures;
— licensing models;
— consumer health and safety;
— relationships with stakeholders;
— operating concept;
— liability claims;
— image/reputation/brand value.
The organization should prioritize the protection of the assets according to its strategy and any applicable regulations, while considering the scope of the products and market need, as well as the timeframe.
5.3 Define protection objectives
The organization should:
— define and quantitively describe the objectives of the protection plan;
— where possible, provide protection objectives that can be quantitatively measurable;
— use the objectives to evaluate the success of the protection plan.
Protection objectives can be of a different nature and can include:
— legal and intellectual property (IP)-protection;
— compliance with regulations and conformity to standards;
— asset integrity;
— consumer protection;
— reputation and competitive advantage;