ISO 12931

Description / Abstract: This International Standard specifies performance criteria and evaluation methodology for authentication solutions used to establish material good authenticity throughout the entire material good life cycle. It does not specify how technical solutions achieve these performance criteria.

This International Standard is intended for all types and sizes of organizations that require the ability to validate the authenticity of material goods. It is intended to guide such organizations in the determination of the categories of authentication elements they need to combat those risks, and the criteria for selection of authentication elements that provide those categories, having undertaken a counterfeiting risk analysis. Such authentication elements can be part of the material good itself and/or its packaging. The criteria applies to the material good and/or its packaging.

The performance criteria is considered by organizations in relation to their specific situation.

This International Standard is focused upon the authentication of material goods

— covered by intellectual property rights,

— covered by relevant national or regional regulation,

— with safety and public health implications,

— otherwise with a distinctive identity.

This International Standard focuses on material goods and is not intended to apply to, for example, goods used in the financial sector, official administrative papers, identity documents or to downloadable products.

This International Standard does not apply to technologies or systems designed for the tracking and tracing of material goods. Track and trace on its own is not an authentication solution and is therefore outside the scope of this International Standard.

This International Standard does not deal with economical criteria aiming to correlate performance and costs of the authentication solutions.

Some industries and services may have special regulatory requirements which would require additional functionality to supersede part(s) of this International Standard.

This International Standard is intended to contribute to an organization's understanding of its authentication needs, possible strategies, and challenges. It is intended to give the organization a set of criteria to analyse, specify and implement its authentication solutions.

The organization will determine the level of security assurance required for the selected authentication solution. The authentication solution provider is expected to comply with the risk and security requirements of the organization.

This International Standard is not intended to constrain the organization's choice of authentication technologies.