ISO 16919:2025

International
Standard
ISO 16919
Second edition
Space data and information transfer
2025-03
systems — Requirements for bodies
providing audit and certification
of candidate trustworthy digital
repositories
Systèmes de transfert des informations et données spatiales —
Exigences pour les organismes d'audit et de certification des
référentiels numériques potentiellement de confiance
Reference number
© ISO 2025
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
REQUIREMENTS FOR BODIES PROVIDING AUDIT AND CERTIFICATION
OF CANDIDATE TRUSTWORTHY DIGITAL REPOSITORIES
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national
standards bodies (ISO member bodies). The work of preparing International Standards is
normally carried out through ISO technical committees. Each member body interested in a
subject for which a technical committee has been established has the right to be represented on
that committee. International organizations, governmental and non-governmental, in liaison
with ISO, also take part in the work. ISO collaborates closely with the International
Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance
are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria
needed for the different types of ISO document should be noted (see www.iso.org/directives).
ISO draws attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO takes no position concerning the evidence, validity or applicability of
any claimed patent rights in respect thereof. As of the date of publication of this document, ISO
had not received notice of (a) patent(s) which may be required to implement this document.
However, implementers are cautioned that this may not represent the latest information, which
may be obtained from the patent database available at www.iso.org/patents. ISO shall not be
held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and
does not constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms
and expressions related to conformity assessment, as well as information about ISO's adherence
to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html.
This document was prepared by the Consultative Committee for Space Data Systems (CCSDS)
(as CCSDS 652.1-M-3, December 2024) and drafted in accordance with its editorial rules. It was
assigned to Technical Committee ISO/TC 20, Aircraft and space vehicles, Subcommittee SC 13,
Space data and information transfer systems and adopted under the “fast-track procedure”.
This second edition cancels and replaces the first edition (ISO 16919:2014), which has been
technically revised.
The main changes are as follows:
— updated references to latest versions of documents, ISO 17021:2015, ISO 16363 and ISO 14721;
— updated to be consistent with the structure of the latest version of ISO 17021-1, for example,
removal of section 8.3 Directory of Certified Clients;
— clarified use of remotes audits in Section 9;
— added CCSDS required subsections in Annex B.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html.
CCSDS 652.1-M-3 Page iii December 2024
REQUIREMENTS FOR BODIES PROVIDING AUDIT AND CERTIFICATION
OF CANDIDATE TRUSTWORTHY DIGITAL REPOSITORIES
CONTENTS
Section Page
1 INTRODUCTION . 1-1

1.1 PURPOSE . 1-1
1.2 SCOPE . 1-1
1.3 APPLICABILITY . 1-1
1.4 RATIONALE . 1-2
1.5 STRUCTURE OF THIS DOCUMENT . 1-2
1.6 DEFINITIONS . 1-3
1.7 CONFORMANCE . 1-4
1.8 REFERENCES . 1-4

2 OVERVIEW . 2-1

3 RESERVED . 3-1

4 PRINCIPLES . 4-1

5 GENERAL REQUIREMENTS . 5-1

5.1 LEGAL AND CONTRACTUAL MATTERS. 5-1
5.2 MANAGEMENT OF IMPARTIALITY . 5-1
5.3 LIABILITY AND FINANCING . 5-1

6 STRUCTURAL REQUIREMENTS . 6-1

7 RESOURCE REQUIREMENTS . 7-1

7.1 COMPETENCE OF PERSONNEL . 7-1
7.2 PERSONNEL INVOLVED IN THE CERTIFICATION ACTIVITIES . 7-1
7.3 USE OF INDIVIDUAL EXTERNAL AUDITORS AND EXTERNAL
TECHNICAL EXPERTS . 7-1
7.4 PERSONNEL RECORDS . 7-2
7.5 OUTSOURCING . 7-2

8 INFORMATION REQUIREMENTS . 8-1

8.1 PUBLIC INFORMATION . 8-1
8.2 CERTIFICATION DOCUMENTS . 8-1
8.3 REFERENCE TO CERTIFICATION AND USE OF MARKS . 8-1
8.4 CONFIDENTIALITY . 8-1
8.5 INFORMATION EXCHANGE BETWEEN A CERTIFICATION BODY AND
ITS CLIENTS . 8-1
CCSDS 652.1-M-3 Page iv December 2024
REQUIREMENTS FOR BODIES PROVIDING AUDIT AND CERTIFICATION
OF CANDIDATE TRUSTWORTHY DIGITAL REPOSITORIES
CONTENTS (continued)
Section Page
9 PROCESS REQUIREMENTS. 9-1

10 MANAGEMENT SYSTEM REQUIREMENTS FOR
CERTIFICATION BODIES . 10-1

ANNEX A REQUIRED TRUSTED DIGITAL REPOSITORY
MANAGEMENT SYSTEM (TDRMS) COMPETENCIES
(NORMATIVE) . A-1
ANNEX B SECURITY, SANA, AND PATENT CONSIDERATIONS
(INFORMATIVE) . B-1
ANNEX C AUDIT BY NON-CONFORMANT BODIES (INFORMATIVE) . C-1

CCSDS 652.1-M-3 Page v December 2024
REQUIREMENTS FOR BODIES PROVIDING AUDIT AND CERTIFICATION
OF CANDIDATE TRUSTWORTHY DIGITAL REPOSITORIES
1 INTRODUCTION
1.1 PURPOSE
The main purpose of this document is to define a CCSDS Recommended Practice (and ISO
standard) on which to base the operations of the organization(s) which assess the
trustworthiness of digital repositories using the latest version of CCSDS 652.0/ISO 16363
(reference [1]) and provide the appropriate certification. This document specifies
requirements for bodies providing audit and certification of digital repositories, based on the
metrics contained within ISO/IEC 17021-1 (reference [4]) and reference [1]. It is primarily
intended to support the accreditation of bodies providing such certification.
ISO/IEC 17021-1 provides the bulk of the requirements on bodies offering audit and
certification for general types of management systems. However, for each specific type of
system, specific additional requirements will be needed, for example, to specify the standard
against which the audit is to be made and the qualifications which auditors require.
This document provides the (small number of) specific additions required for bodies
providing audit and certification of candidate trustworthy digital repositories. Trustworthy
here means that they can be trusted to maintain, over the long-term, the understandability and
usability of digitally encoded information placed into their safekeeping.
In order improve readability the section numbers are kept consistent with those of ISO/IEC
17021-1. Some subsections are applicable as they stand, and these are simply enumerated;
otherwise additions to subsections are explicitly given. In the former case the sections may
consist of just a few sentences. As a result this document must be read in conjunction with
ISO/IEC 17021-1.
1.2 SCOPE
The requirements contained in this CCSDS Recommended Practice need to be demonstrated
in terms of competence and reliability by any organization or body providing certification of
digital repositories.
1.3 APPLICABILITY
This document is meant primarily for those setting up and managing the organization
performing the auditing and certification of digital repositories.
It should also be of use to those who work in or are responsible for digital repositories
seeking objective measurement of the trustworthiness of their repository and wishing to
understand the processes involved.
CCSDS 652.1-M-3 Page 1-1 December 2024
REQUIREMENTS FOR BODIES PROVIDING AUDIT AND CERTIFICATION
OF CANDIDATE TRUSTWORTHY DIGITAL REPOSITORIES
1.4 RATIONALE
There is a hierarchy of standards concerned with good auditing practice (references [3]-[5]).
This document is positioned within this hierarchy in order to ensure that these good practices
can be applied to the evaluation of the trustworthiness of digital repositories.
ISO/IEC 17021-1 Conformity assessment — Requirements for bodies providing audit and
certification of management systems (reference [5]) is an International Standard which sets
out criteria for bodies operating audit and certification of organizations’ management
systems. If such bodies are to be accredited as complying with ISO/IEC 17021-1 with the
objective of auditing and certifying candidate trustworthy digital repositories in accordance
with reference [1], some requirements that are additional to ISO/IEC 17021-1 are necessary.
These are provided by this document.
The text in sections 4 to 10 in this document follows the structure of ISO/IEC 17021-1, with
specific additions on the application of ISO/IEC 17021-1 for certification of candidate
trustworthy digital repositories.
1.5 STRUCTURE OF THIS DOCUMENT
This document is divided into informative and normative sections and annexes.
Sections 1-2 of this document give a high-level view of the rationale, the conceptual
environment, some of the important design issues and an introduction to the terminology and
concepts.
– Section 1 gives purpose and scope, rationale, a view of the overall document
structure, and the acronym list, glossary, and reference list for this document. These
are normative.
– Section 2 provides an overview of auditing practices. This is informative.
– Section 3 is reserved for future use.
– Section 4 states the principles that apply.
– Sections 5 to 10 provide the normative rules against which an organization providing
audit and certification of candidate trustworthy digital repositories may be judged,
based on ISO/IEC 17021-1 (reference [4]).
– Annex A specifies the trusted digital repository management system competencies for
certification body personnel for specific certification functions.
– Annex B is a CCSDS-required informative discussion of the security implications of
applying this CCSDS Recommended Practice.
CCSDS 652.1-M-3 Page 1-2 December 2024
REQUIREMENTS FOR BODIES PROVIDING AUDIT AND CERTIFICATION
OF CANDIDATE TRUSTWORTHY DIGITAL REPOSITORIES
1.6 DEFINITIONS
1.6.1 ACRONYMS AND ABBREVIATIONS
CAB conformity assessment body
CCSDS Consultative Committee for Space Data Systems
IEC International Electrotechnical Commission
ISO International Organization for Standardization
OAIS Open Archival Information System
TDR Trustworthy Digital Repository
TDRMS Trustworthy Digital Repository management system
SANA Space Assigned Numbers Authority
1.6.2 TERMINOLOGY
1.6.2.1 Gene
...