New Work Item Proposal

New work item proposal

ISO /TC 268/SC 1/AHG 3 N 00023

Date: 2016-11-10

ISO/pr-NWIP 371XX

ISO /TC 268/SC 1/WG/AHG3

Secretariat: SAC

ISO/TC 268/SC 1 Smart Community Infrastructures

Guidelines on Data Exchange and Sharing for Smart Community Infrastructures

Document type: International Standard

Document subtype:

Document stage:

Document language: E and C

Contents

Foreword

Introduction

1.Scope

2 Terms and Definitions

2.1 Concepts Relating to Smart Community Infrastructure

2.2 Concepts Relating to Smart city Community Infrastructure Data Exchange and Sharing

2.3 Core Concepts Relating to Smart City Community Infrastructure Data

3.Background

3.1 Smart Community Infrastructures

3.2 Information Aspects of Communities

3.3 Needs of Information Exchange and Sharing

4.Data Sharing and Exchange Model

4.1 General Framework of Data Model

4.2 Data Application

4.3 Data Classification and Code

4.4 Data item Coding Standards

4.5 Metadata Defined Specifications

4.6 Infrastructure Directory

4.7 Metadata Directory

4.8 Data Quality

4.8.1 General requirements for data quality

4.8.2 Data Quality Management and Verification in a System

4.8.3 Inter Organization Data Quality Controlling

4.8.4 The Data Quality Verification after Sharing and Exchanging

5 Data Integration

5.1 Conceptual Model and Description Specification

5.2 Data Encoding Specification

5.3 Sharing and Opening Demand

5.4 Smart Community Infrastructure Data Element

5.5 Data Mining

5.6 Digital Continuity Management Requirements

6 Framework for Data Exchange and Sharing

6.1 General

6.2 Data Sharing and Exchange Business Logic

6.3 Data Sharing and Exchange Categories

6.4 Data Sharing and Exchange Principles

6.5 Data Sharing and Exchange Service Methods

6.6 Associated Parties

6.7 Technical Architecture of the Data Sharing and Exchange Platform

7 Recommendations for Data Security

7.1 Outline

7.1.1 Threats to Data Security

7.1.2 Range of Data Security Recommendations

7.2 General

7.3 Data Lifecycle Safety

7.3.1 Data Acquisition Security

7.3.2 Data Transmission Security

7.3.3 Data Processing Security

7.3.4 Data Storage Security

7.3.5 Data Discard Security

7.4 Data Security Monitoring, Auditing and System Security Evaluation

7.4.1 Data Security Monitoring

7.4.2 System Security Evaluation

7.4.3 Establish Vulnerability Management Program

7.4.5 Active Define System

Annexes 1. Case Study

Annexes 2. Tool and Methodology Examples

Annexes 3. Smart City Indicator System (Pilot, SCI) by MOHURD CHINA (ISO 37150)

Liaison Organizations

Foreword

ISO(International Organization for Standardization) is a worldwide federation of variousnational standard-settingbodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been establishedhas the right to join into that committee International organizations, governmental or non-governmental international organizations in liaison with ISO can also take part in the work. ISO collaborates closely with the International Electro technical Commission (IEC) on all matters of electro technical standardization.

The procedures used to develop this document and thoseintention for its further maintenance are described in the ISO/IEC Directives, Part 1. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see

The main task of technical committees is to prepare forInternational Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. In particular the different approval criteria needed for the different types of ISO documents should be noted. Publication as an International Standard requires approval pass rateby at least 75 % of the member bodies casting a vote.

In other circumstances, when there is a special urgent requirement for such kind of documents, a technical committee may decide to publish other types of normative document.

— An ISO Publicly Available Specification (ISO/PAS) represents an agreementamong technical experts in an ISO working group and is accepted for publication if it is approved by more than 50% of the members of the parent committee casting a vote;

— An ISO Technical Specification (ISO/TS) represents an agreement among the members of a technical committee and is accepted for publication if it is approved by 2/3 of the members of the committee casting a vote.

An ISO/PAS or ISO/TS is reviewed after three years with a view to deciding whether it should be confirmed for a further three years, revised to become an International Standard, or to be withdrawn. In the case of a confirmed ISO/PAS or ISO/TS, it is reviewed again after three years at which time it has to be either transposed into an International Standard or to be withdrawn.

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received.

Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.

The committee responsible for this document is ISO/TC 268, Sustainable development in communities, Subcommittee SC 1, Smart community infrastructures, AHG3, Data exchange and sharing for smart community infrastructures.

Introduction

Urban function and people’s daily life highly depend on different types of community infrastructures. Community infrastructures, which include energy, water, transportation, waste, information and communications technology (ICT), etc., are foundational to the operation and activity of the community. The poor management of community infrastructures will result in urban problems such as environmental pollution, traffic jam, community resource insufficient and urban lifeline system weakness, which are not good for sustainable development of community.

The community infrastructure involves different areas and is governed by different organizations or departments.Community infrastructure operates in different sectors or parts of the community and is often operated and governed by many different organizations or departments. This patchwork approach often results in information silos that limit the knowledge of infrastructure operators. These information silos are a significant contributor to the poor management of community infrastructure. Therefore, strengthening the sharing of urban infrastructure data is an important aspect of the smart community. Data is the foundation of smart community. By organizing, fusing and sharing all kinds of infrastructure data within the scope of community and strengthening data security strategy,the capabilities of monitoring urban resource usages and services can be improved to ensure the scientificity of urban planning, the continuity of urban function and sustainability of community development, to makethe community more safe, hospitableand livable.

This ISO document is a reference for governments and other enterprises, organizations, and individuals who have the responsibility or need to share data on community infrastructure. This document helps promote a baseline of information, eliminate isolated information islands, and move toward a higher degree of smart. As one example of this, the document promotes efficient cooperation by establishing mechanisms for information exchange among different departments within local governments.

Based on the above, we will propose a new AHG3 (WG3): Smart Community Infrastructure Data Exchange and Sharing. This standard establishes a set of community infrastructure data organizing methods and a unified framework of community infrastructure data exchanging, sharing and security. The purposes for studying data exchange and sharing for smart community infrastructures are:

-Providing intensive, efficient, convenient, ecological and secure infrastructure for urban infrastructure users, consumers or beneficiaries.

-Providing a reference to provide shared, exchangeable, extensible, and maintenance of urban infrastructure services.

-Providing reference for the urban infrastructure data sharing and exchange platform provider which provides products, services and solutions.

The same as ISO37101、ISO37120、ISO37150、ISO37151, this standard is about smart community infrastructures. The ISO 37101 is the requirements of different types of data supporting.In order to aimat high level management of urban and community, the ISO37120 is the guidance to achieve the sustainable development from the macro level. Both ISO37150 and ISO37151 are specific guidance to smart community infrastructures performance metrics under the overall guidance of the ISO37120. This standard and ISO37150, ISO37151 are all guidelines and recommendations to smart community infrastructure from specific implementation aspects. The difference isthis standard focuses on guidance to data organizing, fusing, sharing and security.

In addition, this standard is also related to other standards as below:

-The formerIEC SEG1 WG2 Urban planning and simulation system

-The formerIEC SEG1 WG3 Urban infrastructure management

-GB-Smart City Data fusion Part 2: Data Acquisition specification；

-GB-Smart City Data fusion Part 5: Data element of municipal facility；

-WCCD (World Council on City Data ) Open City Data Platform Project

1.Scope

This ISO document gives guidelines on the following items to entities having authority to develop and/or operate Community Infrastructure:

1) Types of data to be shared between the entities/organizations;

2) Smart Community Infrastructures Data fusion;

3) Data exchange and sharing framework and methodologies;

4) Recommendations on ensuring security of data that may be shared, exchanged or used.

Relationship between chapter and research content

The guidelines of this ISO Standard are applicable to communities of any size that are engaged in the sharing and exchange of community infrastructure data. However, the specific practices of exchanging and sharing data of community infrastructures depend on the characteristics of each community.

In thisdocument, the concept of smartness is addressed in terms of data exchange and sharing of community infrastructures, in accordance with sustainable development and resilience of communities as defined in ISO/TC 268.

2 Terms and Definitions

2.1 Concepts Relating to Smart Community Infrastructure

2.1.1

Community

Group of people with an arrangement of responsibilities, activities and relationships

NOTE1: In the context of this Technical Specification, a community shares geographic areas.

[SOURCE: ISO/TS 37125:2015, 3.1]

2.1.2

Community Infrastructure

Systems of facilities, equipments and services that support the operations and activities of communities

NOTE1: Such community infrastructures include, but are not limited to, energy, water, transportation, waste and information and communication technologies (ICT).

[SOURCE: ISO/TS 37125:2015, 3.2]

2.1.3

SmartCommunity Infrastructure

Community infrastructure with enhanced technological performance that is designed, operated, and maintained to contribute to sustainable development and resilience of the community

[SOURCE: ISO/TS 37151:2015, 3.1]

2.1.4

SmartCommunity Infrastructure Data

Datacollected from various sources of smart community infrastructure.

2.1.5

SmartCommunity Infrastructure Data Ownership

The legal right of possession, including the right of disposition, and sharing in all the risks and profits commensurate with the degree of ownership interest or shareholding, as demonstrated by an examination of the substance, rather than the form, of ownership arrangements relating to smart community infrastructure data

NOTE 1: Adapted from [SOURCE: ISO10845-6:2011, 2.11]

2.1.6

DigitalContinuity

The digital ability to ensure digital data to beavailable, traceable and consistentwith the quality characteristic of authenticity, reliability, integrity and usabilityalong its lifecycle

NOTE 1: continuity refers to capability to manage risks and events that could have serious impact on a service or services in order to continually deliver services at agreed levels

Adapted from [SOURCE: ISO/IEC20000-1:2011, 3.28]

2.2 Concepts Relating to Smart city Community Infrastructure Data Exchange and Sharing

2.2.1

InformationAsset

NOTE 1: asset refers to anything that has value to a stakeholder

NOTE2:An asset may be tangible or intangible.

[SOURCE: ISO/TS 19299:2015, 3.3]

2.2.2

InformationSecurity

Preservation of confidentiality, integrity and availability of information from unacceptable risk

NOTE 1: security refers to freedom from unacceptable risk [SOURCE: ISO/TS 37151:2015, 3.14]

NOTE 2: Adapted from [SOURCE: ISO/TS 14441:2013, 3.27].

NOTE 3: In addition, other properties such as authenticity, accountability, non-repudiation and reliability can also be involved [SOURCE: ISO/IEC17799:2005, 2.5]

2.2.3

Risk

Effect of uncertainty

NOTE 1: An effect is a deviation from the expected — positive or negative.

NOTE 2: Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood.

NOTE 3: Risk is often characterized by reference to potential events (ISO Guide 73, 3.5.1.3) and consequences (ISO Guide 73, 3.6.1.3) or a combination of these.

NOTE 4: Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood (ISO Guide 73, 3.6.1.1) of occurrence.

[SOURCE: ISO Guide 73:2009, Definition 1.1: ISO/TR 18128:2014, 3.1.1]

2.2.4

InformationChain for Total Lifecycle

A process of building an information chain in all phases during the lifecycle of a fact.

NOTE 1: Information chain reflects the relationships between data, information, knowledge, intelligence and smart decision making rules.

NOTE 2: In terms of a fact, the information chain for total lifecycle contains the physical and cognitive attributes of the fact’s information chain, and it reflects the physical and cognitive attributes of each phase on the information chain.

NOTE 3: Lifecycle [of information resource] refers to sequence of events that mark the development and use of an information resource [SOURCE: ISO/TS 13972:2015, 2.33]

NOTE 4: Information chain covers data lifecycle process, the processbased on data element transformation [SOURCE: ISO/TS 17427:2014,3.17]

2.2.5

DataAcquisition

Process of collecting and enteringdata.

[SOURCE: ISO/IEC 2382:2015, 2122168 ]

2.2.6

Data Exchange

Storing, accessing, transferring, and archiving of data

[SOURCE: ISO/TS13399-5:2014, 3.7]

2.2.7

XML

Standard from the Worldwide Web Consortium (W3C) that provides for tagging of information content within documents offering a means for representation of content in a format that is both human and machine readable

NOTE 1: Through the use of customizable style sheets and schemas, information can be represented in a uniform way, allowing for interchange of both content (data) and format (metadata).

[SOURCE: ISO/ASTM 52915:2016, 2.7]

2.2.8

UTF-8

Unicode Transformation Format that serializes a Unicode scalar value as a sequence of one to four bytes.

NOTE 1: Definition taken from the glossary of the Unicode Consortium web site. See

[SOURCE: ISO/IEC11989:2010, 4.1.20]

2.2.9

UID (Universal identification code)

Acode that represents a single and specific set of attributes that are related to an object or class of objects during its life within a particular domain and scope of an object identification system

[SOURCE: ISO 16678:2014, 2.1.21]

2.2.10

Access

Right, opportunity, means of finding, using or retrieving information

[SOURCE: ISO 15489-1:2016]

2.2.11

DataProcessing

Systematic performance of operations upon data

[SOURCE: ISO/IEC 2382:2015 2121276]

2.2.12

Data Classification

Identifier of a computer-readable representation of data for a specific application

[SOURCE: ISO13281-2:2000, 4.2]

2.2.13

Data Transmission

Transfer of data from one point to one or more other points over telecommunication facilities

[ SOURCE: ISO/IEC 2382:2015, 2124347]

2.2.14

Data Disposition

Range of processes associated with implementing data retention, destruction or transfer decisions which are documented in disposition authorities or other instruments

NOTE 1: Adapted from [SOURCE: ISO 15489-1: 2016, definition 3.8.]

2.2.15

Data Destruction

Process of eliminating or deleting data, beyond any possible reconstruction

NOTE 1: Adapted from [SOURCE: ISO 15489-1:2016, definition 3.7]

2.2.16

Data Retention

Maintenance and preservation of data in some form (e.g.paper, microfilm, or electronic storage) for a given period of time.

[SOURCE: ISO/TR 21089:2004, 3.81]

2.2.17

Data Preservation

Processes and operations involved in ensuring the technical and intellectual survival of authentic data through time

NOTE 1: Adapted from [SOURCE: ISO 15489-1:2001, definition 3.14.]

2.2.18

Data Storage

Means for storing information from which data is submitted for delivery, or into which data is put by the delivery authority

[SOURCE: ISO/IEC13888-1:2009, 3.7]

2.3 CoreConcepts Relating to Smart City Community Infrastructure Data

2.3.1

Data

Reinterpretable representation of information in a formalized manner suitable for communication, interpretation, or processing

NOTE 1: Data can be processed by humans or by automatic means.

[SOURCE: ISO/TS19104:2008, B.103]

2.3.2

Thematic Data

Data about specific business, which is used to support decision making rather than daily operation, it can be used to supply of sustainable information resource service as long as required.

NOTE 1: thematic data can refer to gridded datawhoseattributevalues describe characteristics of agridcoverage feature in a grid format)

[SOURCE: ISO/TS 19163-1:2016, 4.14]

NOTE 2: gridded data are data whoseattributevalues are associated with positions on agridcoordinate system

NOTE 3:Gridded data are a subtype of coverage data, which represent attribute values of geographic features in terms of a spatial grid.

[SOURCE: ISO191152:2009, 4.17, modified — Note 1 to entry has been added.]

2.3.3

Business Data

Data produced by specific businesses, and can only be shared and exchanged limitedly according to business requirements.

NOTE 1: Business data can also refer to data(in abusinesstransaction)

Representations ofrecorded information(3.56)that are being prepared or have been prepared in a form suitable for use in a computer system

[SOURCE: ISO/IEC 15944-4:2015(en), 3.16]

2.3.4

Geo-spatial Data

Data represents the location, shape, size, distribution attribute of a geographical entity.

2.3.5

Standard Data

Data with basic and supportive sharing functions that complies with international, regional and national levels standards.

NOTE 1: standard data can also refer to requirement on a software system defined by means of EXPRESS entity (data type) instances that are supposed to be recognized by this software system

[SOURCE: ISO13584-102:2006,3.29]

2.3.6

Metadata

Data describing context, content and structure of records and their management through time

[SOURCE: ISO 30300:2011, 3.1.6]

2.3.7

Data Quality Characteristics

Category of data quality attributes that bears on data quality

NOTE 1te : Data quality refers to degree to which the characteristics of data satisfy stated and implied needs when used under specified conditions [SOURCE: ISO/IEC 25024:2015, 4.11]

[SOURCE: ISO/IEC 25024:2015, 4.12]

2.3.8

Authenticity

Property that an entity is what it claims to be

[SOURCE: ISO/IEC27000:2014, 2.8]

2.3.9

Reliability

Measure of the completeness and accuracy of the representation of transactions and activities, or of the facts to which they attest

[SOURCE: ISO13008:2012, 3.19]

2.3.10

Integrity

Quality of being complete and unaltered or destroyed in an unauthorized manner

NOTE 1: adapted from [SOURCE: ISO/TS17574:2009, 3.11, modified]