Professional Documents
Culture Documents
ISO 14641-2018
ISO 14641-2018
STANDARD 14641
First edition
2018-06
Reference number
ISO 14641:2018(E)
© ISO 2018
ISO 14641:2018(E)
Contents Page
Foreword ........................................................................................................................................................................................................................................ vi
Introduction .............................................................................................................................................................................................................................. vii
1 Scope ................................................................................................................................................................................................................................. 1
2 Normative references ...................................................................................................................................................................................... 1
3 Terms and definitions ..................................................................................................................................................................................... 2
4 General characteristics and levels of requirements ........................................................................................................ 5
4.1 Characteristics ......................................................................................................................................................................................... 5
4.2 Levels o f requirements ..................................................................................................................................................................... 6
5 General specifications ..................................................................................................................................................................................... 8
5.1 General ........................................................................................................................................................................................................... 8
5.2 Technical description manual .................................................................................................................................................... 8
5.3 Archival system profiles .................................................................................................................................................................. 8
5.4 Operational procedures .................................................................................................................................................................. 9
5.4.1 General...................................................................................................................................................................................... 9
5.4.2 Scanned documents ...................................................................................................................................................... 9
5.4.3 Digitally born documents ......................................................................................................................................... 9
5.5 Security....................................................................................................................................................................................................... 10
5.5.1 Management and organization o f security............................................................................................. 10
5.5.2 Risk assessment............................................................................................................................................................. 10
5.5.3 Physical security ........................................................................................................................................................... 11
5.5.4 Hardware security ....................................................................................................................................................... 11
5.5.5 Security o f custom so ftware and so ftware products ..................................................................... 11
5.5.6 Maintenance o f the information system ................................................................................................... 12
5.5.7 System change-management and migration o f media ................................................................. 12
5.5.8 Security backups ........................................................................................................................................................... 13
5.5.9 Continuity o f access to archives ....................................................................................................................... 13
5.6 Date and time stamping ............................................................................................................................................................... 13
5.7 Audit trail .................................................................................................................................................................................................. 14
5.7.1 General................................................................................................................................................................................... 14
5.7.2 Secure preservation o f the audit trail ......................................................................................................... 14
5.7.3 Archive li fecycle log .................................................................................................................................................... 15
5.7.4 Events log ............................................................................................................................................................................ 15
6 Storage media considerations ............................................................................................................................................................. 16
6.1 Media type definition ..................................................................................................................................................................... 16
6.2 Preservation o f archival media .............................................................................................................................................. 16
7 Systems using removable media ....................................................................................................................................................... 16
7.1 General ........................................................................................................................................................................................................ 16
7.2 Initialization o f removable storage volumes .............................................................................................................. 17
7.3 Finalization o f removable storage volumes ................................................................................................................ 17
7.4 Labelling o f physical WORM media .................................................................................................................................... 17
8 Systems using logical WORM media .............................................................................................................................................. 17
9 Systems using rewritable media ....................................................................................................................................................... 17
9.1 General ........................................................................................................................................................................................................ 17
9.2 Standard security level .................................................................................................................................................................. 18
9.3 Strong security level ........................................................................................................................................................................ 18
9.4 Advanced security level ................................................................................................................................................................ 18
10 Archival capture ................................................................................................................................................................................................. 19
10.1 Electronically born documents .............................................................................................................................................. 19
10.1.1 General................................................................................................................................................................................... 19
10.1.2 Procedure for archives capture (deposit) ............................................................................................... 19
1 3 .2 .1 2 ................................................................................................................................................................ 35
S ub co ntracting
Foreword
ISO (the International Organization for Standardization) is a worldwide federation o f national standards
bodies (ISO member bodies). The work o f preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters o f
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the di fferent approval criteria needed for the
di fferent types o f ISO documents should be noted. This document was dra fted in accordance with the
editorial rules o f the ISO/IEC Directives, Part 2 (see www.iso .org/directives).
Attention is drawn to the possibility that some o f the elements o f this document may be the subject o f
patent rights. ISO shall not be held responsible for identi fying any or all such patent rights. Details o f
any patent rights identified during the development o f the document will be in the Introduction and/or
on the ISO list o f patent declarations received (see www.iso .org/patents).
Any trade name used in this document is in formation given for the convenience o f users and does not
constitute an endorsement.
For an explanation on the voluntary nature o f standards, the meaning o f ISO specific terms and
expressions related to con formity assessment, as well as in formation about ISO’s adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following
URL: www.iso .org/iso/foreword .html.
This document was prepared by Technical Committee ISO/TC 171, Document management applications,
Subcommittee SC 1, Quality, preservation and integrity of information .
This first edition cancels and replaces ISO 14641-1:2012, which has been technically revised.
Introduction
Electronic documents are an essential part o f everyday business, whether the sources are incoming
communications or output from organizations. It is important that electronic documents be stored
appropriately, either fully or in part, in secure in formation systems designed for operations and
archiving, in order to meet business, legal or regulatory requirements.
The objectives o f secure in formation systems are to resolve organizational issues such as:
a) optimization o f long-term electronic document preservation, archiving and integrity;
b) provision o f in formation search facilities;
c) ensuring ease o f access and use o f electronic documents.
This document is intended to provide a re ference framework for organizations. It describes the methods
and techniques to be used for the implementation o f an electronic in formation system for managing
documents within an archive. In conjunction with related archival policies o f organizations, it describes
criteria for system design and specifications for operational processes.
These specifications are intended to ensure that all documents to be managed by the in formation system
are captured, stored, retrieved and accessed in a way that guarantees that the archived document is an
authentic rendition o f the original document for the duration o f preservation. An authentic rendition
means that the rendered document corresponds to the source document as it was at the time o f input in
the in formation system in respect o f criteria o f fidelity and integrity, and that this state is maintained
for the duration o f preservation.
This document takes into account the use o f three possible archiving media: physical WORM, logical
WORM and rewritable media. Archival integrity is ensured on physical and logical WORM media by the
inherent properties o f WORM solutions. On rewritable media, integrity is ensured using encryption-like
techniques, in particular with checksum calculation or hash function, date and time stamp or digital
signature. In all cases, it is necessary to comply with related procedures.
Depending on the types o f documents to be archived, other specialized standards can be relevant and
used to complement the recommendations in this document.
This document provides a specific and complementary definition o f issues addressed in other standards
or specifications concerning the management o f electronic in formation. Its content is intended to
address execution issues raised in several other documents. These include ISO/TR 15801, ISO 15489-1
and MoReq2 [15] , which detail specifications for organizing and controlling the li fecycle o f archived
in formation for purposes o f evidence and operational history, and ISO 14721, which describes the
characteristics o f an open system for the preservation o f digital data.
Annexes A, B and C are complementary.
for the c ap tu re, s torage and acce s s o f ele c tron ic do c u ments . This en s u re s legibi l ity, i ntegrity and
trace abi l ity o f the do c u ments for the du ration o f thei r pre s er vation .
— o ther s ou rce s th at cre ate d igita l content s uch as two - or th re e - d i men s iona l map s , d rawi ngs or
T h i s do c u ment i s no t appl icable to i n formation s ys tem s i n wh ich u s ers h ave the abi l ity to s ub s titute or
1) ele c tron ic do c u ments cre ate d from s c an cap ture s a re kep t i n a n envi ron ment that en s ure s
fidel ity with regard to the origi na l and long-term pre s er vation;
2) d igita l ly b orn do c uments are kep t i n a n envi ron ment that en s u re s the content i ntegrity o f the
3) trace abi l ity i s en s u re d for a l l op eration s relati ng to the ele c tron ic do c uments .
b) O rgan i z ation s provid i ng i n formation te ch nolo g y s er vice s and s o ftwa re publ i shers s e eki ng to
develop i n formation s ys tem s that en s u re the fidel ity and i nte grity o f ele c tron ic do c u ments .
2 Normative references
T he fol lowi ng do c uments a re re ferre d to i n the te xt i n s uch a way that s ome or a l l o f thei r content
con s titute s re qu i rements o f th i s do c u ment. For date d re ference s , on ly the e d ition cite d appl ie s . For
u ndate d re ference s , the late s t e d ition o f the re ference d do c ument (i nclud i ng a ny amend ments) appl ie s .
ISO 12653-1, Electron ic im agin g — Test target for th e black-an d-white scann in g o f o ffice docum ents —
Part 1: Characteristics
ISO 12653-2, Electron ic im agin g — Test target for th e black-an d-white scannin g o f o ffice docum ents —
Part 2: Method of use
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— IEC Electropedia: available at http: //www.electropedia .org/
— ISO Online browsing platform: available at https: //www.iso .org/obp
3.1
access
processes o f retrieving and displaying (playing) electronic documents for operational, evidential or
historical purposes
3.2
archive
set o f documents produced or received, whatever their date, format or storage media, by any individual,
organization, public or private service, in the course o f their activity
3.3
archival policy
legal, functional, operational, technical and security requirements o f an internal or external
in formation system
Note 1 to entry: Annexes A and B give principles o f an archival policy and o f a declaration o f archival practices.
3.4
archive lifecycle log
log which records audit trail (3.9) data related to the document li fecycle archiving process
3.5
archive restitution
return and trans fer o f archived documents to their originator, or to a duly appointed person or
organization
3.6
archival system profile
set o f properties that applies to a class o f archives (3.2 ) that share common characteristics in terms o f
confidentiality, retention and disposal schedules, and access (3.1) rights (e.g. create, read, modi fy, delete)
3.7
ACU
attestation creation unit
hardware and/or so ftware devices for the delivery o f electronic attestations (3.23)
Note 1 to entry: Attestations include a unit identifier and the related archival service identifier.
3.8
audiovisual
communication techniques combining sound and image
3.9
audit trail
aggregate o f the in formation necessary to provide a historical record o f all significant events associated
with stored in formation and the in formation system
3.10
data
digital form o f in formation which can be accessed, read and/or processed
3.11
date and time stamp
sequence o f characters denoting the date and/or time at which a certain event occurred
3.12
deposit
set o f documents sharing the same archival system profile (3.6)
3.13
digital archival
set o f actions aiming to identi fy, capture, classi fy, preserve, retrieve, display and provide access (3.1)
to documents for in formational or historical purposes, or for the duration required to meet legal
obligations
3.14
digital document
digital representation o f content that is stored and managed electronically
Note 1 to entry: Association o f content, logical structure and display attributes, retrievable by a device capable o f
rendering a human-readable (or machine-readable) object. A document can be digitally born (creation) at source
or converted from an analogue document.
3.15
digital fingerprint
bit sequence generated from a digital document (3.14) using an algorithm that uniquely identifies the
original document
Note 1 to entry: Any digital document modification will produce a di fferent fingerprint.
3.16
digital seal
method for ensuring the integrity (3.27) of a document including hash functions (3.26), digital signatures
(3.17) and, optionally, a date and time stamp (3.11)
3.17
digital signature
data which, when appended to a digital document (3.14), enable the user o f the document to authenticate
its origin and integrity (3.27 )
3.18
digitization
conversion o f an analogue document (paper, micro form, film, analogue audio or audiovisual (3.8 ) tapes)
to digital format for the purpose o f preservation or processing
3.19
digitized document
result of digitization (3.18) of in formation initially stored on physical media (paper, microform, and
film, analogue audio or audiovisual (3.8 ) tapes)
3.20
document fidelity
prop er ty o f an arch ive d do c u ment wh ich renders a l l the i n formation conta i ne d i n the origi na l s ou rce
document
N o te 1 to e ntr y: This no tio n is ap p l ic ab le to a ny ch a n ge of fo r m , i nclud i n g digitization (3.18) or format
conversion (3.25).
3.21
durability
attribute o f a do c u ment wh ich rema i n s re adable du ri ng its enti re l i fe c ycle
3.22
electronic information system
s ys tem des igne d to re ceive, pre s er ve, access (3.1 ) and tran s fer archives (3.2 ) i n an ele c tron ic form
3.23
electronic attestation
i n formation pro duce d to provide evidence th at an ac tion or an ele c tron ic tran s ac tion ha s o cc urre d
3.24
events log
log which records audit trail ( ) data (3.10 3 .9 ) relate d to the s ys tem op eration s
3.25
format conversion
op eration conver ti ng a digital document (3.14 ) to a d i fferent ele c tron ic format
3.26
hash function
mathematic a l a lgorith m u s e d for turn i ng s ome ki nd s o f data (3.10 ) i nto a relatively s ma l l i nteger
3.27
integrity
attribute o f a do c u ment who s e content i s comple te a nd una ltere d
3.28
legibility
attribute o f an arch ive d do c ument wh ich a l lows access (3.1 ) to a l l the i n formation it contai n s
N o te 1 to entr y: T h i s co u ld b e fac i l itate d b y cer ta i n metadata (3.31 ) a s s o c iate d with the do c u ment.
3.29
lossy compression
compre s s ion a lgorith m wh ich lo s e s s ome o f the origi na l i n formation du ri ng compre s s ion
3.30
media migration
ac t o f tran s ferri ng a do c u ment from one me d ium to ano ther, p ar tic u larly with regard to managi ng
me d i a ob s ole s cence
3.31
metadata
data (3.10 ) des cribi ng the context, content and s truc ture o f a do cument and thei r management over ti me
3.32
replication
process which consists o f copying in formation between redundant resources, notably so ftware or
hardware components, to improve reliability, fault-tolerance or accessibility
3.33
time source
internal or external component o f an in formation system providing a reliable and objective time
re ference suited to requirements
3.34
time-stamp token
data (3.10) object that binds a representation of data to a particular time (expressed in UTC), thereby
providing evidence that the data existed at that time
3.35
transferability
ability to recover an authentic digital archive (3.13 ) (in formation, data (3.10), objects and all related
metadata (3.31) from one in formation system) in order to trans fer it to another in formation system by
means o f a procedure specified in advance
Note 1 to entry: This issue is o f particular importance when in formation is stored by a third-party archive
service provider.
3.36
trusted third-party archive service provider
third-party individual or organization in charge o f archives (3.2 ) preservation
4.1 Characteristics
In order that an organization might apply a recognized specifications framework for the storage, use,
archiving, retrieval and display o f electronic documents, both technical and organizational measures
need to be taken to ensure document integrity and long-term preservation.
In this context, an electronic in formation system shall implement a pre-defined archival policy; a
description o f the general principles o f such a policy is described in Annex A .
It is important to recognize that in formation systems will capture electronic documents that are being
submitted for long-term storage and use. The term “capture” in this sense reflects the receipt and
processing o f in formation to be managed by the in formation system. Where hardcopy documents need
to be stored and managed in electronic form, these documents shall be scanned and indexed prior to
their capture in the in formation system.
This document is applicable only to unalterable captured documents. Related document re ference data
in the file system or database shall not be erasable, changeable or able to be replaced by new data.
Procedures and security requirements shall be implemented in order to:
a) control the process o f archiving;
b) prevent and/or detect modifications made to documents or to the data necessary for their retrieval
and display;
c) ensure the integrity o f audit trail data (including the log o f the system events).
An electronic in formation system shall feature characteristics o f:
— suitability for long-term preservation;
— integrity;
— security;
— traceability.
This document outlines:
— specifications for procedures relative to the processing, preservation, access and restitution o f
scanned or digitally born in formation, and requirements for the security o f the in formation system;
— procedures relative to the digitization o f analogue documents;
— procedures relative to the capture o f documents, their preservation, access and restitution;
— procedures relative to the potential disposal o f documents;
— rules relative to applicable procedures concerning operators;
— description o f the resulting attestations o f these operations;
— specifications concerning materials, equipment and so ftware implementations;
— conditions o f system audits and related procedures;
— characteristics applicable to the use o f trusted third parties;
— characteristics applicable to the use o f subcontractors.
The technical description manual, attestations produced and logs detailing the li fecycle o f archives or
system events shall be kept in the same conditions as the archives themselves.
5 General specifications
5.1 General
The design and operation o f the in formation system shall allow implementation o f procedures
guaranteeing the requirements selected from 4.2.
5.4.1 General
The organization shall set up procedures for the capture, storage, access and restitution o f documents.
These procedures shall be detailed in the technical description manual and shall include at least the
following in formation:
— techniques or procedures used for trans fer, receipt and control o f documents to be archived;
— techniques and procedures for related metadata and any possible enrichment o f related metadata;
— techniques and procedures concerning conversion o f digital document formats during capture to
the in formation system, or later i f formats become obsolete.
5.5 Security
Where di fferent types o f storage media are used, their impact on the risk analysis results shall be
reviewed.
Once the risk analysis has been completed, it shall be acted upon as part o f a review o f implemented
security measures. Factors such as the balance between the costs o f implementation, security achieved
and risk evaluation shall be taken into consideration during the review process.
Based on the results o f the risk analysis, existing security measures shall be reviewed for e ffectiveness.
Where the review indicates that changes to security procedures are appropriate, the identified changes
shall be implemented.
10 © ISO 2018 – All rights reserved
ISO 14641:2018(E)
Removable media shall be continuously monitored during their handling and/or trans fer from one
protected location to another. It shall be possible to identi fy all holders o f all media at any point in time.
When removable media are not actually in use, it shall be stored in specific protected locations.
I f the destruction o f physical documents is envisaged, specific procedures for the security o f these
operations shall be implemented, both for original analogue paper-based documents and for digitally
born documents.
I f media containing documents need to be disposed o f, appropriate measures shall be taken to make it
impossible for reconstruction o f in formation initially held on the media.
5.5.4 Hardware security
Security measures covering hardware and so ftware contribute, either separately or jointly, to the
security o f in formation systems by allowing for:
a) identification o f hardware configurations, including peripherals;
b) controls guaranteeing the absence o f malicious or accidental modifications o f hardware
configurations;
c) controls guaranteeing that only authorized users can access the hardware.
Accordingly, security issues shall be taken into account when choosing equipment and during their
installation and implementation.
To limit the risks of illegal interceptions of in formation by third parties due to the transmissions of
involuntary electromagnetic radiations, it is advisable to test the hardware for con formity to IEC 61000-4.
It is advisable to use so ftware which is in the public domain or, where possible, to obtain sources from
the supplier.
Rigorous methods shall be used for the development o f so ftware; the selection o f best practices and
checks shall be the responsibility o f the person in charge o f the application.
Be fore being put into service, so ftware and so ftware products shall have been adequately tested
on a machine other than the main production machine, or on a production machine during periods
o f operational down-time, having previously backed up data and indexes and having removed all
appropriate removable in formation system media.
Security o f access and granting o f access rights to the in formation system shall be care fully studied,
designed and implemented from the beginning o f the system design.
The so ftware and so ftware products shall be specially protected, and access rights enabling their
change or modification should be granted only to authorized persons.
In cases o f mal function, a report shall be immediately delivered to the security authority and the
mal functioning part o f the in formation system shall be isolated as quickly as possible.
5.5.6 Maintenance of the information system
In formation describing every maintenance operation shall be recorded in the technical documentation
o f the in formation system. This shall include an identification o f the maintenance operation, either
preventive or curative, entrusted either to the organization, or to specialized third-party providers.
Removable media containing electronic documents and their related metadata shall never be le ft in
drives during maintenance operations.
I f media are not removable, a valid backup copy shall be created be fore any maintenance operation
(see 5.5.8).
All tests shall be made with removable media specifically allocated for this task. I f media are not
removable, it shall not be possible for tests to alter or destroy recorded in formation.
Preventive maintenance shall be per formed to ensure proper functioning o f the in formation system. In
particular, regular checks o f removable disk drives or fixed media shall be made to veri fy that these are
in proper working order according to manu facturer recommendations.
5.5.7 System change-management and migration of media
Periodic upgrade operations and modification or replacement o f hardware or so ftware shall be planned
in advance o f their implementation.
All these operations shall be detailed in the technical description manual o f the in formation system and
registered in logs.
The long-term preservation and integrity o f the documents and their metadata shall be ensured when
implementing periodic upgrade operations.
The following two situations may apply.
a) The new storage media are capable o f being read by the former in formation system; all media shall be
checked for legibility on the new storage media hardware before retiring the former storage media.
b) The new storage media cannot read media used by the former in formation system; all documents
contained on former media shall be copied to the new media on a hardware system which
temporarily uses both types o f storage media.
5.7.1 General
Any event associated with the in formation system or with the li fecycle o f documents shall be recorded.
Event logs shall be automatically produced by the in formation system with a date and time stamp (see
5.6). A full description of the events shall be recorded sequentially in the relevant logs.
All logs shall be described in the technical description manual, with all related administration
in formation. Logs shall be easily accessible and legible.
Logs shall be archived on a regular basis according to the same archival policy as related documents, on
storage media providing the same characteristics o f preservation and integrity.
Event logs shall not be accessible to regular users and operators; administration o f logs shall be
restricted to a duly designated operator.
The production o f event logs entails the production o f electronic attestations. These shall be archived in
the same conditions as related documents.
5.7.2 Secure preservation of the audit trail
Whatever type o f media are used for audit trail preservation, the audit trail shall demonstrate proo f-o f-
continuity o f capture o f events o f the in formation system.
Logs shall be stored and kept in the same secure conditions as documents.
7.1 General
Storage media are not usually directly addressed by an in formation system. In formation is actually
recorded on storage volumes.
A storage volume can include one or more storage media, and media storage can be part o f one or more
storage volumes. Media storage is a physical reality, while storage volume is a logical virtual notion.
When removable optical media are used, volume and file structures shall adhere to either ISO/
IEC 13490 or ISO/IEC 13346.
9.1 General
When an in formation system uses removable or non-removable rewritable media, preservation o f
integrity relies on the rule that once an entry has been made it cannot be modified without this being
detected and registered using cryptographic techniques and the production o f electronic attestations.
Three levels o f security can be re ferenced: standard, strong and advanced. These levels require the use
o f distinct cryptographic techniques: hashing functions, date and time stamps and/or digital signatures.
When a security level entails the use o f a digital signature, the signatory directs and activates the tool
creating the digital signature. The signatory can be an individual, an organization or a process. Where
the signatory is a process, the digital signature shall be automatically produced at the time o f the
occurrence o f the related operation.
The advanced digital signature shall adhere to the following requirements:
a) it is uniquely linked to the signatory;
b) it is capable o f identi fying the signatory;
c) it is created using means that the signatory can maintain under his sole control;
d) it is linked to the data to which it relates in such a manner that any subsequent change o f the data is
detectable.
NOTE An advanced digital signature corresponds to the definition given by the European Telecommunications
Standardization Institute (ETSI) in the following specifications: ETSI TS 101 733 (CAdES) or ETSI TS 101 903
(XAdES).
For each o f these three levels o f security, an electronic attestation shall be issued and registered in the
audit trail, confirming initial deposit o f documents. It shall include at least the digital fingerprints o f
archived documents and a logical storage address, independent o f storage location. Attestations shall
provide evidence that related operations have been requested by an authorized person and per formed
under the full control o f the in formation system o f the organization or third party.
10 Archival capture
10.1.1 General
Electronically born documents received by the in formation system shall be preserved using a
standardized or industry-standard file format. Specifications o f formats shall be freely available for the
complete li fetime o f the document. In the archival policy, the re ferenced standard associated with each
distinct type o f related document shall be noted. This also applies to format specifications, in order to
ensure long-term usage and in formation content fidelity.
10.1.2 Procedure for archives capture (deposit)
Two distinct and linked operations are mandatory for capturing archives: capturing archive files to
archival media and updating catalogues with the associated metadata. Capture is only valid i f both
operations are achieved.
Processes for the control and capture o f documents and their associated metadata shall be specified.
Electronic documents shall be captured to the storage media using unique file identifiers.
For each archival deposit, the in formation system shall at least:
a) check that the quality o f the document recorded on the archival media is correct, using any error
detection and correction codes that might be available on the devices used;
b) validate that the new document has been registered in the in formation system catalogue;
c) secure the link between the physical location o f the document and its logical identification.
i mages , overl ays , form s , e tc . T he s e “re s ou rce s ” are ne ce s s ar y for d i s play and rend ition o f the ele c tron ic
document.
T he fi le s repre s enti ng the do c u ment and a l l as s o c iate d re s ou rce s ne e de d for rend ition sha l l b e s tore d
under the s ame cond ition s i n order to pre s er ve the l i n ks b e twe en a l l comp onents .
format. T he s e t o f fi le s ma ki ng up the ele c tron ic do c u ment s ha l l a l low the re s titution o f the origi na l
c) either ab s ence o f co de d data or, a lternatively, legible va lue s , p erm itti ng i nterpre tation o f co de s .
Supplementa r y che cks th at c an veri fy con form ity o f dep o s ite d do c u ments to formats s p e ci fie d i n the
— i f the do c u ments or b atch o f do c uments a l re ady contai n a d igita l s e a l, the s e a l sh a l l b e che cke d
— i f the do c u ments or b atch o f do c u ments do no t conta i n a ny device a l lowi ng s uch control, then the
b) automatic e xtrac tion o f me tadata from the i n formation s ys tem wh ich cre ate d the ele c tron ic
do c u ment;
When c ap tu ri ng ele c tron ic do c u ments , me tadata s ha l l i nclude the fol lowi ng i n formation ab out the
— identi fic ation o f the entity origi nati ng the tran s fer o f the do c u ments;
— the date and ti me o f c re ation or arriva l o f the tra n s ferre d arch iva l b atch;
— the convers ion te ch n ique appl ie d to the origi na l do c u ments i f the native format o f the do c uments
— the preservation period (retention schedule) and final disposition o f the documents;
— access rights associated with the documents;
— the size o f the archival batch.
The so ftware used for removal o f overlays, leaving only the variable content, can be used i f the related
features operating in the in formation system are fully specified in the technical description manual. In
addition, when the retrieval o f a document requires merging the variable content and the overlay, then
the version o f the overlay used shall be identical to the overlay extracted when the page was scanned
and processed.
The technical description manual shall describe the management o f overlay versions and the logical
link between a document’s variable content and the corresponding version o f the overlay.
Overlays are considered as elements o f the document and shall there fore be stored in the same
conditions as other document elements.
When it is mandatory to preserve the in formation as a whole, it is advisable not to use such techniques.
In all other cases, it is necessary to speci fy the reasons for the use o f such techniques in the technical
description manual.
Blank page removal could represent a potential risk o f in formation loss. When this is implemented it is
advisable to check that the technique used is reliable and does not delete pages containing in formation.
The technical description manual shall speci fy the procedures used to ensure the reliability o f this
operation. It is also advisable to implement a process which will count the number o f removed pages
relative to the number o f retained pages.
The use o f test targets (see ISO 12653-1 and ISO 12653-2) allows objective measurement o f the
in formation system and to check the e ffects o f image processing so ftware.
10.2.3 Paper document or microform capture procedure
10.2.3.1 General
When paper-born or micro form document capture has been completed, the operator shall deliver a scan
attestation that at least provides the operator name, scan date, time o f scan start and finish, identifiers
o f the first and last document scanned and the number o f pages scanned.
A fter checking scanned images, an authorization attestation shall be issued by the owner or the
authorized agent o f the owner. I f the attestation applies to a batch o f documents, the number o f images
and documents shall be specified.
10.2.3.2 Preparation of paper documents
The organization shall ensure that the quality o f paper documents it produces is compatible with
the scanning or micrographic capture techniques. Torn or creased documents, whether issued by
the organization or received from external sources, can require reconditioning be fore digitization.
Nonetheless, the text o f the documents shall neither be modified nor corrected in order to improve
legibility, as this could alter the integrity o f the documents in relation to the original documents.
Whenever possible, measures such as those stipulated in ISO 10196 and ISO 12029 shall be implemented
or the processing o f documents intended for digitization.
f
technique used to enhance in formation shall be approved be forehand with the project originator and
fully described in the scanning system user manual.
The user manual shall cover all topics related to the authorized operations concerning digital image
modifications produced by document scanners.
10.2.3.5 Verification o f scanned in formation
The scanning system user manual shall include a procedure covering verification o f scanning.
Verification checks shall at least apply to:
a) quality and integrity o f images in relation to the source documents;
b) accuracy o f the indexing in formation o f the scanned documents.
I f quality checks can be per formed by operators themselves in order to reduce rejections, it is advisable
that the final quality check be per formed by persons other than the operators.
Sampling procedures for individual physical elements shall be in accordance with ISO 2859 (all parts).
Document scans (paper or micro form) shall include the following in formation history elements:
a) unique identifier o f the documents in the in formation system;
b) number o f pages o f the documents.
Scan batches (paper-born or micro form) shall include the following in formation history elements:
— batch identifier (this identifier shall be unique to each batch);
— number o f documents/reels o f microfilm/microfiche in this batch;
— number o f scanned pages or, for micro forms, the number o f frames.
f) to ta l nu mb er o f pro ce s s e d p age s;
g) to ta l numb er o f p age s no t pro ce s s e d , i nclud i ng tho s e i mp o s s ible to s ca n due to the p o or qua l ity o f
the microforms.
10.3 Analogue audio/video objects on tape media
10.3.1 General
T h i s s ub clau s e relates to i n formation s ys tem s that have device s for enco d i ng (d igiti z ation) origi na l
— re ad p er forma nce s;
e qu ipment a nd the d igiti z ation pro ce s s ( prop er tie s o f conver ters and s a mpl i ng/enco d i ng me tho d s) . I n
s ome c as e s , pro ce du re s for cle an i ng and ma i ntenance o f the materia l s ha l l b e conduc te d b e fore re ad i ng
pro ce dure s . Re ad i ng device s s ha l l b e fi ne -tu ne d (e . g. a l ign ment o f tap e re corder re ader he ad s , vide o
T he to ol s for the ex trac tion o f i n formation, d igiti z ation and tran s fer cond ition s sha l l b e fu l ly de s crib e d ,
including:
a) phys ic a l s p e c i fic ation s o f s upp or te d me d ia for the d igiti z ation devices;
b) s p e ci fic ation s and s e tti ngs fe atu re s o f the re ad i ng device s (aud io tracks , comp o s ite or comp onent
10.3.4.1 General
When the preservation o f in formation integrity is mandatory, any kind o f processing that could result
in a modification o f the in formation in relation to the original shall be excluded or limited as far as
possible.
When in formation modification is possible, in order to enhance acoustic or visual quality, processing
so ftware may be used, providing that each function has been tested and validated be fore use. The
functions used by the in formation system shall be fully specified in the technical description manual.
11 Archival operations
11.1 Scope
Operation o f archives means the access, restitution and final disposal o f archives.
11.2 Access
11.2.1 General
Access operations shall be based on search criteria and the subsequent trans fer o f electronic documents
into their archival format.
In addition, access can include:
a) display o f the documents on a screen;
b) print o f a copy on paper or film;
c) playing o f audio in appropriate acoustic conditions relative to the quality o f the documents;
d) playing o f video images in appropriate acoustic conditions relative to the quality o f the document.
Methods used to retrieve and display documents shall be specified in the technical description manual.
Processing o f document content shall not be allowed for the operation o f retrieval and display, with
the exception o f decompression, format interpretation and ensuing technical processing, as well as any
necessary adjustments to the physical or so ftware characteristics o f the retrieval and display devices.
I f required, an attestation o f con formity o f the trans ferred copy shall be produced. This attestation shall
include, in addition to the name o f the person who issued the request and the name o f the person who
delivered the attestation, the metadata allowing for the identification o f the document and providing an
audit trail o f the document li fecycle in the in formation system.
12.1 General
12.1.1 Audits
The in formation system and all the related procedures shall be regularly audited, especially when
major changes are made to the in formation system. These audits can be per formed either by internal
personnel o f the organization responsible for the implementation o f the in formation system (internal
assessment) and/or by personnel provided by a third-party enterprise (external assessment).
The results o f these audits shall be retained.
12.1.2 Objectives
Audits shall veri fy that the in formation system and procedures are in accordance with this document.
This compliance control shall cover system design, implementation, use and all operational procedures.
Moreover, the audits shall be able to measure the e fficiency o f the implemented in formation system and
its ability to address the objectives and requirements o f the related field o f activity.
Finally, audits shall provide all in formation use ful for appropriate improvement o f in formation system
compliance.
12.1.3 Auditor responsibilities
Auditors shall at a minimum:
a) ormulate and clari fy the requirements;
f
b) prepare and carry out the audit operations with which they have been tasked;
c) record the results;
d) report the conclusions o f the audits.
Auditors shall be impartial and free from any influences that could a ffect objectivity.
12.1.4 Personnel responsible for assessment
The qualifications, training and experience o f each auditor (active or assisting) shall be controlled and
monitored by the organization responsible for them.
More specifically, auditors shall be experienced, with several years o f pro fessional practice in the field
o f document management, electronic archival or records management. A significant proportion o f
this experience shall have been in the design o f and consulting for the implementation o f in formation
systems.
Internal or external auditors shall have the following skills necessary to conduct the audit process:
a) techniques to measure, interrogate, assess and write reports;
b) techniques to run various audit processes such as planning, method, organization, communication
and management.
Their skills shall be appropriate to cover all types o f documents contained in the in formation system,
including specific technical documents such as audio and video.
The organization shall maintain an in formation system which ensures that all documentation related
to audits can be verified and which ensures that:
a) up-to-date versions o f requisite documentation are available in appropriate quantities at all points
where operations are made to the in formation system;
b) all changes or amendments to documentation are properly authorized and processed in such a way
that ensures rapid and direct action o f the personnel involved;
c) outdated documentation is promptly withdrawn and destroyed from all points o f distribution and
use in the organization (exceptionally, outdated documentation which needs to be preserved for
legal or historical purposes shall be appropriately identified and preserved).
12.1.6 Assessment operations documents
The organization shall record all results o f assessment operations. Documents shall describe the
processes applying to each assessment operation.
All documents shall be securely preserved for an appropriate period.
T he th i rd p a r ty c an either:
— en s u re arch iva l o f ele c tron ic do c uments (re cep tion a nd re cord i ng o f a l l ele c tron ic do c uments ,
re cord i ng o f ele c tron ic do c u ment a rch iva l op eration s and s torage and relate d me tad ata) , ca rr y
out convers ion op eration s , i mplement repl ic ation pro ce dure s , en s u re acce s s a nd res titution o f
do c u ments; or
— s tore on ly d igita l s e a l s o f the do c u ments (re cep tion, che cks and re cord i ng o f do c u ment-relate d
d igita l s e a l s , re cord i ng o f op eration s) , wh i le the s torage and pre s er vation o f ele c tron ic do c uments
corre s p ond i ng to the s e s ignatu re s rema i n s under the re s p on s ibi l ity o f the cl ient (origi nator)
orga ni z ation .
I n b o th c a s es , the th i rd p a r ty s ha l l pro duce atte s tation s o f its ac tivity. T he typ e a nd fre quenc y of
tran s m i s s ion o f the s e atte s tation s from the th i rd p a r ty to the cl ient (origi nator) s ha l l b e s p e c i fie d i n
T he th i rd p ar ty sh a l l ke ep copie s o f thes e attes tation s in con form ity to the s p e c i fic ation s o f th i s
document.
I n add ition to the i mplementation o f an i n formation s ys tem i n con form ity to th i s do c u ment, the th i rd
p ar ty sh a l l:
— en s u re u n ique and tru s twor thy identi fic ation for e ach o f its cl ients;
— guarante e the con fidenti a l ity o f the do c u ments a nd me tad ata i n c u s to dy, i n p a r tic u l ar u s i ng a n
— c arr y out all do c u ment dele tion s a fter no ti fic ation and , on comple tion, provide appropriate
atte s tation s;
— provide an a rch iva l l i fe c ycle aud it trai l for e ach cl ient that cou ld b e pro duce d as evidence i n ca s e o f
dispute.
E xch ange o f data b e twe en the organ i z ation and the th i rd p a r ty s ha l l b e pro te c te d by ade quate me a n s ,
ele c tron ic do c u ments i n its c u s to dy, un le s s e xpl ic it demand h as b e en made b y its cl ient (origi nator) .
For re as on s o f con fidentia l ity, prior enc r yp tion o f do c uments a nd, i f appropri ate, o f me tadata c an b e
de eme d ne ce s s a r y b y an organ i z ation . I n th i s c a s e, s e arch c riteri a for acce s s to the do c u ments m ight b e
limited.
13.2 Service contract model
service provider:
a) re ference to th i s do c ument with s p e ci fic ation o f re qu i rements covere d;
g) me tho d s and me an s u s e d for the dep o s it o f ele c tronic do c u ments a nd thei r me tadata b y the cl ient;
i) tran s p or tation ( phys ica l tra n s fer) pro ce du re s o f do c u ments , i f appl ic able;
E ven though the term s o f the s er vice contrac t are fre ely entere d i nto b e twe en p ar tie s , the content o f
te ch n ic a l abi l ity c ap acity for the re s titution and i nterop erabi l ity o f its s olution i n order to en s u re the
com m itment concern s level s o f avai labi l ity for the dep o s it o f a nd acce s s to the a rch ive s , p o s s ibly
as s o c iate d with p ena lty clau s e s when contrac tua l cond ition s are no t fu l fi l le d .
a) ke ep a l l ele c tron ic do c u ments con fide d b y the cl ient (origi nator) i n c u s to dy for the contrac te d
b) guara nte e the s e c urity and i nte grity o f the ele c tron ic do c uments;
le gibi l ity;
e) ma i ntai n an aud it tra i l of all op eration s rel ate d to the exe c ution o f s er vice s s p e c i fie d by the
contrac t;
f) guara nte e the s e c urity and i nte grity o f a rch ive s ’ l i fe c ycle and events lo gs .
cl ient’s own i n formation s ys tem s and tho s e obj e c ts held i n c u s to dy on the cl ient’s b eha l f. T he th i rd
T he th i rd p a r ty sha l l i n form the cl ient o f any convers ion op eration s or o f te ch n ic a l ch anges to the
i n formation s ys tem s u s e d and o f a ny i mp ac t th i s m ight h ave on avai labi l ity or comp atibi l ity with cl ient
be able to en s u re, b o th du ri ng and a fter the tra n s fer op eration, that the do c u ments re ta i n thei r
— the o ther th i rd p a r ty sh a l l en s u re the fu l l i nte grity a nd comple te tran s fer o f a l l arch ive s and a l l
— in all circums tances , the other third party shall keep in formation and technical data in s uch a way that
its client, or any party des ignated by its client, can recover it and do so in a reasonable length o f time.
13.2.8 Transferability
O n term i nation o f the contrac t, or i f the th i rd p a r ty ce as es op eration s , the th i rd p ar ty sh a l l b e able to
re turn a l l ele c tronic do c uments and relate d elements comple tely a nd i n the s ame te ch nic a l cond ition
they were at the ti me o f re cep tion i n the i n formation s ys tem . T he th i rd p ar ty sh a l l no t re tai n any cop y
T h i s tra n s ferabi l ity provi s ion s ha l l a l low a cl ient to pres er ve its i ndep endence with regard to the th i rd
p ar ty, b enefiti ng from a contrac tua l guarante e th at the e xterna l s er vice c an b e tran s ferre d either to
b) the orga ni z ation o f the tra n s fer o f the do c uments either to the cl ient’s i nterna l i n formation s ys tem
13.2.9 Restitution
O n term i nation o f contrac tua l pre s er vation obl igation s , the th i rd p a r ty sh a l l u nder ta ke to re tu rn to its
cl ient a l l arch ive s and sh a l l no t ke ep any copy o f them . None thele s s , i f the cl ient s p e ci fic a l ly m a ke s the
re que s t, its arch ive s cou ld conti nue to b e pre s er ve d b y the th i rd p a r ty for an add itiona l p erio d .
i n formation wh ich m ight have b e en made known to it duri ng its contrac tua l relation with its cl ient.
T h i s i n formation cou ld come from acce s s to , or from op eration s on, do c u ments wh ich it h as held i n
c u s to dy, or from its knowle dge o f the i n formation s ys tem s o f the orga ni z ation, whe ther th i s knowle dge
Such in formation should only be communicated to persons designated by the client, with the exception
o f situations where it is legally binding to communicate this in formation to another party.
13.2.12 Subcontracting
The client shall be in formed when the third party plans to use subcontracted services. In this case, the
third party remains liable for services provided to the client.
13.2.13 Assessment
The provision related to assessment audits shall be in accordance with the requirements o f this
document (see Clause 12 ).
14 Service providers
14.1 General
This clause deals with archival solutions for which some services are provided by subcontractors other
than trusted third parties. Annex C presents principles for suggested general service conditions.
The organization implementing the in formation system service remains liable for the whole system and
shall ensure that all services provided by subcontractors con form to the requirements o f this document
according to the duties they are charged with.
The subcontractor selected shall be given a specifications document by an authorized person, defining
the requirements. The subcontractor shall commit to these specifications.
Procedures and operations per formed by the subcontractor shall be systematically checked and
inspected on a regular basis.
g) te ch n iques and me d ia u s e d for the tra n s fer o f ele c tron ic do c u ments and relate d me tadata b e twe en
appropriate te ch n ique s for authentic ation, data i ntegrity and con fidentia l ity s ha l l b e u s e d .
Annex A
(informative)
Archival policy
An archival policy describes in legal, functional, operational, technical and security terms the
requirements for an internal or external in formation system, including the aims, targets and
commitments o f the system.
It should speci fy the following details.
a) Services provided to depositors and users for deposit or restitution o f an archive, including scope
o f services, levels o f service, archival types, electronic document formats, transmission conditions,
trans fer volumes, frequency o f deposits, etc.
b) Obligations incumbent on all parties, primarily on the archival service itsel f. The obligations
regarding other parties should at least indicate the minimum requirements for implementing
archival services that con form to the archival policy.
c) Features o f operations implemented in order to provide these services (deposit, storage, etc.) and
related organization o f operations (links between operations, data exchange, etc.).
d) Applicable rules o f security according to each level o f service and function, based on organizational,
practical and technical considerations.
An archival policy is above all a general functional framework and, as such, should be independent from
specific techniques used for the purposes o f implementing particular operations.
An archival policy is a document that provides all parties involved (internal or external to the service)
a clear description o f the archival service’s commitments. This will entail practical considerations for
execution and delivery, including:
— archive deposit;
— identification and authentication o f archive source;
— archive accessibility;
— retrieval and display o f archives;
— restitution o f archives;
— integrity o f archives;
— legibility o f archives;
— long-term preservation o f archives;
— traceability o f operations o f deposit, restitution and destruction;
— production o f attestations;
— business continuity and/or disaster recovery from accidental or malicious causes;
— voluntary destruction o f archive.
Annex B
(informative)
Declaration of archival practices
A declaration o f archival practices explains the techniques and processes implemented to meet the
security targets o f the archival policy.
A declaration o f archival practice should describe how the archival service o f the organization, and/or
third-party archive service provider, con forms to archival policy requirements in relation to aspects o f
environment, material, processes, operations and techniques.
A declaration o f archival practices should describe:
— the operational processes o f the implemented archival service; and
— the security rules described in the archival policy, both in terms o foperational security characteristics
relative to various components o f the archival service and o f those needed for the implementation o f
these characteristics.
These standards and rules should be clearly described in the declaration o f archival practice, especially
i f they are particular to the archival service itsel f. This declaration could re fer to a more general
security policy document covering the in formation system, i f appropriate.
The declaration o f archival practice should at least include a full and complete description o f the
practices and should establish the relationship between the rules described in the archival policy to
which the declaration re fers and to the standards and operational practices.
While an archival policy is established independently o f the particular aspects o f the operational
environment o f an in formation system, a declaration o f archival practice is written with regard to the
organizational structure, operations processes and material environment o f the archival service o f the
organization or third-party archive service provider.
A declaration o f archival practice is always provided by the supplier o f the service, i.e. the archival
service o f the organization or third-party archive service provider.
A declaration o f archival practice is in principle a confidential internal document regarding only the
archival service. However, to complete the archival policy, an archival service could issue extracts o f its
declaration o f archival practice.
A declaration o f archival practice describes how the archival service o f the organization and/or third-
party archive service provider is able to per form its duty satis factorily. This should make it particularly
use ful during any assessment as it will facilitate the work o f the auditor and reduce audit time.
Annex C
(informative)
General service conditions
Users o f archival services may only have access to the organization’s archival policy. It may be di fficult
or these users to interpret this in formation.
f
Accordingly, it would be use ful to provide users with a complementary simplified document, which
could help in the clarification and understanding o f the essential in formation they would need to know
in order to make the in formed decisions that they are researching.
General service conditions should contain re ferences to available user manuals. In order to remain clear
and intelligible, these manuals should describe only those functions necessary for supported operations,
although they could make re ference to more general manuals i f this were considered to be use ful.
The archival services o f the organization and/or o f a third-party archive service provider should make
its general service conditions available to users.
Bibliography
ICS 37.080
Price based on 40 pages