ISO 14641-2018

INTERNATIONAL ISO
STANDARD 14641
First edition
2018-06
Electronic document management —

Design and operation of an
information system for the
preservation of electronic documents
— Specifications
Archivage électronique — Conception et exploitation d'un
système informatique pour la conservation intègre de documents
électroniques — Spécifications
Reference number
ISO 14641:2018(E)
© ISO 2018
ISO 14641:2018(E)
COPYRIGHT PROTECTED DOCUMENT

© ISO 2018
All rights reserved. Unless otherwise specified, or required in the context o f its implementation, no part o f this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country o f the requester.
ISO copyright o ffice
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2018 – All rights reserved

ISO 14641:2018(E)
Contents Page
Foreword ........................................................................................................................................................................................................................................ vi
Introduction .............................................................................................................................................................................................................................. vii
1 Scope ................................................................................................................................................................................................................................. 1
2 Normative references ...................................................................................................................................................................................... 1
3 Terms and definitions ..................................................................................................................................................................................... 2
4 General characteristics and levels of requirements ........................................................................................................ 5
4.1 Characteristics ......................................................................................................................................................................................... 5
4.2 Levels o f requirements ..................................................................................................................................................................... 6
5 General specifications ..................................................................................................................................................................................... 8
5.1 General ........................................................................................................................................................................................................... 8
5.2 Technical description manual .................................................................................................................................................... 8
5.3 Archival system profiles .................................................................................................................................................................. 8
5.4 Operational procedures .................................................................................................................................................................. 9
5.4.1 General...................................................................................................................................................................................... 9
5.4.2 Scanned documents ...................................................................................................................................................... 9
5.4.3 Digitally born documents ......................................................................................................................................... 9
5.5 Security....................................................................................................................................................................................................... 10
5.5.1 Management and organization o f security............................................................................................. 10
5.5.2 Risk assessment............................................................................................................................................................. 10
5.5.3 Physical security ........................................................................................................................................................... 11
5.5.4 Hardware security ....................................................................................................................................................... 11
5.5.5 Security o f custom so ftware and so ftware products ..................................................................... 11
5.5.6 Maintenance o f the information system ................................................................................................... 12
5.5.7 System change-management and migration o f media ................................................................. 12
5.5.8 Security backups ........................................................................................................................................................... 13
5.5.9 Continuity o f access to archives ....................................................................................................................... 13
5.6 Date and time stamping ............................................................................................................................................................... 13
5.7 Audit trail .................................................................................................................................................................................................. 14
5.7.1 General................................................................................................................................................................................... 14
5.7.2 Secure preservation o f the audit trail ......................................................................................................... 14
5.7.3 Archive li fecycle log .................................................................................................................................................... 15
5.7.4 Events log ............................................................................................................................................................................ 15
6 Storage media considerations ............................................................................................................................................................. 16
6.1 Media type definition ..................................................................................................................................................................... 16
6.2 Preservation o f archival media .............................................................................................................................................. 16
7 Systems using removable media ....................................................................................................................................................... 16
7.1 General ........................................................................................................................................................................................................ 16
7.2 Initialization o f removable storage volumes .............................................................................................................. 17
7.3 Finalization o f removable storage volumes ................................................................................................................ 17
7.4 Labelling o f physical WORM media .................................................................................................................................... 17
8 Systems using logical WORM media .............................................................................................................................................. 17
9 Systems using rewritable media ....................................................................................................................................................... 17
9.1 General ........................................................................................................................................................................................................ 17
9.2 Standard security level .................................................................................................................................................................. 18
9.3 Strong security level ........................................................................................................................................................................ 18
9.4 Advanced security level ................................................................................................................................................................ 18
10 Archival capture ................................................................................................................................................................................................. 19
10.1 Electronically born documents .............................................................................................................................................. 19
10.1.1 General................................................................................................................................................................................... 19
10.1.2 Procedure for archives capture (deposit) ............................................................................................... 19
© ISO 2018 – All rights reserved iii

ISO 14641:2018(E)
10.1.3 Marked-up electronic documents .................................................................................................................. 19

10.1.4 Electronic documents using a layout format ........................................................................................ 19
10.1.5 Other electronic document formats ............................................................................................................. 19
10.1.6 Print streams .................................................................................................................................................................... 19
10.1.7 Verification o f electronic documents ........................................................................................................... 20
10.1.8 Integrity control o f electronic documents trans ferred from source applications 20
10.1.9 Metadata capture .......................................................................................................................................................... 20
10.1.10 Indexing and document searches ................................................................................................................... 21
10.2 Paper-based or micro form documents ........................................................................................................................... 21
10.2.1 Scanning devices for documents ..................................................................................................................... 21
10.2.2 Image processing features .................................................................................................................................... 21
10.2.3 Paper document or micro form capture procedure ......................................................................... 22
10.2.4 Audit trails .......................................................................................................................................................................... 23
10.3 Analogue audio/video objects on tape media .......................................................................................................... 24
10.3.1 General................................................................................................................................................................................... 24
10.3.2 Preparation o f original tape media ............................................................................................................... 24
10.3.3 Original audio and audiovisual object digitization ......................................................................... 24
10.3.4 Audio and audiovisual information processing ................................................................................. 25
10.3.5 Events log ............................................................................................................................................................................ 25
10.4 Image, audio and video information compression techniques .................................................................. 26
10.4.1 Compression types ...................................................................................................................................................... 26
10.4.2 Paper or micro form documents ....................................................................................................................... 27
10.4.3 Audio or audiovisual recordings objects .................................................................................................. 27
10.5 Format conversion ............................................................................................................................................................................ 27
11 Archival operations ........................................................................................................................................................................................ 28
11.1 Scope ............................................................................................................................................................................................................. 28
11.2 Access ........................................................................................................................................................................................................... 28
11.2.1 General................................................................................................................................................................................... 28
11.2.2 Digitized documents .................................................................................................................................................. 29
11.2.3 Marked-up electronic documents .................................................................................................................. 29
11.2.4 Electronic documents using lay-out format .......................................................................................... 29
11.3 Restitution ............................................................................................................................................................................................... 29
11.4 Archives disposal ............................................................................................................................................................................... 29
12 Information system assessment........................................................................................................................................................ 30
12.1 General ........................................................................................................................................................................................................ 30
12.1.1 Audits ...................................................................................................................................................................................... 30
12.1.2 Objectives ............................................................................................................................................................................ 30
12.1.3 Auditor responsibilities .......................................................................................................................................... 30
12.1.4 Personnel responsible for assessment ...................................................................................................... 30
12.1.5 Verification o f documentation........................................................................................................................... 31
12.1.6 Assessment operations documents .............................................................................................................. 31
12.2 Internal assessment......................................................................................................................................................................... 31
12.3 External assessment........................................................................................................................................................................ 31
13 Trusted third-party archival ................................................................................................................................................................. 31
13.1 Activities o f trusted third-party archive service provider.............................................................................. 31
13.2 Service contract model.................................................................................................................................................................. 32
13.2.1 Service contract ............................................................................................................................................................. 32
13.2.2 Service contract duration ...................................................................................................................................... 33
13.2.3 Preservation period.................................................................................................................................................... 33
13.2.4 Quality o f service .......................................................................................................................................................... 33
13.2.5 Security and data protection .............................................................................................................................. 33
13.2.6 Information and counsel ........................................................................................................................................ 33
13.2.7 Trans fer and continuity .......................................................................................................................................... 34
13.2.8 Trans ferability................................................................................................................................................................. 34
13.2.9 Restitution .......................................................................................................................................................................... 34
13.2.10 Confidentiality and private data ...................................................................................................................... 34
13.2.11 Pro fessional insurance ............................................................................................................................................. 35
iv © ISO 2018 – All rights reserved
ISO 14641:2018(E)
1 3 .2 .1 2 ................................................................................................................................................................ 35
S ub co ntracting
13.2.13 Assessment ........................................................................................................................................................................ 35

14 Service providers .............................................................................................................................................................................................. 35
1 4. 1 ........................................................................................................................................................................................................ 35
General
1 4. 2 S ub co ntracto r agreement ........................................................................................................................................................... 35

1 4. 3 C o ntract with s ub co ntracto r .................................................................................................................................................... 35
1 4. 4 f
D ata trans er over teleco mmunicatio ns netwo rks ............................................................................................... 36
Annex A f (in o rmative) Archival policy............................................................................................................................................................. 37
Annex B f (in o rmative) Declaration of archival practices ............................................................................................................. 38
Annex C f (in o rmative) General service conditions ............................................................................................................................. 39
Bibliography ............................................................................................................................................................................................................................. 40
© ISO 2018 – All rights reserved v

ISO 14641:2018(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation o f national standards
bodies (ISO member bodies). The work o f preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters o f
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the di fferent approval criteria needed for the
di fferent types o f ISO documents should be noted. This document was dra fted in accordance with the
editorial rules o f the ISO/IEC Directives, Part 2 (see www.iso .org/directives).
Attention is drawn to the possibility that some o f the elements o f this document may be the subject o f
patent rights. ISO shall not be held responsible for identi fying any or all such patent rights. Details o f
any patent rights identified during the development o f the document will be in the Introduction and/or
on the ISO list o f patent declarations received (see www.iso .org/patents).
Any trade name used in this document is in formation given for the convenience o f users and does not
constitute an endorsement.
For an explanation on the voluntary nature o f standards, the meaning o f ISO specific terms and
expressions related to con formity assessment, as well as in formation about ISO’s adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following
URL: www.iso .org/iso/foreword .html.
This document was prepared by Technical Committee ISO/TC 171, Document management applications,
Subcommittee SC 1, Quality, preservation and integrity of information .
This first edition cancels and replaces ISO 14641-1:2012, which has been technically revised.
vi © ISO 2018 – All rights reserved

ISO 14641:2018(E)
Introduction
Electronic documents are an essential part o f everyday business, whether the sources are incoming
communications or output from organizations. It is important that electronic documents be stored
appropriately, either fully or in part, in secure in formation systems designed for operations and
archiving, in order to meet business, legal or regulatory requirements.
The objectives o f secure in formation systems are to resolve organizational issues such as:
a) optimization o f long-term electronic document preservation, archiving and integrity;
b) provision o f in formation search facilities;
c) ensuring ease o f access and use o f electronic documents.
This document is intended to provide a re ference framework for organizations. It describes the methods
and techniques to be used for the implementation o f an electronic in formation system for managing
documents within an archive. In conjunction with related archival policies o f organizations, it describes
criteria for system design and specifications for operational processes.
These specifications are intended to ensure that all documents to be managed by the in formation system
are captured, stored, retrieved and accessed in a way that guarantees that the archived document is an
authentic rendition o f the original document for the duration o f preservation. An authentic rendition
means that the rendered document corresponds to the source document as it was at the time o f input in
the in formation system in respect o f criteria o f fidelity and integrity, and that this state is maintained
for the duration o f preservation.
This document takes into account the use o f three possible archiving media: physical WORM, logical
WORM and rewritable media. Archival integrity is ensured on physical and logical WORM media by the
inherent properties o f WORM solutions. On rewritable media, integrity is ensured using encryption-like
techniques, in particular with checksum calculation or hash function, date and time stamp or digital
signature. In all cases, it is necessary to comply with related procedures.
Depending on the types o f documents to be archived, other specialized standards can be relevant and
used to complement the recommendations in this document.
This document provides a specific and complementary definition o f issues addressed in other standards
or specifications concerning the management o f electronic in formation. Its content is intended to
address execution issues raised in several other documents. These include ISO/TR 15801, ISO 15489-1
and MoReq2 [15] , which detail specifications for organizing and controlling the li fecycle o f archived
in formation for purposes o f evidence and operational history, and ISO 14721, which describes the
characteristics o f an open system for the preservation o f digital data.
Annexes A, B and C are complementary.
© ISO 2018 – All rights reserved vii

INTERNATIONAL STANDARD ISO 14641:2018(E)
Electronic document management — Design and operation

of an information system for the preservation of electronic
documents — Specifications
1 Scope
T h i s do c u ment s p e c i fie s a s e t o f te ch nic a l s p e ci fic ation s and orga n i z ationa l p ol ic ie s to b e i mplemente d
for the c ap tu re, s torage and acce s s o f ele c tron ic do c u ments . This en s u re s legibi l ity, i ntegrity and
trace abi l ity o f the do c u ments for the du ration o f thei r pre s er vation .
T h i s do c ument i s appl ic able to ele c tron ic do c u ments res u lti ng from:
— the s c an n i ng o f origi na l p ap er or m ic ro form do c u ments;
— the convers ion o f a na lo gue aud io or vide o content;
— the “native” cre ation b y an i n formation s ys tem appl ic ation;
— o ther s ou rce s th at cre ate d igita l content s uch as two - or th re e - d i men s iona l map s , d rawi ngs or
de s ign s , d igita l aud io/vide o and d igita l me d ic a l i mages .
T h i s do c u ment i s no t appl icable to i n formation s ys tem s i n wh ich u s ers h ave the abi l ity to s ub s titute or
a lter do c u ments a fter c ap ture .
This document is intended for the following users.

a) O rgan i z ation s i mplementi ng i n formation s ys tem s i n wh ich:
1) ele c tron ic do c u ments cre ate d from s c an cap ture s a re kep t i n a n envi ron ment that en s ure s
fidel ity with regard to the origi na l and long-term pre s er vation;
2) d igita l ly b orn do c uments are kep t i n a n envi ron ment that en s u re s the content i ntegrity o f the
i n formation a nd do c ument le gibi l ity;
3) trace abi l ity i s en s u re d for a l l op eration s relati ng to the ele c tron ic do c uments .
b) O rgan i z ation s provid i ng i n formation te ch nolo g y s er vice s and s o ftwa re publ i shers s e eki ng to
develop i n formation s ys tem s that en s u re the fidel ity and i nte grity o f ele c tron ic do c u ments .
c) O rgan i z ation s provid i ng th i rd-p ar ty do c u ment arch ivi ng s er vice s .
2 Normative references
T he fol lowi ng do c uments a re re ferre d to i n the te xt i n s uch a way that s ome or a l l o f thei r content
con s titute s re qu i rements o f th i s do c u ment. For date d re ference s , on ly the e d ition cite d appl ie s . For
u ndate d re ference s , the late s t e d ition o f the re ference d do c ument (i nclud i ng a ny amend ments) appl ie s .
I S O 2 8 5 9 (a l l p ar ts) , Sampling procedures for inspection by attributes
I S O 8 6 01 , Data elements and interchange formats — Information interchange — Representation of dates

and times
Document management — Electronic imaging — Guidance for the selection of document

I S O/ T R 1 2 0 3 3 ,
image compression methods
© ISO 2018 – All rights reserved 1

ISO 14641:2018(E)
ISO 12653-1, Electron ic im agin g — Test target for th e black-an d-white scann in g o f o ffice docum ents —
Part 1: Characteristics
ISO 12653-2, Electron ic im agin g — Test target for th e black-an d-white scannin g o f o ffice docum ents —
Part 2: Method of use
3 Terms and definitions

For the purposes o f this document, the terms and definitions given in ISO 12653-1, ISO 12653-2 and the
following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— IEC Electropedia: available at http: //www.electropedia .org/
— ISO Online browsing platform: available at https: //www.iso .org/obp
3.1
access
processes o f retrieving and displaying (playing) electronic documents for operational, evidential or
historical purposes
3.2
archive
set o f documents produced or received, whatever their date, format or storage media, by any individual,
organization, public or private service, in the course o f their activity
3.3
archival policy
legal, functional, operational, technical and security requirements o f an internal or external
in formation system
Note 1 to entry: Annexes A and B give principles o f an archival policy and o f a declaration o f archival practices.
3.4
archive lifecycle log
log which records audit trail (3.9) data related to the document li fecycle archiving process
3.5
archive restitution
return and trans fer o f archived documents to their originator, or to a duly appointed person or
organization
3.6
archival system profile
set o f properties that applies to a class o f archives (3.2 ) that share common characteristics in terms o f
confidentiality, retention and disposal schedules, and access (3.1) rights (e.g. create, read, modi fy, delete)
3.7
ACU
attestation creation unit
hardware and/or so ftware devices for the delivery o f electronic attestations (3.23)
Note 1 to entry: Attestations include a unit identifier and the related archival service identifier.
3.8
audiovisual
communication techniques combining sound and image
2 © ISO 2018 – All rights reserved

ISO 14641:2018(E)
3.9
audit trail
aggregate o f the in formation necessary to provide a historical record o f all significant events associated
with stored in formation and the in formation system
3.10
data
digital form o f in formation which can be accessed, read and/or processed
3.11
date and time stamp
sequence o f characters denoting the date and/or time at which a certain event occurred
3.12
deposit
set o f documents sharing the same archival system profile (3.6)
3.13
digital archival
set o f actions aiming to identi fy, capture, classi fy, preserve, retrieve, display and provide access (3.1)
to documents for in formational or historical purposes, or for the duration required to meet legal
obligations
3.14
digital document
digital representation o f content that is stored and managed electronically
Note 1 to entry: Association o f content, logical structure and display attributes, retrievable by a device capable o f
rendering a human-readable (or machine-readable) object. A document can be digitally born (creation) at source
or converted from an analogue document.
3.15
digital fingerprint
bit sequence generated from a digital document (3.14) using an algorithm that uniquely identifies the
original document
Note 1 to entry: Any digital document modification will produce a di fferent fingerprint.
3.16
digital seal
method for ensuring the integrity (3.27) of a document including hash functions (3.26), digital signatures
(3.17) and, optionally, a date and time stamp (3.11)
3.17
digital signature
data which, when appended to a digital document (3.14), enable the user o f the document to authenticate
its origin and integrity (3.27 )
3.18
digitization
conversion o f an analogue document (paper, micro form, film, analogue audio or audiovisual (3.8 ) tapes)
to digital format for the purpose o f preservation or processing
3.19
digitized document
result of digitization (3.18) of in formation initially stored on physical media (paper, microform, and
film, analogue audio or audiovisual (3.8 ) tapes)

ISO 14641:2018(E)
3.20
document fidelity
prop er ty o f an arch ive d do c u ment wh ich renders a l l the i n formation conta i ne d i n the origi na l s ou rce
document
N o te 1 to e ntr y: This no tio n is ap p l ic ab le to a ny ch a n ge of fo r m , i nclud i n g digitization (3.18) or format
conversion (3.25).
3.21
durability
attribute o f a do c u ment wh ich rema i n s re adable du ri ng its enti re l i fe c ycle
3.22
electronic information system
s ys tem des igne d to re ceive, pre s er ve, access (3.1 ) and tran s fer archives (3.2 ) i n an ele c tron ic form
3.23
electronic attestation
i n formation pro duce d to provide evidence th at an ac tion or an ele c tron ic tran s ac tion ha s o cc urre d
3.24
events log
log which records audit trail ( ) data (3.10 3 .9 ) relate d to the s ys tem op eration s
3.25
format conversion
op eration conver ti ng a digital document (3.14 ) to a d i fferent ele c tron ic format
N o te 1 to entr y: T h i s op eratio n p re s er ve s the fidel ity o f the do c u ment.
3.26
hash function
mathematic a l a lgorith m u s e d for turn i ng s ome ki nd s o f data (3.10 ) i nto a relatively s ma l l i nteger
3.27
integrity
attribute o f a do c u ment who s e content i s comple te a nd una ltere d
3.28
legibility
attribute o f an arch ive d do c ument wh ich a l lows access (3.1 ) to a l l the i n formation it contai n s
N o te 1 to entr y: T h i s co u ld b e fac i l itate d b y cer ta i n metadata (3.31 ) a s s o c iate d with the do c u ment.
3.29
lossy compression
compre s s ion a lgorith m wh ich lo s e s s ome o f the origi na l i n formation du ri ng compre s s ion
N o te 1 to entr y: T he re s u lti ng de co mp re s s e d ob j e c t i s on l y a n ap proxi m ation o f the or igi n a l .
3.30
media migration
ac t o f tran s ferri ng a do c u ment from one me d ium to ano ther, p ar tic u larly with regard to managi ng
me d i a ob s ole s cence
3.31
metadata
data (3.10 ) des cribi ng the context, content and s truc ture o f a do cument and thei r management over ti me

ISO 14641:2018(E)
3.32
replication
process which consists o f copying in formation between redundant resources, notably so ftware or
hardware components, to improve reliability, fault-tolerance or accessibility
3.33
time source
internal or external component o f an in formation system providing a reliable and objective time
re ference suited to requirements
3.34
time-stamp token
data (3.10) object that binds a representation of data to a particular time (expressed in UTC), thereby
providing evidence that the data existed at that time
3.35
transferability
ability to recover an authentic digital archive (3.13 ) (in formation, data (3.10), objects and all related
metadata (3.31) from one in formation system) in order to trans fer it to another in formation system by
means o f a procedure specified in advance
Note 1 to entry: This issue is o f particular importance when in formation is stored by a third-party archive
service provider.
3.36
trusted third-party archive service provider
third-party individual or organization in charge o f archives (3.2 ) preservation
4 General characteristics and levels of requirements
4.1 Characteristics
In order that an organization might apply a recognized specifications framework for the storage, use,
archiving, retrieval and display o f electronic documents, both technical and organizational measures
need to be taken to ensure document integrity and long-term preservation.
In this context, an electronic in formation system shall implement a pre-defined archival policy; a
description o f the general principles o f such a policy is described in Annex A .
It is important to recognize that in formation systems will capture electronic documents that are being
submitted for long-term storage and use. The term “capture” in this sense reflects the receipt and
processing o f in formation to be managed by the in formation system. Where hardcopy documents need
to be stored and managed in electronic form, these documents shall be scanned and indexed prior to
their capture in the in formation system.
This document is applicable only to unalterable captured documents. Related document re ference data
in the file system or database shall not be erasable, changeable or able to be replaced by new data.
Procedures and security requirements shall be implemented in order to:
a) control the process o f archiving;
b) prevent and/or detect modifications made to documents or to the data necessary for their retrieval
and display;
c) ensure the integrity o f audit trail data (including the log o f the system events).
An electronic in formation system shall feature characteristics o f:
— suitability for long-term preservation;

ISO 14641:2018(E)
— integrity;
— security;
— traceability.
This document outlines:
— specifications for procedures relative to the processing, preservation, access and restitution o f
scanned or digitally born in formation, and requirements for the security o f the in formation system;
— procedures relative to the digitization o f analogue documents;
— procedures relative to the capture o f documents, their preservation, access and restitution;
— procedures relative to the potential disposal o f documents;
— rules relative to applicable procedures concerning operators;
— description o f the resulting attestations o f these operations;
— specifications concerning materials, equipment and so ftware implementations;
— conditions o f system audits and related procedures;
— characteristics applicable to the use o f trusted third parties;
— characteristics applicable to the use o f subcontractors.
The technical description manual, attestations produced and logs detailing the li fecycle o f archives or
system events shall be kept in the same conditions as the archives themselves.
4.2 Levels of requirements

Di fferent organizations might have distinct and individual approaches to risks and requirements for
in formation systems used for the preservation o f electronic documents.
Table 1 outlines degrees o f levels o f these requirements. It summarizes general characteristics and
practical methods for implementation at the level o f requirement pre ferred by the organization, with
regard to the nature o f documents to be preserved and potential risks incurred.
Additional requirements may be selected based on specific needs and acceptable levels o f risk.
The con formity o f an in formation system with this document shall be evaluated in relation to the level
o f requirements selected by the organization.

ISO 14641:2018(E)
Table 1 — Requirements of information systems

Characteristic Minimal requirements Additional requirements
Use o f standardized or industry-standard Format conversion
and publicly available file formats Document scanning
Metadata description o f document Standard metadata format
Suitability for Migration o f media
long-term Format conversion Control and conversion o f formats at time o f
preservation capture
Format obsolescence alert
Planned and traceable format conversion
System change management
Guaranteed by storage on media:
— physical WORM
— logical WORM on fixed media with:
— events log
— techniques and procedures for Strong security level
detection and prevention o f Advanced security level
substitutions of input
— logical WORM on removable media
Integrity (see rewritable/erasable media)
— rewritable/erasable media (normal
security level)
Capture process o f archives
Alerts prior to destruction o f archives
Description of the process of destruction Definition o f change procedures for
o f archives preservation periods
Post-destruction preservation o f metadata
and audit trail
Identification o f persons and processes Strong authentication
accessing archives
Backup copies o f archives Use o f di fferent types and forms o f media
Security Protection from risks o f flood, fire, etc.
Controlled archiving operations Strong authentication
(identification and traceability) Retrieval in formats other than input formats
Continuity o f access to archives
Date and time stamp Date and time stamp from trusted third party
Maintenance o f a technical file (archival Adjustment to the organizational processes o f
policy, general conditions o f services, oper- the customer and related attestations
ations procedures, li fecycle o f document)
Maintenance o f an audit trail o f archives Digital signature and date and time stamp o f
Traceability li fecycle and events log attestations o f operations and events, in units
or batches
Definition o f the granularity o f the batches o f
events to which a digital signature applies
Frequency o f archiving o f audit trails and logs

ISO 14641:2018(E)
5 General specifications
5.1 General
The design and operation o f the in formation system shall allow implementation o f procedures
guaranteeing the requirements selected from 4.2.
5.2 Technical description manual

A technical description manual o f the in formation system shall be created and retained. It shall contain
at least:
a) a list o f hardware components o f the in formation system with all serial numbers a ffixed by
manu facturers, the key features o f these components, date(s) o f production, con formity to related
sa fety standards;
b) for a network system, its typology and topography, as well as a description o f the connections and
security equipment;
c) a data architecture model o f in formation objects and their relationships, with regard to their use in
support o f the general objectives o f the in formation system;
d) a list o f so ftware products and related documentation, identification o f installed versions and dates
o f installation o f these versions;
e) a list o f customized so ftware applications with their design/architecture file, their source code or
proo f o f their deposit in custody;
f ) a description o f the interactions between the diverse components o f the in formation system;
g) a description o f the physical environment (temperatures, minimum and maximum humidity, etc.)
in relation to specifications provided by the equipment manu facturers for proper functionality and
preservation o f in formation media;
h) a description o f the technical and physical environment for the satis factory functioning o f the
in formation systems (e.g. type o f power supply, generator, system o f fire detection, redundancy
implementation);
i) a description o f the physical protection measures for sa fety and security (guarding, remote
detection, sa fes, locks, electromagnetic protection, etc.);
j) a description o f the maintenance requirements for the in formation system.
5.3 Archival system profiles

An archival system profile is a set o f rules applicable to documents sharing the same criteria o f
confidentiality, duration o f preservation, destruction and access rights for capture, retrieval or
disposal. These rules also speci fy the metadata which need to be associated with documents managed
in the profile.
An archival system profile shall speci fy in particular the rights o f persons and/or applications
authorized to:
a) modi fy an archival system profile;
b) make a deposit;
c) access (view or play) a deposit;
d) prolong or decrease the duration o f a deposit;

ISO 14641:2018(E)
e) delete or dispose o f a deposit, either prematurely or as planned.

Any creation, modification or deletion o f an archival system profile shall be archived in an archives
li fecycle log held under the responsibility o f the archiving service o f the organization, or by a trusted
third party.
An archival system profile can be defined for individual electronic documents. However, for bulk
archiving, this could be extremely time-consuming. Consequently, in this case it is pre ferable to use a
set o f predefined rules grouped together in a more general archival system profile.
5.4 Operational procedures
5.4.1 General
The organization shall set up procedures for the capture, storage, access and restitution o f documents.
These procedures shall be detailed in the technical description manual and shall include at least the
following in formation:
— techniques and procedures used for search and printing;

— techniques and procedures for production o f all types o f attestation;
— techniques and procedures for storage and preservation o f media and o f storage in frastructures;
— file formats used;
— techniques and procedures for duplication and replication o f documents and backups;
— techniques and procedures used for digital encryption and data integrity.
5.4.2 Scanned documents

In addition to the procedures defined in 5.4.1 , where document scanning is undertaken, the following
procedures shall be included in the technical description manual:
— techniques and procedures used for digitization (a description o f the document to be scanned and
o f any particular distinctive features, preliminary operations needed, such as selection o f output
formats, imaging resolution, compression technique, i f used, reconditioning o f the document a fter
digitization, i f applicable, etc.);
— techniques and procedures used for indexing (location o f the document, identification re ferences on
the document, on equipment or on accompanying vouchers, identification re ferences o f electronic
messages);
— techniques and procedures for related metadata and any related enrichment o f related metadata;
— techniques and procedures used for quality control (use o f test targets for digitization, page count
o f scanned batches, electronic messages filter control, code controls, i f any, with regard to re ference
tables, etc.);
— techniques and procedures used for the destruction o f the source document, i f applicable.
5.4.3 Digitally born documents
In addition to the procedures defined in 5.4.1 , where digitally born documents are involved, the
following procedures shall be included in the technical description manual:
— techniques or procedures used for trans fer, receipt and control o f documents to be archived;
— techniques and procedures for related metadata and any possible enrichment o f related metadata;

ISO 14641:2018(E)
— techniques and procedures concerning conversion o f digital document formats during capture to
the in formation system, or later i f formats become obsolete.
5.5 Security
5.5.1 Management and organization of security

All organizations shall have a management procedure in place to ensure the security o f their
in formation system.
For security requirements, re ference should be made to ISO/IEC 27001 and associated standards.
The management system for security shall be distinct and separate from the administration o f
in formation system operations or telecommunications systems. Its structure and governance shall be
clearly defined and communicated to all personnel o f the organization.
The administration and organization o f security o f the in formation system shall apply principles
inherited from a general strategy or policy o f the organization and rules already in place, notably:
— management o f the keys o f premises;
— security systems for detection, intrusion and alarms;
— compliance o f hardware with regulations concerning human sa fety (see IEC 61000-4);
— operation o f so ftware products, the sources o f which are known and available;
— development o f adequately documented and tested custom so ftware;
— management o f access profiles to the in formation system (directory);
— use o f transmission networks with features for integrity checks, sa fety and security operators;
— employment o f third-party providers (security, guarding, cleaning, maintenance).
5.5.2 Risk assessment

Security measures are o ften developed using an ad hoc approach, in reaction to security incidents or
the availability o f computer so ftware tools. Such procedures frequently leave gaps in security, which
are only filled at some later date. A more structured approach is to review the in formation assets o f
the organization, and assign risk factors (based on asset value, system vulnerability and likelihood o f
attack). An in formation security policy can then be produced and approved, against which security
measures can be audited.
The organization shall undertake an in formation security risk analysis, and document the results
obtained.
O f particular importance are the security measures implemented to control the in formation storage
media, both the live media and the backup media. The risk analysis shall include vulnerability risk
factors consistent with the type o f media being used (e.g. WORM or rewritable).
Where di fferent types o f storage media are used, their impact on the risk analysis results shall be
reviewed.
Once the risk analysis has been completed, it shall be acted upon as part o f a review o f implemented
security measures. Factors such as the balance between the costs o f implementation, security achieved
and risk evaluation shall be taken into consideration during the review process.
Based on the results o f the risk analysis, existing security measures shall be reviewed for e ffectiveness.
Where the review indicates that changes to security procedures are appropriate, the identified changes
shall be implemented.
ISO 14641:2018(E)
5.5.3 Physical security

Measures shall be taken for physical security, including the prevention o f unauthorized access to
hardware, to telecommunication systems, to media holding in formation and to in formation ensuring
their retrieval and display, audit trails, logs and backups.
I f continuity o f access is needed, it is advisable to use several secure premises to minimize risk, using
di fferent sites for media and/or systems containing backups (copies) o f in formation and mechanisms
for their operation.
Removable media shall be continuously monitored during their handling and/or trans fer from one
protected location to another. It shall be possible to identi fy all holders o f all media at any point in time.
When removable media are not actually in use, it shall be stored in specific protected locations.
I f the destruction o f physical documents is envisaged, specific procedures for the security o f these
operations shall be implemented, both for original analogue paper-based documents and for digitally
born documents.
I f media containing documents need to be disposed o f, appropriate measures shall be taken to make it
impossible for reconstruction o f in formation initially held on the media.
5.5.4 Hardware security
Security measures covering hardware and so ftware contribute, either separately or jointly, to the
security o f in formation systems by allowing for:
a) identification o f hardware configurations, including peripherals;
b) controls guaranteeing the absence o f malicious or accidental modifications o f hardware
configurations;
c) controls guaranteeing that only authorized users can access the hardware.
Accordingly, security issues shall be taken into account when choosing equipment and during their
installation and implementation.
To limit the risks of illegal interceptions of in formation by third parties due to the transmissions of
involuntary electromagnetic radiations, it is advisable to test the hardware for con formity to IEC 61000-4.
5.5.5 Security of custom software and software products

Custom so ftware and so ftware products are integral to system configuration; accordingly, they shall be
subjected to the same sa fety conditions as the hardware.
The operating systems and so ftware products that are chosen shall provide:
— access control tools for enhanced protection;
— protection against intrusion and malicious so ftware;
— controls ensuring the absence o f accidental or malicious changes to so ftware configurations.
The security o f so ftware shall be ensured using:
— access controls guaranteeing that only authorized users can use the so ftware and the in formation
which they are entitled to access;
— detection and monitoring systems so that any unauthorized access attempts are discovered and
reported.

ISO 14641:2018(E)
It is advisable to use so ftware which is in the public domain or, where possible, to obtain sources from
the supplier.
Rigorous methods shall be used for the development o f so ftware; the selection o f best practices and
checks shall be the responsibility o f the person in charge o f the application.
Be fore being put into service, so ftware and so ftware products shall have been adequately tested
on a machine other than the main production machine, or on a production machine during periods
o f operational down-time, having previously backed up data and indexes and having removed all
appropriate removable in formation system media.
Security o f access and granting o f access rights to the in formation system shall be care fully studied,
designed and implemented from the beginning o f the system design.
The so ftware and so ftware products shall be specially protected, and access rights enabling their
change or modification should be granted only to authorized persons.
In cases o f mal function, a report shall be immediately delivered to the security authority and the
mal functioning part o f the in formation system shall be isolated as quickly as possible.
5.5.6 Maintenance of the information system
In formation describing every maintenance operation shall be recorded in the technical documentation
o f the in formation system. This shall include an identification o f the maintenance operation, either
preventive or curative, entrusted either to the organization, or to specialized third-party providers.
Removable media containing electronic documents and their related metadata shall never be le ft in
drives during maintenance operations.
I f media are not removable, a valid backup copy shall be created be fore any maintenance operation
(see 5.5.8).
All tests shall be made with removable media specifically allocated for this task. I f media are not
removable, it shall not be possible for tests to alter or destroy recorded in formation.
Preventive maintenance shall be per formed to ensure proper functioning o f the in formation system. In
particular, regular checks o f removable disk drives or fixed media shall be made to veri fy that these are
in proper working order according to manu facturer recommendations.
5.5.7 System change-management and migration of media
Periodic upgrade operations and modification or replacement o f hardware or so ftware shall be planned
in advance o f their implementation.
All these operations shall be detailed in the technical description manual o f the in formation system and
registered in logs.
The long-term preservation and integrity o f the documents and their metadata shall be ensured when
implementing periodic upgrade operations.
The following two situations may apply.
a) The new storage media are capable o f being read by the former in formation system; all media shall be
checked for legibility on the new storage media hardware before retiring the former storage media.
b) The new storage media cannot read media used by the former in formation system; all documents
contained on former media shall be copied to the new media on a hardware system which
temporarily uses both types o f storage media.

ISO 14641:2018(E)
5.5.8 Security backups

The in formation system implementation shall keep at least two copies o f the same in formation at all
times, preserved in two geographically remote locations. At least one copy shall be written to non-
alterable media.
The media used for security backups may be o f a di fferent kind and type to the primary media.
When the media are o f a non-removable type, two in formation systems in geographically remote
locations shall be implemented.
When the media are o f a removable type, recording documents on backup media shall be per formed as
promptly as possible to allow for storage in a separate location to the primary location.
Each time a security backup is made, details o f the process and the names and characteristics o f backup
files shall be recorded in the events log.
5.5.9 Continuity of access to archives
As with any in formation system, a disaster recovery procedure (also known as a business continuity
plan) shall be available and documented.
This procedure shall permit system restoration without any loss o f data, metadata, logs or any other
sets o f data (users list, archival system profiles, etc.).
The so ftware and procedures to restore system data shall be described in the technical description
manual.
The implementation o f the in formation system shall ensure that the last validated document cannot be
lost at any point in time.
The in formation system shall automatically create a record o f any restoration processes.
5.6 Date and time stamping

In the framework o f this document, there are two possible types o f date and time stamp, depending
on the mode o f delivery (internal or trusted third party), which shall include at least the following
characteristics:
a) creation o f a time stamp in accordance with applicable standards;
b) preservation o f a date and time-stamp token for required periods;
c) source o f re ference time;
d) verifiable operations policy for date and time stamp.
For related operations the selected form o f date and time stamp shall be described in the technical
description manual.
The formats o f dates and times shall be in accordance with ISO 8601.
The date and time stamp shall produce a complete date with hours, minutes, seconds and fractions o f
seconds displayed according to the following format:

ISO 14641:2018(E)
YYYY-MM -DDThh: mm: ss .sTZD

where
YYYY indicates the year using 4 characters;
MM indicates the month using 2 characters (e.g. 01 = January);
DD indicates the day using 2 characters (01 to 31);
hh indicates the hour using 2 characters (00 to 24);
mm indicates the minutes using 2 characters (00 to 59);
ss indicate the seconds using 2 characters (00 to 59);
s is one or several characters representing a decimal fraction o f a second;
TZD indicates the time zone (Z for UTC or +hh:mm or -hh:mm).
EXAMPLE 2007-08-29T09:36:30.45+02:00.
It is important to select the degree o f precision o f the measure o f time in order to determine what the
highest rate o f occurrence o f events in the in formation system is and then to select a unit o f time small
enough to ensure that two events o f this type will not carry the same date and time.
For date in formation, Coordinated Universal Time (UTC) shall be used.
The technical description manual shall speci fy time sources and update methods and controls, as well
as the synchronization processes o f the various clocks o f the in formation system.
I f a date and time-stamp token is required for an in formation system, it shall be provided by an attestation
creation unit (ACU) or by an independent trusted third party external to the in formation system.
5.7 Audit trail
5.7.1 General
Any event associated with the in formation system or with the li fecycle o f documents shall be recorded.
Event logs shall be automatically produced by the in formation system with a date and time stamp (see
5.6). A full description of the events shall be recorded sequentially in the relevant logs.
All logs shall be described in the technical description manual, with all related administration
in formation. Logs shall be easily accessible and legible.
Logs shall be archived on a regular basis according to the same archival policy as related documents, on
storage media providing the same characteristics o f preservation and integrity.
Event logs shall not be accessible to regular users and operators; administration o f logs shall be
restricted to a duly designated operator.
The production o f event logs entails the production o f electronic attestations. These shall be archived in
the same conditions as related documents.
5.7.2 Secure preservation of the audit trail
Whatever type o f media are used for audit trail preservation, the audit trail shall demonstrate proo f-o f-
continuity o f capture o f events o f the in formation system.
Logs shall be stored and kept in the same secure conditions as documents.

ISO 14641:2018(E)
5.7.3 Archive lifecycle log

A log o f the li fecycle o f archives can be general or specific to each entity.
It shall include electronic attestations, namely:
a) attestation o f initial deposit;
b) attestation o f modification o f the duration (retention schedule) o f a deposit, i f any;
c) attestation o f deletion, either premature or at term o f a deposit, i f applicable;
d) attestation o f restitution o f a deposit, i f applicable;
e) attestation o f any creation, modification or deletion o f an archival system profile.
The log o f the li fecycle o f archives shall be updated at the time when the log o f creation, modification or
deletion o f an archival system profile is generated, or when a new electronic attestation is issued.
Any user accredited in an archival system profile as an authorized operator shall be able to view,
partially or completely, the log o f the li fecycle o f archives.
The archive department o f an organization, or a third party, shall provide user accreditation in an
archival system profile as an operator, including all means necessary to control the integrity and
provenance o f all or part o f the log.
A fter each update, or at any time, the archive department o f an organization, or o f a third party, shall
allow accredited persons to check the integrity o f all or part o f the log.
5.7.4 Events log
The events log shall be unique to an in formation system and shall record who used it (whether a human
user or an automated-system user), when it was used, what was done to the in formation system and the
outcomes. The events log shall track who has accessed the in formation system, whether the personnel
have respected the procedures, or whether any action taken could have been accidental, fraudulent,
malevolent or unauthorized.
The events log shall contain three sections:
a) a section for all events related to the archive application;
b) a section for all events related to security;
c) a section for all events related to the in formation system.
The main function o f the events log is for internal verification. It shall allow review o f all in formation,
error messages and other alerts generated during in formation system operation, such as task failures
or execution.
For in formation systems using physical or logical WORM media, the events log shall record start-up
and shut-down o f each medium. In the event that one medium is copied to another, the events log shall
record this action.
The in formation in the events log shall provide evidence showing that specified procedures have been
followed and shall include at least the following in formation for each significant event:
— date and time o f the operation, in accordance with ISO 8601;

— operation per formed;
— identification o f the technical components used;
— title o f the process involved and its version;

ISO 14641:2018(E)
— identification o f the operator, i f applicable.
6 Storage media considerations
6.1 Media type definition

Table 2 gives definitions o f di fferent media types.
Table 2 — Definitions of media types

Type of media Definition
Removable media Physical media recording in formation which can be removed from the drive.
Technologies can be optical or magnetic, on disk or tape.
Non-removable media Physical media recording in formation which are an integral part o f the drive, and
which cannot be removed from it. Technology is mostly magnetic on disk.
The in formation is written once using a physical non-reversible once-only
Physical WORM modification o f the media. A fter this modification it is not possible to modi fy or
delete the in formation.
Logical WORM The media use rewritable technology, but hardware or so ftware devices prevent
any modification or deletion o f any recorded in formation.
Rewritable On these media, in formation can be recorded, modified or deleted without any
restrictions.
Table 3 shows the clauses o f this document that describe the uses o f di fferent media types in an
in formation system that con forms to this document.
Table 3 — Uses of different media types

Media type
Media disposition
Physical WORM Logical WORM Rewritable
Removable Clause 7 Clauses 7 and 8 Clauses 7 and 9
Non-removable — Clause 8 Clause 9
6.2 Preservation of archival media

Archival media, whether removable or non-removable, shall be kept in an environment compatible with
their physical properties, as described by the manu facturer or in accordance with relevant applicable
standards.
The state o f recorded data shall be controlled regularly. A quality process shall be associated
with controls and the periodic examination o f media. This process is a key factor for ensuring the
preservation o f recorded data on media.
Trans fer o f recorded data to new media shall be done according to the media’s li fe expectancy, as
recommended by the manu facturer, or when a test o f the media produces results showing that the
media characteristics are close to their recommended value limits.
Change o f media shall guarantee the long-term preservation o f the integrity and access o f documents.
7 Systems using removable media
7.1 General
Storage media are not usually directly addressed by an in formation system. In formation is actually
recorded on storage volumes.

ISO 14641:2018(E)
A storage volume can include one or more storage media, and media storage can be part o f one or more
storage volumes. Media storage is a physical reality, while storage volume is a logical virtual notion.
When removable optical media are used, volume and file structures shall adhere to either ISO/
IEC 13490 or ISO/IEC 13346.
7.2 Initialization of removable storage volumes

A history o f the hardware configurations used when recording documents shall be retained, as
technologies are in constant evolution.
Storage volumes shall be mounted, prior to the recording o f the first document, with the following
in formation:
a) unique identification o f the media;
b) mount date and time;
c) name o f the organization.
7.3 Finalization of removable storage volumes

When a volume is full, and a fter the last document has been recorded, it shall be finalized, where
possible. Accordingly, the following in formation shall be registered a fter the last user in formation:
a) the date and time o f finalization;
b) the number o f files stored on the media.
Finalizing a volume shall prevent any further writing to this volume.
7.4 Labelling of physical WORM media

When using physical WORM media, in formation system security depends on the identification o f media
and the existence o f an events log recording any migration o f these media.
As a result, it is necessary to be able to identi fy each physical WORM medium individually and to
speci fy techniques and procedures enabling detection and/or prevention o f any substitution o f media.
The technical description manual shall describe the way this is done.
8 Systems using logical WORM media

As logical WORM media are by definition physically rewritable, in formation systems using both
non-removable and removable logical WORM shall be considered, in the context o f this document, as
in formation systems using rewritable media.
In addition, when using removable logical WORM, the requirements in Clause 7 shall apply.
9 Systems using rewritable media
9.1 General
When an in formation system uses removable or non-removable rewritable media, preservation o f
integrity relies on the rule that once an entry has been made it cannot be modified without this being
detected and registered using cryptographic techniques and the production o f electronic attestations.
Three levels o f security can be re ferenced: standard, strong and advanced. These levels require the use
o f distinct cryptographic techniques: hashing functions, date and time stamps and/or digital signatures.

ISO 14641:2018(E)
When a security level entails the use o f a digital signature, the signatory directs and activates the tool
creating the digital signature. The signatory can be an individual, an organization or a process. Where
the signatory is a process, the digital signature shall be automatically produced at the time o f the
occurrence o f the related operation.
The advanced digital signature shall adhere to the following requirements:
a) it is uniquely linked to the signatory;
b) it is capable o f identi fying the signatory;
c) it is created using means that the signatory can maintain under his sole control;
d) it is linked to the data to which it relates in such a manner that any subsequent change o f the data is
detectable.
NOTE An advanced digital signature corresponds to the definition given by the European Telecommunications
Standardization Institute (ETSI) in the following specifications: ETSI TS 101 733 (CAdES) or ETSI TS 101 903
(XAdES).
For each o f these three levels o f security, an electronic attestation shall be issued and registered in the
audit trail, confirming initial deposit o f documents. It shall include at least the digital fingerprints o f
archived documents and a logical storage address, independent o f storage location. Attestations shall
provide evidence that related operations have been requested by an authorized person and per formed
under the full control o f the in formation system o f the organization or third party.
9.2 Standard security level

At this level any person or process authorized by an archival system profile to per form an operation
shall at least be authenticated using an identifier and password, con forming to the security policy o f the
organization or the third party.
In order to prevent any modification o f an entry in the li fecycle log o f the archives, the log shall be date
and time stamped at least once a day, even i f there was no activity during this day. The continuity o f the
log shall be preserved.
This security level shall be supported by audit trails managed by the in formation system o f an
organization or a third party.
9.3 Strong security level

At this level the following conditions are additional to those o f the standard level (9.2 ).
Each attestation entered in the in formation system log shall be signed electronically by the ACU o f the
in formation system o f the organization or third party.
The in formation system o f the organization or the third party shall state, for each archival policy, the
signature policy or policies defined for attestations electronically signed by the ACU.
9.4 Advanced security level

At this level the following conditions are additional to those o f the strong level (9.3 ).
Any persons authorized to do so by the archival system profile shall sign requests using an advanced
digital signature. Each attestation shall include the signed request, which includes a countersignature
as specified in the strong security level.
The archival service o f the organization or the third party shall speci fy for each archival policy the
signature policy or policies applying to requests electronically signed by persons authorized by the
archival system profile to per form operations.

ISO 14641:2018(E)
10 Archival capture
10.1 Electronically born documents
10.1.1 General
Electronically born documents received by the in formation system shall be preserved using a
standardized or industry-standard file format. Specifications o f formats shall be freely available for the
complete li fetime o f the document. In the archival policy, the re ferenced standard associated with each
distinct type o f related document shall be noted. This also applies to format specifications, in order to
ensure long-term usage and in formation content fidelity.
10.1.2 Procedure for archives capture (deposit)
Two distinct and linked operations are mandatory for capturing archives: capturing archive files to
archival media and updating catalogues with the associated metadata. Capture is only valid i f both
operations are achieved.
Processes for the control and capture o f documents and their associated metadata shall be specified.
Electronic documents shall be captured to the storage media using unique file identifiers.
For each archival deposit, the in formation system shall at least:
a) check that the quality o f the document recorded on the archival media is correct, using any error
detection and correction codes that might be available on the devices used;
b) validate that the new document has been registered in the in formation system catalogue;
c) secure the link between the physical location o f the document and its logical identification.
10.1.3 Marked-up electronic documents

This includes documents made o f textual and/or non-textual components, structured by XML
standardized markup. This type o f document can re fer to a logical model, re ferenced at the beginning
of the document.
Archiving o f this type o f document shall include all constitutive components, i.e. technical description
diagrams, codification tables, linked documents, etc.
10.1.4 Electronic documents using a layout format
This signifies an encoding format for viewing and printing a document. Formats used for archival
purposes shall be standardized or industry-standard, with published specifications freely available for
the complete lifetime of the document.
NOTE Formats described in ISO 19005 (all parts) con form to this requirement.
10.1.5 Other electronic document formats

I f the decision is made to keep an electronic document in its native format, and when this format’s
specification is not publicly available, the preservation o f the document in its native format might call
for the preservation o f related hardware and/or so ftware tools for access to the in formation.
10.1.6 Print streams

This subclause deals with files sent to high-volume printers. Together with data to be printed, such
files may contain re ferences to external files called “resources”. Such “resources” may comprise fonts,

ISO 14641:2018(E)
i mages , overl ays , form s , e tc . T he s e “re s ou rce s ” are ne ce s s ar y for d i s play and rend ition o f the ele c tron ic
document.
T he fi le s repre s enti ng the do c u ment and a l l as s o c iate d re s ou rce s ne e de d for rend ition sha l l b e s tore d
under the s ame cond ition s i n order to pre s er ve the l i n ks b e twe en a l l comp onents .
For th i s typ e o f ele c tron ic do c u ment, a l l re ference d fi le s sh a l l u s e a s tandard i ze d or i ndu s tr y- s ta nda rd
format. T he s e t o f fi le s ma ki ng up the ele c tron ic do c u ment s ha l l a l low the re s titution o f the origi na l
pri nte d do c u ment without tran s formation .
10.1.7 Verification o f electronic documents
C he cks s ha l l b e made for at le as t:
a) quantity and volu me o f dep o s ite d do c uments;
b) con form ity o f a s s o ci ate d me tadata to s p e ci fie d formats;
c) either ab s ence o f co de d data or, a lternatively, legible va lue s , p erm itti ng i nterpre tation o f co de s .
Supplementa r y che cks th at c an veri fy con form ity o f dep o s ite d do c u ments to formats s p e ci fie d i n the
arch iva l p ol ic y sh a l l b e made .
10.1.8 Integrity control of electronic documents transferred from source applications

T he i nte grity o f do c uments , or b atche s o f do c uments , re ceive d from ex terna l pro duc tion appl ic ation s
sha l l b e veri fie d b e fore thei r uplo ad i ng i n the i n formation s ys tem .
Two c a s e s have to b e con s idere d:
— i f the do c u ments or b atch o f do c uments a l re ady contai n a d igita l s e a l, the s e a l sh a l l b e che cke d
when re ceivi ng the tran s fer i nto the i n formation s ys tem;
— i f the do c u ments or b atch o f do c u ments do no t conta i n a ny device a l lowi ng s uch control, then the
i nte gration o f an appropriate me an s s ha l l b e con s idere d .
10.1.9 Metadata capture

Me tadata c a n b e ob tai ne d i n s evera l mutua l ly comp atible ways:
a) automatic e xtrac tion o f me tadata from the do c u ment;
b) automatic e xtrac tion o f me tadata from the i n formation s ys tem wh ich cre ate d the ele c tron ic
do c u ment;
c) me tadata i nput or en rich ment du ri ng c ap ture .
P ro ce du re s to c re ate and control me tadata s ha l l b e de s crib e d i n the te ch n ic a l de s c rip tion m anua l .
When c ap tu ri ng ele c tron ic do c u ments , me tadata s ha l l i nclude the fol lowi ng i n formation ab out the
cre ation or origi n o f the s e do c uments:
— identi fic ation o f the entity origi nati ng the tran s fer o f the do c u ments;
— identi fic ation o f the arch i va l s er vice re ceivi ng the do c uments;
— the date and ti me o f c re ation or arriva l o f the tra n s ferre d arch iva l b atch;
— the convers ion te ch n ique appl ie d to the origi na l do c u ments i f the native format o f the do c uments
does not conform to 10.1.1 ;
— the enco d i ng format o f the do c u ments;

ISO 14641:2018(E)
— the preservation period (retention schedule) and final disposition o f the documents;
— access rights associated with the documents;
— the size o f the archival batch.
10.1.10 Indexing and document searches

Electronic documents shall be classified, identified and indexed using a method that enables the search
for a particular document or a particular set o f documents.
These indexes shall be constructed from the metadata o f the documents. Indexing in formation shall
be preserved by the in formation system either as a simple and autonomous index, re ferring only to the
documents, or as part o f a more complex in formation system (e.g. as part o f a larger database).
The in formation system shall be designed in such a way that inadvertent user actions do not, without
due warning, result in modification or loss o f the indexes or o f the links between the logical address and
the physical address o f the documents.
10.2 Paper-based or microform documents
10.2.1 Scanning devices for documents

Scanning devices for documents initially on paper or micro form shall be fully described, including:
a) physical characteristics o f documents handled by the scanners;
b) capture capacities o f the scanners;
c) optical devices o f the scanners, i f applicable, with their operational and available tuning
mechanisms;
d) tuning mechanisms o f the scanners and their related operation.
10.2.2 Image processing features

To produce quality digital images or to reduce the size o f files, it might be necessary to use so ftware or
hardware devices that enable processing o f these images a fter digitization. The e ffects o f each process
and their limitations shall be specified in the technical description manual.
The most frequent techniques are:
a) image trans formation from colour or grey scale to monochrome;
b) deskew;
c) despeckle/background cleanup;
d) black-border removal;
e) removal o f overlays, logos, watermarks or any other type o f unrelated in formation;
f ) removal o f blank pages.
All these processes shall be implemented with care ful consideration as they have a bearing on the
fidelity o f the electronic image in relation to the source document. In particular, the procedure for
converting a grey-scale or colour image to a monochrome image shall have been tested and validated in
detail prior to its implementation.
Speckle removal can lead to the deletion from an image o f certain items o f in formation, such as a comma
or an accent or a detail in a diagram. It shall there fore be tested be fore implementation. The test results
shall be stored in the technical description manual.
ISO 14641:2018(E)
The so ftware used for removal o f overlays, leaving only the variable content, can be used i f the related
features operating in the in formation system are fully specified in the technical description manual. In
addition, when the retrieval o f a document requires merging the variable content and the overlay, then
the version o f the overlay used shall be identical to the overlay extracted when the page was scanned
and processed.
The technical description manual shall describe the management o f overlay versions and the logical
link between a document’s variable content and the corresponding version o f the overlay.
Overlays are considered as elements o f the document and shall there fore be stored in the same
conditions as other document elements.
When it is mandatory to preserve the in formation as a whole, it is advisable not to use such techniques.
In all other cases, it is necessary to speci fy the reasons for the use o f such techniques in the technical
description manual.
Blank page removal could represent a potential risk o f in formation loss. When this is implemented it is
advisable to check that the technique used is reliable and does not delete pages containing in formation.
The technical description manual shall speci fy the procedures used to ensure the reliability o f this
operation. It is also advisable to implement a process which will count the number o f removed pages
relative to the number o f retained pages.
The use o f test targets (see ISO 12653-1 and ISO 12653-2) allows objective measurement o f the
in formation system and to check the e ffects o f image processing so ftware.
10.2.3 Paper document or microform capture procedure
10.2.3.1 General
When paper-born or micro form document capture has been completed, the operator shall deliver a scan
attestation that at least provides the operator name, scan date, time o f scan start and finish, identifiers
o f the first and last document scanned and the number o f pages scanned.
A fter checking scanned images, an authorization attestation shall be issued by the owner or the
authorized agent o f the owner. I f the attestation applies to a batch o f documents, the number o f images
and documents shall be specified.
10.2.3.2 Preparation of paper documents
The organization shall ensure that the quality o f paper documents it produces is compatible with
the scanning or micrographic capture techniques. Torn or creased documents, whether issued by
the organization or received from external sources, can require reconditioning be fore digitization.
Nonetheless, the text o f the documents shall neither be modified nor corrected in order to improve
legibility, as this could alter the integrity o f the documents in relation to the original documents.
Whenever possible, measures such as those stipulated in ISO 10196 and ISO 12029 shall be implemented
or the processing o f documents intended for digitization.
f
10.2.3.3 Preparation of microform documents

Micro form documents shall, i f necessary, be cleared o f dust be fore digitization. The operator shall
check i f there are any scratches or de fects limiting legibility to the point where document reading or
processing will be rendered impossible.
10.2.3.4 Paper or microform document scanning
The user manual shall speci fy all details relating to document scanning, scanner tuning, image
enhancement processes and the di fferent elements o f the scanning procedure. Any processing

ISO 14641:2018(E)
technique used to enhance in formation shall be approved be forehand with the project originator and
fully described in the scanning system user manual.
The user manual shall cover all topics related to the authorized operations concerning digital image
modifications produced by document scanners.
10.2.3.5 Verification o f scanned in formation
The scanning system user manual shall include a procedure covering verification o f scanning.
Verification checks shall at least apply to:
a) quality and integrity o f images in relation to the source documents;
b) accuracy o f the indexing in formation o f the scanned documents.
I f quality checks can be per formed by operators themselves in order to reduce rejections, it is advisable
that the final quality check be per formed by persons other than the operators.
Sampling procedures for individual physical elements shall be in accordance with ISO 2859 (all parts).
10.2.4 Audit trails
10.2.4.1 Document or batch identification
Document scans (paper or micro form) shall include the following in formation history elements:
a) unique identifier o f the documents in the in formation system;
b) number o f pages o f the documents.
Scan batches (paper-born or micro form) shall include the following in formation history elements:
— batch identifier (this identifier shall be unique to each batch);
— number o f documents/reels o f microfilm/microfiche in this batch;
— number o f scanned pages or, for micro forms, the number o f frames.
10.2.4.2 Document capture process details

The following in formation, i f applicable, shall be recorded in the audit trail:
a) messages received from the scanning device (scan start date and time, batch initialization for
automated systems, end o f scan process, etc.);
b) quantity o f bytes produced by the document scan process be fore and (i f compression is used) a fter
compression.
10.2.4.3 Audit trail data
A historical record o f events shall include at least the following in formation.
For paper-born document digitization:
a) identifier o f the first document or first batch o f documents scanned and stored;
b) identifier o f the last document or batch o f documents scanned and stored;
c) date and time o f arrival and departure o f each operator;
d) identifier o f the first document or batch o f documents scanned and stored by each operator;

ISO 14641:2018(E)
e) identi fier o f the la s t do c u ment or b atch o f do c uments s ca n ne d a nd s tore d b y e ach op erator;
f) to ta l nu mb er o f pro ce s s e d p age s;
g) to ta l numb er o f p age s no t pro ce s s e d , i nclud i ng tho s e i mp o s s ible to s ca n due to the p o or qua l ity o f
the do c ument (e . g. we a k contras t, te a rs or s h re d s) ;
h) to ta l nu mb er o f blan k p age s , i f any.
For m ic ro form d igiti z ation:
— identi fier o f the fi rs t m icro form s c an ne d and s tore d;
— identi fier o f the la s t m icro form s c a n ne d a nd s tore d;
— date a nd ti me o f arriva l a nd dep ar tu re o f e ach op erator;
— identi fier o f the fi rs t m icro form s c an ne d and s tore d b y e ach op erator;
— identi fier o f the la s t m icro form s c a n ne d a nd s tore d b y e ach op erator;
— to ta l nu mb er o f pro ce s s e d m icro form fra me s;
— to ta l nu mb er o f non-pro ce s s e d frame s , i nclud i ng tho s e i mp o s s ible to s c an due to the p o or qua l ity o f
the microforms.
10.3 Analogue audio/video objects on tape media
10.3.1 General
T h i s s ub clau s e relates to i n formation s ys tem s that have device s for enco d i ng (d igiti z ation) origi na l
aud io and aud iovi s ua l re cord i ngs .
10.3.2 Preparation of original tape media

B e fore enco d i ng (d igiti z i ng) magne tic tap e s , thes e tap e s sha l l b e che cke d to eva luate the op erationa l
cond ition s o f the me d iu m and its re cord i ngs .
This check includes:

— the phys ic a l s tate o f rep ai r o f the tap e s;
— re ad p er forma nce s;
— the organ i z ation and qua l ity o f re corde d s e quence s .
10.3.3 Original audio and audiovisual object digitization

T he qua l ity o f the d igita l vers ion o f obj e c ts wi l l b e de term i ne d b y the fe atu re s o f origi na l obj e c t re ader
e qu ipment a nd the d igiti z ation pro ce s s ( prop er tie s o f conver ters and s a mpl i ng/enco d i ng me tho d s) . I n
s ome c as e s , pro ce du re s for cle an i ng and ma i ntenance o f the materia l s ha l l b e conduc te d b e fore re ad i ng
pro ce dure s . Re ad i ng device s s ha l l b e fi ne -tu ne d (e . g. a l ign ment o f tap e re corder re ader he ad s , vide o
re corder tracki ng) .
T he to ol s for the ex trac tion o f i n formation, d igiti z ation and tran s fer cond ition s sha l l b e fu l ly de s crib e d ,
including:
a) phys ic a l s p e c i fic ation s o f s upp or te d me d ia for the d igiti z ation devices;
b) s p e ci fic ation s and s e tti ngs fe atu re s o f the re ad i ng device s (aud io tracks , comp o s ite or comp onent
ana lo gue vide o format) ;

ISO 14641:2018(E)
c) specifications o f the digitization devices.
10.3.4 Audio and audiovisual information processing
10.3.4.1 General
When the preservation o f in formation integrity is mandatory, any kind o f processing that could result
in a modification o f the in formation in relation to the original shall be excluded or limited as far as
possible.
When in formation modification is possible, in order to enhance acoustic or visual quality, processing
so ftware may be used, providing that each function has been tested and validated be fore use. The
functions used by the in formation system shall be fully specified in the technical description manual.
10.3.4.2 Audio objects

For these types o f objects, usual tunings are:
a) tape-speed tuning;
b) spectral balance adjustment;
c) acoustic level adjustment (set or dynamic compression);
d) removal o f temporary de fects;
e) broadband noise reduction;
f ) CODEC (compression/decompression feature) selection for encoded digital objects;
g) sampling frequency treatment.
Any “blank” removal actions shall be care fully considered and validated.
10.3.4.3 Video objects
For these types o f objects, usual tunings are:
a) black-level setting;
b) luminance and colour increase;
c) video signal increase;
d) temporary de fect reduction;
e) de-interlacing.
All these processes shall be implemented with care ful consideration as they will have an impact on the
fidelity o f the digital sound or video sequence in relation to the original.
10.3.5 Events log
10.3.5.1 Object identification
For each object, the following in formation shall be recorded:

a) unique identifier o f the physical object in the in formation system;
b) identification o f entries.

ISO 14641:2018(E)
10.3.5.2 Object batches identification

Logs for scan batches o f objects (paper or micro form) shall contain the following in formation:
a) batch identifier (this identifier shall be unique);
b) number o f objects, reels or cartridges in each batch;
c) number o f tapes and entries digitized.
10.3.5.3 Object capture and storage procedures verification
When these procedures are implemented, the following in formation shall be recorded in the log:
a) devices used for the operations (reading mechanism, converter, etc.) on selected formats and
settings;
b) names o f digital objects, lengths o f associated sequence units;
c) quantity o f bytes produced by the digitization o f objects or batches o f objects be fore and a fter
sequence compression (i f any).
10.3.5.4 Operations log

An operations log shall provide a historical trace o f all operations per formed daily. This log shall include
at least the following in formation for the digitization o f analogue audio/video objects from tape:
— identifier o f the first object or first batch o f objects digitized and stored;
— identifier o f the last object or batch o f objects digitized and stored;
— date and time o f arrival and departure o f each operator;
— identifier o f the first object or batch o f objects digitized and stored by each operator;
— identifier o f the last object or batch o f objects digitized and stored by each operator;
— total number o f tapes or cartridges or items processed;
— total number o f tapes or sequences not processed, including when digitizing was impossible due to
the poor quality o f the object (e.g. track alignment, breaks or stretching, friction);
— total number o f blank tapes and length o f blank sequences, i f any.
10.4 Image, audio and video information compression techniques
10.4.1 Compression types

Files which contain digitized images o f an analogue-born object can be compressed to reduce the disk
space required for storage.
There are two di fferent compression methods: “lossless” or “lossy”.
A lossless compression is per formed when, a fter decompression, the image produced is exactly the
same as the original object, bit by bit.
A lossy compression is per formed when, a fter decompression, the image produced is not exactly the
same as the original. In this case, part o f the in formation o f the original object is lost.

ISO 14641:2018(E)
10.4.2 Paper or microform documents

Lossy compression shall be used only for colour or greyscale photographic type images when
the compression does not lead, a fter a compression/decompression cycle, to a visible removal o f
in formation.
Lossy compression shall not be used for black-and-white documents, o ften re ferred to as o ffice
documents, which mainly contain text and/or line drawings. For this kind o f document, a test target
shall be used (see ISO 12653-1 and ISO 12653-2).
Some compression techniques allow a quality parameter setup. This parameter shall be set so that there
is no apparent loss o f in formation between the original image and the image which has undergone the
compression/storage/decompression cycle.
In formation systems shall provide means o f verification a fter compression o f files which contain images.
The compression type and, i f appropriate, the parameters used for compression, shall be stored as an
integral part o f the file containing the digital image.
Any selection o f a compression technique for the archival solution shall re fer to ISO/TR 12033.
Whatever choice is made, the compression techniques shall be standards based and their specifications
openly accessible. The technical documentation shall re fer to the associated standard.
10.4.3 Audio or audiovisual recordings objects

Generally, audio objects shall not be processed using a lossy compression technique.
For video objects, considering the storage volumes involved and the bandwidth available for
transmission, it is usually necessary to implement lossy compression.
For both audio and audiovisual objects, only ISO/MPEG-standardized formats shall be used. These
standards o ffer choices for compression techniques and format which shall be selected for rendering
in formation according to the quality requirement.
10.5 Format conversion

A table detailing the input formats accepted by the in formation system shall be created.
Encoding formats based on publicly available specifications (standards based, whenever possible)
shall be selected. The selection o f a conversion format shall be made according to the electronic
document type and the characteristics that are to be preserved, or not, a fter conversion. It is important
to determine whether the visual appearance (presentation) o f the documents has to be preserved,
whether there are any links to external documents and whether mathematical formulae or internal
document macros have to be retained.
Selection o f a new format for preservation, and related conversion techniques, shall avoid the accidental
removal o f significant in formation. Conversion characteristics and implementation shall be checked
and recorded in the events log with the following:
a) name o f program(s) used for conversion;
b) name o f program(s) which enabled identification and validation o f the format;
c) event type;
d) conversion date;
e) input file name;
f ) output file name;

ISO 14641:2018(E)
g) display o f the format;

h) outcome o f the operation (i.e. success or failure) and, when failure occurs, record o f resulting
anomalies.
Format conversions may be done at a number o f di fferent stages o f the archival process: when a
document is captured, when the conversion has been planned a fter document archival, or when the
encoding format o f an archived document has become obsolete and could present a problem for access.
The scope o f the processes relating to archived electronic document formats varies depending on
contractual agreements between the archive originator and the archival service, and on the applicable
archiving policy.
At input into the in formation system, the following steps are taken:
— format checks (or not) on archival start (based on the table o f acceptable system-input formats);
— format conversions (or not) at input based on the results o f checks or based on contractual
conditions re ferring to the table o f target archival formats;
A fter input in the in formation system, the following steps are taken:
— alerts to the owner (or not) i f encoding format has become obsolete;
— conversion (or not) by the in formation system when format obsolescence is reported.
The format check shall be made with a tool which allows for exact format identification, description and
validation.
11 Archival operations
11.1 Scope
Operation o f archives means the access, restitution and final disposal o f archives.
11.2 Access
11.2.1 General
Access operations shall be based on search criteria and the subsequent trans fer o f electronic documents
into their archival format.
In addition, access can include:
a) display o f the documents on a screen;
b) print o f a copy on paper or film;
c) playing o f audio in appropriate acoustic conditions relative to the quality o f the documents;
d) playing o f video images in appropriate acoustic conditions relative to the quality o f the document.
Methods used to retrieve and display documents shall be specified in the technical description manual.
Processing o f document content shall not be allowed for the operation o f retrieval and display, with
the exception o f decompression, format interpretation and ensuing technical processing, as well as any
necessary adjustments to the physical or so ftware characteristics o f the retrieval and display devices.
I f required, an attestation o f con formity o f the trans ferred copy shall be produced. This attestation shall
include, in addition to the name o f the person who issued the request and the name o f the person who

ISO 14641:2018(E)
delivered the attestation, the metadata allowing for the identification o f the document and providing an
audit trail o f the document li fecycle in the in formation system.
11.2.2 Digitized documents

Viewing and reading applications shall be independent from the tools that were used to create archived
documents. There fore, an electronic document should be captured in a so ftware and hardware
environment di fferent to the environment used for viewing or reading.
I f the digital conversion process for a paper-born or micro form source document uses so ftware that
deletes overlays, or any other fixed elements, the principle o f document fidelity in retrieval and display
requires that the restored document aggregates fixed content with variable content. The in formation
system shall guarantee that the versions o f the overlay or fixed elements used are the same as those
captured during digitization.
11.2.3 Marked-up electronic documents
When specific coding tables are used, they shall be available and accessible during access.
Access to these documents shall be per formed using the relevant layout instructions.
11.2.4 Electronic documents using lay-out format

Access processes shall be limited to the assembly o f di fferent document components, according to the
prescribed display rules and the intended display media, without any action on or processing o f the
content.
11.3 Restitution
Archives restitution, whether total or partial, means the trans fer o f archived documents to their
originator or to a duly appointed third party.
Restitution shall be accompanied by the destruction (disposal) o f the documents in the in formation
system.
The restitution procedure and the technical details o f trans fer (restitution format and selected media)
shall be specified in the technical description manual.
11.4 Archives disposal

The preservation period o f archived documents (retention schedule) shall be managed in the in formation
system either by use o f a record o f the preservation period in the metadata for each archived document,
or by re ferencing each archived document in relation to a preservation-period table. The in formation
system shall allow modification o f the preservation period for a specific document.
Under the supervision o f an authorized agent, and in accordance with the existing procedures, at
the end o f the preservation period the archives shall be deleted. This operation shall make removed
documents definitively and totally inaccessible.
NOTE For additional in formation re fer to ISO 15489-1 or MoReq2 [15] specifications.
When a removable storage medium is destroyed, the process shall ensure the total inaccessibility o f
in formation recorded on the medium.
Any retention o f metadata and logs or audit trails related to deleted archives shall be specified in the
contractual agreement or in the archival policy.

ISO 14641:2018(E)
12 Information system assessment
12.1 General
12.1.1 Audits
The in formation system and all the related procedures shall be regularly audited, especially when
major changes are made to the in formation system. These audits can be per formed either by internal
personnel o f the organization responsible for the implementation o f the in formation system (internal
assessment) and/or by personnel provided by a third-party enterprise (external assessment).
The results o f these audits shall be retained.
12.1.2 Objectives
Audits shall veri fy that the in formation system and procedures are in accordance with this document.
This compliance control shall cover system design, implementation, use and all operational procedures.
Moreover, the audits shall be able to measure the e fficiency o f the implemented in formation system and
its ability to address the objectives and requirements o f the related field o f activity.
Finally, audits shall provide all in formation use ful for appropriate improvement o f in formation system
compliance.
12.1.3 Auditor responsibilities
Auditors shall at a minimum:
a) ormulate and clari fy the requirements;
f
b) prepare and carry out the audit operations with which they have been tasked;
c) record the results;
d) report the conclusions o f the audits.
Auditors shall be impartial and free from any influences that could a ffect objectivity.
12.1.4 Personnel responsible for assessment
The qualifications, training and experience o f each auditor (active or assisting) shall be controlled and
monitored by the organization responsible for them.
More specifically, auditors shall be experienced, with several years o f pro fessional practice in the field
o f document management, electronic archival or records management. A significant proportion o f
this experience shall have been in the design o f and consulting for the implementation o f in formation
systems.
Internal or external auditors shall have the following skills necessary to conduct the audit process:
a) techniques to measure, interrogate, assess and write reports;
b) techniques to run various audit processes such as planning, method, organization, communication
and management.
Their skills shall be appropriate to cover all types o f documents contained in the in formation system,
including specific technical documents such as audio and video.

ISO 14641:2018(E)
12.1.5 Verification o f documentation
The organization shall maintain an in formation system which ensures that all documentation related
to audits can be verified and which ensures that:
a) up-to-date versions o f requisite documentation are available in appropriate quantities at all points
where operations are made to the in formation system;
b) all changes or amendments to documentation are properly authorized and processed in such a way
that ensures rapid and direct action o f the personnel involved;
c) outdated documentation is promptly withdrawn and destroyed from all points o f distribution and
use in the organization (exceptionally, outdated documentation which needs to be preserved for
legal or historical purposes shall be appropriately identified and preserved).
12.1.6 Assessment operations documents
The organization shall record all results o f assessment operations. Documents shall describe the
processes applying to each assessment operation.
All documents shall be securely preserved for an appropriate period.
12.2 Internal assessment

When an assessment is made by personnel under an organization’s authority, the organization shall
produce and be able to provide a description o f the organization, clearly showing the distribution
o f responsibilities and hierarchical structure o f the organization, in particular demonstrating the
independence o f auditing roles and operational roles.
12.3 External assessment

Third-party organizations providing in formation system audits shall have su fficient and adequate
experience and skills in the design and implementation o f in formation systems for document
preservation.
Personnel carrying out assessment operations shall have appropriate qualifications, training and
experience for the proper auditing o f in formation systems.
Third-party organizations shall take all necessary measures at all levels o f their organization to ensure
the confidentiality o f in formation collected during auditing.
13 Trusted third-party archival
13.1 Activities of trusted third-party archive service provider

Rules applying to internal solutions apply equally to third parties per forming electronic archival
services. When placing archives in the custody o f a trusted third-party archival service, the organization
shall check that the techniques and the procedures used ensure security, integrity and long-term
preservation o f the electronic documents, and that all instructions are traced with related attestations.
Annex C presents principles for suggested general service conditions.
Be fore any trans fer o f archives to a trusted third party, checks shall be made to ensure that:
a) the third party is able to comply with the requirements specified in this document;
b) the archival policy used by the third party con forms to the policy o f the organization;
c) security procedures o f the third party con forms to those o f the organization.

ISO 14641:2018(E)
T he th i rd p a r ty c an either:
— en s u re arch iva l o f ele c tron ic do c uments (re cep tion a nd re cord i ng o f a l l ele c tron ic do c uments ,
re cord i ng o f ele c tron ic do c u ment a rch iva l op eration s and s torage and relate d me tad ata) , ca rr y
out convers ion op eration s , i mplement repl ic ation pro ce dure s , en s u re acce s s a nd res titution o f
do c u ments; or
— s tore on ly d igita l s e a l s o f the do c u ments (re cep tion, che cks and re cord i ng o f do c u ment-relate d
d igita l s e a l s , re cord i ng o f op eration s) , wh i le the s torage and pre s er vation o f ele c tron ic do c uments
corre s p ond i ng to the s e s ignatu re s rema i n s under the re s p on s ibi l ity o f the cl ient (origi nator)
orga ni z ation .
I n b o th c a s es , the th i rd p a r ty s ha l l pro duce atte s tation s o f its ac tivity. T he typ e a nd fre quenc y of
tran s m i s s ion o f the s e atte s tation s from the th i rd p a r ty to the cl ient (origi nator) s ha l l b e s p e c i fie d i n
e ach th i rd-p ar ty contrac t.
T he th i rd p ar ty sh a l l ke ep copie s o f thes e attes tation s in con form ity to the s p e c i fic ation s o f th i s
document.
I n add ition to the i mplementation o f an i n formation s ys tem i n con form ity to th i s do c u ment, the th i rd
p ar ty sh a l l:
— en s u re u n ique and tru s twor thy identi fic ation for e ach o f its cl ients;
— guarante e the con fidenti a l ity o f the do c u ments a nd me tad ata i n c u s to dy, i n p a r tic u l ar u s i ng a n
i n formation s ys tem i mplemente d i n s uch a way th at it wi l l no t b e p o s s ible for a cl ient o f the th i rd
p ar ty to re ad , write, mo d i fy or dele te a ny do c u ment o f ano ther cl ient o f the th i rd p ar ty;
— provide atte s tation s o f dep o s it for e ach op eration;
— c arr y out all do c u ment dele tion s a fter no ti fic ation and , on comple tion, provide appropriate
atte s tation s;
— provide an a rch iva l l i fe c ycle aud it trai l for e ach cl ient that cou ld b e pro duce d as evidence i n ca s e o f
dispute.
E xch ange o f data b e twe en the organ i z ation and the th i rd p a r ty s ha l l b e pro te c te d by ade quate me a n s ,
i . e . s trong authentic ation, encr yp tion, i ntegrity control .
T he th i rd p a r ty s ha l l cer ti fy that it wi l l ma ke no ana lys i s or pro ce s s i ng (e . g. format convers ion) o f
ele c tron ic do c u ments i n its c u s to dy, un le s s e xpl ic it demand h as b e en made b y its cl ient (origi nator) .
For re as on s o f con fidentia l ity, prior enc r yp tion o f do c uments a nd, i f appropri ate, o f me tadata c an b e
de eme d ne ce s s a r y b y an organ i z ation . I n th i s c a s e, s e arch c riteri a for acce s s to the do c u ments m ight b e
limited.
13.2 Service contract model
13.2.1 Service contract

T he fol lowi ng i s s ues s ha l l b e covere d i n a s er vice s contrac t with any tru s te d th i rd-p ar ty arch ivi ng
service provider:
a) re ference to th i s do c ument with s p e ci fic ation o f re qu i rements covere d;
b) re ference to the arch iva l p ol ic y;
c) de s c rip tion o f arch iva l pro ce du re s;
d) de s c rip tion o f i n formation s ys tem i n fras tr uc tu re;
e) pro ce du res to acces s i n formation s ys tem op eration s lo gs;

ISO 14641:2018(E)
f) te ch nique s u s e d by the th i rd p ar ty to en s u re con fidenti a l ity o f data o f the organ i z ation;
g) me tho d s and me an s u s e d for the dep o s it o f ele c tronic do c u ments a nd thei r me tadata b y the cl ient;
h) me tho d s and me an s ta ken to en s ure, i f appl ic able, format convers ion;
i) tran s p or tation ( phys ica l tra n s fer) pro ce du re s o f do c u ments , i f appl ic able;
j) i n s u rance p ol icie s contrac te d by the th i rd p ar ty coveri ng a ny ac tivity-relate d d amage s .
E ven though the term s o f the s er vice contrac t are fre ely entere d i nto b e twe en p ar tie s , the content o f
13.2.2 to 13.2.13 s ha l l b e i nclude d .
13.2.2 Service contract duration

T he du ration o f the contrac t with the th i rd p ar ty sha l l b e s p e c i fie d, to ge ther with the renewa l and
term i nation cond ition s .
13.2.3 Preservation period

T he th i rd p a r ty sha l l com m it to the appl ication o f the s p e c i fie d pre s er vation p erio d as far a s i s p erm itte d
b y the ongoi ng contrac tua l relation sh ip . T he th i rd p ar ty s ha l l b e able to demon s trate a contrac tua l and
te ch n ic a l abi l ity c ap acity for the re s titution and i nterop erabi l ity o f its s olution i n order to en s u re the
pre s er vation o f do c u ments for the agre e d du ration .
13.2.4 Quality of service

T he th i rd p ar ty s ha l l com m it to a cer tai n level o f qua l ity o f s er vice a nd c u s tomer s upp or t. This
com m itment concern s level s o f avai labi l ity for the dep o s it o f a nd acce s s to the a rch ive s , p o s s ibly
as s o c iate d with p ena lty clau s e s when contrac tua l cond ition s are no t fu l fi l le d .
13.2.5 Security and data protection

T he th i rd p ar ty sha l l:
a) ke ep a l l ele c tron ic do c u ments con fide d b y the cl ient (origi nator) i n c u s to dy for the contrac te d
p erio d a nd i n the agre e d form a nd formats;
b) guara nte e the s e c urity and i nte grity o f the ele c tron ic do c uments;
c) com m it to p er form a l l me d i a m igration s that m ight b e ne e de d to en s u re the ele c tron ic do c u ments ’
le gibi l ity;
d) provide a s e c u re d acces s s er vice to a l l obj e c ts i n c u s to dy;
e) ma i ntai n an aud it tra i l of all op eration s rel ate d to the exe c ution o f s er vice s s p e c i fie d by the
contrac t;
f) guara nte e the s e c urity and i nte grity o f a rch ive s ’ l i fe c ycle and events lo gs .
13.2.6 Information and counsel

T he th i rd p ar ty sha l l i n form its cl ient (origi nator) o f the ne e d to ma i nta i n comp atibi l ity b e twe en the
cl ient’s own i n formation s ys tem s and tho s e obj e c ts held i n c u s to dy on the cl ient’s b eha l f. T he th i rd
p a r ty m ight ne e d to prop o s e add itiona l s er vice s to de a l with th i s .
T he th i rd p a r ty sha l l i n form the cl ient o f any convers ion op eration s or o f te ch n ic a l ch anges to the
i n formation s ys tem s u s e d and o f a ny i mp ac t th i s m ight h ave on avai labi l ity or comp atibi l ity with cl ient
ha rdware, or to the e xch ange o f, or pre s er vation o f, d ata i n c u s to dy.

ISO 14641:2018(E)
13.2.7 Transfer and continuity

I f a cl ient’s ele c tron ic do c uments i n c u s to dy a re tra n s ferre d to ano ther th i rd p ar ty, th i s entity sh a l l
be able to en s u re, b o th du ri ng and a fter the tra n s fer op eration, that the do c u ments re ta i n thei r
fu ndamenta l prop er tie s . T h i s me a n s:
— the o ther th i rd p a r ty sh a l l en s u re the fu l l i nte grity a nd comple te tran s fer o f a l l arch ive s and a l l
relate d d ata it ha s held i n c u s to dy;
— in all circums tances , the other third party shall keep in formation and technical data in s uch a way that
its client, or any party des ignated by its client, can recover it and do so in a reasonable length o f time.
13.2.8 Transferability
O n term i nation o f the contrac t, or i f the th i rd p a r ty ce as es op eration s , the th i rd p ar ty sh a l l b e able to
re turn a l l ele c tronic do c uments and relate d elements comple tely a nd i n the s ame te ch nic a l cond ition
they were at the ti me o f re cep tion i n the i n formation s ys tem . T he th i rd p ar ty sh a l l no t re tai n any cop y
of the returned documents.

Re tu rn o f aud it trai l s/ lo gs sh a l l b e s p e c i fie d .
T h i s tra n s ferabi l ity provi s ion s ha l l a l low a cl ient to pres er ve its i ndep endence with regard to the th i rd
p ar ty, b enefiti ng from a contrac tua l guarante e th at the e xterna l s er vice c an b e tran s ferre d either to
ano ther th i rd p ar ty or re tu rne d to a n i nterna l i n form ation s ys tem .
T h i s provi s ion sha l l i nclude, at le as t:
a) the u s e b y the th i rd p ar ty o f marke t s tanda rd a nd s tate - o f-the - ar t te ch n ic a l to ol s (arch ite c ture,
ha rdware and s o ftware, pro to col s , e tc .) ;
b) the orga ni z ation o f the tra n s fer o f the do c uments either to the cl ient’s i nterna l i n formation s ys tem
(re tu rn) or to ano ther th i rd p ar ty;
c) the dep o s it o f i n formation and te ch n ic a l data, s o that it c an b e re covere d , to a lo c ation or by me an s
acce s s ible to its cl ient or a ny p ar ty de s ignate d b y its cl ient;
d) the co s t o f the revers ibi l ity;
e) the ti me ne ce s s a r y to p er form a l l revers ibi l ity op eration s from ti me o f re que s t;
f) the re gu la r upke ep o f a l l elements relate d to revers ibi l ity.
13.2.9 Restitution
O n term i nation o f contrac tua l pre s er vation obl igation s , the th i rd p a r ty sh a l l u nder ta ke to re tu rn to its
cl ient a l l arch ive s and sh a l l no t ke ep any copy o f them . None thele s s , i f the cl ient s p e ci fic a l ly m a ke s the
re que s t, its arch ive s cou ld conti nue to b e pre s er ve d b y the th i rd p a r ty for an add itiona l p erio d .
13.2.10 Confidentiality and private data

T he th i rd p ar ty s ha l l guarante e the con fidentia l ity o f i n formation it has b e en tru s te d with and any o ther
i n formation wh ich m ight have b e en made known to it duri ng its contrac tua l relation with its cl ient.
T h i s i n formation cou ld come from acce s s to , or from op eration s on, do c u ments wh ich it h as held i n
c u s to dy, or from its knowle dge o f the i n formation s ys tem s o f the orga ni z ation, whe ther th i s knowle dge
re s u lts from its own ob s er vation s or was provide d b y its cl ient.
T he th i rd p ar ty s ha l l ta ke a l l ne ce s s ar y me a s ure s to en s u re con fidenti a l ity o f i n formation that it cou ld
b e come aware o f du ri ng mai ntenance ac tivitie s .

ISO 14641:2018(E)
Such in formation should only be communicated to persons designated by the client, with the exception
o f situations where it is legally binding to communicate this in formation to another party.
13.2.11 Professional insurance

The third party shall contract insurance to cover all risks related to its civil liability. This insurance
shall provide a financial guarantee relative to the level o f duties.
The third party shall maintain this insurance for as long as the service contract applies.
The third party might seek additional insurance protection against in formation system failure.
13.2.12 Subcontracting
The client shall be in formed when the third party plans to use subcontracted services. In this case, the
third party remains liable for services provided to the client.
13.2.13 Assessment
The provision related to assessment audits shall be in accordance with the requirements o f this
document (see Clause 12 ).
14 Service providers
14.1 General
This clause deals with archival solutions for which some services are provided by subcontractors other
than trusted third parties. Annex C presents principles for suggested general service conditions.
The organization implementing the in formation system service remains liable for the whole system and
shall ensure that all services provided by subcontractors con form to the requirements o f this document
according to the duties they are charged with.
The subcontractor selected shall be given a specifications document by an authorized person, defining
the requirements. The subcontractor shall commit to these specifications.
Procedures and operations per formed by the subcontractor shall be systematically checked and
inspected on a regular basis.
14.2 Subcontractor agreement

Be fore employing the services o f a subcontractor, it shall be confirmed that:
— the subcontractor is able to con form to the requirements o f this document for the services to be
provided;
— the subcontractor’s procedures con form to the archival policy o f the originator;
— the audit trail data produced by the subcontractor is usable on the originator’s in formation system;
— the subcontractor’s security policies are consistent with those o f the originator.
14.3 Contract with subcontractor

The contract shall include at least the following in formation:
a) re ference to this document, i.e. ISO 14641;
b) description o f the procedures used;

ISO 14641:2018(E)
c) de s c rip tion o f the i n fras tr uc tu re u s e d i n relation to the s er vice provide d;
d) c riteri a u s e d for qua l ity control;
e) acce s s to the s ub contrac tor ’s i n formation s ys tem events lo gs;
f) me as u re s ta ken to en s u re con fidenti a l ity and s e c urity o f data i n c u s to dy;
g) te ch n iques and me d ia u s e d for the tra n s fer o f ele c tron ic do c u ments and relate d me tadata b e twe en
the origi nator a nd the s ub contrac tor;
h) te ch n iques u s e d for format convers ion, i f appl ic able;
i) provi s ion s for do c u ment tran s fer, i f appl ic able;
j) s ub contrac tor i n s u rance p ol icies coveri ng work-relate d da mage s .
14.4 Data transfer over telecommunications networks

When op en ne tworks are used to tran s fer do c u ments b e twe en the owner a nd s ub contrac tor,
appropriate te ch n ique s for authentic ation, data i ntegrity and con fidentia l ity s ha l l b e u s e d .

ISO 14641:2018(E)
Annex A
(informative)
Archival policy
An archival policy describes in legal, functional, operational, technical and security terms the
requirements for an internal or external in formation system, including the aims, targets and
commitments o f the system.
It should speci fy the following details.
a) Services provided to depositors and users for deposit or restitution o f an archive, including scope
o f services, levels o f service, archival types, electronic document formats, transmission conditions,
trans fer volumes, frequency o f deposits, etc.
b) Obligations incumbent on all parties, primarily on the archival service itsel f. The obligations
regarding other parties should at least indicate the minimum requirements for implementing
archival services that con form to the archival policy.
c) Features o f operations implemented in order to provide these services (deposit, storage, etc.) and
related organization o f operations (links between operations, data exchange, etc.).
d) Applicable rules o f security according to each level o f service and function, based on organizational,
practical and technical considerations.
An archival policy is above all a general functional framework and, as such, should be independent from
specific techniques used for the purposes o f implementing particular operations.
An archival policy is a document that provides all parties involved (internal or external to the service)
a clear description o f the archival service’s commitments. This will entail practical considerations for
execution and delivery, including:
— archive deposit;
— identification and authentication o f archive source;
— archive accessibility;
— retrieval and display o f archives;
— restitution o f archives;
— integrity o f archives;
— legibility o f archives;
— long-term preservation o f archives;
— traceability o f operations o f deposit, restitution and destruction;
— production o f attestations;
— business continuity and/or disaster recovery from accidental or malicious causes;
— voluntary destruction o f archive.

ISO 14641:2018(E)
Annex B
(informative)
Declaration of archival practices
A declaration o f archival practices explains the techniques and processes implemented to meet the
security targets o f the archival policy.
A declaration o f archival practice should describe how the archival service o f the organization, and/or
third-party archive service provider, con forms to archival policy requirements in relation to aspects o f
environment, material, processes, operations and techniques.
A declaration o f archival practices should describe:
— the operational processes o f the implemented archival service; and
— the security rules described in the archival policy, both in terms o foperational security characteristics
relative to various components o f the archival service and o f those needed for the implementation o f
these characteristics.
These standards and rules should be clearly described in the declaration o f archival practice, especially
i f they are particular to the archival service itsel f. This declaration could re fer to a more general
security policy document covering the in formation system, i f appropriate.
The declaration o f archival practice should at least include a full and complete description o f the
practices and should establish the relationship between the rules described in the archival policy to
which the declaration re fers and to the standards and operational practices.
While an archival policy is established independently o f the particular aspects o f the operational
environment o f an in formation system, a declaration o f archival practice is written with regard to the
organizational structure, operations processes and material environment o f the archival service o f the
organization or third-party archive service provider.
A declaration o f archival practice is always provided by the supplier o f the service, i.e. the archival
service o f the organization or third-party archive service provider.
A declaration o f archival practice is in principle a confidential internal document regarding only the
archival service. However, to complete the archival policy, an archival service could issue extracts o f its
declaration o f archival practice.
A declaration o f archival practice describes how the archival service o f the organization and/or third-
party archive service provider is able to per form its duty satis factorily. This should make it particularly
use ful during any assessment as it will facilitate the work o f the auditor and reduce audit time.

ISO 14641:2018(E)
Annex C
(informative)
General service conditions
Users o f archival services may only have access to the organization’s archival policy. It may be di fficult
or these users to interpret this in formation.
f
Accordingly, it would be use ful to provide users with a complementary simplified document, which
could help in the clarification and understanding o f the essential in formation they would need to know
in order to make the in formed decisions that they are researching.
General service conditions should contain re ferences to available user manuals. In order to remain clear
and intelligible, these manuals should describe only those functions necessary for supported operations,
although they could make re ference to more general manuals i f this were considered to be use ful.
The archival services o f the organization and/or o f a third-party archive service provider should make
its general service conditions available to users.

ISO 14641:2018(E)
Bibliography
[1] ISO 6196-8, Micrographics — Vocabulary — Part 8: Use

[2] ISO 10196, Document imaging applications — Recommendations for the creation of original
documents
[3] ISO 12029, Document management — Machine-readable paper forms — Optimal design for user
friendliness and electronic document management systems (EDMS)
[4] ISO 14721, Space data and information transfer systems — Open archival information system
(OAIS) — Reference model
[5] ISO 15489-1, Information and documentation — Records management — Part 1: Concepts and
principles
[6] ISO/TR 15801, Document management — Electronically stored information — Recommendations
for trustworthiness and reliability
[7] ISO 19005 (all parts), Docum ent m an agem ent — Electronic docum ent file form at for lon g-term
preservation
[8] ISO/TR 22957, Document management — Analysis, selection and implementation of electronic
document management systems (EDMS)
[9] ISO/IEC 13346 (all parts), In form ation techn ology — Volum e an d file structure of write-on ce an d
rewritable media using non-sequential recording for information interchange
[10] ISO/IEC 13490 (all parts), In form ation techn ology — Volum e an d file structure o f read-on ly an d
write-once compact disk media for information interchange
[11] ISO/IEC 27001, Information technology — Security techniques — Information security management
systems — Requirements
[12] IEC 61000-4, Electromagnetic compatibility (EMC) — Part 4: Testing and measurement techniques
[13] ETSI TS 101 733, Electronic Signatures and Infrastructures (ESI) Electronic Signature Formats,
European Telecommunications Standardization Institute
[14] ETSI TS 101 903, Electronic Signatures and Infrastructures (ESI) XML Advanced Electronic
Signatures (XAdES), European Telecommunications Standardization Institute
[15] MoReq2, Model Requirements for the Management of Electronic Records. Available at:
www.moreq2 .eu

ISO 14641:2018(E)
ICS 37.080
Price based on 40 pages
© ISO 2018 – All rights reserved

ISO 14641-2018

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ISO 14641-2018

Uploaded by

Copyright:

Available Formats

INTERNATIONAL ISO

Electronic document management —

COPYRIGHT PROTECTED DOCUMENT

ii © ISO 2018 – All rights reserved

© ISO 2018 – All rights reserved iii

10.1.3 Marked-up electronic documents .................................................................................................................. 19

13.2.13 Assessment ........................................................................................................................................................................ 35

1 4. 2 S ub co ntracto r agreement ........................................................................................................................................................... 35

© ISO 2018 – All rights reserved v

vi © ISO 2018 – All rights reserved

© ISO 2018 – All rights reserved vii

Electronic document management — Design and operation

T h i s do c ument i s appl ic able to ele c tron ic do c u ments res u lti ng from:

— the s c an n i ng o f origi na l p ap er or m ic ro form do c u ments;

— the convers ion o f a na lo gue aud io or vide o content;

— the “native” cre ation b y an i n formation s ys tem appl ic ation;

de s ign s , d igita l aud io/vide o and d igita l me d ic a l i mages .

a lter do c u ments a fter c ap ture .

This document is intended for the following users.

i n formation a nd do c ument le gibi l ity;

c) O rgan i z ation s provid i ng th i rd-p ar ty do c u ment arch ivi ng s er vice s .

I S O 2 8 5 9 (a l l p ar ts) , Sampling procedures for inspection by attributes

I S O 8 6 01 , Data elements and interchange formats — Information interchange — Representation of dates

Document management — Electronic imaging — Guidance for the selection of document

image compression methods

© ISO 2018 – All rights reserved 1

3 Terms and definitions

2 © ISO 2018 – All rights reserved

© ISO 2018 – All rights reserved 3

N o te 1 to entr y: T h i s op eratio n p re s er ve s the fidel ity o f the do c u ment.

N o te 1 to entr y: T he re s u lti ng de co mp re s s e d ob j e c t i s on l y a n ap proxi m ation o f the or igi n a l .

4 © ISO 2018 – All rights reserved

4 General characteristics and levels of requirements

© ISO 2018 – All rights reserved 5

4.2 Levels of requirements

6 © ISO 2018 – All rights reserved

Table 1 — Requirements of information systems

© ISO 2018 – All rights reserved 7

5.2 Technical description manual

5.3 Archival system profiles

8 © ISO 2018 – All rights reserved

e) delete or dispose o f a deposit, either prematurely or as planned.

5.4 Operational procedures

— techniques and procedures used for search and printing;

5.4.2 Scanned documents

© ISO 2018 – All rights reserved 9

5.5.1 Management and organization of security

5.5.2 Risk assessment

5.5.3 Physical security

5.5.5 Security of custom software and software products

© ISO 2018 – All rights reserved 11

12 © ISO 2018 – All rights reserved

5.5.8 Security backups

5.6 Date and time stamping

© ISO 2018 – All rights reserved 13

YYYY-MM -DDThh: mm: ss .sTZD

5.7 Audit trail

14 © ISO 2018 – All rights reserved

5.7.3 Archive lifecycle log

— date and time o f the operation, in accordance with ISO 8601;

© ISO 2018 – All rights reserved 15

— identification o f the operator, i f applicable.

6 Storage media considerations

6.1 Media type definition