ISO/IEC 5153-1:2024

International
Standard
ISO/IEC 5153-1
First edition
Information technology — City
2024-03
service platform for public health
emergencies —
Part 1:
Overview and general requirements
Technologies de l'information — Plateforme de services urbains
pour les urgences en matière de santé publique —
Partie 1: Aperçu et exigences générales
Reference number
© ISO/IEC 2024
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2024 – All rights reserved
ii
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 1
5 Public health emergency scenario . 1
6 General requirements . 3
6.1 Accessibility requirements .3
6.2 Interoperability requirements .3
6.3 Privacy protection requirements .3
7 Data requirements . 3
7.1 Data traceability .3
7.2 Data exchange and sharing . .4
7.3 Data security .4
7.4 Data quality .4
8 Functional requirements for platform services . 5
8.1 Prevention and mitigation .5
8.1.1 Emergency planning .5
8.1.2 Emergency exercises .5
8.2 Preparedness .5
8.2.1 Information release .5
8.2.2 Warning distribution.5
8.3 Response .5
8.3.1 Self-quarantine monitoring .5
8.3.2 Self-check and reporting .5
8.3.3 Graphic code .6
8.3.4 Travel declaration . .6
8.3.5 Contact tracing .6
8.3.6 Public health resources management .6
8.4 Recovery .6
9 Security requirements . 6
9.1 Access security .6
9.2 Operation security .7
10 Privacy protection . 7
Annex A (informative) Certificate check . 8
Annex B (informative) Self-check and reporting . 10
Annex C (informative) Graphic code management system .12
Bibliography . 14

© ISO/IEC 2024 – All rights reserved
iii
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations,
governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/
IEC Directives, Part 2 (see www.iso.org/directives or www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of any
claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC had not
received notice of (a) patent(s) which may be required to implement this document. However, implementers
are cautioned that this may not represent the latest information, which may be obtained from the patent
database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall not be held
responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www.iso.org/iso/foreword.html.
In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology.
A list of all parts in the ISO/IEC 5153 series can be found on the ISO and IEC websites.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national-committees.

© ISO/IEC 2024 – All rights reserved
iv
Introduction
Public health emergencies, particularly those caused by infectious diseases such as the COVID-19 pandemic,
have unprecedented impacts on the social and economic aspect of many cities. A Public Health Emergency
of International Concern (PHEIC) is a formal declaration by the World Health Organization (WHO) of "an
extraordinary event which is determined to constitute a public health risk to other States through the
[6]
international spread of disease and to potentially require a coordinated international response".
Information technology can provide significant support in expanding city capacities to respond to such public
health emergencies, in particular by providing capabilities to coordinate data, services and applications
across operational domains for multiple stakeholders in smart cities.
Smart city applications can be classified into two groups: domain-specific applications and cross-domain
applications. In a public health emergency scenario, various information and services are provided via
different channels from different sources. It would be more convenient and simpler for users to have a single
hub which can provide all necessary services at the application layer.
This document introduces a city service platform as a single hub for public health emergencies.

© ISO/IEC 2024 – All rights reserved
v
International Standard ISO/IEC 5153-1:2024(en)
Information technology — City service platform for public
health emergencies —
Part 1:
Overview and general requirements
1 Scope
This document specifies the general requirements for a city service platform for public health emergencies.
It also specifies the requirements in terms of data, functions, security and privacy protection.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 27701, Security techniques — Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information
management — Requirements and guidelines
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
city service
service rendered in the public interest
Note 1 to entry: This is also known as "public service" and "service of general interest".
4 Abbreviated terms
DDoS distributed denial-of-service
PHE public health emergency
SCDP smart city digital platform
5 Public health emergency scenario
A public health emergency (PHE) is a typical smart city scenario which requires cross-sector and cross-
department cooperation and collaboration. Controlling a public health emergency and allocating necessary
emergency resources requires professional authority and enforceability, such as disease control and
prevention, emergency response and management, and healthcare. Information technologies also

© ISO/IEC 2024 – All rights reserved
enable accurate information collection and analysis, quick community reactions, enhancement of society
cooperation and support in decision-making, thus improving city sustainability and resilience under a PHE
scenario.
According to a study taken by the World Summit on the Information Society (WSIS), the main stakeholders
for a PHE include academia, civil society, the government, international organizations, the private sector and
[4]
others (individuals and organizations). These stakeholders can be further categorized into three roles, as
follows.
1) Manager and coordinator: ensures preparedness, readiness and response actions at an appropriate
scale to reduce both PHE spread and economic, public and social impacts.
2) Service provider: implements and provides necessary technologies, measures, services and tools based
on user demand and policies made by manager and coordinator.
3) User: follows official guidance and uses services provided to protect themselves and others with respect
to public interest.
PHEs have wide impact on all aspects of city operation and public daily life. In general, the following four
phases of emergency management are widely applied:
— Prevention and mitigation: cover activities or precautions for assessing and preventing the risks,
vulnerabilities, threats, potential severity, likelihood, consequences and impact of a PHE for cities. With
these activities or precautions, it can be ensured that cities have taken adequate steps to prevent and
reduce the likelihood of occurrence or mitigate the damaging effects.
NOTE It is necessary to consider and plan prevention and mitigation in advance of an actual emergency.
— Preparedness: covers the planning that needs to be incorporated or decided actions that will assist in
successfully dealing with an emergency.
— Response: covers the reality of how to respond to an emergency scenario.
— Recovery: takes place after the emergency is over and the immediate danger has subsided.
City services are located at the smart applications layer as described in ISO/IEC 30145-3. With the common
data and service capabilities provided by a smart city digital platform as described in ISO/IEC 24039, a
city service platform for PHE focuses on providing scenario-specific and integrated services to improve
emergency response efficiency, ensure city operation, protect public safety and continue daily life
throughout the emergency prevention and mitigation, preparedness, response and recovery stages, as
shown in Figure 1.
Figure 1 — City service platform for public health emergency (PHE)

© ISO/IEC 2024 – All rights reserved
6 General requirements
6.1 Accessibility requirements
A PHE can have global impact for everyone, including people living in situations of poverty, older people,
people with disabilities, young people and indigenous peoples.
Thus, a city service platform for PHE shall provide the necessary accessibility supports for people with
difficulties in vision, physical ability, hearing or mobility, and people with cognitive impairments or learning
disabilities. A city service platform for PHE should support and meet corresponding requirements for digital
inclusion solutions and initiatives provided by government, civil society and international organizations,
taking into consideration the unbalanced development of information infrastructure that can present
startling digital inequalities between and within countries.
6.2 Interoperability requirements
A PHE can impact all aspects of daily life and social activities. PHE-related digital services can be delivered
via various channels, such as sensors, cameras, mobile devices, tablets, smart terminals, smart screens, etc.
Thus, a city service platform for PHE should enable data and system interoperability for various devices and
terminals.
For example, individuals can use mobile apps to report relevant information. Professional or authorized
organizations can use client web programs to confirm reported information and executive responses.
Coordinators and management departments can use smart screens to visualize the overall situation and
perform decision-making.
Technical requirements for a city service platform for PHE in terms of data, service and interface are
provided in Clause 7 and Clause 8.
6.3 Privacy protection requirements
To control the spread of a PHE, the collection of personal information, such as health-related information,
travel history and medical records can be necessary. Thus, a city service platform for PHE shall establish a
complete privacy protection policy according to municipal policy and regulations, taking both technical and
business aspects into consideration, such as the location of the platform, where and to whom the service is
delivered, etc. Technical privacy protection requirements for a city service platform for PHE are provided in
Clause 10.
7 Data requirements
7.1 Data traceability
Data traceability requirements and recommendations of a city service platform for PHE shall include the
following points.
a) Within the specified data retention period, the data should be clear, readable, understandable and
traceable, ensuring that the steps and the sequence of data generation can be completely reproduced.
b) Operations such as data extraction, cleaning, loading, fusion and conversion during data processing
shall be recorded through the audit trail function to ensure the traceability.
c) Alternative methods should be used for situations that do not have the audit trail function, such as log,
change control, record version control or original electronic records, supplemented with paper records
to ensure the data traceability.
d) The audit trail function of the platform shall not be closed and the data generated by the audit trail
function shall not be modified. The frequency and the content of the audit trail review should be
determined based on task risk level.

© ISO/IEC 2024 – All rights reserved
e) Data traceability analysis, auditing and tracking should be supported to improve supervision for the
spread of unauthorized data.
f) The record storage duration should be determined by fully considering the municipal regulations and
legal requirements.
7.2 Data exchange and sharing
The data exchange and sharing requirements and recommendations of a c
...