1. Clause Overview
§4.4.2 has the same structure as ISO/IEC 5230 §3.6.2 (Duration). It requires organizations to maintain a document confirming that all requirements of the specification are met within the past 18 months of obtaining conformance. When a new version of the specification is published, conformance under the previous version is maintained for a grace period of 18 months, during which it is recommended to update to the latest version.
2. What to Do
- Record and manage the date on which conformance was obtained.
- Within the past 18 months of obtaining conformance, re-confirm and document that all requirements of the specification are still met.
- If a new version of ISO/IEC 18974 is published, update the program to meet the latest version and re-confirm within 18 months.
- Conduct periodic internal audits to verify that all 25 verification material items remain continuously compliant.
3. Requirements and Verification Materials
| Clause | Requirement | Verification Material(s) |
|---|---|---|
| §4.4.2 | A program that is conformant with this specification shall remain conformant even if the version of the specification it was conformant against is subsequently updated, for a period of 18 months after the new version of the specification is published. It is recommended that conformant programs be updated to be conformant with the latest version of the specification. | 4.4.2.1 A document affirming the program meets all the requirements of this version of the specification, within the past 18 months of obtaining conformance. |
View original text
§4.4.2 Duration A program that is conformant with this specification shall remain conformant even if the version of the specification it was conformant against is subsequently updated, for a period of 18 months after the new version of the specification is published. It is recommended that conformant programs be updated to be conformant with the latest version of the specification.
Verification Material(s): 4.4.2.1 A document affirming the program meets all the requirements of this version of the specification, within the past 18 months of obtaining conformance.
4. How to Comply with Each Verification Material
4.4.2.1 Document Confirming All Requirements Met Within 18 Months
How to Comply
In the same manner as ISO/IEC 5230 §3.6.2.1, review and update the specification conformance document from §4.4.1.1 at least once a year. Each time it is updated, record the review date and reviewer to demonstrate that a review was conducted within the past 18 months.
For organizations operating both ISO/IEC 5230 and 18974 simultaneously, consolidating the periodic re-confirmation schedules for both specifications into a single annual integrated audit improves management efficiency.
Sample
[ISO/IEC 18974 Specification Conformance Periodic Re-confirmation Record]
Initial Conformance Date: YYYY-MM-DD
Specification Version Confirmed: ISO/IEC 18974:2023 (Version 1.0)
| Re-confirmation Date | Result | Changes | Reviewer | Notes |
|----------------------|--------|---------|----------|-------|
| 2025-01-10 | Fully Met | Vulnerability resolution expertise document updated (§4.2.2.3) | John Doe | - |
| 2026-01-08 | Fully Met | Performance metric targets raised (§4.1.4.2) | John Doe | - |
Next re-confirmation scheduled: YYYY-MM-DD
18-month validity deadline: YYYY-MM-DD
5. References
- Corresponding ISO/IEC 5230 clause: §3.6.2 Duration
- Check latest OpenChain specification version: https://www.openchainproject.org/security-assurance