ISO/IEC 17917:2024

International
Standard
ISO/IEC 17917
First edition
Smart cities — Guidance to
2024-06
establishing a decision-making
framework for sharing data and
information services
Villes intelligentes — Recommandations pour l'établissement
d'un cadre décisionnel pour le partage des données et des services
d'information
Reference number
© ISO/IEC 2024
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2024 – All rights reserved
ii
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members
of ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of
document should be noted (see www.iso.org/directives or www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the use of
(a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of any claimed
patent rights in respect thereof. As of the date of publication of this document, ISO and IEC had not received
notice of (a) patent(s) which may be required to implement this document. However, implementers are
cautioned that this may not represent the latest information, which may be obtained from the patent database
available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall not be held responsible for
identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.
In the IEC, see www.iec.ch/understanding-standards.
This document is based on BSI (British Standards Institution) (as BSI PAS 183:2017) and drafted in accordance
with its editorial rules. It was assigned to Joint Technical Committee ISO/IEC JTC 1, Information technology,
and adopted under the “fast-track procedure”.
Any feedback or questions on this document should be directed to the user’s national standards body.
A complete listing of these bodies can be found at www.iso.org/members.html and www.iec.ch/national-
committees.
© ISO/IEC 2024 – All rights reserved
iii
Contents
Foreword   v
0 Introduction vi
1 Scope 1
2 Terms and definitions 1
3 Data Sharing 2
4 Types of data 3
5 Establishing a data sharing culture 10
6 Data protection reform 14
7 Data value chain 16
8 Purposes for data use 21
9 Assessing data states 24
10 Defining access rights for data  26
11 Data structure 29
Annexes
Annex A (informative) Case Studies 31
Bibliography 44
© ISO/IEC 2024 – All rights reserved
iv
Foreword
ISO (the International Organization for Standardization) and IEC (the International
Electrotechnical Commission) form the specialized system for worldwide standardization.
National bodies that are members of ISO or IEC participate in the development of
International Standards through technical committees established by the respective
organization to deal with particular fields of technical activity. ISO and IEC technical
committees collaborate in fields of mutual interest. Other international organizations,
governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.
The procedures used to develop this document and those intended for its further
maintenance are described in the ISO/IEC Directives, Part 1. In particular, the different
approval criteria needed for the different types of document should be noted. This document
was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see
www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the
subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all
such patent rights. Details of any patent rights identified during the development of the
document will be in the Introduction and/or on the ISO list of patent declarations received
(see www.iso.org/patents) or the IEC list of patent declarations received (see
http://patents.iec.ch).
Any trade name used in this document is information given for the convenience of users and
does not constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms
and expressions related to conformity assessment, as well as information about ISO's
adherence to the World Trade Organization (WTO) principles in the Technical Barriers to
Trade (TBT) see www.iso .org/iso/foreword.html.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, as a fast track
draft standard.
Any feedback or questions on this document should be directed to the user’s national
standards body. A complete listing of these bodies can be found at
www.iso.org/members.html.
© ISO/IEC 2024 – All rights reserved
v
0 Introduction
0.1 General
The term “smart city” denotes the effective integration of physical, digital and human
systems in the built environment to deliver a sustainable, prosperous and inclusive
future for its citizens. A basic assumption in the design of a smart city is the ability of
the physical and digital systems to be interoperable. This standard gives governance
guidance for decision-makers on establishing a decision-making framework for sharing
city data and creating interoperable information services.
Data has the ability to transform the city and its services, providing visibility on the
services available, and supporting citizen interactions with those services. Improving
the design and integration of city services can serve the public better and drive
innovation and efficiencies.
This standard aims to support data sharing in cities and between cities, and the
establishment of data sharing agreements, particularly where data is being shared by
multiple organizations to transform the delivery of city services.
Missing data or misinterpretation of data can lead to the wrong actions being taken by
city decision-makers. A decision-making framework for sharing data can help ensure
that they have the best overall data ecosystem on which to base decisions.
Sharing data across a city requires more than the interoperability covered by the smart
city concept model (SCCM) defined in ISO/IEC 30182, which focuses by necessity on the
semantics of data in a city. Full data interoperability requires a
data framework to be created across the entire spectrum of data for a city: open,
closed and shared data.
This standard builds on the integrated operating model defined in ISO/IEC 37106:2021
and assumes that the governance of a smart city programme and the overall
management of the city’s data assets has been understood and agreed upon by city
leaders and decision-makers from the organizations delivering city services.
The value of data sharing has yet to be explored by cities, as data is predominantly
currently used for a specific purpose related to the public task, additionally data
is not viewed as an essential city asset which can be used to transform a city. Data can
also provide the basis for new commercial models in smart cities.
This standard defines the data framework for sharing city data to enable discussions
between the specialists who build and design the physical and digital services and the
decision-makers using data to transform their city.
This standard is for use by decision-makers in smart cities from the public, private and
third sectors. It is also of interest to any city organization wishing to share data.
It is expected that each city will create a decision-making framework based on this
standard to address its own challenges and opportunities, taking into account the
priorities and needs of their city. The creation of a data ecosystem based on the
interoperability and data sharing principles in this standard could create data assets
that are used to improve the quality of life for citizens and create sustainable
commercial models to fund innovation.
© ISO/IEC 2024 – All rights reserved
vi
0.2 Relationship to other smart city standardization documents
0.2.1 ISO 37106
This standard has been built on the guidance in ISO 37106, Sustainable cities and
communities – Guidance on establishing smart city operating models for sustainable
communities . The particular components of a smart city framework which apply are:
a) [B2] Transforming the city’s operating model with particular reference to the
governance model developed and any vulnerabilities of both data and city services;
b) [B6] Establishing a common terminology and reference model; and
c) [B10] Identity and privacy management.
This standard is guidance to help with the implementation of these components of the
smart city framework.
0.2.2 ISO/IEC 30182
The smart city concept model (SCCM) described in ISO/IEC 30182, Smart city concept
model – Guide to establishing a model for data interoperability addresses the data
interoperability issues that arise as a result of each sector and/or service in a city
having its own model and terminology that it uses for data. This standard defines the
data framework that addresses the other areas that affect interoperability, such as
access rights, privacy, availability and formats. These other areas are also barriers to
interoperability and portability which impact the design of the physical and digital
services.
This standard addresses the barriers other than the semantics addressed in ISO/IEC
30182 , to enable data interoperability and portability, and the sharing of data and
information services in a smart city.
The data framework identifies all elements which will be needed to deliver the four
key types of insight when data and services are appropriately shared:
operational, critical, analytical and strategic insight. (See ISO/IEC 30182:2017, Clause
0).
0.3 Relationship to building information modelling (BIM) standards
The following documents are considered to be the foundational standardization
documents to be used as part of a whole lifecycle approach to the built environment for
BIM Level 2 in smart cities.
This standard assumes that the ISO 19650 series is used for all BIM Level 2 building and
infrastructure assets in a smart city and that asset procuring organizations use them as
part of their overall digital and smart strategies.
• ISO 19650-1, Organization and digitization of information about buildings and civil
engineering works, including building information modelling (BIM) – Information
management using building information modelling – Part 1: Concepts and Principles;
• ISO 19650-2, Organization and digitization of information about buildings and civil
engineering works, including building information modelling (BIM) – Information
management using building information modelling – Part 2: Delivery phase of the
assets;
• ISO 19650-3, Organization and digitization of information about buildings and civil
engineering works, including building information modelling (BIM) – Information
management using building information modelling – Part 3: Operational phase of the
assets;
© ISO/IEC 2024 – All rights reserved
vii
• ISO 19650-4, Organization and digitization of information about buildings and civil
engineering works, including building information modelling (BIM) – Information
management using building information modelling – Part 4: Information exchange;
• ISO 19650-5, Organization and digitization of information about buildings and civil
engineering works, including building information modelling (BIM) – Information
management using building information modelling – Part 5: Security-minded
approach to information management.
© ISO/IEC 2024 – All rights reserved
viii
1 Scope
This standard gives guidance on establishing a decision-making framework for sharing
data and information services in smart cities.
It covers:
a) types of data in smart cities;
b) establishing a data sharing culture;
c) data value chain – roles and responsibilities;
d) purposes for data use;
e) assessing data states;
f) defining access rights for data; and
g) data formats/format of transportation.
This standard aims to support the sharing of data and information services within cities.
For some cities there will also be a need to establish specific data sharing agreements,
particularly where data is being shared by multiple organizations at once.
This standard supports a transparent approach to making decisions and creating specific
data sharing agreements in order to fully realise the benefits and value of data and
information services in a city.
Missing data or misinterpretation of data can lead to the wrong actions being taken by
city decision-makers. A decision-making framework for sharing data can help ensure that
they have the best overall data on which to base decisions.
This standard does not cover:
a) national security issues;
b) good practice for use of data by the citizen;
c) existing interoperability agreements between cities;
d) defining application programming interfaces (API) networks; or
e) any data sharing rules and regulations specific to a particular jurisdiction. It is
assumed that a security-minded approach to data sharing is used by cities.
NOTE 1 Further details on the areas not covered in this standard, including information
on relevant standards publications, are given in Annex A.
This standard is for use by decision-makers in smart cities from the public, private and
third sectors. It is also of interest to any city organization wishing to share data.
2 Terms and definitions
For the purposes of this standard, the terms and definitions given in ISO 37100 and the
following apply.
2.1 closed data
data which has been restricted for use
© ISO/IEC 2024 – All rights reserved
2.2 data
recorded information
[SOURCE: ISO 22005:2007, 3.11]
2.3 data framework
classification of data assets as either metadata, reference or thematic data
2.4 data spectrum
differentiation of data assets on the basis of whether they are considered closed,
sharable or open
2.5 data value chain
intelligent use, management and reuse of data to deliver insight
2.6 derived data
data item used in analysis and/or tables derived from one or more source data items
and/or categories
[SOURCE: ISO 20252:2012, 2.2]
2.7 metadata
data that defines and describes other data [SOURCE: ISO 24531:2013, 4.32]
2.8 open data
data that can be freely used, modified, and shared by anyone for any purpose
2.9 reference data
data that defines the set of permissible values to be used by other data fields
2.10 thematic data
patterns of data within the data framework that are deemed important to support the
provision of city services and the four levels of insight in the city
3 Data Sharing
The SCCM detailed in ISO/IEC 30182 is a basis for understanding the semantic
interoperability of data in a smart city. This governance standard assumes the city has
utilized the concepts in the SCCM as the basic building block of data interoperability in
their city. This use of the SCCM can enable the four levels of insight – operational,
critical, analytical and strategic – to be achieved from the data.
However the use of the SCCM guidance alone does not address all the barriers to data
sharing in the city. Other aspects of data also need to be understood to create an
appropriate framework for data sharing in a smart city.
To achieve effective data sharing, seven key data sharing areas are deemed to be
additional barriers and should be considered individually and collectively by the city:
a) types of data;
b) establishing a data sharing culture;
© ISO/IEC 2024 – All rights reserved
c) data value chain;
d) purposes for data use;
e) assessing data states;
f) defining access rights for data; and
g) data formats/format of transportation.
This standard guides cities on these areas to address in order to establish a data
framework to share data. The sharing models which are covered within the scope of this
standard are:
a) public sector and public sector;
b) public sector and local business or community;
c) public sector and citizen;
d) business or community and business or community; and
e) business or community and citizen.
Whilst this standard does not cover data sharing between citizen and citizen, cities
should make provision to allow a citizen to make requests related to the data it holds
and shares. The city should also be able to respond to this request in a timely manner
and keep an audit trail of these interactions.
4 Types of data
4.1 General
As local authorities transition to becoming smart cities, existing data assets form the
initial data framework that is used as the initial evidence base for decision-making based
on data. The city collects, processes and validates data for the essential operation of
services provided to citizens. This city data estate resides largely in disconnected legacy
systems which are cumbersome and costly to change and cannot be operated in new
ways. Some investment is required in technology to unlock the value of data that resides
in these legacy systems. This transition is not technology-led – rather technology is an
enabler – it is data-led.
This is to allow the existing city data to continue adding value, alongside the new
data which the city creates, for example from sensors forming part of its new
transport infrastructure.
Understanding the data assets of a city is the first step in creating value from the data
and maximizing the value of the data assets to the city. Concepts, of themselves, are not
sufficient to derive value from city data and it is important to understand that the
physical location of the data – the technology in which the data resides – is not the issue.
Irrespective of the source and state of the data assets in a city, a common data framework
can be created that reflects the data estate from which the city can derive value. This
requires a data-centred approach – a new way of thinking about data – that develops
the SCCM model articulated in ISO/IEC 30182.
Unlocking value from data requires the city to understand the value that can be created
from data beyond the dataset approaches which prevail within cities, and indeed across
regions, territories, and nations.
© ISO/IEC 2024 – All rights reserved
4.2 The data framework
4.2.1 General
As shown in Figure 1, the data framework for a smart city classifies the data assets as
either metadata, reference data or thematic data. The data framework shows how
current city data assets are transitioned from the existing siloed service provision to an
interoperable data estate. The data framework also supports the collection, processing
and analysis for future heterogeneous data streams that will become the norm as we
transition to a connected Internet of Things landscape.
The data framework supports the active management of data across the entire data
lifecycle (see Clause 7, where the data value chain is covered in detail).

Figure 1 Data framework
4.2.2 Infrastructure
Infrastructure is a system of facilities, equipment and services required for the
operation of a city. This encompasses both physical and data infrastructure, and all
resources including technical, supporting services and people which are required to
support the successful delivery of city services.
© ISO/IEC 2024 – All rights reserved
Governance of infrastructure in a smart city is complex due to the multi-agency
operating model which can comprise of many organizations who are likely to have
differing approaches to Information Technology (IT) governance. ISO/IEC 38500 contains
the guiding principles each organization providing smart city infrastructure can use. It
focuses on both the current and future use of IT including management processes and
decisions related to the current and future use of IT.
4.2.3 Metadata
Metadata is used to summarize basic information about data to enable it to become
more easily discoverable by both humans and computers. Metadata can facilitate
understanding of the provenance of data within the data framework and support
appropriate data policies, licenses and regulation. An example of metadata in a smart city
data framework is the data relating to the voluntary services organizations who deliver
city services on behalf of the city to citizens. Metadata exists in all cities but the
availability of metadata might differ depending on the size of the city, whether the city is
predominantly urban, rural or is in a coastal setting, and the maturity of the city’s data
framework.
Metadata has the added value of being able to be used for analysis and comparison
purposes across a number of cities, or indeed at national level. When metadata is
shared, consideration should be given to any metadata which has been created and the
data framework updated to reflect the security, access and control rights to be
considered for the metadata created.
4.2.4 Reference data
Reference data usually consists of a list of permissible values and/or textual
descriptions and is used by a business process to drive value from data. This requires
an agreed vocabulary approach in order for this data to support the business
processes across the many services, organizations and departments in a city. In a
smart city data framework there are organizations who supply a number of services
to the city, or products/services which are operated as shared services by the city. An
example of smart city reference data is that of a vehicle specification about a
transport fleet used to determine its suitability to meet a number of service needs.
This reference data is unlikely to be unique to a specific city, however because it is
relevant to a specific service provision and might be based on legacy approaches, it
is unlikely to be useful for cities to use for comparison or benchmarking across cities.
4.2.5 Thematic data
Thematic data in a city will initially be the datasets and legacy data that are created,
processed and managed by the city in order to deliver services to citizens, such as the
data related to the provision of adult care services. The metadata and reference data
within the data framework with the thematic data supports the city as it moves
towards the provision of citizen-centric services for adults with all data becoming part
of the wider healthcare service data for the city. At this point, it becomes possible to
consider attributes that exist across a number of city services, allowing a city to
understand the characteristics of the thematic data and what constitutes a set of data for
the city service. In this scenario, healthcare service data forms a set of data in a city which
of itself has specific value, and allows a city to understand the challenges and
opportunities which exist.
© ISO/IEC 2024 – All rights reserved
4.3 The data spectrum
4.3.1 General
In order to understand how a city can maximize the value of its data, it is important
that the data framework classifies data for use and also differentiates the data it holds
on the basis of whether it is considered closed, shareable or open. The extent to which
the restrictions have been implemented can vary dependent on the security, access
and control requirements. The use of data within the data spectrum is restricted to the
use, reuse and the purpose for which data can be shared. ISO 31000, Risk management
– Principles and guidelines outlines good practice on the management, assessment and
analysis of risk and can be used by cities when implementing the data framework.
An appropriate risk management regime for the sharing, publishing and reuse of data
should be established and implemented.
4.3.2 Closed data
Closed data is data which has been restricted for use. This data has been designated as
information that is not permitted to be shared. In a city, this data includes payment details
for citizens within a specific service, such as their council tax.
4.3.3 Shared data
The shared component of the data spectrum is the data which exists which cannot be
considered as either open or closed data. This varies between cities and is assumed to
represent the majority of the data in a city.
This standard looks in detail at:
a) the suitability of sharing data for new purposes (see Clause 9); and
b) access rights to data (see Clause 10).
It is important as part of the data spectrum to understand there are three top level
access restrictions which apply to shared data:
1) specific access is when data is made accessible by the data owner to either named
individual(s) or named organization(s);
2) group access is when data is made available to specific groups of people or
organization(s) based on predetermined criteria; and
3) public access is when data is made available publicly but only under certain terms and
conditions that cannot be considered open.
Publishers of city data have a duty of care when restricted data is considered for sharing
to ensure that potential harm to individuals or assets is considered prior to publication.
An example of shared data such as this is COMAH (control of major accidents and
hazards) data.
Case study 1 in Annex A gives an example of the benefits of shared data with public
access.
4.3.4 Open data
3)
This standard uses the definition of open that is maintained by the Open Project .
“Open” means anyone can freely access, use, modify and share for any purpose (subject
at most to requirements that preserve provenance and openness). This definition is also
used to determine whether data can be classified as open data.
Case study 2 in Annex A gives an example of a city publishing open datasets.
© ISO/IEC 2024 – All rights reserved
4.3.5 Data usage
For all types of data within the data framework, it is important to consider the data
usage when deciding on the value that is created from that data. Metadata and
reference data determine the provenance of the data and in particular its state, for
use static data (a
example raw, processed or archived. In some cases it is appropriate to
snapshot of data created to be used for some future purpose). Temporal data (data that
varies over time) might also be used to create snapshots of scenarios in a city for future
use. Versioned data (data that represents a data update cycle) might also inform
scenarios and should also be considered in a city.
Consideration should also be given to the data structures used within the data
framework when determining the data usage. This is covered in more detail in Clause 11.
Temporal and versioned data is important in order to understand the patterns of data
which form the four key types of data insight required when sharing data in a city:
a) operational insight examines the characteristics of things such as buildings,
communities and organizations, using data to evidence and improve their value for
the city or deliver a service;
b) critical insight is gained from the real-time monitoring of incidents and current cases,
involving all relevant organizations from across sectors, who work together to achieve
the desired outcome or response or deliver a service;
c) analytical insight is the exploration of the data framework to determine patterns,
correlations and predictions, allowing the development or innovation of systems or
services, or the evidencing of challenges and opportunities for the city; and
d) strategic insight is the overarching approach that examines outcomes related to
strategic objectives, decisions and plans.
4.4 Derived data
One aspect of smart city data sharing that is still largely untapped is the role of derived
data and how it can contribute to the value of city data. Derived data has traditionally
been created to support the performant processing of data attributes for processing.
Derived data is when one or more measures used by a city are combined from one or
multiple datasets to create new data attributes, which are then used during the
exploration of data and appear in any resultant analysis.
As part of the processing that is performed to achieve the four key types of data insight,
derived data is created as snapshots for particular scenarios, allowing the appropriate
data to be explored for insight. Derived data is a key resource that a city uses to
understand and respond to the challenges and opportunities experienced. For example,
education data might be used along with transport data to gain strategic insight from the
derived data about potential impacts on education provision when planning major city
infrastructure initiatives.
Data creators and decision-makers should be aware that there are risks associated with the
aggregation of data, by accumulation and/or association. This might result in derived data
being created that relates to, or reveals sensitive information. It is important to ensure
that any change or creation to the derived data is re-examined in order to ensure whether
it is allowed to be shared or published.Commercialization of data
4.4.1 General
The open data movement has articulated that making data available free and open at
the point of use adds value for the owner of that data and allows entrepreneurs to
extend existing businesses or begin new companies to monetize the open data by adding
value. The data within the data framework which should be considered for
© ISO/IEC 2024 – All rights reserved
commercialization extends beyond open data to consider shared data. These valuable
resources created from the smart city’s data framework require curation and add
significant value by creating social, economic and environmental resources for the public
good. The data created in a city are not just created by the city but by organizations which
support the delivery of services in the city from either
the private or third sector. Putting the data into the data framework creates visibility and
part of a
facilitates unforeseen exploitation. The use of this shared data as
commercialization model will require negotiations with all the data creators involved. To
ensure the continued curation and publication of this data – particularly at city scale – it
will require a new approach that provides sustainable funding. Sustainable funding would
address the ongoing cost associated with the evolution of city data and its usage.
4.4.2 Demand-led model
The initial supply-driven approach to making open data available, as a result of the work
of the Open Data User Group (ODUG) has been superseded not just in the UK but
globally. The new approach is a demand-led approach to the
curation and publication of open data. This demand-led approach is based on the
publication of data for which there is an audience who can articulate the value of the
release of the data.
Case study 3 in Annex A gives examples of some of the benefits of a demand-led model.
In a smart city context, a new approach is needed to data curation and publication if the
initial building block created by the release of open data from cities is to be extended to
include not just open data, but shared data.
There is an opportunity for cities to evolve commercial models for data that they curate
and publish. This commercial opportunity exists for the combination of open and shared
data and business models should be used to add value beyond the four levels of insight
(see Clause 4) for the city and city services. The city should examine business models that
build on the open data already released and include any or all of the shared access data
that the city holds, where access is currently restricted.
As evidenced with the open data agenda, a supply-led approach to these new models is
unlikely to lead to a commercial funding model that contributes to or wholly funds the
curation and publication of data shared commercially by a city.
A demand-led approach should be used for city shared data; this can also highlight the
commercial opportunities to collect, process, curate and publish new shared city data.
As depicted in Figure 2, the commercialization opportunities diminish in direct
proportion to the closing of data. In a city where the curation and publication approach
this limits the
results in the majority of data that could be shared remaining closed,
commercial opportunities. By contrast, a city which explores the opportunities which
exist with both open and shared data will be able to evolve new commercialization
models to fund the data framework.

© ISO/IEC 2024 – All rights reserved
Figure 2 Commercial opportunities for the data spectrum

4.4.3 Commercial models
One of the keys to unlocking the demand-led open data agenda was the need to
understand who consumed the data that had already been released, and to provide a
mechanism for any citizen to request more data based on the presentation of a use case.
Many countries are now using the demand-led approach to open data pioneered by
ODUG. This approach has the additional benefit for cities in that it prioritizes requests for
data with the data framework.
The creation of an evidence base that understands the demand, showcases what data
exists and makes that data discoverable, helps a city determine the commercial value of
shared data. This can allow commercial models based on incentivizing the safe and
secure sharing of data to be developed.
Case study 4 in Annex A showcases the exploration of a commercial model.Not all of the
data in the data framework is necessarily chargeable: the city as the authoritative source
of this data should consider which data might be released as searchable and open, as this
opportunities.
evidence of demand can highlight further commercial
4.4.4 Research-based model
A research-based approach to commercial opportunities for city data should also be
explored. This requires an investment to explore the data that a city holds using
statistical, mathematical and data science techniques, however this investment could
© ISO/IEC 2024 – All rights reserved
enable incentives for sharing to be understood and possible commercial models that
could be applied to emerge. Case study 5 gives an example of the potential benefits of a
research-based approach to urban planning.
The outcomes of data sharing can be quantified using a pre-determined scale. Using a
scale around outcomes can support a city’s ability to monitor and report on data sharing
outcomes, to encourage appropriate changes to the approach. This mechanism could be
/ impact. A 5, for example, would indicate that
as simple as a 1–5 scale of effectiveness
the particular outcome of data-sharing provides a significant benefit that was otherwise
not able to be realised. Adding elements which track effort and/or risk might also be
useful.
Whichever approach is taken to understand the business model that maximizes the
opportunity to commercialize shared data, it is important that the outcome of data
sharing is measurable.
5 Establishing a data sharing culture
5.1 General
The result of the city transitioning to managing data as an asset in its own right and in
collaboration with other significant data owners in the city is a fundamental change to
the way in which legacy data has been viewed by the city authorities.
Guidance note [B2] from ISO 37106 – Transforming the city’s operating model should be
used as a starting point for understanding how to manage data as an asset.
all the
This recommends specific data leadership within the city and coordination of
owners of data within the data framework. Coordination of activities to
establish a data sharing culture should have appropriate focus on understanding the
demand for the data and the most appropriate mechanisms for ensuring that data is
discoverable.
When sharing or publishing data, particular care should be taken to address safety and
security considerations. In particular, steps should be taken to identify and protect
information that could impact on the safety and security of individuals, services, sensitive
assets and systems, and the benefits which city assets and systems exist to deliver.
5.2 Identifying the benefits of data sharing
As part of the transition to a data sharing culture, the city should articulate the
benefits of this transition to all organizations with a role in the new city operating
model. The benefits will initially accrue from having a single view of city data via the
data framework.
There are many technical options to achieve this transition and it is not necessary to
combine data in a single technical implementation, provided all the data is accessible
for discovery. Indeed, as cities transition from using structured data – which is the
predominant city data prior to the adoption of the IoT – to curating IoT and other
streaming data – which is either unstructured or semi-structured – NoSQL technologies
and cloud services built for this data will need to be used.
From a technical viewpoint, what is important is that technologies used are loosely
coupled and interoperable, to prevent the technology being a barrier to unlocking the
benefits of data sharing.
Irrespective of the technologies employed, the value of the data framework is derived
from harnessing shared data estates rather than the current data silos built as part of
individual city services. It is important for cities to understand the security and
© ISO/IEC 2024 – All rights reserved
resilience advantages of a shared data estate rather than a single data repository for
the data framework.
The benefits of this approach can break down any barriers between data providers and
prevent the creation of barriers in the future. Consideration should be given to changes
which take place in organizations over time and a mitigation strategy developed to
include contingency measures for the continuity of service, including key personnel.
The data framework can allow cities to explore duplications or enhancements for
existing services and discover new opportunities to provide new services based on
insight from the data. A single view of the city data can highlight improvements and
efficiencies and help cities understand how best to improve service delivery.
5.3 Knowledge creation approach
If cities merely transition the technology they use to create a data sharing culture, this
can enable some of the value to be derived from the data framework and some data
capacity to be created with this incremental change. Data sharing in smart cities has the
potential to create not just incremental change, but a step change for the city that
creates not just data capacity but data capability: this requires a knowledge creation
approach.
A knowledge creation approach is focused on ensuring that data is federated beyond
data specialists, and is in the hands of the majority of the domain specialists, responsible
for management and oversight of city services. Domain specialists and data users need a
method of discovering and accessing the data within the data framework on demand, as
part of their business as usual process. The provision of a feedback loop should be
developed to monitor and prevent errors in the data, creating a dynamic data resource
for all. Any updates or revisions to the data within the data framework should be
transparent in order to ensure that the provenance of the data is maintained. A data
framework which is designed and implemented in this way can reduce duplication and
provide a better user experience for all within the city. Additionally this can allow cities
to benchmark themselves against other cities, and understand similarities and differences
on a regional or national basis.
5.4 Promoting trust and participation
In addition to the need for a city to articulate the benefits of data sharing, it is important
to determine how to build a trust model that can be shared with citizens and used to
develop a citizen participation model for citizen data that is shared by the city. A digital
ethics code should be developed in consultation
with citizens to provide publicly available guidance related to those citizens who will be
providing their data to the data framework. One approach would be the development of
a shared data charter explaining why and how data will be used for each of the top level
access restrictions that apply to shared data, in order to promote trust and participation
across the entire data spectrum
Case study 6 in Annex A gives three examples of existing open data charters in cities,
illustrating the basis for the creation of shared data charters. A shared data charter
should identify the security measures to be used by data owners to underpin the trust
model for the city.
5.5 Anonymization of data
5.5.1 General
As anonymization is a key technique for smart city data sharing, an overview of the
guidance needed has been included in this standard (see 5.5.2).
© ISO/IEC 2024 – All rights reserved
The term “anonymization of data” refers to data that does not itself identify any
individual and that is unlikely to allow any individual to be identified through its
combination with other data.
Anonymization of asset data should also be considered by cities. Examples of asset-
related data sets where anonymization would be required include those containing:
a) information on alarms connected to response centres with automatic police response;
b) some COMAH data; and
c) energy consumption at building or occupier level.
Different jurisdictions have specific approaches to the anonymization of person
...