ISO/IEC JTC 1 explores emerging areas of Information Technology standardization

Posted by on May 16, 2019 in Information Technology, News | 0 comments

During the second week of May, ISO/IEC JTC 1 held its 34th plenary meeting in Lahaina, Maui, USA.. The meeting in Lahaina brought together more than 70 experts from 18 countries to discuss developments and plan new work programs across many aspects of the Information Technology standardisation landscape.

Delegates attending the ISO/IEC JTC 1 meeting in Lahaina, Maui, US

Constituted in 1987 as the first joint committee of both IEC and ISO, JTC 1 now comprises experts from 33 countries and has published 3181 standards in the field of Information Technology, with 544 currently under development.

Originally publishing standards in areas such as “Coded Character Sets” under sub-committee (SC) 2 and “Telecommunications and Information Exchange between Systems” under SC 6, JTC 1 has always kept pace with technology developments. JTC 1 has adopted its work program to the current technologies and technology trends and continues to focus on standards that build a foundation for the digitization of the technologies standardized across other committees of ISO and IEC.

The JTC 1 AG JETI (JTC 1 Emerging Technology and Innovation) is an important JTC 1 and is mandated to seek opportunities to facilitate JTC 1 standards development for future emerging and innovation technologies. It assesses the technology opportunities to identify the relevant standardization issues and priorities that warrant immediate action and those that should be watched for potential consideration later by JTC 1. JETI monitors the future considerations from JTC 1 SCs/WGs to perform successful execution of standards development and planning with an appropriate coordination in JTC 1

In order to gain the necessary input from a brought number of experts JETI is organizing an online-survey from June 10, 2019 to June 28, 2019. Dedicated information will submitted in due time

Some new trends and technologies being analysed and evaluated

  • Smart Cities,
  • 3D & 4D Printing & Scanning,
  • Autonomous and Data Rich Vehicles,
  • Open Source Software,
  • Quantum Computing,
  • Digital Twin,
  • VR /AR for Education, and
  • Trustworthiness

For updated information and news by JTC 1 on these topics please visit and

Meta Reference Architecture and Reference Architecture for Systems Integration

To enable better cooperation with other ISO and IEC Committees, JTC 1 has identified Meta Reference Architecture and Reference Architecture for Systems Integration as key components of the work program and has established an Advisory Group on this topic. Meta Reference Architecture and Reference Architecture for Systems Integration needs to provide the highest level of abstraction for multiple horizontal business domains under a systems-of-systems view, and Meta Reference Architecture and Reference Architecture should allow business value assessments to select among potential alternative models and or scenarios. The JTC 1 Meta-Reference Architecture Advisory Group will convene a workshop on August 20-22, 2019 at École de technologie supérieure (ETS), Montréal, Québec, Canada. The final program will also be posted as a JTC 1 document with an invitation for participation and also announced via the JTC 1 homepage on

The new JTC 1 Advisory Group (AG) on Digital Twin

The Digital Twin, which combines a variety of modern technologies such as the Internet of Things (IoT), cyber-physical systems (CPS), 3D modeling, simulation, and artificial intelligence (AI), is at the heart of the fourth industrial revolution. If the Internet of Things is a disruptive technology that is applied to all industries and services and brings radical changes in human life, the Digital Twin will integrate and interwork the real world and the virtual world based on the Internet of Things.

For this reason, the Digital Twin can be recognized as a dimension-bridging technology in which a link is established between the real world and the virtual world. This AG will analyse  industry and market status  with a focus on manufacturing, renewable energy, smart cities, farming, buildings and healthcare and will recommend  potential areas of standardization to JTC 1.

The next JTC 1 Plenary meeting will be on November 4 – 8, 2019 in New Delhi, India

IT Asset Management Standards (ISO/IEC 19770) Business Case & Overview

Posted by on Apr 24, 2019 in Uncategorized | 0 comments

23 April, 2019

JTC 1/SC 7 Chair, Dr Sundeep Oberoi and SC 7/ WG 21 Convenor, Ron Brill

IT Asset Management (ITAM) encompasses the system, processes and technology used to detect, track, manage and optimize IT assets throughout all stages of their lifecycle. IT Assets are defined as any IT-related hardware, software, subscriptions or services which the organization owns, is paying for, or is otherwise utilizing directly or indirectly. This definition of an IT Asset is broad, and includes not only servers, desktops and mobile devices, but also IoT, network and storage devices, and cloud services such as Software as a Service, Infrastructure as a Service, and Platform as a Service (SaaS/IaaS/PaaS), amongst many others. 

Effective ITAM is important for organizations of all types and sizes, for three main reasons:

  1. ITAM is an enabling competency for IT. Many key IT functions are dependent on complete and accurate ITAM information. Examples include the following (partial list):
  • Information Security: you cannot secure what you don’t know. The first task within Information Security is to understand what devices are connecting to your network, how they are configured (down to the patch-level), is the hardware and software genuine and authorized, etc. This is all ITAM information.  The dependency between Information Security and ITAM is so material that Gartner had predicted that “By 2022, 50% of ITAM initiatives will be primarily driven by information security needs and concerns
  • Configuration Management and Change Management: without knowing what IT assets exist and how they are configured (all ITAM information), the organization cannot determine whether that configuration is correct, and that no unauthorized changes are being made to it
  • Disaster Recovery: without knowing what IT assets exist, where they are, how they are configured, and what business functions are they supporting (all ITAM information), it would be difficult to reconstruct these assets (and therefore company operations) following a disaster
  • IT Financial Management: without knowing how much money the organization is spending on what IT assets, and the ability to manage future requisitions for IT assets (all ITAM information), it is difficult to budget and forecast for IT with any accuracy

2. ITAM is key for IT risk mitigation. One type of risk unique to ITAM is software license compliance. The software industry is known for software license compliance audits. Without effective ITAM it is easy even for a well-intentioned organization to over-deploy software beyond the organization’s license entitlements, thus exposing the organization to legal, financial, and repetitional risks. This is due to multiple factors including the following:

  • Complexity of ever-changing licensing rules
  • New technologies impacting licensing (e.g. virtualization, cloud, and edge computing)
  • The number of different software vendors under management (which may exceed 1,000 for a large organization)
  • Mergers & acquisitions on both the organization’s side and the software publisher’s side
  • Inherent limitations of tools available to assist in the process
  • Inability to control rogue end-user actions, to name just a few challenges

3. ITAM is key for IT cost savings: lack of complete and accurate ITAM information may lead organizations to spend a lot more on IT Assets than they need to, particularly on software which is taking an ever-increasing share of IT budgets. Examples include the following:

  • Shelf-ware: this situation occurs where the organization is paying for software (or maintenance renewal) that is not in use and isn’t needed. SaaS is actually prone to shelf-ware more than traditional on-prem software. Effective ITAM prevents shelf-ware from occurring
  • Re-harvesting: when hardware is retired, the software licenses consumed by that hardware should become available for re-deployment within the organization; however, this is only possible with effective ITAM in place
  • Architecture optimization: without effective ITAM, organizations may configure their environments in an unoptimized way from a licensing standpoint, resulting in more licenses being needed without any functional or operational benefits to the organization
  • Negotiation from a position of knowledge: without effective ITAM, organizations lack information about their needs, and are at the mercy of software publishers when negotiating software contracts

IT Asset Management is addressed in the ISO/IEC series of standards (under JTC1/SC7/WG21). There are three types of standards within that series:

  1. ITAM System – currently, this group includes one standard:
  • ISO/IEC 19770-1 – currently in its third (2017) edition, ISO/IEC 19770-1 is the primary ITAM standard. It is a Management Systems Standard (MSS) which was designed to be implemented jointly with other relevant MSSs, specifically ISO/IEC 27001 for information security. ISO/IEC 19770-1 addresses the overall management system that needs to be in place for effective ITAM. The standard also discusses 15 process areas that are expected to be managed in any ITAM system, and presents an optional tiered approach for their implementation:
    • Tier 1: Trustworthy Data
    • Tier 2: Life Cycle Integration
    • Tier 3: Optimization

2. ITAM Information Structure – this group of standards provides technical specifications for facilitating the exchange of information between software publishers, ITAM tool vendors, and end- user organizations. It does this by providing data structures/schemas for capturing, storing, detecting, and exchanging ITAM information. These standards currently include the following:

3. Overview & Vocabulary – currently this group includes one standard:

  • ISO/IEC 19770-5 Overview and Vocabulary – currently in its second (2015) edition. This is the only freely-available ITAM standard

In Summary, IT Asset Management (ITAM) is a key enabling IT competency for supporting other IT functions, mitigating risks, and saving costs. The ISO/IEC 19770 series of standards addresses ITAM from the perspective of both a management system (ISO/IEC 19770-1) and data structure for the exchange of ITAM information.

Applying systems and software engineering standards in very small entities

Posted by on Apr 16, 2019 in Uncategorized | 0 comments

Worldwide, a large majority of organizations developing systems or software are very small entities (VSEs), enterprises, projects or public organizations having up to 25 people. With the ISO/IEC 29110 series of standards and guides, VSEs now have documented development processes and third-party certification helping them to be recognized as entities that produce quality systems or software products.

After the establishment of WG 24 in 2005, members of WG 24 conducted an international survey to question VSEs about their utilization of ISO/IEC JTC 1/SC 7 standards and to collect data to identify problems and potential solutions to help them apply these standards. Respondents to the survey indicated that they did not have the resources or the expertise to adapt existing standards to their needs and, standards were difficult and bureaucratic and they did not provide adequate guidance for use by VSEs. A large percentage of respondents also indicated that they would like more guidance with examples, lightweight and easy-to-understand standards, complete with templates.

Standards for very small entities

The ISO 29110 series targets VSEs with little or no experience or expertise in selecting the appropriate processes from systems or software engineering lifecycle standards tailoring and documenting them (e.g. with activities and tasks, inputs/outputs and roles) to a project’s needs.

The ISO 29110 series targets VSEs with little or no experience or expertise in selecting the appropriate processes from systems or software engineering lifecycle standards tailoring and documenting them (e.g. with activities and tasks, inputs/outputs and roles) to a project’s needs.

The ISO 29110 series targets VSEs with little or no experience or expertise in selecting the appropriate processes from systems or software engineering lifecycle standards tailoring and documenting them (e.g. with activities and tasks, inputs/outputs and roles) to a project’s needs.

Once established, the ISO/IEC JTC1 SC 7 Working Group 24 took an innovative approach, using standardized profiles, to develop the set of ISO/IEC 29110 standards and guides. WG 24 re-used elements of published engineering standards (such as ISO/IEC/IEEE 15288 or 12207), to develop a four-stage road map for Start-ups to Grown-ups VSEs (Entry, Basic, Intermediate, and Advanced). The profiles are applicable to the vast majority of VSEs that don’t develop critical systems or critical software.

Management and engineering guides at the core

The core of ISO/IEC 29110 are the Management and Engineering Guides (i.e. ISO/IEC 29110-5-1 and ISO/IEC 29110-5-6) providing project management and systems and software engineering processes. Some ISO/IEC 29110 documents, such as the overview and the Management and Engineering Guides, are freely available from ISO[1]. They’ve been translated into Czech, French, Portuguese, and Spanish and adopted as national standards by several countries. Recently, ISO has even published an ISO 29110 document in Spanish.

Note: The boxes in light blue indicate documents in development

“In addition to developing and selling their own products, VSEs can also develop and/or maintain systems or software, having hardware and/or software components, that are used in larger systems; therefore, recognition of VSEs as suppliers of high quality systems or software is often required” says Dr. Claude Y Laporte, Lead Editor  of ISO/IEC JTC1 WG 24[1].

Pilot projects for SMEs and VSEs

A recent pilot projects, with six engineering SMEs and VSEs of the south of France, implemented an ISO 29110 Systems Engineering and Management Guide. This guide is mainly based of the ISO/IEC/IEEE 15288 standard. The six enterprises, established between 1994 and 2016, are operating in a wide range of domains, such as agriculture, automotive, nuclear, space, and have a size ranging 10 to 150 people. Many benefits (e.g. better risk management, fewer errors and reduction of the cost of errors, detection/correction of errors early in the project, shorter validation time, and reduction of the number of incidents at integration) have resulted from the implementation of the systems engineering guide of ISO 29110.

Since many ISO 29110 management and engineering guides are freely available and have been translated, the diffusion and implementation of the ISO 29110 series was greatly accelerated by universities of over 20 countries. Also, the first textbook[2] and mini case studies covering
ISO 29110 are now available as teaching material. Four universities of Mexico have even obtained a formal certification for their software development centres where students develop software products for internal or external customers. Also, in Thailand, an early adopter of
ISO 29110, over 10 universities are teaching ISO 29110. So far, about 450 public and private Thai organizations have achieved the ISO 29110 certification to the basic profile.

A second survey was conducted, by members of WG 24, in 2018. The responses collected indicated a high level of satisfaction of VSEs and their customers about ISO 29110. As an example, to the question “How long, after you implemented ISO/IEC 29110, did you notice any improvement”, over 64% of respondents noted improvements in productivity, 58% in quality in the first six months after the implementation of ISO 29110. Over 89% of respondents are completely or largely satisfied with their ISO 29110 implementation. A large percentage of customers of VSEs (79%) were completely and largely satisfied with the results of the system/software/service provided. WG 24 will use the results of the 2018 survey as one input to guide the revision of the ISO 29110 series of standards and guides.

Current work of WG 24

WG 24 is presently developing standards and guides to address Agile and DevOps development. Experts of WG 24 are also investigating the development of a guide to help VSEs in implementing quality requirements (i.e. usability, security) and measures from the ISO/IEC 25000 and ISO/IEC 27000 series.

The ISO/IEC 29110 series of Standards and Guides has helped to reduce the difficulty of VSEs in applying SC 7 standards and justifying the application of those standards to their business needs and practices. “ISO 29110 helps meet the need for VSEs’ specific systems and software lifecycle profiles and guidelines”, says Tanin Uthayana, Convenor of WG 24 – ISO/IEC JTC 1/SC 7.

[1] ISO/IEC 29110 public site in English, French and Spanish:



What questions should organization boards and executives be asking about AI technologies?

Posted by on Feb 27, 2019 in Uncategorized | 0 comments

Jan Begg, Chair SC 40, Wael Diab, Chair SC 42

Technologies such as artificial intelligence (AI) and IoT are changing the way we live and work. Complex business operations use increasingly data-rich systems, in order to enhance products and services.

These technologies bring many benefits, such as enhanced efficiency of manufacturing or improved healthcare delivery and quality of life; however, a number of issues must be addressed, such as new terminology, definitions, ways of doing things, and threats to business viability.

New Joint Working Group with broad stakeholder participation

The recent speed with which AI technologies, such as machine learning and analytics, have pervaded industries, cities, homes and infrastructures, has prompted the urgent need to address governance implications for the use of AI in organizations.

Against this backdrop, IEC and ISO Joint Technical Committee for information technologies (ISO/IEC JTC 1) has established a new Joint Working Group (JWC), with two of its committees (SCs), SC 40: IT Service Management and IT Governance and SC 42: Artificial intelligence. The JWG is tasked with developing the international standard ISO/IEC AWI 38507, Governance implications of the use of artificial intelligence by organizations.

The JWG will draw on the very broad business and IT expertise of SC 40 and SC 42 members and other IEC and ISO technical committees, covering different industries and related technology areas, such as analytics, big data, IoT, cyber security and more, in order to come up with a guidance document that can be understood by both audiences.

Guiding governance

“Time is of the essence and organization leaders need reliable and trusted advice as soon as possible. This new project will use standardized AI terminology and concepts which are being developed by SC 42 in parallel to the JWG development of 38507”, said Jan Begg, Chair, JTC 1/SC 40.

With a focus on business and providing a link with corporate governance, SC 40 looks at how technology areas or opportunities are managed within an organization, and then for people with responsibilities at governance level (board or executive managers), how they think about their governance responsibilities when it comes to technology. Find out more

“The partnership of SC 42 and SC 40 to address the governance implications of AI, through the joint working group, is an opportunity to expand the stakeholders interested in and involved in AI. Furthermore, it adds to the ecosystem approach that SC 42 has undertaken by bringing in another perspective, namely, governance”, said Wael Diab, Chair, JTC 1/SC 42.

SC 42 for AI was setup as a systems integration committee to provide guidance to IEC, ISO and JTC 1 committees looking at AI applications.

AI is a collection of technologies with numerous and different stakeholders who are approaching the deployment of AI systems from a business angle with a focus on customer needs, segments, services, products and regulatory requirements. Thus, it will need industry collaboration across domains, for example, IT and OT for applications in transportation, medical, financial, robotics, manufacturing and more.

For these reasons, SC 42 is the first international standards committee to look at the full AI ecosystem and adopt a broad approach that includes and goes beyond traditional interoperability. Find out more

More about the Joint Working Group

JTC 1 Resolution 11 – JWG between SC 40 and SC 42 on ISO/IEC AWI 38507, Governance implications of the use of artificial intelligence by organizations, was endorsed by JTC 1 and adopted during the 34th Meeting of ISO/IEC JTC 1, 5-8 November 2018 in Stockholm, Sweden, where it assigned the administrative lead to SC 42.

The Convenor is Janna Lingenfelder (Germany) and Dr Gyeung-min Kim is the Co-convenor, both until the end of 2021.

Peter Brown (United Kingdom) was nominated as editor of ISO/IEC AWI 38507.

Over 90 experts from 18 countries have registered to participate in this JWG.

Developing standards for emerging technologies and innovations

Posted by on Oct 17, 2018 in Uncategorized | 0 comments

During the IEC and ISO Joint Technical Committee (ISO/IEC JTC 1) plenary in Lillehammer, Norway in 2016, it was decided to establish a Joint Advisory Group (JAG) Group on Emerging Technology and Innovation (JETI).

In an interview, the Convenor of JETI, Dr. Seungyun Lee, talks about the group’s work and latest activities.

What is the aim of JETI?

JETI is mandated to seek opportunities to facilitate JTC 1 standards development for future emerging and innovation technologies with following terms of reference (ToR):

  • Assess the opportunities addressing evolving ICT business needs.
  • Assess technology opportunities to identify the relevant standardization issues and priorities that warrant immediate action and those that JTC 1 should watch for potential consideration at a later date.
  • Emphasize reaching out and incorporating input from external stakeholders, such as verticals, including financial services, healthcare or others.
  • Monitor future considerations from JTC 1 subcommittees (SCs), working groups (WGs), through their business plans, dashboards, and/or other alternative information sources, in order to successfully develop standards and planning with the appropriate coordination.
  • Make recommendations on actions to JTC 1.
  • Review and make suggestions to revise JTC 1 planning process (SD 4) as appropriate.

By carrying out these activities, JETI also maintains the JTC 1 planning process which entails four steps from information collecting to making recommendations. During the JTC 1 JAG meeting in Toronto this year, JAG recommended that JTC 1 should create a special working group which takes on the transfer of responsibility of JETI with the same ToR in anticipation of the disbanding of JAG from the following year.

What are the challenges?

There are many challenging issues on current standards development in the area of emerging and innovation technologies. In particular, since the current industries are faster evolving due to various ICT technologies so called digital transformation towards the fourth industrial revolution, the work on development of relevant standards is going to be more complicated where there are many more points to consider than in the past.

Firstly, what we have seen with recent ICT standards development is highly complex and converged specifications, fast delivery and adoption by industry as well as the need for openness. These are the fundamental requirements for a new paradigm of standards development for the forth industrial revolution.

Secondly, we need to consider significant requirements from market and industry, such as customer and provider requirements, which could make it more feasible for standards.

Thirdly, we must see if there are overlapping efforts among standards development organizations (SDOs). For example, in recent years, SDOs such as ISO, IEC, ITU-T as well as fora and consortia have been developing similar standards for Cloud Computing, Big Data, Artificial Intelligence (AI), Blockchain and others. So active cooperation among SDOs is increasingly important in order to prevent duplication and improve efficiency and relevance.

Finally, one of other significant issue is an open source or open source software. When we think about faster market penetration and proliferation of standards, open source could offer faster adoption and flexibility than standards, and open source itself is becoming a standard. For this reason, we need to consider how JTC 1 will treat open source software and how it will cooperate with the open source community as well.

Which technologies are you looking at?

In line with the JTC 1 planning process, JETI conducts surveys with JTC 1 SCs, WGs and study groups (SGs). One carried a few years ago for AI resulted in a proposal during the 2017 JTC 1 Plenary for need to develop standards for AI. Thanks to this survey work with support of JTC 1 members, JTC 1 decided to establish a new Subcommittee (SC) 42 for AI.

Over the past year, JETI has looked at emerging technologies with a broader spectrum based on recent trend analysis from research firms such as Gartner, IDC and others. Through an internal survey to JTC 1 experts in January 2018, JETI identified 15 top priority technologies as follows:

  1. Smart car
  2. Autonomous systems
  3. Robotics
  4. Connected car
  5. Digital twin
  6. Autonomous vehicles
  7. Quantum computing
  8. Augmented data discovery
  9. Virtual assistance
  10. Brain-computer interface
  11. 4D printing
  12. Cognitive computing
  13. Drone
  14. Smart workspace
  15. Neuromorphic hardware

Following on from this, JETI conducted another survey to all JTC 1 entities to work out the next steps to take for the 15 priority technologies. As a result, we were able to identify the related activities, priority areas and future work items in the current JTC 1 activities. So I believe that these survey results will be quite useful for all JTC 1 entities when they consider their future development of relevant standards and it will also facilitate their activities.

What is in the pipeline?

For the top 15 priority technologies identified by JETI, we are now developing the Technology Trend Report (TTR) in specific areas that we believe need in-depth analysis. We identified the following four:

JETI is also preparing a strategic plan for open source software assessment in terms of JTC 1 perspectives. It will mainly cover the JTC 1 strategy for IPR and license in open source software.

JETI will then use this to make some relevant recommendation(s) for how JTC 1 should proceed in this area, during the next JTC 1 Plenary.

Who and how can people get involved with JETI?

Basically, JETI is open to all JTC 1 experts, including SC Chair(s) and WG/SG Convenor(s), who are interested in future emerging and innovative technologies. They can apply to be JETI members through their national body office. Any questions or comments can be sent to me, JETI Convenor, and/or Mr KwanHoo Shin, JETI Secretary