Final Draft
International Standard
ISO/IEC FDIS 9868
Information technology — Design, development, use and maintenance of biometric identification systems involving passive capture subjects
Reference number
ISO/IEC FDIS 9868
Edition 1
Final Draft International Standard
ISO/IEC FDIS 9868
83613
This draft is in the approval phase.

Abstract

This standard establishes recommendations and requirements for remote biometric identification systems including both real-time and ex-post, including AI-based systems: 1. Technical solutions to be implemented in the design and development phases in relation to the following: o appropriateness of training and testing datasets and data management practices for the intended purpose; o logging capabilities enabling the automatic recording of events (‘logs’) while the system is operating; o provision of information to instruct the operator of the system and information for appropriate use; o human oversight measures, enabling the system to be effectively overseen and managed during the period of use; o accuracy, robustness and cybersecurity. 2. The standard also establishes requirements on development practices: o Risk management process to be implemented by the provider when designing and developing the system, notably in relation to the identification and implementation of solutions described under point (1) o Quality management systems to be implemented by the provider in its organisation, including a system for post-market monitoring 3. The standard also establishes requirements on post-deployment tests and audit of the systems, including: o Verification and testing procedures to assess whether the deployed system is proportionate and fit-for-purpose against the requirements given in point (1); o Verification and testing procedures to assess the biometric recognition components are fit-for-purpose against the requirements given in point (1); o Verification procedure to control the appropriateness of the quality management system measures and processes, as described under point (2). While the emphasis is on surveillance systems, other types of remote biometric identification systems are in scope, regardless of biometric modality or sensing technology. Not in scope are personal authentication systems, and other types of voluntary, opt-in, systems. Note: This scope includes both technical biometric aspects and management systems aspects, as discussed on page 7. The latter will be developed as a sector-specific extension of ISO/IEC 42001 AI - Management System.

General information

  •  : Under development
    : Proof sent to secretariat or FDIS ballot initiated: 8 weeks [50.20]
  •  : 1
     : 30
  • ISO/IEC JTC 1/SC 37
    35.240.15 
  • RSS updates

Got a question?

Check out our Help and Support