ISO 13008:2022

SLOVENSKI STANDARD
01-december-2022
Nadomešča:
SIST ISO 13008:2013
Informatika in dokumentacija - Proces konverzije in migracije digitalnih zapisov
Information and documentation -- Digital records conversion and migration process
Information et documentation -- Processus de conversion et migration des documents
d'activité numériques
Ta slovenski standard je istoveten z: ISO/DIS 13008
ICS:
01.140.20 Informacijske vede Information sciences
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

INTERNATIONAL ISO
STANDARD 13008
Second edition
2022-10
Information and documentation —
Digital records conversion and
migration process
Information et documentation — Processus de conversion et
migration des documents d'activité numériques
Reference number
© ISO 2022
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definition . 1
4 Organizational and business framework . 3
4.1 General . 3
4.2 Conversion and migration drivers . 4
4.2.1 General . 4
4.2.2 Conversion drivers . 4
4.2.3 Migration drivers . 4
4.3 Planning for the conversion and migration process . 5
4.3.1 General . 5
4.3.2 Risk management . 5
4.3.3 When to convert or migrate . 5
4.3.4 Conversion and migration considerations . 6
4.4 Establishing a conversion and migration program . 6
4.4.1 General . 6
4.4.2 Development of procedures documentation . 7
5 Conversion and migration requirements . 8
5.1 General . 8
5.2 Conversion and migration preparatory activities . 8
5.3 Conversion/migration process metadata . 9
5.3.1 General . 9
5.3.2 Conversion and migration process metadata implementation issues . 10
6 Conversion and migration technology planning .10
6.1 General . 10
6.2 Business requirements . 11
6.3 General administrative planning . 11
6.4 Technology planning requirements .12
6.4.1 General .12
6.4.2 Challenges posed by records created by new and emerging technologies .13
6.4.3 New and emerging technologies as enablers of conversion and migration .13
6.5 External conversion and migration services . 13
7 Conversion and migration procedures .14
7.1 General . 14
7.2 Procedures . 14
7.2.1 General . 14
7.2.2 Guidance on selecting appropriate procedures . 15
7.2.3 Maintaining the records' characteristics . 15
7.3 Conversion/migration project planning . 17
7.3.1 General . 17
7.3.2 Step 1: Understand the source records and their organizational
environment . 17
7.3.3 Step 2: Choose the desired state of the target records . 18
7.3.4 Step 3: Choose/develop the conversion or migration method and activities . 18
7.3.5 Step 4: Choose/develop a method of testing the conversion/migration
method and activities . 19
7.3.6 Step 5: Choose/develop a method of validating the conversion/migration
and activities . . . . 19
7.3.7 Step 6: Decide on disposal of the source records . 19
7.3.8 Step 7: Identify the required resources . 19
iii
7.3.9 Step 8: Document the conversion/migration process .20
7.3.10 Step 9: Document and obtain approval for the conversion/migration plan .20
7.4 Testing . 20
7.4.1 General .20
7.4.2 Step 1: Plan the test . . 21
7.4.3 Step 2: Configure the test environment . 21
7.4.4 Step 3: Conduct the test . 21
7.4.5 Step 4: Assess test results . 21
7.4.6 Step 5: Report results . 22
7.5 Conversion/migration . 22
7.5.1 General .22
7.5.2 Step 1: Prepare for the conversion/migration .22
7.5.3 Step 2: Define the records for conversion/migration .22
7.5.4 Step 3: Configure the conversion/migration environment .23
7.5.5 Step 4: Conduct conversion/migration . 24
7.5.6 Step 5: Check and correct errors . 24
7.6 Validation . 24
7.6.1 General . 24
7.6.2 Step 1: Assign responsibility . 24
7.6.3 Step 2: Determine the validation activities . 24
7.6.4 Step 3: Establish the system in the validation environment .25
7.6.5 Step 4: Conduct validation . 25
7.6.6 Step 5: Analyse results .25
7.6.7 Step 6: Report results of the validation . 25
7.6.8 Step 7: Update descriptive information about the records .26
7.6.9 Step 8: Manage the originating version . 26
7.6.10 Step 9: Operationalize the new version . 26
7.6.11 Step 10: Authorization . .26
8 Monitoring .26
Bibliography .28
iv
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 46, Information and documentation,
Subcommittee SC 11, Archives/records management.
This second edition cancels and replaces the first edition (ISO 13008:2012), which has been technically
revised.
The main changes are as follows:
— the terms and definitions have been updated;
— additional drivers for conversion/migration have been added;
— conversion and migration requirements have been clarified;
— the Bibliography has been updated.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
v
Introduction
This document provides guidance for the conversion of records from one format to another and the
migration of records from one hardware or software configuration to another. It contains applicable
records management requirements, the organizational and business framework for conducting the
conversion and migration process, technology planning issues, and monitoring/controls for the process.
It also identifies the steps, components and particular methodologies for each of these processes,
covering such topics as workflow, testing, version control and validation.
Due to the rapid pace of technological change, and digital preservation requirements, many records in
digital form will, at some point, need to be converted from one format to another, or migrated from one
system to another to ensure their continued accessibility and processability.
This is not to suggest that conversion and migration are the only approaches to preserving digital
records. Other methods, such as emulation, do exist or are under development. Conversion and migration
are, however, two of the more prevalent methods of digital preservation. While this document does
not address digital preservation per se, the conversion and migration processes can have an impact on
a digital preservation strategy. How an organization chooses to set up the conversion and migration
processes (which format to employ, the level of control needed and so on) largely influences its view of
the record. There is no single, one-size-fits-all preservation method. However, institutions recognize
the benefit of standardized procedures; many test beds and task forces have been established to explore
and research conversion, migration, emulation and refreshment, among other preservation procedures,
to determine what works best.
Conversion and migration represent separate approaches to preserving digital records. It is important
to implement them in a managed way to prevent any degradation or loss in the authenticity, reliability,
integrity and usability of the records, thus ensuring an “authoritative record” as described in
ISO 15489-1:2016, 5.2.2. This document outlines the program components, planning issues, records
management requirements and procedures for performing the conversion and migration of digital
records so as to preserve their authenticity, reliability, integrity and usability so that they continue to
act as evidence of business transactions. In cases where conversion and migration are carried out at the
same time, all requirements and guidance in this document apply.
From the outset, note that it is not necessary to adopt all of the procedures recommended in this
document to ensure that records management requirements are met. The decision regarding which
procedures to adopt depends on such factors as the type of conversion or migration to be performed and
the level of risk the organization is willing to accept. In addition, organizations would be well advised
to incorporate future planning for further conversion and/or migration of records among requirements
for electronic document and records management systems (EDRMS)”.
Before starting a conversion or migration project, individuals designated as “key” to the process need to
be aware of records management requirements. The term “records management criteria/requirements”
in records and information management means an adherence to a set of principles that relate to record
integrity, authenticity, reliability and usability and, where appropriate, compliance with relevant legal
and regulatory requirements. Adherence to these principles ensures that record content, context and
structure are maintained and that a given record’s standing as evidence of business activity is not
compromised. The principles apply regardless of how long the record is retained.
This document is applicable for both ad hoc conversion or migration projects as well as programs for
regular and ongoing conversion or migration.
vi
INTERNATIONAL STANDARD ISO 13008:2022(E)
Information and documentation — Digital records
conversion and migration process
1 Scope
This document specifies the planning issues, requirements and procedures for the conversion and/or
migration of digital records in order to preserve the authenticity, reliability, integrity and usability of
such records as evidence of business functions, processes, activities and transactions.
These procedures do not comprehensively cover:
— backup systems;
— preservation of digital records;
— functionality of trusted digital repositories;
— the process of converting analogue formats to digital formats and vice versa.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 30300, Information and documentation — Records management — Core concepts and vocabulary
3 Terms and definition
For the purposes of this document, the terms and definitions given in ISO 30300 and the following apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org’
3.1
access
right, opportunity, means of finding, using, or retrieving information
[SOURCE: ISO 5127: 2017, 3.11.1.01]
3.2
attribute
characteristic of an object or entity
Note 1 to entry: Adapted from ISO/IEC 11179-3:2003.
[SOURCE: ISO 23081-1:2017, 3.3]
3.3
content information
set of information that is the original target of preservation or that includes part or all of that
information
[SOURCE: ISO 19165-1:2018, 3.6]
3.4
data cleansing
process used to improve data quality by detecting and correcting (or removing) defects and errors in
data
[SOURCE: ISO 5127:2017, 3.1.11.21]
3.5
data object
discrete data, considered as a unit, representing an instance of a data structure that is known or
assumed to be known
[SOURCE: ISO/IEC 2382:2015, 2121425]
3.6
emulation
recreation of the functionality and behaviour of an obsolete digital system, using software (called
emulator) on current computer systems
Note 1 to entry: Emulation is a key digital preservation strategy.
[SOURCE: ISO 5127:2017, 3.12.1.20]
3.7
encryption
(reversible) transformation of data by a cryptographic algorithm to produce ciphertext, i.e. to hide the
information content of the data
[SOURCE: ISO/IEC 18033-6:2019, 3.8]
3.8
file format
encoding of a file type that can be rendered or interpreted in a consistent, expected and meaningful
way through the intervention of a particular piece of software or hardware which has been designed to
handle that format
Note 1 to entry: A file may (or may not) be a container containing zero or more files of various formats. File
formats may be defined by a specification, or by a reference software system. Many file formats exist in forms
with minor variations and many also in more than one version. Typing of file formats should be interpreted
generously rather than strictly, but sufficiently precisely to distinguish versions where such distinctions have
significant interpretive consequences.
[SOURCE: PRONOM Vocabulary Specification, The National Archives UK, 2011]
3.9
migration
process of moving records from one hardware or software configuration to another without changing
the format
3.10
originating
initial manifestation of something
3.11
preservation
measures taken to maintain the useability, authenticity, reliability and integrity of records over time
Note 1 to entry: Measures include principles, policies, rules, strategies, processes and operations.
[SOURCE: ISO 30300:2020, 3.4.11]
3.12
refreshment
digital migration where the effect is to replace a media instance with a copy that is sufficiently exact
that all archival storage hardware and software continues to run as before
[SOURCE: ISO 19165-1:2018, 3.31]
3.13
replication
digital migration where there is no change to the packaging information, the content information, and
the preservation description information
Note 1 to entry: The bits used to represent these information objects are preserved in the transfer to the same or
new media instance.
Note 2 to entry: Adapted from ISO 14721:2012.
3.14
representation information
information that maps a data object into more meaningful concepts
[SOURCE: ISO 19165-1:2018, 3.34, modified — Examples have been omitted.]
3.15
source record
document or record that has been copied, converted or migrated or will be the input for such a process
Note 1 to entry: Adapted from ISO/TR 13028:2010, 3.8
3.16
validation
process of evaluating a system or component to ensure compliance with the functional, performance
and interface requirements
[SOURCE: ISO/IEC 14776-121:2010, 3.1.108]
4 Organizational and business framework
4.1 General
This clause addresses the drivers that often prompt the need for the conversion or migration of digital
records, the issues that organizations should consider when evaluating the need for conversion or
migration of their records, and the steps taken in developing a conversion and migration program. It
discusses the decision making and resource allocation associated with the conversion or migration
within the organizational framework, as well as the technical infrastructure that supports the
conversion and migration processes and which should be used to ensure the records’ authenticity and
integrity for as long as they are needed.
4.2 Conversion and migration drivers
4.2.1 General
A variety of drivers can compel an organization to convert or migrate its digital records. Some records
have longer retention requirements than a software application or storage medium can sustain,
prompting organizations to convert or migrate their records while supporting systems are still viable.
Some records might need to be converted or migrated because the corresponding media becomes
contaminated. Organizations might also choose to convert or migrate records proactively on the basis of
operational factors relating to record volume, access, storage efficiency, business and technology cycles,
or organizational change (such as outsourcing, mergers or acquisitions). In addition, organizations
might be compelled to convert or migrate records in response to regulatory or legal actions.
4.2.2 Conversion drivers
Conversion is defined as the process of changing records from one format to another. Examples of
drivers that can require digital conversion include the following.
a) Format change: records stored in a proprietary format are converted to an open file format, such as
a conversion of a Word.doc file to PDF/A.
b) Format obsolescence: for example, records stored in an obsolete but still readable word processing
format are converted to a current word processing format.
c) Interoperability: records are converted to a format that ensures seamless interoperability with
certain IT infrastructure
d) Legal issues: records are converted according to existing explicit legal or regulatory requirements
concerning formats or service providers
4.2.3 Migration drivers
Migration is defined as the process of moving records from one hardware or software configuration
to another without changing the format. Some examples of drivers that can require digital migration
include the following.
a) There can be a need to migrate records from one structure to another. For example, records
existing in several legacy databases might be restructured into a new consolidated database (e.g.
from Oracle to SQL Server).
b) The platform in which the records were created is changing and the records need to be migrated
to the new platform. For example, records might need to be moved from a Microsoft Windows
platform to a UNIX platform.
c) A migration is prudent from a business perspective (e.g. to introduce a new system with improved
functionality). For example, a migration of records might be needed to support a change from a
physical business presence to a web-based storefront or to move records from a shared drive to an
electronic document and records management system (EDRMS). Migration also takes place when
an organization moves its records to external service provider/cloud environment, or from one
service provider to another.
Organizations should assess, document and manage their records. Ongoing accessibility of digital
records in the context of changing technical environment and compliance with dynamic legal and
regulatory requirements demand rigorous, coordinated efforts and sustained funding. Decisions
related to conversion and migration should be based on analysis of the value of the organization’s digital
records and the impact of technology infrastructure and investments during the records' existence, as
well as on knowledge about standards and best practices relating to conversion and migration of digital
records.
4.3 Planning for the conversion and migration process
4.3.1 General
Records conversion and migration planning falls into the domain of the organization’s information
governance protocols and systems (i.e. is a joint responsibility of the stakeholders including information-
related professionals and relevant business functions). As with more traditional asset (capital, facilities,
human resources) management, policies and procedures regarding the acquisition, management and
disposition of information assets shall be established, followed, documented and periodically audited
for compliance and efficacy. Business managers (and their respective IS/IT support officers) shall know
where and how their record assets are being created, managed and stored, and shall therefore be able
to plan and justify the case for conversion or migration.
In a given organization, conversion or migration might take place as a one-time project or regularly
as an ongoing activity in response to any of the above-mentioned situations. However, for effective
preservation of digital records and their metadata, conversion or migration shall be performed as part
of a well-planned and structured program. In all cases, it is preferable to plan, execute and validate
the records conversion or migration process proactively, with adequate time and resources and with
the least disruption to stakeholders and their respective business cycles and functions. During an
unplanned event (natural or human-made), there can be a need to undertake conversion or migration
under extreme and therefore less than ideal conditions, which make it more costly and disruptive.
4.3.2 Risk management
Significant costs can be associated with the conversion and migration of digital records; for example,
the costs of new hardware and software, licenses, additional human resources, etc. As a result, an
organization shall determine the scope of conversion or migration on the basis of the analysis of the
costs, benefits and risk. Records shall be analysed to determine their value to the organization and the
risk associated with their potential loss or corruption. Part of the organization’s records management
program should include appraisal of the records and assessment of the risks associated with them.
Normally, the organization’s records retention policies document these decisions. Additional guidance
on risk analysis can be found in ISO/TR 18128.
An organization's records management practices are based on operational and other needs and
perceptions of risks. Operational needs (e.g. fulfilling regulatory requirements, product development,
providing access or documenting financial transactions) determine the strategies and levels of effort an
organization undertakes to ensure the trustworthiness of a record. Risk assessment and risk mitigation,
along with other techniques, are used to establish both management controls for and documentation
requirements of activities. These risk assessments can also be used to establish records management
controls. Risk assessments shall be conducted to establish appropriate levels of management controls
prior to undertaking new initiatives.
From a records management perspective, two main risks are assessed when considering digital records:
1) challenges to the trustworthiness and integrity of the records (e.g. legal challenges) that can be
expected over the life of the records;
2) loss, including loss of access to (or unauthorized destruction of) records.
Consequences are measured by the degree of loss (including reputational loss) that the organization or
other stakeholders would suffer if the trustworthiness of the records cannot be verified or in the event
of loss or unauthorized destruction of records.
4.3.3 When to convert or migrate
It is recommended to perform conversion or migration of records before the technology and media upon
which they depend become obsolete. Depending on factors such as volume and access requirements, it
can be desirable to convert or migrate the records as soon as the target or end environment is known. If
the perceived value of and/or risk to the records are sufficiently low, organizations might choose to wait
until some other driver (e.g. software upgrade, system replacement, acquisition or merger) triggers the
decision to convert or migrate.
4.3.4 Conversion and migration considerations
In the digital environment, conversion and migration of an organization's records are often a routine
activity on both large and small scales. Therefore, an organization shall have policies, procedures, and
plans to ensure these activities are conducted in accordance with standards and business practices.
Obligations and interdependencies related to records preservation shall be acknowledged and
documented as early as possible in the analysis and requirements definition phase of both business
process planning and technology investment planning.
When deciding whether internal or external resources, or a combination, will be involved in the
(project-based) conversion and migration activities, the following factors should be taken into account.
— Skill sets: whether the organization has staff with the experience and knowledge to perform
conversion and migration activities.
— Availability of human and technical resources (including security and records personnel): whether
staff members with the appropriate skill sets are available during the project timeframe.
— Equipment: whether the organization has the right environment and tools to perform conversion
and migration activities.
— Cost and timeline: whether the organization has the resources (budget and time) to perform
conversion and migration activities.
— Capability to perform quality assurance/quality control: whether the organization has personnel
with the experience and knowledge to perform quality assurance and quality control activities.
— Data sharing/data stewardship/ownership: which person(s) or business unit(s) in the organization
will lead the conversion and migration activities.
— Validation: whether the organization has staff with the experience and knowledge needed to
validate conversion and migration activities.
— Business cycles: which person(s) or business unit(s) in the organization will decide when conversion
and migration activities should occur.
— Security and privacy: whether internal and/or external service providers can comply with all the
relevant legal, regulatory and business requirements.
4.4 Establishing a conversion and migration program
4.4.1 General
Organizations that maintain digital records for such periods that necessitate regular and ongoing
conversion or migration shall establish a conversion and migration program before carrying out major
digital records conversions or migrations.
This implies that the requirement to convert or migrate the digital components making up the
organization’s records is recognized, and a governance structure with direct or delegated executive
authority is in place. The corporate policies of the organization shall authorize the establishment of a
conversion and migration program.
The conversion and migration program governance structure authorizes when and how conversions
and migrations occur and who is to carry them out. Normally, records professionals are responsible for
authorizing the conversion and migration process with assistance from IT, the owner(s) of the business
and the legal staff. The conversion and migration program governance structure also authorizes
whatever audit process is to be implemented and identifies who is responsible for performing it.
Setting out the authorization and business area(s) responsible is essential to establishing conversion
and migration as a normal and routine business activity for an organization.
To minimize risk in larger organizations, the conversion and migration program should include
authorization for:
— a limited number of events that trigger conversion or migration;
— the types of conversions and migrations to be done;
— the method of recording (and certifying if necessary) that the above activities are carried out as
required.
The organization’s policy or procedures document should list these authorizations.
4.4.2 Development of procedures documentation
The process of converting and migrating digital records introduces significant risks to the authenticity,
integrity, reliability and usability of those records. To mitigate these risks, it is important to control the
process by applying approved and documented procedures.
The approach to the development of a conversion and migration procedures documentation is at the
discretion of the individual organization. There can be separate documentation that address each type
of conversion and migration, or a single document with appropriate subsections for each type. At a
minimum, the conversion and migration procedures documentation shall address all phases of the
conversion and migration process. Conversion and migration can be executed at the same time.
The documentation shall also describe the procedures for disposition of source records or media. Source
records/media shall be removed from the active environment, and shall be maintained according to the
established disposition authorities. If additional types of conversions or migrations are encountered,
specific documentation shall be developed for them.
All revisions to procedures shall be documented in the documentation with appropriate authorizations.
Ad hoc documentation entries shall be avoided as they can destroy the credibility of the program in
the event of an investigation or regulatory inquiry in which the method of conversion or migration
underpins the establishment of the integrity of digital records as evidence.
Conversion and migration procedures documentation shall address all phases of the process as follows.
— Planning: the procedural steps, methods, people and other resources needed to execute a successful
conversion/migration of the target digital records.
— Consider the opportunity to perform data cleansing during the migration process; this will improve
data quality and eliminate redundant or obsolete information.
— Configuration of the migration/conversion software (if needed).
— Testing: the tests needed to verify that the planned procedures and methods would yield a successful
conversion/migration of the records.
— Back-up: ensure back-ups are performed before performing a conversion/migration of the
production environment.
— Conversion and/or migration: the procedural steps to be performed in carrying out actual conversion
and/or migration of the target digital records.
— Validation: the procedural steps and methods to be used to verify that the target digital records
have been successfully converted or migrated. This enables third parties to be certain that the
authenticity of the records has been maintained through the use of a documented procedure to
record the conversion or migration process. Quality assurance procedures shall enumerate the steps
needed to ensure a controlled and secure conversion and migration process. Lastly, the content and
format of error reports shall be generated once the conversion or migration is complete.
— Sign-off: the authorizations needed to verify that the conversion and migration process has been
successfully performed in compliance with approved policy and procedures.
— Documentation: detailed records of the conversion and migration process during and after each
conversion and migration project.
Clause 7 outlines additional details of the procedures that constitute each phase of the conversion and
migration process.
5 Conversion and migration requirements
5.1 General
This clause includes those issues associated with the management of the records to be converted and
migrated so that complete, accurate, reliable and authentic records can be produced once the conversion
and migration process has been completed.
The conversion or migration of digital records from one technology environment
...

INTERNATIONAL ISO
STANDARD 13008
Second edition
2022-10
Information and documentation —
Digital records conversion and
migration process
Information et documentation — Processus de conversion et
migration des documents d'activité numériques
Reference number
© ISO 2022
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definition . 1
4 Organizational and business framework . 3
4.1 General . 3
4.2 Conversion and migration drivers . 4
4.2.1 General . 4
4.2.2 Conversion drivers . 4
4.2.3 Migration drivers . 4
4.3 Planning for the conversion and migration process . 5
4.3.1 General . 5
4.3.2 Risk management . 5
4.3.3 When to convert or migrate . 5
4.3.4 Conversion and migration considerations . 6
4.4 Establishing a conversion and migration program . 6
4.4.1 General . 6
4.4.2 Development of procedures documentation . 7
5 Conversion and migration requirements . 8
5.1 General . 8
5.2 Conversion and migration preparatory activities . 8
5.3 Conversion/migration process metadata . 9
5.3.1 General . 9
5.3.2 Conversion and migration process metadata implementation issues . 10
6 Conversion and migration technology planning .10
6.1 General . 10
6.2 Business requirements . 11
6.3 General administrative planning . 11
6.4 Technology planning requirements .12
6.4.1 General .12
6.4.2 Challenges posed by records created by new and emerging technologies .13
6.4.3 New and emerging technologies as enablers of conversion and migration .13
6.5 External conversion and migration services . 13
7 Conversion and migration procedures .14
7.1 General . 14
7.2 Procedures . 14
7.2.1 General . 14
7.2.2 Guidance on selecting appropriate procedures . 15
7.2.3 Maintaining the records' characteristics . 15
7.3 Conversion/migration project planning . 17
7.3.1 General . 17
7.3.2 Step 1: Understand the source records and their organizational
environment . 17
7.3.3 Step 2: Choose the desired state of the target records . 18
7.3.4 Step 3: Choose/develop the conversion or migration method and activities . 18
7.3.5 Step 4: Choose/develop a method of testing the conversion/migration
method and activities . 19
7.3.6 Step 5: Choose/develop a method of validating the conversion/migration
and activities . . . . 19
7.3.7 Step 6: Decide on disposal of the source records . 19
7.3.8 Step 7: Identify the required resources . 19
iii
7.3.9 Step 8: Document the conversion/migration process .20
7.3.10 Step 9: Document and obtain approval for the conversion/migration plan .20
7.4 Testing . 20
7.4.1 General .20
7.4.2 Step 1: Plan the test . . 21
7.4.3 Step 2: Configure the test environment . 21
7.4.4 Step 3: Conduct the test . 21
7.4.5 Step 4: Assess test results . 21
7.4.6 Step 5: Report results . 22
7.5 Conversion/migration . 22
7.5.1 General .22
7.5.2 Step 1: Prepare for the conversion/migration .22
7.5.3 Step 2: Define the records for conversion/migration .22
7.5.4 Step 3: Configure the conversion/migration environment .23
7.5.5 Step 4: Conduct conversion/migration . 24
7.5.6 Step 5: Check and correct errors . 24
7.6 Validation . 24
7.6.1 General . 24
7.6.2 Step 1: Assign responsibility . 24
7.6.3 Step 2: Determine the validation activities . 24
7.6.4 Step 3: Establish the system in the validation environment .25
7.6.5 Step 4: Conduct validation . 25
7.6.6 Step 5: Analyse results .25
7.6.7 Step 6: Report results of the validation . 25
7.6.8 Step 7: Update descriptive information about the records .26
7.6.9 Step 8: Manage the originating version . 26
7.6.10 Step 9: Operationalize the new version . 26
7.6.11 Step 10: Authorization . .26
8 Monitoring .26
Bibliography .28
iv
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 46, Information and documentation,
Subcommittee SC 11, Archives/records management.
This second edition cancels and replaces the first edition (ISO 13008:2012), which has been technically
revised.
The main changes are as follows:
— the terms and definitions have been updated;
— additional drivers for conversion/migration have been added;
— conversion and migration requirements have been clarified;
— the Bibliography has been updated.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
v
Introduction
This document provides guidance for the conversion of records from one format to another and the
migration of records from one hardware or software configuration to another. It contains applicable
records management requirements, the organizational and business framework for conducting the
conversion and migration process, technology planning issues, and monitoring/controls for the process.
It also identifies the steps, components and particular methodologies for each of these processes,
covering such topics as workflow, testing, version control and validation.
Due to the rapid pace of technological change, and digital preservation requirements, many records in
digital form will, at some point, need to be converted from one format to another, or migrated from one
system to another to ensure their continued accessibility and processability.
This is not to suggest that conversion and migration are the only approaches to preserving digital
records. Other methods, such as emulation, do exist or are under development. Conversion and migration
are, however, two of the more prevalent methods of digital preservation. While this document does
not address digital preservation per se, the conversion and migration processes can have an impact on
a digital preservation strategy. How an organization chooses to set up the conversion and migration
processes (which format to employ, the level of control needed and so on) largely influences its view of
the record. There is no single, one-size-fits-all preservation method. However, institutions recognize
the benefit of standardized procedures; many test beds and task forces have been established to explore
and research conversion, migration, emulation and refreshment, among other preservation procedures,
to determine what works best.
Conversion and migration represent separate approaches to preserving digital records. It is important
to implement them in a managed way to prevent any degradation or loss in the authenticity, reliability,
integrity and usability of the records, thus ensuring an “authoritative record” as described in
ISO 15489-1:2016, 5.2.2. This document outlines the program components, planning issues, records
management requirements and procedures for performing the conversion and migration of digital
records so as to preserve their authenticity, reliability, integrity and usability so that they continue to
act as evidence of business transactions. In cases where conversion and migration are carried out at the
same time, all requirements and guidance in this document apply.
From the outset, note that it is not necessary to adopt all of the procedures recommended in this
document to ensure that records management requirements are met. The decision regarding which
procedures to adopt depends on such factors as the type of conversion or migration to be performed and
the level of risk the organization is willing to accept. In addition, organizations would be well advised
to incorporate future planning for further conversion and/or migration of records among requirements
for electronic document and records management systems (EDRMS)”.
Before starting a conversion or migration project, individuals designated as “key” to the process need to
be aware of records management requirements. The term “records management criteria/requirements”
in records and information management means an adherence to a set of principles that relate to record
integrity, authenticity, reliability and usability and, where appropriate, compliance with relevant legal
and regulatory requirements. Adherence to these principles ensures that record content, context and
structure are maintained and that a given record’s standing as evidence of business activity is not
compromised. The principles apply regardless of how long the record is retained.
This document is applicable for both ad hoc conversion or migration projects as well as programs for
regular and ongoing conversion or migration.
vi
INTERNATIONAL STANDARD ISO 13008:2022(E)
Information and documentation — Digital records
conversion and migration process
1 Scope
This document specifies the planning issues, requirements and procedures for the conversion and/or
migration of digital records in order to preserve the authenticity, reliability, integrity and usability of
such records as evidence of business functions, processes, activities and transactions.
These procedures do not comprehensively cover:
— backup systems;
— preservation of digital records;
— functionality of trusted digital repositories;
— the process of converting analogue formats to digital formats and vice versa.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 30300, Information and documentation — Records management — Core concepts and vocabulary
3 Terms and definition
For the purposes of this document, the terms and definitions given in ISO 30300 and the following apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org’
3.1
access
right, opportunity, means of finding, using, or retrieving information
[SOURCE: ISO 5127: 2017, 3.11.1.01]
3.2
attribute
characteristic of an object or entity
Note 1 to entry: Adapted from ISO/IEC 11179-3:2003.
[SOURCE: ISO 23081-1:2017, 3.3]
3.3
content information
set of information that is the original target of preservation or that includes part or all of that
information
[SOURCE: ISO 19165-1:2018, 3.6]
3.4
data cleansing
process used to improve data quality by detecting and correcting (or removing) defects and errors in
data
[SOURCE: ISO 5127:2017, 3.1.11.21]
3.5
data object
discrete data, considered as a unit, representing an instance of a data structure that is known or
assumed to be known
[SOURCE: ISO/IEC 2382:2015, 2121425]
3.6
emulation
recreation of the functionality and behaviour of an obsolete digital system, using software (called
emulator) on current computer systems
Note 1 to entry: Emulation is a key digital preservation strategy.
[SOURCE: ISO 5127:2017, 3.12.1.20]
3.7
encryption
(reversible) transformation of data by a cryptographic algorithm to produce ciphertext, i.e. to hide the
information content of the data
[SOURCE: ISO/IEC 18033-6:2019, 3.8]
3.8
file format
encoding of a file type that can be rendered or interpreted in a consistent, expected and meaningful
way through the intervention of a particular piece of software or hardware which has been designed to
handle that format
Note 1 to entry: A file may (or may not) be a container containing zero or more files of various formats. File
formats may be defined by a specification, or by a reference software system. Many file formats exist in forms
with minor variations and many also in more than one version. Typing of file formats should be interpreted
generously rather than strictly, but sufficiently precisely to distinguish versions where such distinctions have
significant interpretive consequences.
[SOURCE: PRONOM Vocabulary Specification, The National Archives UK, 2011]
3.9
migration
process of moving records from one hardware or software configuration to another without changing
the format
3.10
originating
initial manifestation of something
3.11
preservation
measures taken to maintain the useability, authenticity, reliability and integrity of records over time
Note 1 to entry: Measures include principles, policies, rules, strategies, processes and operations.
[SOURCE: ISO 30300:2020, 3.4.11]
3.12
refreshment
digital migration where the effect is to replace a media instance with a copy that is sufficiently exact
that all archival storage hardware and software continues to run as before
[SOURCE: ISO 19165-1:2018, 3.31]
3.13
replication
digital migration where there is no change to the packaging information, the content information, and
the preservation description information
Note 1 to entry: The bits used to represent these information objects are preserved in the transfer to the same or
new media instance.
Note 2 to entry: Adapted from ISO 14721:2012.
3.14
representation information
information that maps a data object into more meaningful concepts
[SOURCE: ISO 19165-1:2018, 3.34, modified — Examples have been omitted.]
3.15
source record
document or record that has been copied, converted or migrated or will be the input for such a process
Note 1 to entry: Adapted from ISO/TR 13028:2010, 3.8
3.16
validation
process of evaluating a system or component to ensure compliance with the functional, performance
and interface requirements
[SOURCE: ISO/IEC 14776-121:2010, 3.1.108]
4 Organizational and business framework
4.1 General
This clause addresses the drivers that often prompt the need for the conversion or migration of digital
records, the issues that organizations should consider when evaluating the need for conversion or
migration of their records, and the steps taken in developing a conversion and migration program. It
discusses the decision making and resource allocation associated with the conversion or migration
within the organizational framework, as well as the technical infrastructure that supports the
conversion and migration processes and which should be used to ensure the records’ authenticity and
integrity for as long as they are needed.
4.2 Conversion and migration drivers
4.2.1 General
A variety of drivers can compel an organization to convert or migrate its digital records. Some records
have longer retention requirements than a software application or storage medium can sustain,
prompting organizations to convert or migrate their records while supporting systems are still viable.
Some records might need to be converted or migrated because the corresponding media becomes
contaminated. Organizations might also choose to convert or migrate records proactively on the basis of
operational factors relating to record volume, access, storage efficiency, business and technology cycles,
or organizational change (such as outsourcing, mergers or acquisitions). In addition, organizations
might be compelled to convert or migrate records in response to regulatory or legal actions.
4.2.2 Conversion drivers
Conversion is defined as the process of changing records from one format to another. Examples of
drivers that can require digital conversion include the following.
a) Format change: records stored in a proprietary format are converted to an open file format, such as
a conversion of a Word.doc file to PDF/A.
b) Format obsolescence: for example, records stored in an obsolete but still readable word processing
format are converted to a current word processing format.
c) Interoperability: records are converted to a format that ensures seamless interoperability with
certain IT infrastructure
d) Legal issues: records are converted according to existing explicit legal or regulatory requirements
concerning formats or service providers
4.2.3 Migration drivers
Migration is defined as the process of moving records from one hardware or software configuration
to another without changing the format. Some examples of drivers that can require digital migration
include the following.
a) There can be a need to migrate records from one structure to another. For example, records
existing in several legacy databases might be restructured into a new consolidated database (e.g.
from Oracle to SQL Server).
b) The platform in which the records were created is changing and the records need to be migrated
to the new platform. For example, records might need to be moved from a Microsoft Windows
platform to a UNIX platform.
c) A migration is prudent from a business perspective (e.g. to introduce a new system with improved
functionality). For example, a migration of records might be needed to support a change from a
physical business presence to a web-based storefront or to move records from a shared drive to an
electronic document and records management system (EDRMS). Migration also takes place when
an organization moves its records to external service provider/cloud environment, or from one
service provider to another.
Organizations should assess, document and manage their records. Ongoing accessibility of digital
records in the context of changing technical environment and compliance with dynamic legal and
regulatory requirements demand rigorous, coordinated efforts and sustained funding. Decisions
related to conversion and migration should be based on analysis of the value of the organization’s digital
records and the impact of technology infrastructure and investments during the records' existence, as
well as on knowledge about standards and best practices relating to conversion and migration of digital
records.
4.3 Planning for the conversion and migration process
4.3.1 General
Records conversion and migration planning falls into the domain of the organization’s information
governance protocols and systems (i.e. is a joint responsibility of the stakeholders including information-
related professionals and relevant business functions). As with more traditional asset (capital, facilities,
human resources) management, policies and procedures regarding the acquisition, management and
disposition of information assets shall be established, followed, documented and periodically audited
for compliance and efficacy. Business managers (and their respective IS/IT support officers) shall know
where and how their record assets are being created, managed and stored, and shall therefore be able
to plan and justify the case for conversion or migration.
In a given organization, conversion or migration might take place as a one-time project or regularly
as an ongoing activity in response to any of the above-mentioned situations. However, for effective
preservation of digital records and their metadata, conversion or migration shall be performed as part
of a well-planned and structured program. In all cases, it is preferable to plan, execute and validate
the records conversion or migration process proactively, with adequate time and resources and with
the least disruption to stakeholders and their respective business cycles and functions. During an
unplanned event (natural or human-made), there can be a need to undertake conversion or migration
under extreme and therefore less than ideal conditions, which make it more costly and disruptive.
4.3.2 Risk management
Significant costs can be associated with the conversion and migration of digital records; for example,
the costs of new hardware and software, licenses, additional human resources, etc. As a result, an
organization shall determine the scope of conversion or migration on the basis of the analysis of the
costs, benefits and risk. Records shall be analysed to determine their value to the organization and the
risk associated with their potential loss or corruption. Part of the organization’s records management
program should include appraisal of the records and assessment of the risks associated with them.
Normally, the organization’s records retention policies document these decisions. Additional guidance
on risk analysis can be found in ISO/TR 18128.
An organization's records management practices are based on operational and other needs and
perceptions of risks. Operational needs (e.g. fulfilling regulatory requirements, product development,
providing access or documenting financial transactions) determine the strategies and levels of effort an
organization undertakes to ensure the trustworthiness of a record. Risk assessment and risk mitigation,
along with other techniques, are used to establish both management controls for and documentation
requirements of activities. These risk assessments can also be used to establish records management
controls. Risk assessments shall be conducted to establish appropriate levels of management controls
prior to undertaking new initiatives.
From a records management perspective, two main risks are assessed when considering digital records:
1) challenges to the trustworthiness and integrity of the records (e.g. legal challenges) that can be
expected over the life of the records;
2) loss, including loss of access to (or unauthorized destruction of) records.
Consequences are measured by the degree of loss (including reputational loss) that the organization or
other stakeholders would suffer if the trustworthiness of the records cannot be verified or in the event
of loss or unauthorized destruction of records.
4.3.3 When to convert or migrate
It is recommended to perform conversion or migration of records before the technology and media upon
which they depend become obsolete. Depending on factors such as volume and access requirements, it
can be desirable to convert or migrate the records as soon as the target or end environment is known. If
the perceived value of and/or risk to the records are sufficiently low, organizations might choose to wait
until some other driver (e.g. software upgrade, system replacement, acquisition or merger) triggers the
decision to convert or migrate.
4.3.4 Conversion and migration considerations
In the digital environment, conversion and migration of an organization's records are often a routine
activity on both large and small scales. Therefore, an organization shall have policies, procedures, and
plans to ensure these activities are conducted in accordance with standards and business practices.
Obligations and interdependencies related to records preservation shall be acknowledged and
documented as early as possible in the analysis and requirements definition phase of both business
process planning and technology investment planning.
When deciding whether internal or external resources, or a combination, will be involved in the
(project-based) conversion and migration activities, the following factors should be taken into account.
— Skill sets: whether the organization has staff with the experience and knowledge to perform
conversion and migration activities.
— Availability of human and technical resources (including security and records personnel): whether
staff members with the appropriate skill sets are available during the project timeframe.
— Equipment: whether the organization has the right environment and tools to perform conversion
and migration activities.
— Cost and timeline: whether the organization has the resources (budget and time) to perform
conversion and migration activities.
— Capability to perform quality assurance/quality control: whether the organization has personnel
with the experience and knowledge to perform quality assurance and quality control activities.
— Data sharing/data stewardship/ownership: which person(s) or business unit(s) in the organization
will lead the conversion and migration activities.
— Validation: whether the organization has staff with the experience and knowledge needed to
validate conversion and migration activities.
— Business cycles: which person(s) or business unit(s) in the organization will decide when conversion
and migration activities should occur.
— Security and privacy: whether internal and/or external service providers can comply with all the
relevant legal, regulatory and business requirements.
4.4 Establishing a conversion and migration program
4.4.1 General
Organizations that maintain digital records for such periods that necessitate regular and ongoing
conversion or migration shall establish a conversion and migration program before carrying out major
digital records conversions or migrations.
This implies that the requirement to convert or migrate the digital components making up the
organization’s records is recognized, and a governance structure with direct or delegated executive
authority is in place. The corporate policies of the organization shall authorize the establishment of a
conversion and migration program.
The conversion and migration program governance structure authorizes when and how conversions
and migrations occur and who is to carry them out. Normally, records professionals are responsible for
authorizing the conversion and migration process with assistance from IT, the owner(s) of the business
and the legal staff. The conversion and migration program governance structure also authorizes
whatever audit process is to be implemented and identifies who is responsible for performing it.
Setting out the authorization and business area(s) responsible is essential to establishing conversion
and migration as a normal and routine business activity for an organization.
To minimize risk in larger organizations, the conversion and migration program should include
authorization for:
— a limited number of events that trigger conversion or migration;
— the types of conversions and migrations to be done;
— the method of recording (and certifying if necessary) that the above activities are carried out as
required.
The organization’s policy or procedures document should list these authorizations.
4.4.2 Development of procedures documentation
The process of converting and migrating digital records introduces significant risks to the authenticity,
integrity, reliability and usability of those records. To mitigate these risks, it is important to control the
process by applying approved and documented procedures.
The approach to the development of a conversion and migration procedures documentation is at the
discretion of the individual organization. There can be separate documentation that address each type
of conversion and migration, or a single document with appropriate subsections for each type. At a
minimum, the conversion and migration procedures documentation shall address all phases of the
conversion and migration process. Conversion and migration can be executed at the same time.
The documentation shall also describe the procedures for disposition of source records or media. Source
records/media shall be removed from the active environment, and shall be maintained according to the
established disposition authorities. If additional types of conversions or migrations are encountered,
specific documentation shall be developed for them.
All revisions to procedures shall be documented in the documentation with appropriate authorizations.
Ad hoc documentation entries shall be avoided as they can destroy the credibility of the program in
the event of an investigation or regulatory inquiry in which the method of conversion or migration
underpins the establishment of the integrity of digital records as evidence.
Conversion and migration procedures documentation shall address all phases of the process as follows.
— Planning: the procedural steps, methods, people and other resources needed to execute a successful
conversion/migration of the target digital records.
— Consider the opportunity to perform data cleansing during the migration process; this will improve
data quality and eliminate redundant or obsolete information.
— Configuration of the migration/conversion software (if needed).
— Testing: the tests needed to verify that the planned procedures and methods would yield a successful
conversion/migration of the records.
— Back-up: ensure back-ups are performed before performing a conversion/migration of the
production environment.
— Conversion and/or migration: the procedural steps to be performed in carrying out actual conversion
and/or migration of the target digital records.
— Validation: the procedural steps and methods to be used to verify that the target digital records
have been successfully converted or migrated. This enables third parties to be certain that the
authenticity of the records has been maintained through the use of a documented procedure to
record the conversion or migration process. Quality assurance procedures shall enumerate the steps
needed to ensure a controlled and secure conversion and migration process. Lastly, the content and
format of error reports shall be generated once the conversion or migration is complete.
— Sign-off: the authorizations needed to verify that the conversion and migration process has been
successfully performed in compliance with approved policy and procedures.
— Documentation: detailed records of the conversion and migration process during and after each
conversion and migration project.
Clause 7 outlines additional details of the procedures that constitute each phase of the conversion and
migration process.
5 Conversion and migration requirements
5.1 General
This clause includes those issues associated with the management of the records to be converted and
migrated so that complete, accurate, reliable and authentic records can be produced once the conversion
and migration process has been completed.
The conversion or migration of digital records from one technology environment to another can alter the
content, context or structure of the records. If this occurs, the organization might risk non-compliance
with records management requirements through loss of the records’ reliability and authenticity. An
effective digital conversion and migration plan can be used to identify all of the characteristics of the
records that should be preserved after the records have been converted or migrated.
5.2 Conversion and migration preparatory activities
The following activities shall be completed for a successful digital conversion or migration process, to
ensure that conversion and migration requirements outlined in this clause can be met.
— Document all conversion and migration activities to ensure that the organization continues to
possess complete, accessible and authentic records throughout their full retention period. This
documentation should demonstrate that all records, including those created while the conversion/
migration activities were in progress, have been converte
...

NORME ISO
INTERNATIONALE 13008
Deuxième édition
2022-10
Information et documentation —
Processus de conversion et migration
des documents d'activité numériques
Information and documentation — Digital records conversion and
migration process
Numéro de référence
DOCUMENT PROTÉGÉ PAR COPYRIGHT
© ISO 2022
Tous droits réservés. Sauf prescription différente ou nécessité dans le contexte de sa mise en œuvre, aucune partie de cette
publication ne peut être reproduite ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique,
y compris la photocopie, ou la diffusion sur l’internet ou sur un intranet, sans autorisation écrite préalable. Une autorisation peut
être demandée à l’ISO à l’adresse ci-après ou au comité membre de l’ISO dans le pays du demandeur.
ISO copyright office
Case postale 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Genève
Tél.: +41 22 749 01 11
E-mail: copyright@iso.org
Web: www.iso.org
Publié en Suisse
ii
Sommaire Page
Avant-propos .v
Introduction . vi
1 Domaine d'application .1
2 Références normatives .1
3 Termes et définitions . 1
4 Structure organisationnelle et d'activité . 3
4.1 Généralités . 3
4.2 Déclencheurs de conversion et de migration. 4
4.2.1 Généralités . 4
4.2.2 Déclencheurs de conversion . 4
4.2.3 Déclencheurs de migration . 4
4.3 Planification pour le processus de conversion et de migration . 5
4.3.1 Généralités . 5
4.3.2 Gestion des risques . 5
4.3.3 Quand convertir ou migrer . 6
4.3.4 Considérations relatives à la conversion et à la migration . 6
4.4 Élaboration d'un programme de conversion et de migration . . 7
4.4.1 Généralités . 7
4.4.2 Développement de la documentation de procédures . 7
5 Exigences de conversion et de migration . 8
5.1 Généralités . 8
5.2 Activités préparatoires à la conversion et à la migration . 9
5.3 Métadonnées de processus de conversion/migration. 10
5.3.1 Généralités . 10
5.3.2 Problèmes d'implémentation de métadonnées du processus de conversion
et de migration . 10
6 Planification technologique de conversion et de migration .11
6.1 Généralités . 11
6.2 Exigences opérationnelles .12
6.3 Planification administrative générale .12
6.4 Exigences de planification technologique . 13
6.4.1 Généralités .13
6.4.2 Difficultés posées par les documents d'activité créés au moyen des
nouvelles technologies et des technologies émergentes . 14
6.4.3 Nouvelles technologies et technologies émergentes comme facilitateurs de
conversion et de migration. 14
6.5 Services de conversion et de migration externes . 15
7 Procédures de conversion et de migration .15
7.1 Généralités . 15
7.2 Modes opératoires . 16
7.2.1 Généralités . 16
7.2.2 Recommandations sur le choix des procédures appropriées . 16
7.2.3 Maintien des caractéristiques des documents d'activité . 16
7.3 Planification de projet de conversion/migration. 19
7.3.1 Généralités . 19
7.3.2 Étape 1: Comprendre les documents d'activité sources et leur
environnement organisationnel . 19
7.3.3 Étape 2: Choisir l'état souhaité des documents d'activité cibles .20
7.3.4 Étape 3: Choisir/développer la méthode et les activités de conversion ou de
migration . 20
7.3.5 Étape 4: Choisir/développer une méthode d'essai des méthodes et activités
de conversion/migration . 21
iii
7.3.6 Étape 5: Choisir/développer une méthode de validation des méthodes et
activités de conversion/migration . 21
7.3.7 Étape 6: Décider de l'élimination des documents d'activités sources . 21
7.3.8 Étape 7: Identifier les ressources requises . 21
7.3.9 Étape 8: Documenter le processus de conversion/migration .22
7.3.10 Étape 9: Documenter et obtenir l'approbation du plan de conversion/
migration . 22
7.4 Essais . 23
7.4.1 Généralités .23
7.4.2 Étape 1: Planifier l'essai .23
7.4.3 Étape 2: Configurer l'environnement des essais . 24
7.4.4 Étape 3: Effectuer l'essai . 24
7.4.5 Étape 4: Évaluer les résultats d'essai . 24
7.4.6 Étape 5: Rendre compte des résultats . 24
7.5 Conversion/migration . 24
7.5.1 Généralités . 24
7.5.2 Étape 1: Préparer la conversion/migration . 24
7.5.3 Étape 2: Définir les documents d'activité à soumettre à conversion/
migration . 25
7.5.4 Étape 3: Configurer l'environnement de conversion/migration.26
7.5.5 Étape 4: Effectuer la conversion/migration . . 26
7.5.6 Étape 5: Vérifier et corriger les erreurs . 26
7.6 Validation . 27
7.6.1 Généralités . 27
7.6.2 Étape 1: Attribuer les responsabilités . 27
7.6.3 Étape 2: Déterminer les activités de validation . 27
7.6.4 Étape 3: Établir le système dans l'environnement de validation . 27
7.6.5 Étape 4: Effectuer la validation . 27
7.6.6 Étape 5: Résultats d'analyse . .28
7.6.7 Étape 6: Rendre compte des résultats de la validation .28
7.6.8 Étape 7: Mettre à jour les informations descriptives concernant les
documents d'activité . .28
7.6.9 Étape 8: Gérer la version d'origine .29
7.6.10 Étape 9: Rendre la nouvelle version opérationnelle .29
7.6.11 Étape 10: Autorisation . .29
8 Surveillance . .29
Bibliographie .31
iv
Avant-propos
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 46, Information et documentation, sous-
comité SC 11, Archives/Gestion des documents d'activité.
Cette deuxième édition annule et remplace la première édition (ISO 13008:2012), qui a fait l'objet d'une
révision technique.
Les principales modifications sont les suivantes:
— mise à jour des termes et définitions;
— ajout de déclencheurs de conversion/migration supplémentaires;
— clarification des exigences de conversion et de migration;
— mise à jour de la Bibliographie.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
v
Introduction
Le présent document donne des recommandations pour la conversion de documents d'activité d'un
format en un autre, et pour la migration de documents d'activité d'une configuration matérielle ou
logicielle à une autre. Il contient des exigences de gestion des documents d'activité applicables, la
structure organisationnelle et d'activité pour exécuter le processus de conversion et de migration, des
questions de planification technologique, et la surveillance et les contrôles du processus. Il identifie
également les étapes, les composants et les méthodologies particulières pour chacun de ces processus,
y compris des sujets tels que la séquence des opérations, les essais, le contrôle et la validation des
versions.
Au vu du rythme soutenu de l'évolution des technologies et des exigences de conservation numérique,
un grand nombre de documents d'activité devront tôt ou tard être convertis d'un format en un autre,
ou migrés d'un système à un autre, pour garantir le maintien de leur accessibilité et de leur aptitude au
traitement.
Il ne s'agit pas ici de suggérer que la conversion et la migration sont les seules méthodes de conservation
des documents d'activité numériques. D'autres méthodes, telles que l'émulation, existent ou sont
en cours d'élaboration. La conversion et la migration restent néanmoins deux des méthodes les plus
courantes de conservation numérique. Même si le présent document ne couvre pas la conservation
numérique en tant que telle, les processus de conversion et de migration peuvent avoir un impact sur
une stratégie de conservation numérique. La manière dont un organisme décide de mettre en place les
processus de conversion et de migration (quel format employer, le niveau de contrôle nécessaire, etc.)
influence dans une large mesure sa conception des documents d'activité. Il n'existe pas de méthode
unique adaptée à toutes les situations. Certaines institutions reconnaissent toutefois l'avantage d'avoir
des procédures normalisées; de nombreux bancs d'essai et équipes opérationnelles ont été établis pour
étudier et se documenter sur la conversion, la migration, l'émulation et le rafraîchissement, entre autres
procédures de conservation, pour déterminer ce qui devrait être le plus efficace.
La conversion et la migration représentent des démarches séparées pour la conservation des
documents d'activité numériques. Il est important de les mettre en œuvre de manière contrôlée
pour empêcher toute dégradation ou perte d'authenticité, de fiabilité, d'intégrité et d'utilisabilité des
documents d'activité, de manière à garantir un «document d'activité probant» comme décrit dans
l'ISO 15489-1:2016, 5.2.2. Le présent document expose les éléments du programme, les questions de
planification, les exigences de gestion des documents d'activité et les procédures de réalisation de la
conversion et de la migration des documents d'activité numériques afin de préserver leur authenticité,
leur fiabilité, leur intégrité et leur utilisabilité de manière à ce qu'ils puissent continuer de servir de
preuve de transactions. Dans les cas où la conversion et la migration sont effectuées en même temps,
toutes les exigences et recommandations du présent document s'appliquent.
Il est à noter d'emblée qu'il n'est pas nécessaire d'adopter toutes les procédures recommandées dans
le présent document pour faire en sorte que les exigences de gestion des documents d'activité soient
satisfaites. La décision concernant le choix de la procédure à adopter dépend de facteurs comme le type
de conversion ou de migration à effectuer, et du niveau de risque que l'organisme est prêt à accepter. En
outre, l'organisme a tout intérêt à incorporer une planification prévisionnelle pour une conversion et/
ou migration ultérieure de documents d'activité parmi les exigences relatives aux systèmes de gestion
électronique des documents et documents d'activité (EDRMS).
Avant de démarrer un projet de conversion ou de migration, les individus désignés comme étant
«essentiels» au processus doivent être conscients des exigences de la gestion des documents d'activité.
L'expression «critères/exigences de gestion des documents d'activité» dans le cadre de la gestion des
documents d'activité et de l'information implique une adhésion à un ensemble de principes relatifs
à l'intégrité, l'authenticité, la fiabilité et l'utilisabilité des documents d'activité et, le cas échéant, la
conformité aux exigences juridiques et réglementaires applicables. L'adhésion à ces principes garantit
que le contenu, le contexte et la structure des documents d'activité seront maintenus, et que le statut
d'un document d'activité donné comme preuve d'une activité n'est pas compromis. Ces principes
s'appliquent quelle que soit la durée de conservation des documents d'activité.
vi
Le présent document s'applique aux projets de conversion ou de migration ad hoc ainsi qu'aux
programmes de conversion ou de migration régulière et continue.
vii
NORME INTERNATIONALE ISO 13008:2022(F)
Information et documentation — Processus de conversion
et migration des documents d'activité numériques
1 Domaine d'application
Le présent document spécifie les questions de planification, les exigences et procédures de conversion
et/ou de migration des documents d'activité numériques afin de préserver leur authenticité, leur
fiabilité, leur intégrité et leur utilisabilité de manière à ce qu'ils puissent servir de preuve de fonctions
métier, de processus, d'activités et de transactions.
Ces procédures ne couvrent pas de manière exhaustive:
— les systèmes de secours;
— la conservation des documents d'activité numériques;
— la fonctionnalité des dépôts numériques de confiance;
— le processus de conversion des formats analogiques en formats numériques et vice versa.
2 Références normatives
Les documents suivants sont cités dans le texte de sorte qu'ils constituent, pour tout ou partie de leur
contenu, des exigences du présent document. Pour les références datées, seule l'édition citée s'applique.
Pour les références non datées, la dernière édition du document de référence s'applique (y compris les
éventuels amendements).
ISO 30300, Information et documentation — Systèmes de gestion des documents d'activité — Principes
essentiels et vocabulaire
3 Termes et définitions
Pour les besoins du présent document, les termes et définitions de l'ISO 30300 ainsi que les suivants,
s'appliquent.
L'ISO et l'IEC tiennent à jour des bases de données terminologiques destinées à être utilisées en
normalisation, consultables aux adresses suivantes:
— ISO Online browsing platform: disponible à l'adresse https:// www .iso .org/ obp
— IEC Electropedia: disponible à l'adresse https:// www .electropedia .org
3.1
accès
droit, possibilités et moyens de rechercher, d'exploiter ou de retrouver l'information
[SOURCE: ISO 5127:2017, 3.11.1.01]
3.2
attribut
caractéristique d'un objet ou d'une entité
Note 1 à l'article: Adapté de l'ISO/IEC 11179-3:2003.
[SOURCE: ISO 23081-1:2017, 3.3]
3.3
informations de contenu
ensemble d'informations qui est la raison d'être de la conservation ou qui comprend une partie ou la
totalité de ces informations
[SOURCE: ISO 19165-1:2018, 3.6]
3.4
nettoyage de données
processus permettant d'améliorer la qualité des données en détectant et en corrigeant (ou en éliminant)
les défauts et les erreurs des données
[SOURCE: ISO 5127:2017, 3.1.11.21]
3.5
objet de données
donnée discrète, considérée comme un élément, représentant un exemple de structure de données
connue ou supposée être connue
[SOURCE: ISO/IEC 2382:2015, 2121425]
3.6
émulation
recréation de la fonctionnalité et du comportement d'un système numérique obsolète, au moyen d'un
logiciel (appelé émulateur) sur des systèmes informatiques en place
Note 1 à l'article: L'émulation est une stratégie clé de conservation numérique.
[SOURCE: ISO 5127:2017, 3.12.1.20]
3.7
chiffrement
transformation (réversible) de données suivant un algorithme cryptographique afin de produire un
cryptogramme, c'est-à-dire de cacher le contenu informationnel des données
[SOURCE: ISO/IEC 18033-6:2019, 3.8]
3.8
format de fichier
codage d'un type de fichier qui peut être restitué ou interprété de manière cohérente, prévisible et
rationnelle par le biais d'un logiciel ou matériel particulier conçu pour traiter ce format
Note 1 à l'article: Un fichier peut être (ou non) un conteneur comportant zéro fichier ou plus de formats différents.
Les formats de fichiers peuvent être définis par une spécification, ou par un système logiciel de référence. Il existe
de nombreux formats de fichiers présentant des variations mineures, et de nombreux autres dans plus d'une
version. Il convient que la saisie des formats de fichiers soit interprétée avec latitude plutôt que strictement,
mais avec une précision suffisante pour faire la différence entre les versions lorsque ces distinctions ont des
conséquences importantes sur leur interprétation.
[SOURCE: PRONOM Vocabulary Specification, The National Archives UK, 2011]
3.9
migration
processus de déplacement de documents d'activité d'une configuration matérielle ou logicielle à une
autre sans modifier le format
3.10
d'origine
première manifestation de quelque chose
3.11
conservation
mesures visant à conserver l'utilisabilité, l'authenticité, la fiabilité et l'intégrité des documents d'activité
dans le temps
Note 1 à l'article: Mesures incluant des principes, des politiques, des règles, des stratégies, des processus et des
opérations.
[SOURCE: ISO 30300:2020, 3.4.11]
3.12
rafraîchissement
migration numérique dont l'effet est de remplacer un exemple de support informatique par une copie
suffisamment exacte pour que tous les matériels et logiciels de stockage d'archive continuent de
fonctionner comme avant
[SOURCE: ISO 19165-1:2018, 3.31]
3.13
réplication
migration numérique ne comportant aucun changement aux informations d'empaquetage, aux
informations de contenu, et aux informations de description de conservation
Note 1 à l'article: Les bits servant à représenter ces objets d'information sont conservés au cours du transfert
vers le même exemple de support informatique ou un exemple différent.
Note 2 à l'article: Adapté de l'ISO 14721:2012.
3.14
informations de représentation
informations qui cartographient un objet de données en concepts plus significatifs
[SOURCE: ISO 19165‑1:2018, 3.34, modifié — Les exemples ont été omis.]
3.15
document d'activité source
document ou document d'activité qui a été copié, converti ou migré, ou qui constituera l'entrée d'un tel
processus
Note 1 à l'article: Adapté de l'ISO/TR 13028:2010, 3.8.
3.16
validation
processus consistant à évaluer un système ou composant afin de garantir la conformité avec les
exigences fonctionnelles, de performance et d'interface
[SOURCE: ISO/IEC 14776-121:2010, 3.1.108]
4 Structure organisationnelle et d'activité
4.1 Généralités
Le présent article traite des déclencheurs qui conduisent souvent à un besoin de conversion ou de
migration des documents d'activité numériques, des questions qu'il convient que les organismes
prennent en compte lors de l'évaluation du besoin de conversion ou de migration de leurs documents
d'activité numériques, et des mesures prises pour développer un programme de conversion et de
migration. Il aborde le processus de prise de décision et d'allocation des ressources associé à la
conversion ou la migration dans le cadre organisationnel, ainsi que l'infrastructure technique qui prend
en charge les processus de conversion et de migration, et dont il convient qu'elle permette d'assurer
l'authenticité et l'intégrité des documents d'activité pour aussi longtemps que nécessaire.
4.2 Déclencheurs de conversion et de migration
4.2.1 Généralités
Divers déclencheurs peuvent imposer à un organisme de convertir ou de migrer ses documents d'activité
numériques. Certains documents d'activité ont des exigences de conservation plus longues que celles
qu'une application logicielle ou un support de stockage peut assurer, ce qui incite les organismes
à convertir ou migrer leurs documents d'activité tant que les systèmes de prise en charge restent
viables. Certains documents d'activité peuvent avoir à être convertis ou migrés parce que le support
correspondant a été contaminé. Les organismes peuvent aussi décider de convertir ou de migrer
des documents d'activité préventivement sur la base de facteurs opérationnels relatifs au volume de
documents d'activité, à l'accès, à l'efficacité de stockage, aux cycles économiques et technologiques, ou
aux changements organisationnels (comme l'externalisation, les fusions ou les acquisitions). En outre,
des organismes peuvent se trouver obligés de convertir ou de migrer des documents d'activité à la suite
d'actions en justice ou de mesures de réglementation.
4.2.2 Déclencheurs de conversion
La conversion est définie comme étant le processus qui consiste à changer le format des documents
d'activité. À titre d'exemples de déclencheurs qui peuvent nécessiter une conversion numérique, on peut
citer ce qui suit.
a) Changement de format: les documents d'activité stockés sous un format exclusif sont convertis en
format de fichier ouvert, comme la conversion d'un fichier Word.doc en PDF/A.
b) Obsolescence de format: par exemple, les documents d'activité stockés sous un format de traitement
de texte obsolète, mais encore lisible sont convertis en format de traitement de texte courant.
c) Interopérabilité: les documents d'activité sont convertis en un format garantissant une
interopérabilité parfaite avec certaines infrastructures informatiques.
d) Questions juridiques: les documents d'activité sont convertis conformément à des exigences
juridiques ou réglementaires explicites existantes concernant les formats ou les prestataires de
services.
4.2.3 Déclencheurs de migration
La migration est définie comme étant le processus de déplacement de documents d'activité d'une
configuration matérielle ou logicielle à une autre sans modifier le format. À titre d'exemples de
déclencheurs qui peuvent nécessiter une migration numérique, on peut citer ce qui suit.
a) Il peut être nécessaire de migrer des documents d'activité d'une structure à une autre. Par
exemple, des documents d'activité existant dans plusieurs bases de données patrimoniales peuvent
être restructurés dans une nouvelle base de données consolidée (par exemple d'Oracle à un
serveur SQL).
b) La plate-forme sur laquelle les documents d'activité ont été créés est en cours de changement, et
les documents d'activité doivent être migrés vers la nouvelle plate-forme. Par exemple, il peut être
nécessaire de déplacer des documents d'activité d'une plate-forme Microsoft Windows vers une
plate-forme UNIX.
c) Du point de vue de l'activité, une migration est une action prudente (par exemple pour introduire
un nouveau système doté d'une fonctionnalité améliorée). Par exemple, une migration des
documents d'activité peut être nécessaire pour prendre en charge un changement d'une présence
métier physique à une vitrine en ligne, ou pour déplacer des documents d'activité d'un lecteur
partagé vers un système de gestion électronique des documents et documents d'activité (EDRMS).
Une migration a également lieu lorsqu'un organisme déplace ses documents d'activité vers un
prestataire de services externe/environnement nuage, ou d'un prestataire à un autre.
Il convient que les organismes évaluent, documentent et gèrent leurs documents d'activité. Le maintien
de l'accessibilité des documents d'activité numériques dans le contexte d'un environnement technique
en évolution et la conformité à des exigences juridiques et réglementaires dynamiques requièrent
des efforts rigoureux et coordonnées et un financement à long terme. Il convient que les décisions
concernant la conversion et la migration soient fondées sur une analyse de la valeur des documents
d'activité numériques de l'organisme et de l'impact de l'infrastructure et des investissements de
technologie pendant la durée de l'existence des documents d'activité, ainsi que sur une connaissance
des normes et des bonnes pratiques relatives à la conversion et à la migration des documents d'activité
numériques.
4.3 Planification pour le processus de conversion et de migration
4.3.1 Généralités
La planification de la conversion et de la migration relève du domaine des protocoles et systèmes de
gouvernance de l'information de l'organisme (c'est‑à‑dire qu'elle relève d'une responsabilité conjointe
des parties prenantes, notamment des professionnels de l'information et des fonctions métier
pertinentes). Comme avec la gestion d'actifs plus traditionnels (capital, installations, ressources
humaines), les politiques et procédures concernant l'acquisition, la gestion et la cession d'actifs
informationnels doivent être établies, suivies, documentées et régulièrement auditées pour vérifier
leur conformité et leur efficacité. Les dirigeants d'activité (et leurs agents de soutien IS/IT respectifs)
doivent savoir où et comment leur capital de documents d'activité est créé, géré et stocké, et doivent
donc être capables de prévoir et de justifier la raison pour la conversion ou la migration.
Dans un organisme donné, une conversion ou une migration peut avoir lieu en tant que projet unique, ou
régulièrement comme une activité continue pour répondre à n'importe laquelle des situations ci-dessus.
Toutefois, pour une conservation efficace des documents d'activité numériques et de leurs métadonnées,
la conversion ou la migration doit être effectuée dans le cadre d'un programme soigneusement planifié
et structuré. Dans tous les cas, il est préférable de planifier, d'exécuter et de valider le processus de
conversion ou de migration des documents d'activité en amont, avec des délais et des ressources
suffisants et en réduisant autant que possible les perturbations pour les parties prenantes et leurs
cycles d'activité et fonctions. Lors d'un événement imprévu (naturel ou d'origine humaine), il peut être
nécessaire de réaliser la conversion ou la migration dans des conditions extrêmes, et donc loin d'être
idéales, ce qui augmente le coût et la perturbation.
4.3.2 Gestion des risques
Des coûts importants peuvent être associés à la conversion et la migration des documents d'activité
numériques; par exemple, les coûts de nouveaux matériels et logiciels, de licences, de ressources
humaines supplémentaires, etc. En conséquence, un organisme doit déterminer l'étendue de la
conversion ou de la migration sur la base de l'analyse des coûts, des bénéfices et des risques. Les
documents d'activité doivent être analysés pour déterminer leur valeur pour l'organisme et le risque
associé avec leur éventuelle perte ou corruption. Il convient qu'une partie du programme de gestion des
documents d'activité de l'organisme comprenne l'évaluation des documents d'activité et l'évaluation
des risques associés. Ces décisions sont normalement documentées dans les politiques de conservation
des documents d'activité de l'organisme. Des recommandations supplémentaires sur l'évaluation des
risques se trouvent dans l'ISO/TR 18128.
Les pratiques de gestion des documents d'activité d'un organisme sont basées sur les besoins
opérationnels et autres besoins et perceptions des risques. Les besoins opérationnels (par exemple
respect des exigences réglementaires, développement du produit, fourniture d'accès ou documentation
des transactions financières) déterminent les stratégies et niveaux d'effort qu'un organisme met en
œuvre pour assurer la fiabilité d'un document d'activité. L'évaluation et l'atténuation des risques, ainsi
que d'autres techniques, sont utilisées pour établir des contrôles de management et des exigences
de documentation des activités. Ces évaluations des risques peuvent également servir à établir des
contrôles de management des documents d'activité. Des évaluations des risques doivent être réalisées
en vue d'établir des niveaux appropriés de contrôles de management avant de prendre de nouvelles
initiatives.
Du point de vue des contrôles de management des documents d'activité, deux risques principaux sont
évalués dans le cas des documents d'activité numériques:
1) remises en cause de la fiabilité et de l'intégrité des documents d'activité (par exemple remises en
cause juridiques) auxquelles on peut s'attendre pendant la durée de vie des documents d'activité;
2) perte, y compris perte d'accès aux documents d'activité (ou destruction non autorisée de ces
documents d'activité).
Les conséquences sont mesurées par le degré de perte (y compris la perte de réputation) que l'organisme
ou d'autres parties prenantes viendraient à subir si la fiabilité des documents d'activité ne peut être
vérifiée, ou en cas de perte ou de destruction non autorisée des documents d'activité.
4.3.3 Quand convertir ou migrer
Il est recommandé d'effectuer la conversion ou la migration des documents d'activité avant que la
technologie ou les supports dont ils dépendent ne deviennent obsolètes. Suivant des facteurs comme
le volume et les exigences d'accès, il peut être souhaitable de convertir ou de migrer les documents
d'activité dès que la cible ou l'environnement final est connu. Si la valeur des documents d'activité et/ou
le risque perçus sont suffisamment faibles, les organismes peuvent décider d'attendre jusqu'à ce qu'un
autre déclencheur (par exemple mise à niveau de logiciel, remplacement de système, acquisition ou
fusion) déclenche la décision d'une conversion ou d'une migration.
4.3.4 Considérations relatives à la conversion et à la migration
Dans un environnement numérique, la conversion et la migration des documents d'activité d'un
organisme constituent souvent une activité de routine à petite ou grande échelle. Par conséquent, un
organisme doit disposer de politiques, de procédures et de plans pour faire en sorte que ces activités
soient effectuées conformément aux normes et aux pratiques des entreprises. Les obligations et les
interdépendances associées à la conservation des documents d'activité doivent être reconnues et
documentées dès que possible dans la phase de définition de l'analyse et des exigences à la fois de la
planification des processus d'affaires et de la planification des investissements technologiques.
Il convient que les facteurs suivants soient pris en compte pour décider si des ressources internes
ou externes, ou une combinaison des deux, seront impliquées dans les activités de conversion et de
migration (basées sur le projet).
— Compétences: le personnel de l'organisme a-t-il l'expérience et les connaissances nécessaires pour
réaliser les activités de conversion et de migration?
— Disponibilité des ressources humaines et techniques (y compris le personnel de sécurité et des
documents d'activité): les membres du personnel ayant les compétences appropriées sont-ils
disponibles pendant la durée du projet?
— Équipement: l'organisme a-t-il l'environnement et les outils appropriés pour réaliser les activités de
conversion et de migration?
— Coûts et calendrier: l'organisme a-t-il les ressources nécessaires (budget et temps) pour réaliser les
activités de conversion et de migration?
— Capacité à assurer l'assurance qualité/le contrôle qualité: le personnel de l'organisme a‑t‑il
l'expérience et les connaissances nécessaires pour réaliser les activités d'assurance qualité et de
contrôle qualité?
— Partage de données/intendance/propriété des données: quelle(s) personne(s) ou unité(s)
opérationnelle(s) de l'organisme supervisera/superviseront les activités de conversion et de
migration?
— Validation: le personnel de l'organisme a-t-il l'expérience et les connaissances nécessaires pour
valider les activités de conversion et de migration?
— Cycles d'activité: quelle(s) personne(s) ou unité(s) opérationnelle(s) de l'organisme décidera/
décideront quand les activités de conversion et de migration doivent avoir lieu?
— Sécurité et protection des données à caractère personnel: les prestataires internes et/ou externes
sont‑ils en mesure de respecter toutes les exigences juridiques, réglementaires et opérationnelles
applicables?
4.4 Élaboration d'un programme de conversion et de migration
4.4.1 Généralités
Les organismes qui utilisent des documents d'activité numériques pour des périodes de nature à
nécessiter des conversions ou des migrations régulières et continues doivent élaborer un programme
de conversion et de migration avant d'effectuer des conversions ou des migrations importantes de
documents d'activité numériques.
Ceci implique que le besoin de convertir ou de migrer les éléments numériques qui composent les
documents d'activité de l'organisme soit reconnu, et qu'une structure de gouvernance avec autorité de
direction directe ou déléguée soit en place. Les politiques d'entreprise de l'organisme doivent autoriser
l'élaboration d'un programme de conversion et de migration.
C'est la structure de gouvernance du programme de conversion et de migration qui autorise quand
et comment les conversions et les migrations ont lieu, et qui les réalise. D'ordinaire, il incombe aux
professionnels de la gestion documentaire d'autoriser le processus de conversion et de migration
avec l'aide du service informatique, du ou des propriétaire(s) de l'activité et du personnel juridique.
La structure de gouvernance du programme de conversion et de migration autorise également tout
processus d'audit à mettre en œuvre, et identifie la personne responsable de son exécution.
Il est indispensable de déterminer l'autorisation et les domaine(s) d'activité responsables afin d'établir la
conversion et la migration comme une activité professionnelle normale et régulière pour un organis
...