ISO 4669-2:2025

International
Standard
ISO 4669-2
First edition
Document management —
2025-05
Information classification, marking
and handling —
Part 2:
Functional and technical
requirements for ICMH solutions
Gestion des documents — Traitement, marquage et classification
de l'information —
Partie 2: Exigences fonctionnelles et techniques pour les
solutions ICMH
Reference number
© ISO 2025
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Functional requirements . 2
4.1 General .2
4.2 Marking and handling requirements.3
4.2.1 Marking . .3
4.2.2 Using marks to protect documents .3
4.2.3 Authenticity of marked documents .3
4.2.4 Use of received document .3
4.2.5 Audit .4
5 Technical requirements . 4
5.1 Setting the ICMH system .4
5.1.1 Preparing the control of classifications .4
5.1.2 Handling of documents by the ICMH system .4
5.2 Content preparation.4
5.2.1 General .4
5.2.2 Content .5
5.2.3 Marking . . .5
5.2.4 Marking technology .5
5.3 Distribution and sharing .5
5.3.1 General .5
5.3.2 Distribution, sharing and exchanging policy .5
5.3.3 Management by recipients . . .5
5.4 Context .5
Annex A (informative) Example of classification and applied technologies . 7
Bibliography . 9

iii
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out through
ISO technical committees. Each member body interested in a subject for which a technical committee
has been established has the right to be represented on that committee. International organizations,
governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely
with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of ISO document should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
ISO draws attention to the possibility that the implementation of this document may involve the use of (a)
patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed patent
rights in respect thereof. As of the date of publication of this document, ISO had not received notice of (a)
patent(s) which may be required to implement this document. However, implementers are cautioned that
this may not represent the latest information, which may be obtained from the patent database available at
www.iso.org/patents. ISO shall not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 171, Document management applications,
Subcommittee SC 1, Quality, preservation and integrity of information.
A list of all parts in the ISO 4669 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.

iv
Introduction
This document describes the functional requirements for the handling and sharing of sensitive documents
by the solutions that are controlling and distributing digital content. It provides guidelines on selecting
solutions that offer adequate protection, especially in terms of privacy, security and traceability.
It is intended to be used by software developers and service providers, as well as end users.
This document can be used to compare different software solutions.

v
International Standard ISO 4669-2:2025(en)
Document management — Information classification,
marking and handling —
Part 2:
Functional and technical requirements for ICMH solutions
1 Scope
This document defines functional and technical requirements for solutions addressing the classification,
marking, handling and sharing of sensitive documents. It complements ISO 4669-1, which specifies
requirements for information classification, marking and handling (ICMH).
This document addresses solutions that control and distribute content in digital format, both inside and
outside the organization owning the content.
The distribution of content by means of physical media is beyond the scope of this document.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
classification
systematic identification and/or arrangement of information assets (3.7) into categories according to
logically structured conventions, methods and procedural rules
Note 1 to entry: These categories consider issues such as the sensitivity of an information asset to loss or damage, i.e.
confidentiality, integrity and availability and other impacts on the organization(s).
[SOURCE: ISO 15489-1:2016, 3.5, modified — “information assets” has replaced “business activities and/or
records” and Note 1 to entry has been added.]
3.2
document
information (3.6) and the medium on which it is contained
[SOURCE: ISO 9000:2015, 3.8.5, modified — the example and notes to entry have been deleted.]
3.3
handling
required activities relating to information assets (3.7) that have been marked with a specific classification (3.1)
[SOURCE: ISO 4669-1:2023, 3.3]

3.4
information classification, marking and handling scheme
ICMH scheme
respective, specific requirements and arrangements established for the individual activities of classification
(3.1), marking (3.8) or handling (3.3)
[SOURCE: ISO 4669-1:2023, 3.4]
3.5
information classification, marking and handling system
ICMH system
set of interrelated or interacting elements to establish information classification (3.1), marking (3.8) and
handling (3.3) policies and objectives with processes to achieve those objectives
[SOURCE: ISO 4669-1:2023, 3.5]
3.6
information
meaningful data
Note 1 to entry: Data can be regarded as lacking the context necessary to interpret its meaning. Information is accurate,
timely, specific and organized for a purpose. It is presented within a context that gives it meaning and relevance, and
can lead to an increase in understanding and decrease in uncertainty. Information is valuable because it can affect
behaviour, a decision or an outcome.
[SOURCE: ISO 9000:2015, 3.8.2, modified — Note 1 to entry has been added.]
3.7
information asset
set of information (3.6) that is capable of being shared and can be held in any form, e.g. physical or digital
[SOURCE: ISO 4669-1:2023, 3.7]
3.8
marking
process by which a classification (3.1) is documented and indicated for an information asset (3.7) (usually on
the information asset)
[SOURCE: ISO 4669-1:2023, 3.10]
4 Functional requirements
4.1 General
Thi
...