Why Standards Harmonization Matters
I declare my bias on this as both a convenor and recognized expert, and that I have contributed to the writing of ISO/IEC global cybersecurity standards across various sectors. I have observed the benefits of harmonized horizontal standards, which can level the playing field for all organizations and systematically enhance the overall security risk mitigation standards.
To clarify my scope, these claims are specifically directed at companies of all sizes that wish to operate in foreign jurisdictions. If your organization does not require nor desire these standards, this guidance is not for you. However, if you are considering global expansion, it is imperative to meet these requirements sooner rather than later, as they will be a significant barrier to entry for many markets.
It is important to note that ISO/IEC standards are not flawless. They are crafted by highly skilled individuals who meticulously consider work and sentence structure, employing consensus rules to guide the development of these documents. While some first editions were manageable, subsequent revisions have been necessary to address evolving market needs and achieve greater maturity.
When I refer to “harmonized” standards, I mean that the standards writers and experts have considered all key stakeholders and utilized a common language within these standards. This consensus and language uniformity facilitate trade and marketing by providing buyers with a shared understanding of the products and services offered. While regional standards may benefit local companies, if these companies attempt to gain traction in foreign markets, they risk not meeting the local requirements, which may have regulatory and trade implications. Nor do these “local” standard use the same vocabulary or language that international ones tend do use.
One of the greatest challenges for standards writers is raising awareness among companies of these standards and the benefits they provide. As national standards development organizations (SDOs) are not typically well-equipped to undertake this task, as many are government departments. While many organizations are familiar with ISO/IEC standards, they often do not fully comprehend the complexity involved in their development. While outside the scope of this blog, I wanted to share that in many cases we consider how companies will leverage these documents and how they can be possibly be misinterpreted. With a process to get industry feedback, we can quickly provide updates for editions where technical aspects are being wrongly implemented.
Although there have been changes to our “Directives,” our guidance for standards development, the two constant elements are ensuring consensus and meeting market needs for new standards. These two aspects are why harmonization is beneficial for organizations worldwide who will implement and use these standards.
When we all speak the same language it becomes much easier to deal with issues and have common understanding to specific technology implementations. Harmonization allows us to develop these standards for industry and hopefully raise the bar globally for what constitutes a level of implementation guidance for these sectors.