Electronic archiving — Part 1: Specifications concerning the design and the operation of an information system for electronic information preservation

Archivage électronique — Partie 1: Spécifications relatives à la conception et au fonctionnement d'un système d'informations pour la conservation d'informations électroniques

General Information

Status
Withdrawn
Publication Date
23-Jan-2012
Withdrawal Date
23-Jan-2012
Current Stage
9599 - Withdrawal of International Standard
Completion Date
07-Jun-2018
Ref Project

Relations

Buy Standard

Standard
ISO 14641-1:2012 - Electronic archiving
English language
38 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

INTERNATIONAL ISO
STANDARD 14641-1
First edition
2012-02-01
Electronic archiving —
Part 1:
Specifications concerning the design and
the operation of an information system
for electronic information preservation
Archivage électronique — Partie 1: Spécifications relatives à la
conception et au fonctionnement d’un système d’informations pour la
conservation d’informations électroniques
Reference number
ISO 14641-1:2012(E)
©
ISO 2012

---------------------- Page: 1 ----------------------
ISO 14641-1:2012(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2012
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISO’s
member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2012 – All rights reserved

---------------------- Page: 2 ----------------------
ISO 14641-1:2012(E)
Contents Page
Foreword . v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 General characteristics and levels of requirements . 5
4.1 Characteristics . 5
4.2 Levels of requirements . 6
5 General specifications . 7
5.1 General . 7
5.2 Technical description manual . 7
5.3 Archival system profiles . 8
5.4 Operational procedures . 8
5.5 Security . 9
5.6 Date and time stamping .12
5.7 Audit trail .13
6 Storage media considerations .15
6.1 Media type definition .15
6.2 Preservation of archival media .15
7 Systems using removable media .16
7.1 General .16
7.2 Initialization of removable storage volumes .16
7.3 Finalization of removable storage volumes .16
7.4 Labelling of physical WORM media .16
8 Systems using logical WORM media .16
9 Systems using rewritable media .17
9.1 General .17
9.2 Standard security level .17
9.3 Strong security level .17
9.4 Advanced security level .17
10 Archival capture .18
10.1 Electronically born documents .18
10.2 Paper-based or microform documents .20
10.3 Analogue audio/video objects on tape media .23
10.4 Image, audio and video information compression techniques .25
10.5 Format conversion .26
11 Archival operations .27
11.1 Scope .27
11.2 Access .27
11.3 Restitution .28
11.4 Archives disposal .28
12 Information system assessment .28
12.1 General .28
12.2 Internal assessment .29
12.3 External assessment .30
13 Trusted third-party archival .30
13.1 Activities of trusted third-party archive service provider .30
13.2 Service contract model .31
14 Service providers .33
© ISO 2012 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO 14641-1:2012(E)
14.1 General .33
14.2 Subcontractor agreement .34
14.3 Contract with subcontractor .34
14.4 Data transfer over telecommunications networks .34
Annex A (informative) Archival policy .35
Annex B (informative) Declaration of archival practices .36
Annex C (informative) General service conditions .37
Bibliography .38
iv © ISO 2012 – All rights reserved

---------------------- Page: 4 ----------------------
ISO 14641-1:2012(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
(ISO member bodies). The work of preparing International Standards is normally carried out through ISO
technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International
Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of technical committees is to prepare International Standards. Draft International Standards
adopted by the technical committees are circulated to the member bodies for voting. Publication as an
International Standard requires approval by at least 75 % of the member bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO 14641-1 was prepared by Technical Committee ISO/TC 171, Document management applications,
Subcommittee SC 3, General issues.
ISO 14641 consists of the following parts, under the general title Electronic archiving:
— Part 1: Specifications concerning the design and the operation of an information system for electronic
information preservation
Future parts will address trusted content, data-level-controls and the testability of document integrity and
authenticity control elements within document management systems.
© ISO 2012 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO 14641-1:2012(E)
Introduction
Electronic documents are an essential part of everyday business, whether the sources are incoming
communications or output from organizations. It is important that electronic documents be stored appropriately,
either fully or in part, in secure information systems designed for operations and archiving, in order to meet
business, legal or regulatory requirements.
The objectives of secure information systems are to resolve organizational issues such as:
a) optimization of long-term electronic document preservation, archiving and integrity;
b) provision of information search facilities;
c) ensuring ease of access and use of electronic documents.
This part of ISO 14641 is intended to provide a reference framework for organizations. It describes the methods
and techniques to be used for the implementation of an electronic information system for managing documents
within an archive. In conjunction with related archival policies of organizations, it describes criteria for system
design and specifications for operational processes.
These specifications are intended to ensure that all documents to be managed by the information system are
captured, stored, retrieved and accessed in a way that guarantees that the archived document is an authentic
rendition of the original document for the duration of preservation. An authentic rendition means that the
rendered document corresponds to the source document as it was at the time of input in the information system
in respect of criteria of fidelity and integrity, and that this state is maintained for the duration of preservation.
This part of ISO 14641 takes into account the use of three possible archiving media: physical WORM, logical
WORM and rewritable media. Archival integrity is ensured on physical and logical WORM media by the inherent
properties of WORM solutions. On rewritable media, integrity is ensured using encryption-like techniques, in
particular with checksum calculation or hash function, date and time stamp or digital signature. In all cases, it
is necessary to comply with related procedures.
Depending on the types of documents to be archived, other specialized standards can be relevant and used to
complement the recommendations in this part of ISO 14641.
This part of ISO 14641 provides a specific and complementary definition of issues addressed in other standards
or specifications concerning the management of electronic information. Its content is intended to address
execution issues raised in several other documents. These include:
— ISO/TR 15801, Document management — Information stored electronically — Recommendations for
trustworthiness and reliability,
— ISO 15489 (all parts), Information and documentation — Records management,
— MoReq2, Model Requirements for the Management of Electronic Records,
which detail specifications for organizing and controlling the lifecycle of archived information for purposes of
evidence and operational history; and
— ISO 14721, Space data and information transfer systems — Open archival information system —
Reference model,
which describes the characteristics of an open system for the preservation of digital data.
Annexes A, B and C are informative and complementary.
vi © ISO 2012 – All rights reserved

---------------------- Page: 6 ----------------------
INTERNATIONAL STANDARD ISO 14641-1:2012(E)
Electronic archiving —
Part 1:
Specifications concerning the design and the operation of an
information system for electronic information preservation
1 Scope
This part of ISO 14641 provides a set of technical specifications and organizational policies to be implemented
for the capture, storage and access of electronic documents. This ensures legibility, integrity and traceability of
the documents for the duration of their preservation.
This part of ISO 14641 is applicable to electronic documents resulting from:
— the scanning of original paper or microform documents;
— the conversion of analogue audio or video content;
— the “native” creation by an information system application; or
— other sources that create digital content such as two- or three- dimensional maps, drawings or designs,
digital audio/video, and digital medical images.
This part of ISO 14641 is not applicable to information systems in which users have the ability to substitute or
alter documents after capture.
This part of ISO 14641 is intended for the following users.
a) Organizations implementing information systems in which:
1) electronic documents created from scan captures are kept in an environment that ensures fidelity with
regard to the original and long-term preservation;
2) digitally born documents are kept in an environment that ensures the content integrity of the information
and document legibility;
3) traceability is ensured for all operations relating to the electronic documents.
b) Organizations providing information technology services and software publishers seeking to develop
information systems that ensure the fidelity and integrity of electronic documents.
c) Organizations providing third-party document archiving services.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced document
(including any amendments) applies.
ISO 2859 (all parts), Sampling procedures for inspection by attributes
ISO 8601, Data elements and interchange formats — Information interchange — Representation of dates and times
ISO/TR 12033, Document management — Electronic imaging — Guidance for the selection of document
image compression methods
© ISO 2012 – All rights reserved 1

---------------------- Page: 7 ----------------------
ISO 14641-1:2012(E)
ISO 12653-1, Electronic imaging ― Test target for the black-and-white scanning of office documents — Part 1:
Characteristics
ISO 12653-2, Electronic imaging ― Test target for the black-and-white scanning of office documents — Part 2:
Method of use
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 12653-1 and ISO 12653-2 and the
following apply.
3.1
access
processes of retrieving and displaying (playing) electronic documents for operational, evidential or historical purposes
3.2
archive(s)
set of documents produced or received, whatever their date, format or storage media, by any individual,
organization, public or private service, in the course of their activity
3.3
archival policy
legal, functional, operational, technical and security requirements of an internal or external information system
NOTE Annexes A and B give principles of an archival policy and of a declaration of archival practices.
3.4
archive lifecycle log
log which records audit trail data related to the document lifecycle archiving process
3.5
archive restitution
return and transfer of archived documents to their originator, or to a duly appointed person or organization
3.6
archival system profile
set of properties that applies to a class of archives that share common characteristics in terms of confidentiality,
retention and disposal schedules, and access rights (e.g. create, read, modify, delete)
3.7
ACU
attestation creation unit
hardware and/or software devices for the delivery of electronic attestations
NOTE Attestations include a unit identifier and the related archival service identifier.
3.8
audiovisual
communication techniques combining sound and image
3.9
audit trail
aggregate of the information necessary to provide a historical record of all significant events associated with
stored information and the information system
3.10
data
digital form of information which can be accessed, read and/or processed
2 © ISO 2012 – All rights reserved

---------------------- Page: 8 ----------------------
ISO 14641-1:2012(E)
3.11
date and time stamp
sequence of characters denoting the date and/or time at which a certain event occurred
3.12
deposit
set of documents sharing the same archival system profile
3.13
digital archival
set of actions aiming to identify, capture, classify, preserve, retrieve, display and provide access to documents
for informational or historical purposes, or for the duration required to meet legal obligations
3.14
digital document
digital representation of content that is stored and managed electronically
NOTE Association of content, logical structure and display attributes, retrievable by a device capable of rendering a
human-readable (or machine-readable) object. A document can be digitally born (creation) at source or converted from an
analogue document.
3.15
digital fingerprint
bit sequence generated from a digital document using an algorithm that uniquely identifies the original document
NOTE Any digital document modification will produce a different fingerprint.
3.16
digital seal
method for ensuring the integrity of a document including hash functions, digital signatures and, optionally, a
date and time stamp
3.17
digital signature
data which, when appended to a digital document, enable the user of the document to authenticate its origin
and integrity
3.18
digitization
conversion of an analogue document (paper, microform, film, analogue audio or audiovisual tapes) to digital
format for the purpose of preservation or processing
3.19
digitized document
result of digitization of information initially stored on physical media (paper, microform, and film, analogue audio
or audiovisual tapes)
3.20
document fidelity
property of an archived document which renders all the information contained in the original source document
NOTE This notion is applicable to any change of form, including digitization or format conversion.
3.21
durability
attribute of a document which remains readable during its entire lifecycle
3.22
electronic information system
system designed to receive, preserve, access and transfer archives in an electronic form
© ISO 2012 – All rights reserved 3

---------------------- Page: 9 ----------------------
ISO 14641-1:2012(E)
3.23
electronic attestation
information produced to provide evidence that an action or an electronic transaction has occurred
3.24
events log
log which records audit trail data related to the system operations
3.25
format conversion
operation converting a digital document to a different electronic format
NOTE This operation preserves the fidelity of the document.
3.26
hash function
mathematical algorithm used for turning some kinds of data into a relatively small integer
3.27
integrity
attribute of a document whose content is completed and unaltered
3.28
legibility
attribute of an archived document which allows access to all the information it contains
NOTE This could be facilitated by certain metadata associated with the document.
3.29
lossy compression
compression algorithm which loses some of the original information during compression
NOTE The resulting decompressed object is only an approximation of the original.
3.30
media migration
act of transferring a document from one medium to another, particularly with regard to managing media obsolescence
3.31
metadata
data describing the context, content and structure of a document and their management over time
3.32
replication
process which consists of copying information between redundant resources, notably software or hardware
components, to improve reliability, fault-tolerance or accessibility
3.33
time source
internal or external component of an information system providing a reliable and objective time reference suited
to requirements
3.34
time-stamp token
data object that binds a representation of data to a particular time (expressed in UTC), thereby providing
evidence that the data existed at that time
4 © ISO 2012 – All rights reserved

---------------------- Page: 10 ----------------------
ISO 14641-1:2012(E)
3.35
transferability
ability to recover an authentic digital archive (information, data, objects and all related metadata from one information
system) in order to transfer it to another information system by means of a procedure specified in advance
NOTE This issue is of particular importance when information is stored by a third-party archive service provider.
3.36
trusted third-party archive service provider
third-party individual or organization in charge of archives preservation
4 General characteristics and levels of requirements
4.1 Characteristics
In order that an organization might apply a recognized specifications framework for the storage, use, archiving,
retrieval and display of electronic documents, both technical and organizational measures need to be taken to
ensure document integrity and long-term preservation.
In this context, an electronic information system shall implement a pre-defined archival policy; a description of
the general principles of such a policy is described in Annex A.
It is important to recognize that information systems will capture electronic documents that are being submitted
for long-term storage and use. The term “capture” in this sense reflects the receipt and processing of information
to be managed by the information system. Where hardcopy documents need to be stored and managed in
electronic form, these documents shall be scanned and indexed prior to their capture in the information system.
This part of ISO 14641 is applicable only to unalterable captured documents. Related document reference data
in the file system or database shall not be erasable, changeable or able to be replaced by new data.
Procedures and security requirements shall be implemented in order to:
a) control the process of archiving;
b) prevent and/or detect modifications made to documents or to the data necessary for their retrieval and display;
c) ensure the integrity of audit trail data (including the log of the system events).
An electronic information system shall feature characteristics of:
1) suitability for long-term preservation;
2) integrity;
3) security;
4) traceability.
This part of ISO 14641 outlines:
— specifications for procedures relative to the processing, preservation, access and restitution of scanned or
digitally born information, and requirements for the security of the information system;
— procedures relative to the digitization of analogue documents;
— procedures relative to the capture of documents, their preservation, access and restitution;
— procedures relative to the potential disposal of documents;
— rules relative to applicable procedures concerning operators;
— description of the resulting attestations of these operations;
© ISO 2012 – All rights reserved 5

---------------------- Page: 11 ----------------------
ISO 14641-1:2012(E)
— specifications concerning materials, equipment and software implementations;
— conditions of system audits and related procedures;
— characteristics applicable to the use of trusted third parties;
— characteristics applicable to the use of subcontractors.
The technical description manual, attestations produced and logs detailing the lifecycle of archives or system
events shall be kept in the same conditions as the archives themselves.
4.2 Levels of requirements
Different organizations might have distinct and individual approaches to risks and requirements for information
systems used for the preservation of electronic documents.
Table 1 outlines degrees of levels of these requirements. It summarizes general characteristics and practical
methods for implementation at the level of requirement preferred by the organization, with regard to the nature
of documents to be preserved and potential risks incurred.
Additional requirements may be selected based on specific needs and acceptable levels of risk.
The conformity of an information system with this part of ISO 14641 shall be evaluated in relation to the level
of requirements selected by the organization.
Table 1 — Requirements of information systems
Characteristic Minimal requirements Additional requirements
Use of standardized or industry-standard and publicly Format conversion
available file formats
Document scanning
Metadata description of document Standard metadata format
Migration of media
Suitability for long-
Format conversion Control and conversion of
term preservation
formats at time of capture
Format obsolescence alert
Planned and traceable format
conversion
System change management
Guaranteed by storage on media:
— physical WORM
— logical WORM on fixed media with
Strong security level
         — events log
Advanced security level
         — techniques and procedures for detection and
Strong security level
           prevention of substitutions of input
Advanced security level
— logical WORM on removable media (see
   rewritable/erasable media)
Integrity
— rewritable/erasable media (normal security level)
Capture process of archives
Alerts prior to destruction of archives
Description of the process of destruction of archives Definition of change
procedures for preservation
periods
Post-destruction preservation
of metadata and audit trail
6 © ISO 2012 – All rights reserved

---------------------- Page: 12 ----------------------
ISO 14641-1:2012(E)
Table 1 (continued)
Characteristic Minimal requirements Additional requirements
Identification of persons and processes accessing archives Strong authentication
Backup copies of archives Use of different types and
forms of media
Protection from ri
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.