ISO 19626-1:2020

INTERNATIONAL ISO
STANDARD 19626-1
First edition
2020-03
Processes, data elements and
documents in commerce, industry
and administration — Trusted
communication platforms for
electronic documents —
Part 1:
Fundamentals
Processus, éléments d'informations et documents dans le commerce,
l'industrie et l'administration — Plates-formes de communication
sécurisées pour documents électroniques —
Partie 1: Généralités
Reference number
©
ISO 2020
© ISO 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2020 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Trusted communication. 4
4.1 Overview . 4
4.2 Legal considerations . 5
4.2.1 General. 5
4.2.2 Certainty of communication . 6
4.2.3 Completeness of communication delivery . 7
4.2.4 Confidentiality of communication delivery . 7
4.3 Administrative requirements . 8
4.3.1 General. 8
4.3.2 Trusted communication platform service provider (TCPSP) . 8
4.3.3 TCP main agreement . 8
4.3.4 TCP client agreement . 9
5 Trusted communication platform (TCP) .10
5.1 Overview .10
5.2 TCP system architecture .11
5.3 TCP system requirements .12
5.3.1 General.12
5.3.2 TCP confidentiality .12
5.3.3 TCP authenticity .13
5.3.4 TCP reliability .13
5.3.5 TCP accountability .14
5.3.6 TCP portability .14
5.4 TCP system rules .15
5.5 TCP communication.15
5.5.1 TCP communication overview .15
5.5.2 Secure envelope .17
5.5.3 TCP message package .18
5.5.4 TCPSPs’ communication binding .19
6 Trusted communication evidence (TCE) .21
6.1 TCE generation .21
6.2 Evidential procedure .23
6.3 TCE custody .24
6.3.1 General.24
6.3.2 TCE Generation .24
6.3.3 Validation about TCE .25
6.3.4 Archiving of TCE .26
Annex A (informative) Trusted communication reference model .28
Annex B (informative) TCP main: quality and risk management .29
Annex C (informative) TCPSPs’ communication binding (an example) .31
Bibliography .35
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso .org/
iso/ foreword .html.
This document was prepared by Technical Committee ISO/TC 154, Processes, data elements and
documents in commerce, industry and administration.
A list of all parts in the ISO 19626 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
iv © ISO 2020 – All rights reserved

Introduction
Amidst the big flow of openness and integration in the world’s economy, ICT (information &
communications technology) is used as a means for innovation in productivity and connectivity. Since
the value chain of products and services gets enlarged globally, business collaborations need electronic
communications to be secure in an open and distributed environment. In this sense, electronic
documents are asked for as a proof of business communications, meanwhile legal evidence or legal
force is required.
However, it can be difficult to recognize electronic documents as the original source. There exist cases
where many processes rely only on paper documents, even though electronic documents are widely
implemented in business processes. However, the reality is that even if electronic documents are
properly communicated in business transactions, the final data output may be on paper and stored in
the form of printed copies as legal evidences for a long-term period. As such, this coexisting environment
of electronic documents and paper documents causes breakup of the value chain, resulting in sluggish
productivity, inefficiency, cost increase and offset of the benefit obtainable from the ICT. To improve
these situations, therefore, it is essential to draw out a dematerializing solution that can guarantee the
trustworthiness of electronically communicated document given legal evidence.
A dematerializing solution should meet with legal considerations about electronically communicated
documents. However, this solution is not easy, because electronic communication itself includes the
uncertainties from network failure and the electronic document itself is insufficient in safeguarding the
integrity during its lifecycle. In the meantime, the problem due to repudiation, inadvertent disclosure
or tamper has been regarded too sensitive to finalize the dematerialization solution related to business
transactions as well as diverse governmental services, because it can protentially be embroiled into
legal dispute or conflicts.
This document focuses on how to enhance trusted communication in an open and distributed
environment. The trusted communication means electronic communication can ensure integrity and
non-repudiation of electronic transactions by a trusted third party in a dematerialization manner
under the guidance of UNCITRAL (United Nations Commission on International trade Law). For this
open and distributed environment, at first, it should be able to minimize some innate difficulties
around dematerialization. To solve these difficulties, this document approaches a solution by forming
the trusted third party oriented and mutually trusted relationship among concerned stakeholders an
...