iTeh Standards logo
EURUSD
Your shopping cart is empty.
SIST

SIST EN 16495:2019

(Main)

Air Traffic Management - Information security for organisations supporting civil aviation operations

Air Traffic Management - Information security for organisations supporting civil aviation operations

This document provides guidance based on EN ISO/IEC 27002:2017 applied to organisations supporting civil aviation, with a focus on air traffic management operations.
This includes, but is not limited to, airspace users, airports and air navigation service providers.
Not included are activities of the organisations that do not have any impact on the security of civil aviation operations like for example airport retail and service business and corporate real estate management.
The basis of all guidance in this document is trust and cooperation between the parties involved in Air Traffic Management.

Flugverkehrsmanagement - Informationssicherheit für Organisationen im Bereich der Zivilluftfahrt

Dieses Dokument enthält auf EN ISO/IEC 27002:2017 beruhende Leitlinien, die auf die Zivilluftfahrt unter-stützende Organisationen angewendet werden, mit dem Schwerpunkt auf Betriebsabläufen im Luftverkehrs¬management.
Das betrifft Luftraumnutzer, Flughäfen und Flugsicherungsorganisationen, ist jedoch nicht allein darauf beschränkt.
Nicht in den Anwendungsbereich fallen Handlungen der Organisationen, die sich nicht auf die Sicherheit von Tätigkeiten im Bereich der Zivilluftfahrt auswirken, wie z. B. Einzelhandels  und Dienstleistungs-unternehmen an Flughäfen und das Management von Unternehmensimmobilien (en: corporate real estate management).
Grundlage für alle Leitlinien in diesem Dokument sind das Vertrauen und die Zusammenarbeit zwischen den Parteien, die am Flugverkehrsmanagement beteiligt sind.

Gestion du trafic aérien - Sécurité de l'information pour les organismes assurant le soutien des opérations de l'aviation civile

La présente Norme européenne définit les lignes directrices et les principes généraux pour la mise en oeuvre d'un système de management de la sécurité de l'information dans les organismes assurant le soutien des opérations de l'aviation civile.
Les activités des organismes qui n'ont pas d'incidence sur la sécurité des activités de l'aviation civile comme, par exemple, la gestion des commerces de détail, des activités de service aéroportuaires ainsi que de l'immobilier corporatif, ne sont pas incluses.
Pour les besoins de la présente Norme européenne, la gestion du trafic aérien est vue comme une expression fonctionnelle couvrant les responsabilités de tous les partenaires de la chaîne de valeur du trafic aérien. Cela comprend, mais sans y être limité, les utilisateurs aérospatiaux, les aéroports et les prestataires de services de la navigation aérienne.
Toutes les exigences de la présente Norme européenne sont fondées sur la confiance et la coopération entre les parties impliquées dans la gestion du trafic aérien.

Upravljanje zračnega prometa - Varnost informacij za organizacije na področju dejavnosti civilnega letalstva

Ta evropski standard določa smernice in splošna načela za izvajanje sistema upravljanja varnosti informacij v organizacijah na področju dejavnosti civilnega letalstva.
Ne vključuje dejavnosti organizacij, ki ne vplivajo na varnost dejavnosti civilnega letalstva, kot na primer prodaja na letališču, storitvene dejavnosti in upravljanje s poslovnimi nepremičninami.
Za potrebe tega evropskega standarda se upravljanje zračnega prometa obravnava kot funkcionalni izraz, ki zajema odgovornosti vseh partnerjev vrednostne verige zračnega prometa. To med drugim vključuje uporabnike zračnega prostora, letališča in ponudnike zračne navigacije.
Osnova vseh zahtev tega evropskega standarda je zaupanje ter sodelovanje med vpletenimi strankami in upravljavcem zračnega prometa.

General Information

Status
Published
Public Enquiry End Date
05-Sep-2018
Publication Date
08-Aug-2019
ICS
03.220.50 - Air transport
35.240.60 - IT applications in transport
Technical Committee
I13 - Imaginarni 13
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
24-Jul-2019
Due Date
28-Sep-2019
Completion Date
09-Aug-2019
Ref Project
EN 16495:2019 - Air Traffic Management - Information security for organisations supporting civil aviation operations

Relations

Replaces
SIST EN 16495:2014 - Air Traffic Management - Information security for organisations supporting civil aviation operations
Effective Date
10-Jul-2019
Revised
SIST EN 16495:2014 - Air Traffic Management - Information security for organisations supporting civil aviation operations
Effective Date
31-May-2017
SIST EN 16495:2019 - BARVESIST EN 16495:2019 - BARVE
PreviousNext
Standard
SIST EN 16495:2019 - BARVE
English language
65 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-september-2019
Nadomešča:
SIST EN 16495:2014
Upravljanje zračnega prometa - Varnost informacij za organizacije na področju
dejavnosti civilnega letalstva
Air Traffic Management - Information security for organisations supporting civil aviation
operations
Flugverkehrsmanagement - Informationssicherheit für Organisationen im Bereich der
Zivilluftfahrt
Gestion du trafic aérien - Sécurité de l'information pour les organismes assurant le
soutien des opérations de l'aviation civile
Ta slovenski standard je istoveten z: EN 16495:2019
ICS:
03.220.50 Zračni transport Air transport
35.240.60 Uporabniške rešitve IT v IT applications in transport
prometu
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EN 16495
EUROPEAN STANDARD
NORME EUROPÉENNE
July 2019
EUROPÄISCHE NORM
ICS 03.100.70; 03.220.50; 35.240.60 Supersedes EN 16495:2014
English Version
Air Traffic Management - Information security for
organisations supporting civil aviation operations
Gestion du trafic aérien - Sécurité de l'information pour Flugverkehrsmanagement - Informationssicherheit für
les organismes assurant le soutien des opérations de Organisationen im Bereich der Zivilluftfahrt
l'aviation civile
This European Standard was approved by CEN on 12 May 2019.

CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this
European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references
concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN
member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management
Centre has the same status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and
United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2019 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN 16495:2019 E
worldwide for CEN national Members.

Contents Page
European foreword . 7
Introduction . 8
1 Scope . 9
2 Normative references . 9
3 Terms, definitions and abbreviations . 9
3.1 Terms and definitions . 9
3.2 Abbreviations . 10
4 Aviation specific requirements related to EN ISO/IEC 27001:2017 . 11
4.1 Structure of this European Standard . 11
4.2 Refinement of EN ISO/IEC 27001:2017 requirements . 11
5 Information Security policies . 11
5.1 Management direction for Information security . 11
5.1.1 Policies for information security . 11
5.1.2 Review of the policies for information security . 11
6 Organization of information security . 11
6.1 Internal organization . 11
6.1.1 Information security roles and responsibilities . 11
6.1.2 Segregation of duties . 12
6.1.3 Contact with authorities . 12
6.1.4 Contact with special interest groups . 12
6.1.5 Information security in project management . 12
6.2 Mobile devices and teleworking . 12
7 Human resources security . 12
7.1 Prior to employment . 12
7.1.1 Screening . 12
7.1.2 Terms and conditions of employment . 13
7.2 During employment . 13
7.2.1 Management responsibilities . 13
7.2.2 Information security awareness, education and training . 13
7.2.3 Disciplinary process . 13
7.3 Termination and change of employment . 13
8 Asset management . 13
8.1 Responsibility for assets . 13
8.1.1 Inventory of assets . 13
8.1.2 Ownership of assets . 13
8.1.3 Acceptable use of assets . 13
8.1.4 Return of assets . 14
8.2 Information classification . 14
8.2.1 Classification of information . 14
8.2.2 Labelling of information . 14
8.2.3 Handling of assets . 14
8.3 Media Handling . 14
9 Access control . 14
9.1 Business requirement for access control . 14
9.2 User access management . 14
9.2.1 User registration and de-registration . 14
9.2.2 User access provisioning . 15
9.2.3 Management of privileged access rights . 15
9.2.4 Management of secret authentication information of users. 15
9.2.5 Review of user access rights . 15
9.2.6 Removal or adjustment of access rights . 15
9.2.7 Digital Identity Management . 15
9.2.8 Unique representation of entities across organisations . 16
9.3 User responsibilities . 16
9.4 System and application access control . 16
9.4.1 Information access restriction . 16
9.4.2 Secure log-on procedures . 16
9.4.3 Password management system . 16
9.4.4 Use of privileged utility programs . 16
9.4.5 Access control to program source code . 16
9.4.6 Web Application Firewalls . 16
10 Cryptography . 17
10.1 Cryptographic controls . 17
10.1.1 Policy on the use of cryptographic controls . 17
10.1.2 Key management . 17
11 Physical and environmental security . 17
11.1 Secure areas . 17
11.1.1 Physical security perimeter . 17
11.1.2 Physical entry controls . 18
11.1.3 Securing offices, rooms, and facilities . 18
11.1.4 Protecting against external and environmental threats . 18
11.1.5 Working in secure areas . 18
11.1.6 Delivery and loading areas. 18
11.2 Equipment . 18
11.2.1 Equipment siting and protection . 18
11.2.2 Supporting utilities . 18
11.2.3 Cabling security . 18
11.2.4 Equipment maintenance . 18
11.2.5 Removal of assets . 18
11.2.6 Security of equipment and assets off-premises . 18
11.2.7 Secure disposal or re-use of equipment . 18
11.2.8 Unattended user equipment . 18
11.2.9 Clear desk and clear screen policy . 18
12 Operations security. 19
12.1 Operational procedures and responsibilities . 19
12.2 Protection from malware . 19
12.3 Information Back-up . 19
12.4 Logging and monitoring . 19
12.4.1 Event logging . 19
12.4.2 Protection of log information . 19
12.4.3 Administrator and operator logs . 19
12.4.4 Clock synchronisation . 19
12.5 Control of operational software . 19
12.6 Technical Vulnerability Management . 19
12.7 Information systems audit considerations . 19
13 Communications security . 19
13.1 Network security management . 19
13.1.1 Network controls . 19
13.1.2 Security of network services . 20
13.1.3 Segregation in networks . 20
13.2 Information transfer . 20
14 System acquisition, development and maintenance . 20
14.1 Security requirements of information systems . 20
14.1.1 Information Security requirements analysis and specification . 20
14.1.2 Securing application services on public networks . 20
14.1.3 Protecting application services transactions. 20
14.2 Security in development and support processes . 20
14.2.1 Secure development policy . 20
14.2.2 System change control procedures. 20
14.2.3 Technical review of applications after operating platform changes . 20
14.2.4 Restrictions on changes to software packages . 21
14.2.5 Secure system engineering principles . 21
14.2.6 Secure development environment. 21
14.2.7 Outsourced development . 21
14.2.8 System security testing . 21
14.2.9 System acceptance testing . 21
14.3 Test data . 21
15 Supplier relationships . 21
15.1 Information security in supplier relationships. 21
15.1.1 Information security policy for supplier relationships . 21
15.1.2 Addressing security within supplier agreements . 21
15.1.3 Information and communication technology supply chain . 21
15.2 Supplier service delivery management . 21
16 Information security incident management . 22
16.1 Management of information security incidents and improvements . 22
16.1.1 Responsibilities and procedures . 22
16.1.2 Reporting information security events . 22
16.1.3 Reporting information security weaknesses . 22
16.1.4 Assessment of and decision on information security events . 22
16.1.5 Response to information security incidents . 22
16.1.6 Learning from information security incidents . 22
16.1.7 Collection of evidence . 22
17 Information security aspects of business continuity management . 23
17.1 Information security continuity . 23
17.1.1 Planning information security continuity . 23
17.1.2 Implementing information security continuity . 23
17.1.3 Verify, review and evaluate information security continuity . 23
17.1.4 Business continuity planning framework . 24
17.2 Redundancies . 24
18 Compliance . 24
18.1 Compliance with legal and contractual requirements . 24
18.1.1 Identification of applicable legislation and contractual requirements . 24
18.1.2 Intellectual property rights . 24
18.1.3 Protection of records . 24
18.1.4 Privacy and protection of personally identifiable information . 24
18.1.5 Regulation of cryptographic controls . 25
18.2 Information security reviews . 25
18.2.1 Independent review of information security . 25
18.2.2 Compliance with security policies and standards . 25
18.2.3 Technical compliance review . 25
Annex A (informative) Additional guidance related to air traffic management . 26
A.1 Assessment of information security risks . 26
A.1.1 Internal information security risk management . 26
Figure A.1 —Assessment of information security risks . 27
A.2 Interoperability issues of risk assessments . 29
A.2.1 General . 29
A.2.2 Information security risk management for multiple organisations . 29
A.2.3 Alignment of safety and security risk management. 30
A.3 Determining controls . 30
A.4 Levels of trust . 30
A.4.1 Introduction. 30
A.4.2 Scale of trust levels . 31
A.4.3 Classification criteria . 32
A.5 Statement of applicability . 32
A.6 Measurement and auditing of security . 32
Annex B (informative) Implementation examples . 33
B.1 General . 33
Table B.1 —Overview of an example for LoT-O . 33
Figure B.1 —LoT-A versus LoT-O . 34
B.2 Security of information in web applications and web services (LoT-A-WEB) . 34
B.2.1 General . 34
B.2.2 Parameters for the Level of Trust of a web application/web service . 34
B.2.3 Determination of the web application / the web service (LoT-A-WEB) . 34
Table B.2 —Level of Trust of the web application/the web service . 35
B.2.4 Consequences . 35
Table B.3 —Evaluation Criteria for LoT-A-WEB . 35
B.3 Connections between multiple organisations/external connections (LoT-A-NET) . 35
B.3.1 Determination of the necessary protection controls. 35
B.3.1.1 General . 35
Figure B.2 —Process for implementation of external connection protection . 36
B.3.1.2 Identity of the User . 36
B.3.1.3 Owner of the terminal device . 37
B.3.1.4 Connection point/Protection of the terminal device . 37
B.3.1.5 Authentication of the connection. 37
B.3.1.6 Transfer net . 38
Table B.4 —Maximum Level of Trust depending on the respective technical parameters . 38
B.3.2 Effects of the coupling of networks . 40
B.4 Certificates/Public Key Infrastructure (LoT-A-PKI) . 41
B.4.1 Parameters for the Level of Trust of the certificate management . 41
B.4.2 Determination of the Level of Trust of the certificate management (LoT-A-PKI) . 41
Table B.5 —Trust of identity management . 41
B.4.3 Effects: Recognition of Certificates/PKI . 41
B.5 Identity Management (LoT-A-IDM) . 42
B.5.1 Parameters for the Level of Trust of Identity Management . 42
B.5.2 Determination of the Level of Trust of the Identity Management (LoT-A-IDM) . 42
Table B.6 —Level of Trust of the Identity Management . 43
B.5.3 Effects: Recognition of identities . 43
Annex C (informative) Level of trust — Implementation Example . 44
Table C.1 —Further security controls appropriate to different levels of trust . 44
Annex D (informative) Application of Controls in Regulatory Oversight — Implementation
Example . 58
Figure D.1 —Oversight scheme . 59
Table D.1 — Mapping of Controls . 59
Annex E (informativ) Guidance on aviation specific transorganisational aspects . 63
Bibliography . 64

European foreword
This document (EN 16495:2019) has been prepared by Technical Committee CEN/TC 377 “Air Traffic
Management”, the secretariat of which is held by DIN.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by January 2020, and conflicting national standards shall
be withdrawn at the latest by January 2020.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
This document supersedes EN 16495:2014.
In comparison with the previous edition, the following technical modifications have been made:
— adaptation to the structures of EN ISO/IEC 27002:2017 and ISO/IEC 27009:2016;
— guidance on alignment of safety and security management;
— guidance on Information Security specific to development and production and maintenance;
— guidance on information security assurance;
— informative Annex D “Application of Controls in Regulatory Oversight — Implementation Example”;
— informative Annex E “Guidance on aviation specific transorganisational aspects”.
According to the CEN-CENELEC Internal Regulations, the national standards organisations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,
Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of
North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the
United Kingdom.
Introduction
This document provides guiding principles based on EN ISO/IEC 27002:2017 “Code of practice for
information security controls” applied to security management systems in aviation organisations. The
aim of this document is to extend the contents of EN ISO/IEC 27002:2017 to the domain of air traffic
management, thus allowing aviation organisations to implement a standardized and specific
information security management system (ISMS), that is in accordance with EN ISO/IEC 27001:2017
transorganisational aspects of air traffic management.
In addition to the security objectives and measures that are set forth in EN ISO/IEC 27001:2017,
aviation organisations are subject to further special requirements: Service delivery in aviation is greatly
defined by the cooperation of the individual participants. An organization’s information security
management is therefore dependent on the information security management of the organisations with
which it cooperates to deliver service. This document therefore focuses on aspects of cooperation.
This cooperation requires
— sharing the results of risk assessments along the business process chain;
— agreement on the required level of trust;
— agreement on the required security controls and their implementation.
1 Scope
This document provides guidance based on EN ISO/IEC 27002:2017 applied to organisations
supporting civil aviation, with a focus on air traffic management operations.
This includes, but is not limited to, airspace users, airports and air navigation service providers.
Not included are activities of the organisations that do not have any impact on the security of civil
aviation operations like for example airport retail and service business and corporate real estate
management.
The basis of all guidance in this document is trust and cooperation between the parties involved in Air
Traffic Management.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 27000:2018, Information technology — Security techniques — Information security
management systems — Overview and vocabulary
EN ISO/IEC 27001:2017, Information technology — Security techniques — Information security
management systems — Requirements
EN ISO/IEC 27002:2017, Information technology — Security techniques — Code of practice for
information security controls
3 Terms, definitions and abbreviations
3.1 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 27000:2018 and the
following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— IEC Electropedia: available at http://www.electropedia.org/
— ISO Online browsing platform: available at http://www.iso.org/obp
3.1.1
air traffic management
functional system comprised of an aggregation of the airborne and ground-based functions (air traffic
services, airspace management and air traffic flow management) required to ensure the safe and
efficient movement of aircraft during all phases of operations and covering responsibilities of all
partners of the air traffic transport value chain
3.1.2
trust
situation where one party is willing to rely on the actions of another party
Note 1 to entry: Trust is more than what can be achieved by assurance. However, assurance represents a
supporting instrument to trust building.
3.1.3
transorganisational process
process between several organisations that interact as interested parties between each other
3.1.4
functional system
combination of systems, procedures and human resources organised to perform a function within the
context of ATM
[SOURCE: COMMISSION REGULATION (EC) No 2096/2005, Article 2]
3.2 Abbreviations
API Application Programming Interface
ATM Air Traffic Management
CA Certification Authority
Ch. Chapter
CP Certificate Policy
CPS Certificate Practice Statement
CS Certificate Service
cts Client-to-site VPN
DIM Digital Identity Management
HTTP HyperText Transfer Protocol
HTTPS HyperText Transfer Protocol Secure
ICAO International Civial Aviation Authority
IDM Identity Management
ISDN Integrated Services Digital Network
ITU International Telecommunication Union
LDAP Lightweight Directory Access Protocol
LoT-A Level of Trust for the Application Area
LoT-O Level of Trust of the Organization
PKI Public Key Infrastructure
PPr Partner network, protected
PPu Partner network, public
PSTN Public Switched Telephone Network
PuP Public, unprotected
PuP Public, protected
SQL Structured Query Language
sts Site-to-site VPN
u Unencrypted
v Encrypted
XSS Cross-Site Scripting
4 Aviation specific requirements related to EN ISO/IEC 27001:2017
4.1 Structure of this European Standard
This European Standard is structured in line with EN ISO/IEC 27009.
Guidance on additional aviation specific controls and concepts in relation to the global public key
infrastructures are included in Annex E.
4.2 Refinement of EN ISO/IEC 27001:2017 requirements
All requirements from EN ISO/IEC 27001:2017 that do not appear below apply unchanged
EN ISO/IEC 27001:2017, 6.1.3 c) is refined as follows:
Compare the controls determined in 6.1.3 b) above with those in EN ISO/IEC 27001:2017, Annex A and
with Annex A of this document to verity that no necessary controls have been omitted.
EN ISO/IEC 27001:2017, 6.1.3 d) is refined as follows.
Produce a Statement of Applicability that contains:
— the necessary controls [see EN ISO/IEC 27001:2017, 6.1.3 b) and c)];
— a justification for their inclusion;
— whether the necessary controls are implemented or not; and
— a justification for excluding any of the controls in EN ISO/IEC 27001:2017, Annex A or Annex A of
this document.
NOTE These refinements are necessary due to the introduction of new sector-specific controls in this
document.
5 Information Security policies
5.1 Management direction for Information security
5.1.1 Policies for information security
Additional Implementation guidance for EN ISO/IEC 27002:2017, 5.1.1
The policies for information security should be coordinated with the various security requirements in
other areas of aviation (e.g.: physical security of secure areas). The distinctions and mutual
dependencies between the individual areas should be documented in the policies or in separate
documents.
5.1.2 Review of the policies for information security
No additional information specific to aviation organisations for EN ISO/IEC 27002:2017, 5.1.2.
6 Organization of information security
6.1 Internal organization
6.1.1 Information security roles and responsibilities
Additional Implementation guidance for EN ISO/IEC 27002:2017, 6.1.1
The organization should appoint a person responsible to serve as a point of contact for strategic
information security issues for third parties (e.g. for the planning and implementation of joint
measures, etc.).
6.1.2 Segregation of duties
No additional information specific to aviation organisations for EN ISO/IEC 27002:2017, 6.1.2.
6.1.3 Contact with authorities
Additional Implementation guidance for EN ISO/IEC 27002:2017, 6.1.3
The organization should cooperate with the appropriate specialist and supervisory authorities,
particularly in the areas of IT security and prosecution, and with other critical infrastructures as well.
This includes contacts to authorities involved in critical infrastructure protection at the national and
European level.
6.1.4 Contact with special interest groups
Additional Implementation guidance for EN ISO/IEC 27002:2017, 6.1.4
The organization should establish an interface to other organisations.
Contacts should also consider the needs and expectations of interested parties, in particular
organisations with which the organization shares information security risks in terms of the creation or
contribution to aviation safety hazards and the management thereof.
The establishment of formal interfaces to critical organisations should be considered.
The organization should also be aware of the criticality of its services at a regional, national and
international level. It may therefore participate in associations and alliances as well as national and
international programs to provide comprehensive support to air safety.
Given the special nature of threats to air traffic, the organization may need to cooperate with other
aviation organisations to present an agreed position. Such a position should form the basis for the
selection of adequate, preventive and reactive measures:
— ensuring the interoperability of the
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

Loading comments...

This May Also Interest You

SIST
SIST-TS CEN/TS 16501:2013(Main)
Air Traffic Management - Specification for software assurance levels
CEN/TS 16501:2013

This Technical Specification specifies the technical, operational and maintenance requirements for Software Assurance Levels to support the demonstration of compliance with some elements of the Essential Requirements Safety and Principles governing the construction of systems of the Regulation (EC 552/2004) of the European Parliament and of the Council on the interoperability of the European Air Traffic network (the Interoperability regulation).
This Technical Specification on Software Assurance Levels (SWAL) is intended to apply to software that is part of the EATMN, focusing only on its ground segment and providing a reference against which stakeholders can assess their own practices for software specification, design, development, operation, maintenance, evolution and decommissioning.
Requirements in the present document which refer to should statements or recommendations in the normatively referenced material are to be interpreted as fully normative (shall) for the purpose of compliance with the present document.

  • Technical specification
    9 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
oSIST prEN 16154:2010(Main)
Air Traffic Management - Software assurance levels
prEN 16154

The present document is for the production of assurance evidence for software used in ground-based systems and their constituents.
This Community Specification on Software Assurance Levels (SWAL) is intended to apply to software that is part of the EATMN, focusing only on it’s “ground” segment and providing a reference against which stakeholders can assess their own practices for software specification, design, development, operation, maintenance, evolution and decommissioning.
This Community Specification defines the Technical, Operational and Maintenance requirements for Software Assurance Levels to demonstrate compliance with the applicable (see Annex A) Essential Requirements of the Regulation (EC) N° 552/2004 of the European Parliament and of the Council on the interoperability of the European Air Traffic network (“the Interoperability regulation”).
Requirements in the present document which refer to “should” statements or recommendations in the normatively referenced material (2.1) are to be interpreted as fully normative (“shall”) for the purpose of compliance with the present document.

  • Draft
    35 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 62841-2-19:2026/A11:2026(Amendment)
Electric motor-operated hand-held tools, transportable tools and lawn and garden machinery - Safety - Part 2-19: Particular requirements for hand-held jointers
EN IEC 62841-2-19:2025/A11:2025

2021-12-20: This prAA includes common mods to EN IEC 62841-2-19 (PR=75430)
DOW=DOR+48 months is applied to all parts in EN IEC 62841 series

  • Amendment
    9 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 17984-3:2026(Main)
Assistance Dogs - Part 3: Competencies for Assistance Dogs Professionals
EN 17984-3:2025

This document specifies the competencies required of assistance dogs’ professionals. The purpose of this document is to improve and ensure the quality of professionals working in a role within an assistance dog organization. Each speciality of assistance dog requires a specific set of role competencies and there are some common core competencies.
Core competencies in:
-   breeding;
-   puppy raising;
-   dog care;
-   assessors;
-   orientation and mobility;
-   trainers;
-   instructors.
Specific competencies to train:
-   guide dogs;
-   hearing dogs;
-   medical alert dogs;
-   mobility assistance dogs;
-   autism and development disorder dogs;
-   team training instructor.
It is accepted that assistance dog organisations vary greatly in structure and not every organization will have all the roles identified. Where one person performs more than one role, it is expected that they will have the competencies of all the roles they perform e.g. a dog trainer may also have the competencies of a dog care specialist. And there will be some organisations where some of these roles are not required, e.g. those with no breeding programme will not require the associated role competencies.

  • Standard
    35 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 5577:2026(Main)
Non-destructive testing - Ultrasonic testing - Vocabulary (ISO 5577:2025)
EN ISO 5577:2025

This document defines the terms used in ultrasonic non-destructive testing and forms a common basis for standards and general use.
This document does not cover specific terms used in ultrasonic testing with arrays.
NOTE            Terms used in ultrasonic testing with arrays are defined in ISO 23243.

  • Standard
    55 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 2719:2026(Main)
Determination of flash point - Pensky-Martens closed cup method (ISO 2719:2025)
EN ISO 2719:2025

This document specifies three procedures, A, B and C, using the Pensky-Martens closed cup tester, for determining the flash point of combustible liquids, liquids with suspended solids, liquids that tend to form a surface film under the test conditions, biodiesel and other liquids in the temperature range of 40 °C to 370 °C.
NOTE 1        Although, technically, kerosene with a flash point above 40 °C can be tested using this document, it is standard practice to test kerosene according to ISO 13736.[5] Similarly, lubricating oils are normally tested according to ISO 2592.[2]
Procedure A is applicable to distillate fuels (diesel, biodiesel blends, heating oil and turbine fuels), new and in-use lubricating oils, paints and varnishes, and other homogeneous liquids not included in the scope of procedures B or C.
Procedure B is applicable to residual fuel oils, cutback residuals, used lubricating oils, mixtures of liquids with solids, and liquids that tend to form a surface film under test conditions or are of such kinematic viscosity that they are not uniformly heated under the stirring and heating conditions of procedure A.
Procedure C is applicable to fatty acid methyl esters (FAME) as specified in specifications such as EN 14214[11] or ASTM D6751.[13]
This document is not applicable to water-borne paints and varnishes.
NOTE 2        Water-borne paints and varnishes can be tested using ISO 3679.[3] Liquids containing traces of highly volatile materials can be tested using ISO 1523[1] or ISO 3679.

  • Standard
    35 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 18862:2026(Main)
Coffee and coffee products - Determination of acrylamide - Methods using high-performance liquid chromatography with tandem mass spectrometric detection (HPLC-MS/MS) and gas chromatography with mass spectrometric detection (GC-MS) after derivatization (ISO 18862:2025)
EN ISO 18862:2025

This document specifies methods for the determination of acrylamide in coffee and coffee products by extraction with water, clean-up by solid-phase extraction (SPE) and determination by high-performance liquid chromatography with tandem mass spectrometric detection (HPLC-MS/MS) and gas chromatography with mass spectrometric detection (GC-MS) after derivatization. The methods were validated in a validation study for roasted coffee, soluble coffee, coffee substitutes and coffee products with ranges from 53 μg/kg to 612,1 μg/kg.

  • Standard
    32 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TS CEN/TS 18227:2026(Main)
Automotive fuels - E20 petrol - Requirements and test methods
CEN/TS 18227:2025

This document specifies requirements and test methods for E20 petrol marketed and delivered as such, containing a minimum oxygen content of 3,7 % (m/m) and a maximum of 8,0 % (m/m). The fuel has a maximum of 20,0 % (V/V) ethanol.
It is applicable to fuel for use in spark-ignition petrol-fuelled engines and vehicles.
This document is complementary to EN 228, which describes unleaded petrol containing an oxygen content up to 3,7 % (m/m) and a maximum ethanol content of 10 % (V/V).
NOTE 1   For general petrol engine vehicle warranty, E20 petrol might not be suitable for all vehicles and it is advised that the recommendations of the vehicle manufacturer are consulted before use. E20 petrol might need a validation step to confirm the compatibility of the fuel with the vehicle, which for some existing engines might still be needed.
NOTE 2   For the purposes of this document, the terms “% (m/m)” and “% (V/V)” are used to represent respectively the mass fraction, µ, and the volume fraction, φ.

  • Technical specification
    16 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 80601-2-70:2026(Main)
Medical electrical equipment - Part 2-70: Particular requirements for basic safety and essential performance of sleep apnoea breathing therapy equipment (ISO 80601-2-70:2025)
EN ISO 80601-2-70:2025

This document is applicable to the basic safety and essential performance of sleep apnoea breathing therapy equipment, hereafter referred to as ME equipment, intended to alleviate the symptoms of patients who suffer from obstructive sleep apnoea by delivering a therapeutic breathing pressure to the respiratory tract of the patient. Sleep apnoea breathing therapy equipment is intended for use in the home healthcare environment by lay operators as well as in professional healthcare institutions.
Sleep apnoea breathing therapy equipment is not considered to utilize a physiologic closed-loop-control system unless it uses a physiological patient variable to adjust the therapy settings.
This document excludes sleep apnoea breathing therapy equipment intended for use with neonates.
This document is applicable to ME equipment or an ME system intended for those patients who are not dependent on artificial ventilation. This document is not applicable to ME equipment or an ME system intended for those patients who are dependent on artificial ventilation such as patients with central sleep apnoea.
This document is also applicable to those accessories intended by their manufacturer to be connected to sleep apnoea breathing therapy equipment, where the characteristics of those accessories can affect the basic safety or essential performance of the sleep apnoea breathing therapy equipment.
Masks and application accessories intended for use during sleep apnoea breathing therapy are additionally addressed by ISO 17510. Refer to Figure AA.1 for items covered further under this document.
If a clause or subclause is specifically intended to be applicable to ME equipment only, or to ME systems only, the title and content of that clause or subclause will say so. If that is not the case, the clause or subclause applies both to ME equipment and to ME systems, as relevant.
Hazards inherent in the intended physiological function of ME equipment or ME systems within the scope of this document are not covered by specific requirements in this document except in 7.2.13 and 8.4.1 of the general standard.
NOTE 2        See also 4.2 of the general standard.
This document does not specify the requirements for:
–    ventilators or accessories intended for critical care ventilators for ventilator-dependent patients, which are given in ISO 80601‑2‑12.
–    ventilators or accessories intended for anaesthetic applications, which are given in ISO 80601-2-13.
–    ventilators or accessories intended for home care ventilators for ventilator-dependent patients, which are given in ISO 80601-2-72.
–    ventilators or accessories intended for emergency and transport, which are given in ISO 80601-2-84.
–    ventilators or accessories intended for home-care ventilatory support, which are given in ISO 80601‑2-79 and ISO 80601‑2‑80.
–    high-frequency ventilators[23], which are given in ISO 80601-2-87.
–    respiratory high flow equipment, which are given in ISO 80601‑2‑90;
NOTE 3      ISO 80601-2-80 ventilatory support equipment can incorporate high-flow therapy operational mode, but such a mode is only for spontaneously breathing patients.
–    user-powered resuscitators, which are given in ISO 10651-4;
–    gas-powered emergency resuscitators, which are given in ISO 10651-5;
–    oxygen therapy constant flow ME equipment; and
–    cuirass or “iron-lung” ventilation equipment.

  • Standard
    89 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 15016-2:2023+A1:2026(Main + Amendment)
Railway applications - Technical documents - Part 2: Parts lists
EN 15016-2:2023+A1:2025

This document specifies the preparation and reproduction of design parts. This document defines the basic principles and structure of design parts lists. This document is applicable to all design parts lists for railway applications.

  • Standard
    26 pages
    English language
    sale 10% off
    e-Library read for
    1 day