ISO 14641-1:2012

INTERNATIONAL ISO
STANDARD 14641-1
First edition
2012-02-01
Electronic archiving —
Part 1:
Specifications concerning the design and
the operation of an information system
for electronic information preservation
Archivage électronique — Partie 1: Spécifications relatives à la
conception et au fonctionnement d’un système d’informations pour la
conservation d’informations électroniques
Reference number
©
ISO 2012
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISO’s
member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2012 – All rights reserved

Contents Page
Foreword . v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 General characteristics and levels of requirements . 5
4.1 Characteristics . 5
4.2 Levels of requirements . 6
5 General specifications . 7
5.1 General . 7
5.2 Technical description manual . 7
5.3 Archival system profiles . 8
5.4 Operational procedures . 8
5.5 Security . 9
5.6 Date and time stamping .12
5.7 Audit trail .13
6 Storage media considerations .15
6.1 Media type definition .15
6.2 Preservation of archival media .15
7 Systems using removable media .16
7.1 General .16
7.2 Initialization of removable storage volumes .16
7.3 Finalization of removable storage volumes .16
7.4 Labelling of physical WORM media .16
8 Systems using logical WORM media .16
9 Systems using rewritable media .17
9.1 General .17
9.2 Standard security level .17
9.3 Strong security level .17
9.4 Advanced security level .17
10 Archival capture .18
10.1 Electronically born documents .18
10.2 Paper-based or microform documents .20
10.3 Analogue audio/video objects on tape media .23
10.4 Image, audio and video information compression techniques .25
10.5 Format conversion .26
11 Archival operations .27
11.1 Scope .27
11.2 Access .27
11.3 Restitution .28
11.4 Archives disposal .28
12 Information system assessment .28
12.1 General .28
12.2 Internal assessment .29
12.3 External assessment .30
13 Trusted third-party archival .30
13.1 Activities of trusted third-party archive service provider .30
13.2 Service contract model .31
14 Service providers .33
14.1 General .33
14.2 Subcontractor agreement .34
14.3 Contract with subcontractor .34
14.4 Data transfer over telecommunications networks .34
Annex A (informative) Archival policy .35
Annex B (informative) Declaration of archival practices .36
Annex C (informative) General service conditions .37
Bibliography .38
iv © ISO 2012 – All rights reserved

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
(ISO member bodies). The work of preparing International Standards is normally carried out through ISO
technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International
Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of technical committees is to prepare International Standards. Draft International Standards
adopted by the technical committees are circulated to the member bodies for voting. Publication as an
International Standard requires approval by at least 75 % of the member bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO 14641-1 was prepared by Technical Committee ISO/TC 171, Document management applications,
Subcommittee SC 3, General issues.
ISO 14641 consists of the following parts, under the general title Electronic archiving:
— Part 1: Specifications concerning the design and the operation of an information system for electronic
information preservation
Future parts will address trusted content, data-level-controls and the testability of document integrity and
authenticity control elements within document management systems.
Introduction
Electronic documents are an essential part of everyday business, whether the sources are incoming
communications or output from organizations. It is important that electronic documents be stored appropriately,
either fully or in part, in secure information systems designed for operations and archiving, in order to meet
business, legal or regulatory requirements.
The objectives of secure information systems are to resolve organizational issues such as:
a) optimization of long-term electronic document preservation, archiving and integrity;
b) provision of information search facilities;
c) ensuring ease of access and use of electronic documents.
This part of ISO 14641 is intended to provide a reference framework for organizations. It describes the methods
and techniques to be used for the implementation of an electronic information system for managing documents
within an archive. In conjunction with related archival policies of organizations, it describes criteria for system
design and specifications for operational processes.
These specifications are intended to ensure that all documents to be managed by the information system are
captured, stored, retrieved and accessed in a way that guarantees that the archived document is an authentic
rendition of the original document for the duration of preservation. An authentic rendition means that the
rendered document corresponds to the source document as it was at the time of input in the information system
in respect of criteria of fidelity and integrity, and that this state is maintained for the duration of preservation.
This part of ISO 14641 takes into account the use of three possible archiving media: physical WORM, logical
WORM and rewritable media. Archival integrity is ensured on physical and logical WORM media by the inherent
properties of WORM solutions. On rewritable media, integrity is ensured using encryption-like techniques, in
particular with checksum calculation or hash function, date and time stamp or digital signature. In all cases, it
is necessary to comply with related procedures.
Depending on the types of documents to be archived, other specialized standards can be relevant and used to
complement the recommendations in this part of ISO 14641.
This part of ISO 14641 provides a specific and complementary definition of issues addressed in other standards
or specifications concerning the management of electronic information. Its content is intended to address
execution issues raised in several other documents. These include:
— ISO/TR 15801, Document management — Information stored electronically — Recommendations for
trustworthiness and reliability,
— ISO 15489 (all parts), Information and documentation — Records management,
— MoReq2, Model Requirements for the Management of Electronic Records,
which detail specifications for organizing and controlling the lifecycle of archived information for purposes of
evidence and operational history; and
— ISO 14721, Space data and information transfer systems — Open archival information system —
Reference model,
which describes the characteristics of an open system for the preservation of digital data.
Annexes A, B and C are informative and complementary.
vi © ISO 2012 – All rights reserved

INTERNATIONAL STANDARD ISO 14641-1:2012(E)
Electronic archiving —
Part 1:
Specifications concerning the design and the operation of an
information system for electronic information preservation
1 Scope
This part of ISO 14641 provides a set of technical specifications and organizational policies to be implemented
for the capture, storage and access of electronic documents. This ensures legibility, integrity and traceability of
the documents for the duration of their preservation.
This part of ISO 14641 is applicable to electronic documents resulting from:
— the scanning of original paper or microform documents;
— the conversion of analogue audio or video content;
— the “native” creation by an information system application; or
— other sources that create digital content such as two- or three- dimensional maps, drawings or designs,
digital audio/video, and digital medical images.
This part of ISO 14641 is not applicable to information systems in which users have the ability to substitute or
alter documents after capture.
This part of ISO 14641 is intended for the following users.
a) Organizations implementing information systems in which:
1) electronic documents created from scan captures are kept in an environment that ensures fidelity with
regard to the original and long-term preservation;
2) digitally born documents are kept in an environment that ensures the content integrity of the information
and document legibility;
3) traceability is ensured for all operations relating to the electronic documents.
b) Organizations providing information technology services and software publishers seeking to develop
information systems that ensure the fidelity and integrity of electronic documents.
c) Organizations providing third-party document archiving services.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced document
(including any amendments) applies.
ISO 2859 (all parts), Sampling procedures for inspection by attributes
ISO 8601, Data elements and interchange formats — Information interchange — Representation of dates and times
ISO/TR 12033, Document management — Electronic imaging — Guidance for the selection of document
image compression methods
ISO 12653-1, Electronic imaging ― Test target for the black-and-white scanning of office documents — Part 1:
Characteristics
ISO 12653-2, Electronic imaging ― Test target for the black-and-white scanning of office documents — Part 2:
Method of use
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 12653-1 and ISO 12653-2 and the
following apply.
3.1
access
processes of retrieving and displaying (playing) electronic documents for operational, evidential or historical purposes
3.2
archive(s)
set of documents produced or received, whatever their date, format or storage media, by any individual,
organization, public or private service, in the course of their activity
3.3
archival policy
legal, functional, operational, technical and security requirements of an internal or external information system
NOTE Annexes A and B give principles of an archival policy and of a declaration of archival practices.
3.4
archive lifecycle log
log which records audit trail data related to the document lifecycle archiving process
3.5
archive restitution
return and transfer of archived documents to their originator, or to a duly appointed person or organization
3.6
archival system profile
set of properties that applies to a class of archives that share common characteristics in terms of confidentiality,
retention and disposal schedules, and access rights (e.g. create, read, modify, delete)
3.7
ACU
attestation creation unit
hardware and/or software devices for the delivery of electronic attestations
NOTE Attestations include a unit identifier and the related archival service identifier.
3.8
audiovisual
communication techniques combining sound and image
3.9
audit trail
aggregate of the information necessary to provide a historical record of all significant events associated with
stored information and the information system
3.10
data
digital form of information which can be accessed, read and/or processed
2 © ISO 2012 – All rights reserved

3.11
date and time stamp
sequence of characters denoting the date and/or time at which a certain event occurred
3.12
deposit
set of documents sharing the same archival system profile
3.13
digital archival
set of actions aiming to identify, capture, classify, preserve, retrieve, display and provide access to documents
for informational or historical purposes, or for the duration required to meet legal obligations
3.14
digital document
digital representation of content that is stored and managed electronically
NOTE Association of content, logical structure and display attributes, retrievable by a device capable of rendering a
human-readable (or machine-readable) object. A document can be digitally born (creation) at source or converted from an
analogue document.
3.15
digital fingerprint
bit sequence generated from a digital document using an algorithm that uniquely identifies the original document
NOTE Any digital document modification will produce a different fingerprint.
3.16
digital seal
method for ensuring the integrity of a document including hash functions, digital signatures and, optionally, a
date and time stamp
3.17
digital signature
data which, when appended to a digital document, enable the user of the document to authenticate its origin
and integrity
3.18
digitization
conversion of an analogue document (paper, microform, film, analogue audio or audiovisual tapes) to digital
format for the purpose of preservation or processing
3.19
digitized document
result of digitization of information initially stored on physical media (paper, microform, and film, analogue audio
or audiovisual tapes)
3.20
document fidelity
property of an archived document which renders all the information contained in the original source document
NOTE This notion is applicable to any change of form, including digitization or format conversion.
3.21
durability
attribute of a document which remains readable during its entire lifecycle
3.22
electronic information system
system designed to receive, preserve, access and transfer archives in an electronic form
3.23
electronic attestation
information produced to provide evidence that an action or an electronic transaction has occurred
3.24
events log
log which records audit trail data related to the system operations
3.25
format conversion
operation converting a digital document to a different electronic format
NOTE This operation preserves the fidelity of the document.
3.26
hash function
mathematical algorithm used for turning some kinds of data into a relatively small integer
3.27
integrity
attribute of a document whose content is completed and unaltered
3.28
legibility
attribute of an archived document which allows access to all the information it contains
NOTE This could be facilitated by certain metadata associated with the document.
3.29
lossy compression
compression algorithm which loses some of the original information during compression
NOTE The resulting decompressed object is only an approximation of the original.
3.30
media migration
act of transferring a document from one medium to another, particularly with regard to managing media obsolescence
3.31
metadata
data describing the context, content and structure of a document and their management over time
3.32
replication
process which consists of copying information between redundant resources, notably software or hardware
components, to improve reliability, fault-tolerance or accessibility
3.33
time source
internal or external component of an information system providing a reliable and objective time reference suited
to requirements
3.34
time-stamp token
data object that binds a representation of data to a particular time (expressed in UTC), thereby providing
evidence that the data existed at that time
4 © ISO 2012 – All rights reserved

3.35
transferability
ability to recover an authentic digital archive (information, data, objects and all related metadata from one information
system) in order to transfer it to another information system by means of a procedure specified in advance
NOTE This issue is of particular importance when information is stored by a third-party archive service provider.
3.36
trusted third-party archive service provider
third-party individual or organization in charge of archives preservation
4 General characteristics and levels of requirements
4.1 Characteristics
In order that an organization might apply a recognized specifications framework for the storage, use, archiving,
retrieval and display of electronic documents, both technical and organizational measures need to be taken to
ensure document integrity and long-term preservation.
In this context, an electronic information system shall implement a pre-defined archival policy; a description of
the general principles of such a policy is described in Annex A.
It is important to recognize that information systems will capture electronic documents that are being submitted
for long-term storage and use. The term “capture” in this sense reflects the receipt and processing of information
to be managed by the information system. Where hardcopy documents need to be stored and managed in
electronic form, these documents shall be scanned and indexed prior to their capture in the information system.
This part of ISO 14641 is applicable only to unalterable captured documents. Related document reference data
in the file system or database shall not be erasable, changeable or able to be replaced by new data.
Procedures and security requirements shall be implemented in order to:
a) control the process of archiving;
b) prevent and/or detect modifications made to documents or to the data necessary for their retrieval and display;
c) ensure the integrity of audit trail data (including the log of the system events).
An electronic information system shall feature characteristics of:
1) suitability for long-term preservation;
2) integrity;
3) security;
4) traceability.
This part of ISO 14641 outlines:
— specifications for procedures relative to the processing, preservation, access and restitution of scanned or
digitally born information, and requirements for the security of the information system;
— procedures relative to the digitization of analogue documents;
— procedures relative to the capture of documents, their preservation, access and restitution;
— procedures relative to the potential disposal of documents;
— rules relative to applicable procedures concerning operators;
— description of the resulting attestations of these operations;
— specifications concerning materials, equipment and software implementations;
— conditions of system audits and related procedures;
— characteristics applicable to the use of trusted third parties;
— characteristics applicable to the use of subcontractors.
The technical description manual, attestations produced and logs detailing the lifecycle of archives or system
events shall be kept in the same conditions as the archives themselves.
4.2 Levels of requirements
Different organizations might have distinct and individual approaches to risks and requirements for information
systems used for the preservation of electronic documents.
Table 1 outlines degrees of levels of these requirements. It summarizes general characteristics and practical
methods for implementation at the level of requirement preferred by the organization, with regard to the nature
of documents to be preserved and potential risks incurred.
Additional requirements may be selected based on specific needs and acceptable levels of risk.
The conformity of an information system with this part of ISO 14641 shall be evaluated in relation to the level
of requirements selected by the organization.
Table 1 — Requirements of information systems
Characteristic Minimal requirements Additional requirements
Use of standardized or industry-standard and publicly Format conversion
available file formats
Document scanning
Metadata description of document Standard metadata format
Migration of media
Suitability for long-
Format conversion Control and conversion of
term preservation
formats at time of capture
Format obsolescence alert
Planned and traceable format
conversion
System change management
Guaranteed by storage on media:
— physical WORM
— logical WORM on fixed media with
Strong security level
— events log
Advanced security level
— techniques and procedures for detection and
Strong security level
prevention of substitutions of input
Advanced security level
— logical WORM on removable media (see
rewritable/erasable media)
Integrity
— rewritable/erasable media (normal security level)
Capture process of archives
Alerts prior to destruction of archives
Description of the process of destruction of archives Definition of change
procedures for preservation
periods
Post-destruction preservation
of metadata and audit trail
6 © ISO 2012 – All rights reserved

Table 1 (continued)
Characteristic Minimal requirements Additional requirements
Identification of persons and processes accessing archives Strong authentication
Backup copies of archives Use of different types and
forms of media
Protection from risks of flood,
fire, etc.
Security
Controlled archiving operations (identification and traceability) Strong authentication
Retrieval in formats other than
input formats
Continuity of access to archives
Date and time stamp Date and time stamp from
trusted third party
Maintenance of a technical file (archival policy, general Adjustment to the
conditions of services, operations procedures, lifecycle of organizational processes
document) of the customer and related
attestations
Maintenance of an audit trail of archives lifecycle and events Digital signature and date and
log time stamp of attestations of
Traceability
operations and events, in units
or batches
Definition of the granularity of
the batches of events to which
a digital signature applies
Frequency of archiving of audit
trails and logs
5 General specifications
5.1 General
The design and operation of the information system shall allow implementation of procedures guaranteeing the
requirements selected from 4.2.
5.2 Technical description manual
A technical description manual of the information system shall be created and retained. It shall contain at least:
a) a list of hardware components of the information system with all serial numbers affixed by manufacturers,
the key features of these components, date(s) of production, compliance with related safety standards;
b) for a network system, its typology and topography, as well as a description of the connections and
security equipment;
c) a data architecture model of information objects and their relationships, with regard to their use in support
of the general objectives of the information system;
d) a list of software products and related documentation, identification of installed versions and dates of
installation of these versions;
e) a list of customized software applications with their design/architecture file, their source code or proof of
their deposit in custody;
f) a description of the interactions between the diverse components of the information system;
g) a description of the physical environment (temperatures, minimum and maximum humidity, etc.) in relation
to specifications provided by the equipment manufacturers for proper functionality and preservation of
information media;
h) a description of the technical and physical environment for the satisfactory functioning of the information
systems (e.g. type of power supply, generator, system of fire detection, redundancy implementation);
i) a description of the physical protection measures for safety and security (guarding, remote detection,
safes, locks, electromagnetic protection, etc.);
j) a description of the maintenance requirements for the information system.
5.3 Archival system profiles
An archival system profile is a set of rules applicable to documents sharing the same criteria of confidentiality,
duration of preservation, destruction and access rights for capture, retrieval or disposal. These rules also
specify the metadata which need to be associated with documents managed in the profile.
An archival system profile shall specify in particular the rights of persons and/or applications authorized to:
a) modify an archival system profile;
b) make a deposit;
c) access (view or play) a deposit;
d) prolong or decrease the duration of a deposit;
e) delete or dispose of a deposit, either prematurely or as planned.
Any creation, modification or deletion of an archival system profile shall be archived in an archives lifecycle log
held under the responsibility of the archiving service of the organization, or by a trusted third party.
An archival system profile can be defined for individual electronic documents. However, for bulk archiving, this
could be extremely time-consuming. Consequently, in this case it is preferable to use a set of predefined rules
grouped together in a more general archival system profile.
5.4 Operational procedures
5.4.1 General
The organization shall set up procedures for the capture, storage, access and restitution of documents. These
procedures shall be detailed in the technical description manual and shall include at least the following information:
— techniques and procedures used for search and printing;
— techniques and procedures for production of all types of attestation;
— techniques and procedures for storage and preservation of media and of storage infrastructures;
— file formats used;
— techniques and procedures for duplication and replication of documents and backups;
— techniques and procedures used for digital encryption and data integrity.
8 © ISO 2012 – All rights reserved

5.4.2 Scanned documents
In addition to the procedures defined in 5.4.1, where document scanning is undertaken, the following procedures
shall be included in the technical description manual:
— techniques and procedures used for digitization (a description of the document to be scanned and of any
particular distinctive features, preliminary operations needed, such as selection of output formats, imaging
resolution, compression technique, if used, reconditioning of the document after digitization, if applicable, etc.);
— techniques and procedures used for indexing (location of the document, identification references on the
document, on equipment or on accompanying vouchers, identification references of electronic messages);
— techniques and procedures for related metadata and any related enrichment of related metadata;
— techniques and procedures used for quality control (use of test targets for digitization, page count of scanned
batches, electronic messages filter control, code controls, if any, with regard to reference tables, etc.);
— techniques and procedures used for the destruction of the source document, if applicable.
5.4.3 Digitally born documents
In addition to the procedures defined in 5.4.1, where digitally born documents are involved, the following
procedures shall be included in the technical description manual:
— techniques or procedures used for transfer, receipt and control of documents to be archived;
— techniques and procedures for related metadata and any possible enrichment of related metadata;
— techniques and procedures concerning conversion of digital document formats during capture to the
information system, or later if formats become obsolete.
5.5 Security
5.5.1 Management and organization of security
All organizations shall have a management procedure in place to ensure the security of their information system.
NOTE For security requirements, reference should be made to ISO/IEC 27001 and associated standards.
The management system for security shall be distinct and separate from the administration of information
system operations or telecommunications systems. Its structure and governance shall be clearly defined and
communicated to all personnel of the organization.
The administration and organization of security of the information system shall apply principles inherited from
a general strategy or policy of the organization and rules already in place, notably:
— management of the keys of premises;
— security systems for detection, intrusion and alarms;
— compliance of hardware with regulations concerning human safety (see IEC 61000-4);
— operation of software products, the sources of which are known and available;
— development of adequately documented and tested custom software;
— management of access profiles to the information system (directory);
— use of transmission networks with features for integrity checks, safety and security operators;
— employment of third-party providers (security, guarding, cleaning, maintenance).
5.5.2 Risk assessment
Security measures are often developed using an ad hoc approach, in reaction to security incidents or the
availability of computer software tools. Such procedures frequently leave gaps in security, which are only filled
at some later date. A more structured approach is to review the information assets of the organization, and
assign risk factors (based on asset value, system vulnerability and likelihood of attack). An information security
policy can then be produced and approved, against which security measures can be audited.
The organization shall undertake an information security risk analysis, and document the results obtained.
Of particular importance are the security measures implemented to control the information storage media, both
the live media and the backup media. The risk analysis shall include vulnerability risk factors consistent with
the type of media being used (e.g. WORM or rewritable).
Where different types of storage media are used, their impact on the risk analysis results shall be reviewed.
Once the risk analysis has been completed, it shall be acted upon as part of a review of implemented security
measures. Factors such as the balance between the costs of implementation, security achieved and risk
evaluation shall be taken into consideration during the review process.
Based on the results of the risk analysis, existing security measures shall be reviewed for effectiveness.
Where the review indicates that changes to security procedures are appropriate, the identified changes shall
be implemented.
5.5.3 Physical security
Measures shall be taken for physical security, including the prevention of unauthorized access to hardware,
to telecommunication systems, to media holding information and to information ensuring their retrieval and
display, audit trails, logs and backups.
If continuity of access is needed, it is advisable to use several secure premises to minimize risk, using different
sites for media and/or systems containing backups (copies) of information and mechanisms for their operation.
Removable media shall be continuously monitored during their handling and/or transfer from one protected
location to another. It shall be possible to identify all holders of all media at any point in time.
When removable media are not actually in use, it shall be stored in specific protected locations.
If the destruction of physical documents is envisaged, specific procedures for the security of these operations
shall be implemented, both for original analogue paper-based documents and for digitally born documents.
If media containing documents need to be disposed of, appropriate measures shall be taken to make it
impossible for reconstruction of information initially held on the media.
5.5.4 Hardware security
Security measures covering hardware and software contribute, either separately or jointly, to the security of
information systems by allowing for:
a) identification of hardware configurations, including peripherals;
b) controls guaranteeing the absence of malicious or accidental modifications of hardware configurations;
c) controls guaranteeing that only authorized users can access the hardware.
Accordingly, security issues shall be taken into account when choosing equipment and during their installation
and implementation.
To limit the risks of illegal interceptions of information by third parties due to the transmissions of involuntary
electromagnetic radiations, it is advisable to test the hardware for compliance with IEC 61000-4.
10 © ISO 2012 – All rights reserved

5.5.5 Security of custom software and software products
Custom software and software products are integral to system configuration; accordingly, they shall be
subjected to the same safety conditions as the hardware.
The operating systems and software products that are chosen shall provide:
— access control tools for enhanced protection;
— protection against intrusion and malicious software;
— controls ensuring the absence of accidental or malicious changes to software configurations.
The security of software shall be ensured using:
— access controls guaranteeing that only authorized users can use the software and the information which
they are entitled to access;
— detection and monitoring systems so that any unauthorized access attempts are discovered and reported.
It is advisable to use software which is in the public domain or, where possible, to obtain sources from the supplier.
Rigorous methods shall be used for the development of software; the selection of best practices and checks
shall be the responsibility of the person in charge of the application.
Before being put into service, software and software products shall have been adequately tested on a machine
other than the main production machine, or on a production machine during periods of operational down-time,
having previously backed up data and indexes and having removed all appropriate removable information
system media.
Security of access and granting of access rights to the information system shall be carefully studied, designed
and implemented from the beginning of the system design.
The software and software products shall be specially protected, and access rights enabling their change or
modification should be granted only to authorized persons.
In cases of malfunction, a report shall be immediately delivered to the security authority and the malfunctioning
part of the information system shall be isolated as quickly as possible.
5.5.6 Maintenance of the information system
Information describing every maintenance operation shall be recorded in the technical documentation of the
information system. This shall include an identification of the maintenance operation, either preventive or
curative, entrusted either to the organization, or to specialized third-party providers.
Removable media containing electronic documents and their related metadata shall never be left in drives
during maintenance operations.
If media are not removable, a valid backup copy shall be created before any maintenance operation (see 5.5.8).
All tests shall be made with removable media specifically allocated for this task. If media are not removable, it
shall not be possible for tests to alter or destroy recorded information.
Preventive maintenance shall be performed to ensure proper functioning of the information system. In particular,
regular checks of removable disk drives or fixed media shall be made to verify that these are in proper working
order according to manufacturer recommendations.
5.5.7 System change-management and migration of media
Periodic upgrade operations and modification or replacement of hardware or software shall be planned in
advance of their implementation.
All these operations shall be detailed in the technical description manual of the information system
...