Why aren't ISO standards made publicly available?

[Man]

Founders of ISO, London, 1946

The International Organization for Standardization was created in 1946 to issue international standards. The first of these was the organization's name, which sounds the same in all languages of the world:ISO.

ISO standards on everything from road safety and toys to reliable medical packaging help make the world a safer place. But the question is: why aren't all the standards made freely available, even though this knowledge is needed and useful for the overall progress of humanity?
Some IT professionals point out that this practice is not the most efficient for the industry. Tim Sweeney says that the value of standards is in their adoption. Paywalls prevent the general adoption of standards, “making it impractical for millions of hobbyist programmers to access them or even understand what the standard is”.

According to Sweeney, the value of these standards to society is orders of magnitude higher than the amount ISO earns from selling electronic and paper copies. Take the ISO C++ standard, for example. He suggests that a thousand copies of this document were sold at a price of about $200. Overall, the organization could have earned about $200,000, but the lack of an open standard is holding back a segment of the tech industry worth hundreds of billions of dollars, Tim believes.

According to the 2021 report, ISO and its national affiliates earned CHF 20.1 million from the sale of publications and royalties, as well as CHF 21.4 million from membership fees. Two roughly equal sources of income.

Over the course of its existence, ISO has adopted 24,121 standards, mainly in the fields of IT, graphics and photography. Here are some of the popular ones:

• ISO 8601 - Representation of dates and times
• ISO 6 - Film speed (one of the first international standards in the world)
• ISO 639 - Codes for the representation of names of languages
• ISO 37001 - Anti-bribery management systems
• ISO 4217 - Codes for the representation of currencies and funds
• ISO 9660 - ISO Images for Computer Files
• ISO 26000 - Social Responsibility
• ISO 3166 - Country codes

People's Initiative​

About two years ago, an open letter (petition) was published calling for all ISO standards to be published in the public domain.

The authors note that ISO's policy on open standards has become more stringent:

• New editions of standards that were previously available free of charge are no longer freely available (we are talking about the so-called Publicly Available Standards, PAS). At the same time, participants in open source projects are likely to use free (outdated) versions of the standard, which can cause compatibility problems.
• Technical reports (TR) have recently been banned from being published free of charge under any circumstances, as they are no longer considered standards. However, experts have participated in the drafting of some PRs and standards, assuming their future public availability.
• ISO is pressuring other standards bodies with which it collaborates that have a policy of open standards (e.g. ITU-T) to change their policies by removing collaborative documents from free public access.

Thus, the adoption of new standards by a wide audience is difficult, and their quality may suffer. As is known, it is easier to find errors in open source code than in closed code. If we extend the analogy to standards, then there will also be fewer defects in open standards. The method really works, as evidenced by the success of the Open Source and Open Access movements.

According to the authors of the document, the rejection of transparency reduces trust in standards. They propose introducing free access to all documents, and compensating for lost income with membership fees from the organization's participants.

Anyone can sign the petition by editing a Google Docs document. Among the signatories are dozens of well-known developers and experts, including experts from the ISO/IEC, W3C, IETF standards development committees, etc.

Despite all the shortcomings of the paid model, ISO standards have a serious status, including in the field of information security. GlobalSign recently received two more certificates:

• ISO 27701:2019 - Privacy Information Management Standard (PIMS);
• ISO 27017:2015 is a cloud security standard.

The two new certificates join those previously received. A year ago, GlobalSign was one of the first certification authorities in the world to receive ISO 27001 (information security management) and ISO 22301 (business continuity management) certification.

The situation with paid standards is somewhat reminiscent of the situation with scientific publishers, which also limit public access to scientific publications. At first glance, this seems wrong, but the system works. Science moves forward, and scientific journals maintain their authority thanks to the careful selection of publications, which would be difficult without professional full-time editorial boards (which require funding).

A similar picture is in the case of ISO. Like scientific publications, international standards really make the world a better place. Open publishing is a standard, basic, and universally understood model by which W3C, IETF, and other technology standardization committees operate. Secrecy is of no benefit to anyone here.

On the other hand, purchasing ISO documents can be viewed as voluntary donations from industry representatives who want to support the organization.

Source