ISO/DTR 20180

© ISO #### – All rights reserved
1 Reference number of document: ISO/TC 154 N1630
2 Date: 2025-10-26
3 Reference number of project: ISO/DTR 20180
4 Committee identification: ISO/TC 154
5 ISO/TC 154
6 Secretariat: SAC
7 Date: 2025-12-15
8 Risk-based product quality data interchange in Ee-commerce
11 DTR stage
13 Warning for WDs and CDs
14 This document is not an ISO International Standard. It is distributed for review and comment. It is subject to
15 change without notice and may not be referred to as an International Standard.
16 Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of
17 which they are aware and to provide supporting documentation.
18 To help you, this guide on writing standards was produced by the ISO/TMB and is available at
19 A model manuscript of a draft International Standard (known as “The Rice Model”) is available at
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication
may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying,
or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO
at the address below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: + 41 22 749 01 11
Fax: +41 22 749 09 47
EmailE-mail: copyright@iso.org
Website: www.iso.orgwww.iso.org
Published in Switzerland
iii
Contents
Foreword . v
Introduction . vi
1 Scope . 7
2 Normative references . 7
3 Terms and definitions . 7
4 E-commerce supply chain context . 8
4.1 Overview . 8
4.2 Participants . 9
4.3 Key e-commerce business stages . 9
5 Product risk assessment in e-commerce . 10
5.1 Overview . 10
5.2 Risk identification . 10
5.3 Risk analysis . 15
5.4 Risk evaluation . 17
5.5 Product risk mitigation based on data interchange . 17
6 Risk-based product quality data for interchange . 18
6.1 Overview . 18
6.2 Information packages . 18
6.3 Datasets . 20
6.4 Data quality . 22
6.5 Data augmentation . 22
7 Process for quality data interchange in e-commerce . 23
Annex A (informative) Use case of risk assessment and risk-based quality interchange in e-
commerce . 34
Annex B (informative) Example of XML schema definition for risk-based product quality data
interchange in e-commerce . 38
Bibliography . 7

iv
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out through
ISO technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the
International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of
ISO documents should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawnISO draws attention to the possibility that some of the elementsimplementation of this
document may beinvolve the subjectuse of (a) patent(s). ISO takes no position concerning the evidence,
validity or applicability of any claimed patent rights in respect thereof. As of the date of publication of this
document, ISO had not received notice of (a) patent(s) which may be required to implement this document.
However, implementers are cautioned that this may not represent the latest information, which may be
obtained from the patent database available at www.iso.org/patents rights. ISO shall not be held responsible
for identifying any or all such patent rights. Details of any patent rights identified during the development of
the document will be in the Introduction and/or on the ISO list of patent declarations received (see ).
E-commerce is subject to a huge amount of national and international law. The definitions are only to be used
for interpreting the associated standard and not to replace any legal definitions established in case law in
country. Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation onof the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO’s adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT)), see the following URL:
www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 154, Processes, data elements and documents in
commerce, industry and administration.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
v
Introduction
The exponential growth of Ee-commerce presents new challenges for stakeholders regarding consumer
product safety. Unsafe products make their way to the market, because customs and market surveillance
authorities worldwide are understaffed compared to the high volume of parcels crossing borders daily. E-
commerce platforms and sellers, especially small and medium-sized enterprises (SMEs), face challenges in
complying with legal safety rules across multiple markets due to complex, globally-sourced supply chains.
In order to protect consumers from unsafe products, it is critical for platform operators to enhance their
checks to prevent unsafe products to be offered to consumers online. Similarly, it’sit is crucial for sellers to
provide evidence of compliance with safety and other legal requirements as a condition for their listing.
Relevant government agencies encourage the exchange of advanced Ee-commerce specific information to
maintain a balance between facilitating time-sensitive Ee-commerce and ensuring efficient controls for
product safety. Proper product quality data therefore can be obtained at the earliest point in the supply chain
and incrementally added and exchanged in time by relevant parties along the supply chain in Ee-commerce.
For efficient exchange of these data, a top priority is to decide the minimum data needed. Applying a risk-
based compliance method to differentiate between low-risk and high-risk Ee-commerce trade enables
interchange of more targeted data. It is also important for all stakeholders in Ee-commerce to have a common
understanding about the description and structuring of the data, and also its reference to the existing
international standards.
vi
ISO #####-#:####(X)
1 Risk-based product quality data interchange in Ee-commerce
2 1 Scope
3 This document provides information on how to address product quality data interchange based on risk
4 assessment for consumer product safety in Ee-commerce. This document:
5 — — It analyses Ee-commerce supply chain context;
6 — — It analyses product risk assessment in Ee-commerce;
7 — — It gives use cases on risk-based product quality data for interchange;
8 — — It presents the general process for product quality data interchange among Ee-commerce
9 stakeholders.
10 2 Normative references
11 There are no normative references in this document.
12 3 Terms and definitions
13 For the purposes of this document, the following terms and definitions apply.
14 ISO and IEC maintain terminology databases for use in standardization at the following addresses:
15 — — ISO Online browsing platform: available at https://www.iso.org/obphttps://www.iso.org/obp
16 — — IEC Electropedia: available at https://www.electropedia.org/https://www.electropedia.org/
17 3.1
18 risk
19 effect of uncertainty on objectives
20 Note 1 to entry: An effect is a deviation from the expected. It can be positive, negative or both, and can address,
21 create or result in opportunities and threats.
22 Note 2 to entry: Objectives can have different aspects and categories, and they can be applied at different levels.
23 [SOURCE: ISO 31000:2018, 3.1, modified-note — Note 3 to entry was removed].]
24 3.2
25 consumer product
26 product designed and produced primarily for, but not limited to, personal use, including its components,
27 parts, accessories, instructions and packaging
28 [SOURCE: ISO 10377:20172013, 2.2]
29 3.3
30 risk factor
31 characteristic or circumstance which can contribute to, or cause, consumer vulnerability
©  ISO #### – All rights reserved 7

ISO #####-#:####(X)
32 [SOURCE: ISO 22458:2022, 3.9]
33 3.4
34 risk source
35 element which alone or in combination has the potential to give rise to risk (3.1)
36 [SOURCE: ISO 31000:2018, 3.4]
37 3.5
38 hazard
39 potential source of harm
40 [SOURCE:Note 1 to entry: Adapted from ISO Guide 73:200931073:2022, 3.5.1.4]3.12.
41 3.6
42 level of risk
43 assessed magnitude of the risk (3.1)
44 [SOURCE:Note 1 to entry: Adapted from ISO Guide 73:200931073:2022, 3.6.1.8]3.22.
45 3.7
46 Ee-commerce operator
47 individual or organization engaged in Ee-commerce
48 [SOURCE: ISO 32110:2023 3.2.4]6, modified — Note 1 to entry was removed.]
49 3.8
50 Ee-commerce platform operator
51 organization whothat operates an Ee-commerce platform
52 [SOURCE: ISO 32110:2023 3.2.57]
53 3.9
54 seller
55 individual or organization that sells products over open networks
56 [SOURCE: ISO 32110:2023, 3.2.13], modified — Notes 1 and 2 to entry were removed.]
57 3.10
58 stakeholder
59 person or organization that can affect, be affected by, or perceive themselves to be affected by a decision
60 or activity
61 Note 1 to entry: The term “interested party” can be used as an alternative to “stakeholder”.
62 [SOURCE: ISO 31000:2018 3.3]
63 4 E-commerce supply chain context
64 4.1 Overview
65 E-commerce supply chain involves complex business processes and web of stakeholders, all of which can
66 be sources of consumer product quality risk. To help to mitigate these risks, it'sit is essential to assess the
© ISO #### – All rights reserved

ISO #####-#:####(X)
67 risk level in the context of Ee-commerce supply chain, and enable the stakeholders to obtain sufficient
68 quality data to ensure consumer product safety. TheTwo key considerations are the major participants
69 involved in quality data interchange and the key Ee-commerce business stages are two key considerations.
70 4.2 Participants
71 The following stakeholders can take part in the data interchange for product quality control：:
72 — —Upstream supplier：: an organization or individual that provides goods to be sold online, which
73 includes but is not limited to manufacturers, vendors, individual sellers, third-party suppliers, etc.
74 — —E-commerce platform operator： (see 3.83.8).
75 — —Seller： (see 3.93.9).
76 — —Logistics service provider：: an organization that provides services of transport, distribution of
77 products traded online, e.g. cross-border logistics, and local delivery.
78 — —Warehousing service provider: an organization that provides services of warehousing, of products
79 traded online, e.g. exporting country warehouse, importing country warehouse.
80 — —Customs: a government regulatory authority that supervises and clears imported and exported
81 products across a border based on the relevant laws and administrative regulations.
82 — —Market surveillance agencies: a government regulatory authority that supervises and manages
83 products based on the relevant laws and administrative regulations.
84 — —Customs brokers: a party that provides customs declaration services for Ee-commerce supply
85 chains.
86 — —Buyers: an individual or organization who purchases products online.
87 4.3 Key Ee-commerce business stages
88 Product quality risks in the Ee-commerce supply chain can arise from a variety of sources at each Ee-
89 commerce business stage. Key Ee-commerce business stages include upstream supply, online
90 transaction, logistics, warehousing, customs clearance, and after-sales.
91 — —Upstream supply： In: in this stage，, upstream suppliers provide products or products
92 information to Ee-commerce operators for sale.
93 — —Online transaction：This: this stage involves buyers purchasing products from sellers via Ee-
94 commerce platforms with key links including online display.
95 — —Logistics: Logisticslogistics service providers are responsible for transporting products in the Ee-
96 commerce supply chains, covering processes such as product packaging, handling, and shipping.
97 — —Warehousing: Warehousingwarehousing services (provided by warehousing operators in the
98 exporting country, importing country, or both) involve storing products to support subsequent
99 transportation, with core work including inventory management, environmental control, and product
100 storage.
©  ISO #### – All rights reserved 9

ISO #####-#:####(X)
101 — —Customs clearance: Thisthis stage requires imported or exported products to go through
102 formalities such as document verification and physical inspection in accordance with the customs
103 regulations of the importing/exporting country.
104 — —After-sales: Afterafter-sales services refer to the support provided by Ee-commerce operators to
105 customers after order completion, including handling returns/exchanges, addressing product
106 complaints, and collecting customer feedback and reviews.
107 5 Product risk assessment in Ee-commerce
108 5.1 Overview
109 The overall process for product quality risk assessment involves risk identification, risk analysis and risk
110 evaluation.
111 5.2 Risk identification
112 5.2.1 Overview
113 Risk identification in Ee-commerce is the process that involves detecting, recognizing, and describing the
114 potential hazards that can be encountered by end-users during the various stages of Ee-commerce
115 product lifecycle. The general approach involves first identifying risk sources, then further pinpointing
116 the specific risk factors associated with key stages in the Ee-commerce supply chains. This document
117 provides a list of common risk factors in the Ee-commerce supply chains as a reference for conducting
118 qualitative or quantitative risk analysis.
119 To conduct product quality risk assessment, it is crucial to recognize and describe the potential risk
120 sources and significant risk factors in Ee-commerce supply chain first of all.
121 5.2.2 Risk sources
122 A risk source is the fundamental origin or root cause that gives rise to risk. The risk sources in Ee-
123 commerce can include product, provider of product or service, and related business process as shown in
124 Figure 1Figure 1. .
© ISO #### – All rights reserved

ISO #####-#:####(X)
127 Figure 1: — Potential risk sources
128 a) Product: Thethe different categories, origins, and other characteristics of products exhibit varying
129 levels of risks to consumer health and safety.
130 b) Provider of product or service:
131 1) Upstream supplier: Suppliersupplier qualification (e.g. whether they hold valid production
132 licenses, quality management system certifications) and history of compliance with rules,
133 regulations, and applicable laws are key determinants of potential risks. Moreover, these two
134 factors clearly reflect how robust the supplier’s internal risk management and quality control
135 capabilities are: suppliers with complete qualifications and a clean compliance record are far
136 more likely to ensure product quality, while those with incomplete qualifications or a history of
137 non-compliance have a much higher probability of introducing substandard or unsafe products
138 into the supply chain.
139 2) Seller: Aa seller’s non-compliance (e.g. selling products that do not meet national safety
140 standards) and dishonesty (e.g. concealing product defects or falsifying quality information ))
141 can directly lead to the circulation of counterfeit or shoddy products.
142 3) Logistics service provider: qualificationQualification and compliance history of logistics service
143 provider are responsible for the physical transportation of products, which is a critical link in
144 maintaining product quality. Their qualification (e.g.,. whether they have the capacity to
145 transport special products like perishables or fragile goods) and compliance history (e.g.,.
146 whether they follow standardized packaging and handling procedures) directly affect whether
147 products remain intact during transit.
148 4) Warehousing service provider: Warehousingwarehousing service providers are in charge of
149 product storage, and their operations directly impact the preservation of product quality. Their
150 qualification (e.g.,. whether warehouses meet environmental standards for specific products,
151 such as moisture-proof requirements for electronics or low-temperature conditions for
152 pharmaceuticals) and compliance history (e.g.,. whether they implement strict inventory
153 management to avoid mixing defective and qualified products) determine whether products
154 maintain their original quality during storage.
155 5) Customs broker: Customscustoms brokers handle clearance procedures for multiple importers
156 simultaneously, acting as a "“bridge"” between imported products and the domestic market. Due
157 to their role in managing documentation verification, product declaration, and compliance with
158 customs regulations for multiple clients, any illegal or non-compliant behaviorbehaviour (e.g.,.
©  ISO #### – All rights reserved 11

ISO #####-#:####(X)
159 falsifying product origin information, concealing product defects to avoid inspection) can spread
160 risks across multiple importers and their products.
161 c) Related business process:
162 1) Online transaction: Informationinformation asymmetry in online product listings can be a core
163 risk trigger in this process. When listings lack transparency (e.g.,. omitting key quality indicators
164 likesuch as material composition or safety certifications), contain inaccuracies (e.g.,.
165 exaggerating product durability or performance), or use deceptive content (e.g.,. falsifying
166 "“certified safe"” labels), buyers can be misled to purchase substandard products.
167 2) Logistics: Logisticslogistics service directly affects the physical integrity of products. Improper
168 operations during transportation (e.g.,. rough handling, inadequate packaging for fragile goods,
169 or failure to maintain temperature control for perishables/ or medications) can easily cause
170 product damage, deterioration, or contamination, thereby triggering quality risks.
171 3) Warehousing: Warehousingwarehousing involves long-term or short-term storage of products,
172 and its management directly impacts whether products maintain their original quality. Factors
173 such as warehouse environmental conditions (e.g.,. temperature, humidity, ventilation— ‒
174 especially important for perishable or humidity-sensitive products) and inventory management
175 practices (e.g.,. avoiding long-term storage that can cause product deterioration, preventing
176 mixing of and qualified products) have a direct and significant impact on maintaining product
177 quality.
178 4) Customs clearance: Thethe customs clearance process can be a risk source for product quality,
179 mainly due to two factors: non-compliance with access requirements and delays. Delays in
180 clearance or failure to identify non-compliant products during inspection can result in quality
181 risks for products entering the market.
182 5) After-sales: Thethe after-sales process is a potential product quality risk source, primarily
183 because it involves post-purchase product maintenance and issue resolution— ‒ improper
184 handling here can exacerbate quality risks or hide existing ones. On one hand, these services play
185 a key role in maintaining product quality “after delivery”: they help resolve quality issues that
186 arise post-purchase (e.g.,. replacing defective products) and ensure customer satisfaction. On the
187 other hand, customer feedback and reviews (which reflect real usage experiences, such as
188 product defects or performance failures) provide direct and valuable insights for Ee-commerce
189 operators to identify potential product quality loopholes and improve quality management.
190 5.2.3 Risk factors
191 Major risk factors are specific threats or vulnerabilities that stem from the risk sources. They are
192 identifiable and detailed elements that can enable more precise risk assessment.
193 The major risk factors in Ee-commerce supply chain are shown in Figure 2Figure 2. .
© ISO #### – All rights reserved

ISO #####-#:####(X)
©  ISO #### – All rights reserved 13

ISO #####-#:####(X)
198 Figure 2: — Major risk factors in Ee-commerce
199 a) a) Risk factors from product
200 1) 1)Type: Potentialpotential risks can arise due to inherent properties of different categories of
201 products, e.g. physical feature, composition, functionality.
202 2) 2)Origin: Sourcingsourcing products from countries or regions with inherent systemic
203 vulnerabilities— ‒ such as endemic diseases, weak regulatory oversight, or prevalent pest
204 infestations— ‒ poses a significant risk to product safety and quality.
205 3) 3)End use: Deviationdeviation from intended use purpose, target user group, or specified
206 operating environment can greatly increase the risk.
207 4) 4)Quality attestation: Potentialpotential risks can arise due to insufficient or unreliable
208 verification of provided product quality attestations, e.g. self-declaration, testing report,
209 inspection report, certificate.
210 b) b) Risk factors from provider of product or service
211 1)Qualification:
212 1) Risk risk can stem from insufficient, invalid, or fraudulent provider credentials, including
213 licenses, certifications, or accreditation, which are prerequisites for competent service delivery.
214 2) 2)History record: A provider'sa provider’s documented history of adhering to rules, regulations,
215 and applicable laws serves as a key indicator of risk. A record of non-compliance, violations, or
216 recurring issues signals a higher risk profile.
© ISO #### – All rights reserved

ISO #####-#:####(X)
217 c) c)Risk factors from related business process
218 1) 1) Online display: Thethe presence of inaccurate, exaggerated, or misleading product
219 information online, can lead to incorrect buyer expectations, misuse, or non-compliance with
220 advertising standards.
221 2) 2) Packaging: Inadequateinadequate packaging that is unsuitable for the product or transit mode
222 increases the risk of physical damage, environmental spoilage, or contamination.
223 3) Handling: Improperimproper handling methods, procedures, during loading, unloading and
224 moving can directly lead to product damage, contamination, or loss.
225 4) 2) Shipping :Failure: failure to maintain required transit conditions— ‒ including temperature
226 control, humidity levels, and proper cargo securing— ‒ can increase the risk inof product
227 damage or deterioration from shock, vibration, or environmental exposure.
228 5) 3) Storage:Failure failure to maintain a secure, controlled storage environment (e.g.,. incorrect
229 temperature, humidity, or pest control), can lead to damage, spoilage, or cross-contamination of
230 the stored products.
231 6) 6) Inventory management: Flawsflaws in inventory management, such as a lack of proper stock
232 rotation co-mingling of different product types, or inaccurate record-keeping, can lead to the
233 distribution of expired or compromised goods.
234 7) Clearance: Extendedextended detention of goods during customs clearance due to procedural
235 delays or the submission of incorrect documentation, potentially damaging time-sensitive
236 e.
products, alongside the failure to intercept non-compliant items.
237 8) 4) Return : A: a high frequency of product returns due to defects, damage, or not matching the
238 description, can serve as a direct indicator of potential quality failures or issues with online
239 display accuracy.
240 9) 5) Customer review: Thethe identification of recurring patterns in customer feedback regarding
241 product defects, safety concerns, or performance issues, can signal underlying quality or design
242 flaws.
243 5.3 Risk analysis
244 5.3.1 Overview
245 Risk analysis involves the assessment of the likelihood and impact of each risk factor. Product risk
246 analysis methods can be qualitative, quantitative or combination of both, depending on the information
247 collected and the type of analysis performed.
248 5.3.2 Likelihood
249 The likelihood of hazards occurring during the life cycle of an Ee-commerce transacted good is one of the
250 two core elements of risk assessment. Likelihood evaluation methods can use objective and subjective
251 probability estimation. Objective probability estimation needs a lot of objective data and information
252 support. Subjective probability estimation is mainly based on experience, knowledge, or expert inference
253 from similar events. Risk assessment can use suitable methods to set criteria for likelihood according to
254 actual needs and resources.
©  ISO #### – All rights reserved 15

ISO #####-#:####(X)
255 Table 1Table 1 shows an example of likelihood levels.
256 Table 1 : — Example of likelihood levels
257 (for illustration purposes only)
Likelihood(Qua Score(Quantit
Description
litative ative
(qualitative) (quantitative)
frequentlyFrequently occurs, more than 60 issues reported over a period
Almost certain 5
of 6 months
Likely oftenOften occurs, up to 60 issues reported over a period of 6 months 4
sometimesSometimes occurs, up to 30 issues reported over a period of 6
Possible 3
months
Unlikely Seldom occurs, less than 6 issues reported over a period of 6 months 2
Rare Rarely occurs, no issues reported over a period of 12 months 1
Note: NOTE An “issue” is defined as a product safety and compliance regulatory contact to related Ee-commerce
operators (e.g. a customs inspection notice, violation, request for information, government inquiry, etc.).
258 5.3.3 Severity levels of potential consequences
259 E-commerce products can pose various risks to consumers, including safety hazards, health threats,
260 environmental concerns, non-compliance with laws and regulations, and infringements of consumer
261 rights.
262 The severity of these consequences reflects the extent of harm imposed on consumers and serves as a
263 critical factor in risk assessment. Assessors can evaluate severity by examining the degree to which a risk
264 factor compromises overall product quality. Alternatively, they can conduct a comprehensive analysis
265 based on the nature, timing, and scope of the consequences. If a product is associated with multiple types
266 of harm, it is important to assess individually to determine its respective severity level.
267 Table 2Table 2 provides a reference example of severity levels of consequences.
268 Table 2: — Example of severity levels of consequences
269 (for illustration purposes only)
Consequence(Q Scores(Quantita
ualitative Description tive
(qualitative) (quantitative)
Disastrous
The harm is extremely serious and meets one of the following
（Extremely conditions: (1) leading to human death (2) threatening to spread or
disseminate nationwide (3) triggering widespread media coverage,
(extremely
causing public panic and affecting the credibility of the government
serious)
More serious harm to meet one of the following conditions: (1)
seriously affect the environment for consumers to survive, resulting in a
Critical large area of the human body with poisoning, teratogenic and other 4
serious injuries (2) the threat spreads or spreads in multiple areas (3)
triggering the media, public debate
© ISO #### – All rights reserved

ISO #####-#:####(X)
Consequence(Q Scores(Quantita
Description
ualitative tive
(qualitative) (quantitative)
Cause certain harm, meet one of the following conditions: (1) the
Moderate general impact on human health (2) the threat of the spread or spread 3
in certain areas (3) trigger the media, public attention
Minor impact on the consumer'sconsumer’s living environment or
Minor 2
human health
Negligible no harm 1
270 5.4 Risk evaluation
271 Product risk evaluation involves comparing the results of the risk analysis with the established risk
272 criteria to prioritize risks for further risk treatment decisions. A risk matrix, combining consequence
273 severity and likelihood, can be applied to prioritize risks for treatment.
274 Based on the examples in 5.3.25.3.2 and 5.3.35.3.3,, an example of the risk assessment results is given
275 using the risk matrix approach, as shown in Table 3Table 3.
276 The method used in the example in Table 3Table 3 is RL= = L× × C, i.e. , the assignment of the likelihood
277 level (L) in Table 1Table 1 is multiplied by the assignment of the consequence severity level(C) in
278 Table 2Table 2 to calculate the evaluation score of the level of risk (RL).
279 A score less than or equal to 4 (≤4) is considered low risk, between 5 and 9 (>4 and <10) is considered
280 medium risk, and greater than or equal to 10 (≥10) is considered high risk.
281 Table 3 : — Example for level of risk evaluation matrix
282 (for illustration purposes only)
Consequence (C)
Negligible Moderate Disastrous
Minor (2) Critical (4)
(1) (3) (5)
Almost certain
Medium (5) High (10) High (15) High (20) High (25)
(5)
Likely (4) Low (4) Medium (8) High (12) High (16) High (20)
Likelihood
Possible (3) Low (3) Medium (6) Medium (9) High (12) High (15)
(L)
Unlikely (2) Low (2) Low (4) Medium (6) Medium (8) High (10)
Rare (1) Low (1) Low (2) Low (3) Low (4) Medium (5)
283 5.5 Product risk mitigation based on data interchange
284 To help to mitigate the potential product risks, it is important to make further risk treatment decision
285 based on the results of the risk assessment. Targeted data interchange is one of the most effective
286 approaches. For different levels of product risks, the minimum amount of required data can vary based
287 on product risk classification in 5.45.4. The risk-based product quality data for interchange in Ee-
288 commerce supply chain areis given in Clause 66. .
©  ISO #### – All rights reserved 17

ISO #####-#:####(X)
289 For low-risk products, the minimum amount of risk-based product quality data for interchange can
290 include basic information of product and supplier as these products typically have minimal safety
291 concerns and do not require extensive verification.
292 For medium-risk products, the minimum amount of risk-based product quality data for interchange can
293 include details of product quality controls, e.g. independent testing or certification programs for either
294 products or suppliers, or both, such as ISO 9001 certification or third-party lab testing.
295 For high-risk products, the minimum amount of risk-based product quality data for interchange can
296 include all the above data, as well as additional quality data such as verification of regulatory compliance,
297 ongoing monitoring, a higher sampling rate for product batches, etc.
298 Annex A gives a use case of risk assessment and risk-based quality data interchange in Ee-
Annex A
299 commerce.
300 6 Risk-based product quality data for interchange
301 6.1 Overview
302 The risk-based product quality data for interchange are obtained through the analysis of potential risk
303 sources (detailed in 5.2.25.2.2)) and the identification of risk factors (outlined in 5.2.35.2.3).). Given the
304 potentially vast and complex nature of this data, it is essential to focus on the core information that
305 effectively conveys the necessary insights.
306 In this document, the risk-based product quality data is structured into information packages, which are
307 organized and refined according to different context categories. Each information package is designed to
308 encapsulate the most relevant data needed to understand the associated risks. It can include one or more
309 datasets, carefully selected to provide a comprehensive yet focused snapshot of risk-based product
310 quality data— ‒ ensuring the information covers all critical dimensions while remaining concise,
311 manageable, and meaningful for practical use.
312 6.2 6.2 Information packages
313 The risk-based information packages examples of Ee-commerce are given in Table 4Table 4.
314 Table 4: — Risk-based information packages examples in Ee-commerce
Information
Risk source Risk factor Description
packages
productProduct typeType physicalPhysical theThe tangible aspects of product that
feature can be directly observable and are
essential features, such as its size, shape,
weight, and colorcolour.
compositionComposi theThe materials or ingredients used to
tion make a product, including chemical or
physical components.
functionalityFunctio theThe way that a product works and
nality what it is designed to do. It is essentially
the set of features or capabilities that the
product provides to the user to achieve a
specific purpose or solve a particular
problem.
© ISO #### – All rights reserved

ISO #####-#:####(X)
Information
Risk source Risk factor Description
packages
originOrigin countryCountry of whereWhere a product is manufactured
origin or grown.
endEnd use useUse purpose theThe reason or function for which a
consumer purchases and uses the
product.
useUse population theThe group or segment of people who
are likely to use or benefit from product.
useUse environment theThe context in which the product is
used.
qualityQuality selfSelf-declaration aA statement made by an individual or
attestation organization confirming that the product
meets the relevant regulations.
testingTesting report aA record of the evaluation of one or
more quality characteristics of product or
batches of products according to specific
standards or technical requirements.
inspectionInspection aA record of evaluation of product
report compliance according to relevant
standards, purchase orders, traceability
requirements, etc.
certificateCertificate aA document issued by a third party to
verify that the product complies with
specific industry standards or legal
requirements.
providerProvider Qualificationqualific licenceLicence anAn official document issued by a
of product or government authority that permits an
ation
service individual or organization to conduct
business within a specific geographical
area (city, state, or country)).
certificateCertificate aA document issued by a third party to
verify that the provider of product or
service complies with specific industry
standards or legal requirements.
historyHistory complianceComplian theThe history of a supplier'ssupplier’s
record ce record compliance with industry regulations,
safety standards, and quality controls
within their supply chain.
noncomplianceNonc theThe refusal history record, record of
ompliance record supplier violating industry regulations,
safety standards, and quality controls
within their supply chain.
relatedRelated onlineOnline display listingListing product
theThe presentation of information
business process information
about a product on an Ee-commerce
website or other online platform.
©  ISO #### – All rights reserved 19

ISO #####-#:####(X)
Information
Risk source Risk factor Description
packages
packagingPackaging packagingPackaging theThe efficiency and effectiveness of the
rationality packaging design and materials in
protecting and preserving the product
during transportation and storage, while
also minimizing the environmental
impact and cost of production
handlingHandling handlingHandling theThe efficiency, safety, and cost-
rationality effectiveness of methods, procedures,
and tools used during logistics operations
such as loading, unloading, and moving
products.
shippingShipping shippingShipping theThe terms and conditions that govern
conditions the transportation of goods from one
place to another, including transport
means, transport equipment,
temperature requirements, etc.
storageStorage storageStorage theThe specific environmental conditions
conditions in which a product is stored to maintain
its quality and effectiveness such as
temperature, humidity, light exposure,
and ventilation.
inventoryInventory inventoryInventory theThe ability thatto keep a certain
management management level amount of inventory in the warehouse
according to product features and
shipment frequency in order to
fulfillfulfil the Ee-commerce orders while
minimizing storage costs and avoiding
stockouts, which includes timing and
frequency of inbound and outbound,
quality control, etc.
clearanceClearance clearanceClearance theThe speed at which products are
timeliness cleared through customs when crossing
international borders.
returnReturn returnReturn theThe specific reasons why a buyer
reasons returns a product to an online seller.
customerCustomer negativeNegative theThe critical or
review customer feedback
unfavorableunfavourable feedback given
by buyers on products purchased from
ana seller.
315 6.3 6.3 Datasets
316 6.3.1 Datasets examples of information package for a bicycle helmet are as follows.
317 — Product associated:
318 — —Physical feature: name, model, production batch, size, colorcolour, weight.
© ISO #### – All rights reserved

ISO #####-#:####(X)
319 — —Composition: shell (e.g. polycarbonate) ,), liner, straps, buckles and hardware, padding.
320 — —Functionality: key performance parameters (e.g. ventilation), adjustment mechanisms (e.g.
321 quick-release buckle), additional features（ (e.g. integrated LED light）).
322 — —Country of origin: country name, country code, region.
323 — —Use purpose: primary intended use (e.g. cycling), application context (e.g. recreational road
324 cycling, urban commuting) intended user role (e.g. cyclist)).
325 — —Use population: age range, head circumference, activity (e.g. non-professional cycling) ).
326 — —Use environment: outdoor, temperature range.
327 — —Self-declaration: declarant name, address, contacts, declared details about the specific fact or
328 circumstance, date of the declaration, signature.
329 — —Testing report: type code, applicable object code, issuing party ID, expiry date time, issue date
330 time, effective date time, reference document, result description, report description.
331 — —inspectionInspection report: type code, applicable object code, issuing party ID, expiry date
332 time, issue date time, effective date time, reference document, result description, report
333 description.
334 — —Certificate: type code, purpose code, description, issue date time, expiry date time, issue reason
335 code, effective date time, applicable object code, applicable object ID, issuing party ID.
336 — Provider of product or service associated:
337 — —Licence: entity name, address, license number, issue date time, expiry date time, type of
338 business activity, issuing authority.
339 — —Certificate: type code, purpose code, description, issue date time, expiry date time, issue reason
340 code, effective date time, applicable object code, applicable object ID, issuing
...