ISO 18829:2017

INTERNATIONAL ISO
STANDARD 18829
First edition
2017-06
Document management — Assessing
ECM/EDRM implementations —
Trustworthiness
Gestion de documents — Évaluation de la mise en oeuvre des ECM/
EDRM — Fiabilité
Reference number
ISO 18829:2017(E)
©
ISO 2017

---------------------- Page: 1 ----------------------
ISO 18829:2017(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO 2017, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO 2017 – All rights reserved

---------------------- Page: 2 ----------------------
ISO 18829:2017(E)

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Trustworthy ECM system assessment . 2
4.1 General . 2
4.1.1 Assessment output . 2
4.1.2 Process review . 3
4.1.3 Fulfilling legal, government and regulatory requirements . 4
4.2 Assessment activities . 4
4.2.1 Review of existing business practice and other organizational documentation . 4
4.2.2 Evaluating information ingested into the system . 4
4.2.3 Readability . 5
4.3 Evaluating information retention, preservation and destruction . 6
4.3.1 Application interoperability . 6
4.3.2 Data migration between electronic storage media . 6
4.3.3 Data format conversion . . 6
4.3.4 Media monitoring program . 6
4.3.5 Data expunging/deletion . 6
4.4 System security . 6
4.4.1 Security-related information to be collected/reviewed . 6
4.4.2 Securing the information to prevent unauthorized modification or
deletion of ESI . 7
4.5 Evaluating information access . 7
4.5.1 General. 7
4.5.2 Managing authorized modification . 8
4.6 Evaluating history and audit trail information. 8
4.6.1 General. 8
4.6.2 Retrieval of previous document version required to be maintained . 8
4.6.3 Management of notes and annotations as part of a business record . 9
4.6.4 Management of ESI containing macros and/or external links . 9
4.7 Evaluating technical and data storage environments .10
4.7.1 Information security models .10
4.7.2 Storage technologies assessment .10
4.7.3 Technology standards being followed by organization .10
4.7.4 Primary and secondary storage .10
Bibliography .12
© ISO 2017 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO 18829:2017(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO’s adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following
URL: w w w . i s o .org/ iso/ foreword .html.
This document was prepared by Technical Committee ISO/TC 171, Document management applications,
Subcommittee SC 1, Quality, preservation and integrity of information.
iv © ISO 2017 – All rights reserved

---------------------- Page: 4 ----------------------
ISO 18829:2017(E)

Introduction
This document provides a methodology for organizations seeking to assess whether their ECM
environment complies with key concepts of trustworthiness and information reliability as identified in
ISO/TR 15801 and ISO/TR 22957.
Many organizations are now required to ensure their business-related electronically stored information
(ESI) is securely created, stored and eventually destroyed in order to establish the authenticity and
accuracy of the ESI and the security and trustworthiness of the organization.
This document identifies activities and operations an organization needs to follow in order to
— ensure that any electronically stored information (ESI) is created and maintained in a reliable and
trustworthy manner through the entire ESI lifecycle, and
— evaluate existing enterprise content management (ECM) systems or electronic document and
records management (EDRM) systems for compliance with applicable ISO standards.
ISO 15489, ISO/TR 15801 and ISO/TR 22957 provide organizations with guidance for the design of
their enterprise content management (ECM) systems; however, organizations may also be required to
provide auditable proof that these systems provide a secure environment for ESI that meets any legal,
technical and policy obligations of the organization and comply with applicable ISO standards.
Any trustworthy ECM/EDRM solution needs to be capable of being audited, with reproducible results.
There also needs to be a method of independently verifying the claims of the software and hardware
vendors that the information is safe and secure and being stored in a trustworthy fashion. Organizations
will need to ensure that their supporting documentation reflects these requirements.
Although standardized ECM solutions are likely to be auditable and can be easily verified, non-
standardized or proprietary storage solutions may not provide a full audit trail and claims for the
security of the ECM/EDRM solution made by vendors are difficult to independently verify. Regardless
of whether the storage technology is standardized or proprietary, the organization faces the same need
to be able to verify that the ECM/EDRM solution complies with all applicable requirements.
© ISO 2017 – All rights reserved v

---------------------- Page: 5 ----------------------
INTERNATIONAL STANDARD ISO 18829:2017(E)
Document management — Assessing ECM/EDRM
implementations — Trustworthiness
1 Scope
This document identifies activities and operations that an organization needs to perform, or have
performed, to evaluate whether the electronically stored information (ESI) is or was maintained in a
reliable and trustworthy environment(s). These environments utilize content or records management
technologies commonly referred to as either enterprise content management (ECM) or electronic
document and records management (EDRM) enforcing organizational records management policies
and schedules.
ISO/TR 15801 and ISO 15489 (all parts) established the standards and best practices associated with
implementing trustworthy records/document management environments. However, a standard is
necessary to define the methodology used to evaluate these types of records/document management
environments regardless of what technologies are currently employed by the organization. This
document establishes the assessment methodology to be followed to identify the level of organizational
compliance with these standards as related to trustworthiness and reliability of information stored in
these environments.
This document is applicable to existing or planned ECM systems. Establishing the existence of a
trustworthy system is an important step in documenting the reliability of ESI maintained within
that system or environment. This document is designed for use by organizations evaluating the
trustworthiness of existing record/document management environments. This document identifies all
of the mandatory activities and areas that need to be examined by a resource, or resources, with a
thorough technical and operational knowledge of the specific technologies and methodologies being
examined, along with understanding record management processes and activities.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 12651-1, Electronic document management — Vocabulary — Part 1: Electronic document imaging
ISO 15489-1, Information and documentation — Records management — Part 1: Concepts and principles
3 Terms and definitions
For the purposes of this document, the following terms and definitions given in ISO 12651-1, ISO 15489-1
and the following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— IEC Electropedia: available at http:// www .electropedia .org/
— ISO Online browsing platform: available at http:// www .iso .org/ obp
3.1
authentic record
record that can be proven
a) to be what it purports to be,
© ISO 2017 – All rights reserved 1

---------------------- Page: 6 ----------------------
ISO 18829:2017(E)

b) to have been created or sent by the person purported to have created or sent it, and
c) to have been created or sent at the time purported
3.2
business practice documentation
BPD
detailed business process document identifying how information is received, stored and managed along
with the processes, policies and procedures followed by the organization
Note 1 to entry: The BPD contains sufficient information allowing the organization to authenticate or certify
that electronically stored information contained within the electronic document/record management system is
accurate, reliable and trustworthy.
Note 2 to entry: In some areas, this document is referred to as a master procedure manual.
3.3
electronically stored information
ESI
information created, used and stored in digital form, and requiring a computer or other device for access
Note 1 to entry: For the purposes of this document, ESI includes documents and records created and/or managed
by the organization in the course of business. Electronic data contained within relational databases or specialized
application data sets are not considered to be part of the ESI examined when executing this assessment.
3.4
readability
ability of the system to accurately reproduce the stored information in a consistent fashion over a
period of time without modification to the original content in any way that materially changes what
was originally stored
3.5
reliable
trusted as a full and accurate representation of the transactions, activities or attested facts and can be
depended upon in the course of subsequent transactions or activities
3.6
trustworthy
stored electronically in an accurate, reliable and usable/readable manner, ensuring integrity over time
Note 1 to entry: See ISO/TR 15801.
4 Trustworthy ECM system assessment
4.1 General
4.1.1 Assessment output
Trustworthy ECM systems shall ensure that information being managed can be reproduced in a reliable
fashion and prevent unauthorized modifications or changes to the content or associated metadata.
This includes any ESI generated from various office applications that utilize external sources to
“complete” the document/record then created and/or printed/saved as determined appropriate by the
organization.
The output of this standardized assessment shall include a detailed report including sufficient
information allowing the organization to determine how to best address any areas identified as not
being in full compliance. The report should also include, with detailed technology (if appropriate),
recommendations and records/document management related policies and procedures required to
come into full compliance.
2 © ISO 2017 – All rights reserved

---------------------- Page: 7 ----------------------
ISO 18829:2017(E)

A key element of this assessment standard is to provide detailed information to the organization
related to the overall trustworthiness of their ECM environment along with recommendations on
how to address those areas evaluated not to be in compliance with the associated ECM and records
management related standards.
Upon conclusion of any ISO 18829-compliant assessment, the assessment team shall prepare a detailed
report containing, at a minimum, the following:
— a business needs and/or business case. This section shall include a description of the records
assessment process followed, a summary of findings for physical records and electronic records
and business-related issues identified throughout the assessment;
— an analysis section that provides detailed information associated with a clear set of objective
records and information management principles to achieve a measurable, consistent records
information structure, fully insulated from individual and organizational bias. Previously referred
to as GARP (“Generally Accepted Recordkeeping Principles”), it is now referred to within the records
management industry as the “Principles” that define very specific levels of maturity of the records
management program;
— a technology gap analysis section providing a description of all relevant ECM, records management
and other document/record related storage or creation technologies currently in use by the
organization;
— a section of technical and records related recommendations. This section shall include
recommendations associated with changing the existing state of records management to establish
a trustworthy ECM environment.
4.1.2 Process review
Any trustworthy ECM system assessment shall begin with a review of the processes and procedures
associated with the entire environment in which ESI is managed. This includes reviewing not only the
actual processes and procedures but also the business practices documentation (BPD). An evaluation
shall be made regarding: how records, documents or information are ingested (i.e. how hardcopy is
converted into electronic format, existing ESI is received and processed, etc.); how the system manages,
audits and secures the electronic information; and how the system (including hardware) ensures that
the storage of the information is secured, preventing unauthorized alteration, modification and/or
deletion.
If the BPD is available, then the existing processes and procedures shall be verified against the
documentation to determine compliance and/or areas in need of improvement including reviewing how
— all ECM procedures will be followed,
— information is or has been imported/scanned, indexed and verified,
— the system is and has been secured from unauthorized access,
— documents are and have been secured from unauthorized modification or alternation,
— authorized modification of document(s) has/have been and is/are managed, including audit trail
information and the ability to retrieve any previous document version required to be maintained,
— notes and annotations (if any) have been and stored and managed, if they are a part of the business
record, and
— the system establishes controls over all stored electronic information adhering to the published
records retention schedule.
If a hosted solution or off-site components not within the direct custodial care of the organization are
being utilized, the assessment team shall include reviewing the level of compliance with ISO 17068
Trusted Third Party Repositories. ISO 17068 provides detailed information and recommendations
© ISO 2017 – All rights reserved 3

---------------------- Page: 8 ----------------------
ISO 18829:2017(E)

associated with offsite vendor requirements, procedures and agreements that should be considered
before storing content in an external environment that is not under the full control of the organization.
If the BPD is lacking or non-existent, the assessment can be followed by creating the documentation.
The BPD is a required component of any trustworthy environment. While the creation of this document
after the environment was placed into “production” may leave information contained in the system
vulnerable to claims that it is not trustworthy, subsequently added information shall have a clearly
documented process.
4.1.3 Fulfilling legal, government and regulatory requirements
Organizations that are subject to legal, government and regulatory requests for ESI may be required
to verify the integrity and authenticity of the ESI under oath. Maintaining clearly defined policies
and procedures and business practice documentation, as well as providing authenticated audit trails
detailing how the ESI was collected and assembled, will be critical to establishing the authenticity of
the ESI.
4.2 Assessment activities
4.2.1 Review of existing business practice and other organizational documentation
The assessment team shall examine the business practices document (BPD) previously developed to
coherently explaining the interrelationship of the various organizational policies and procedures that
impact the storage of electronic information.
Each of the areas covered by policies and procedures identified in the BPD shall be reviewed by the
assessment team to determine whether the policies and procedures, together with the hardware, media
and records/document management software has been implemented following design considerations
identified in ISO/TR 22957, ISO/TR 15801 and ISO 15489. If the BPD does not exist, or is found to be
lacking, the assessment team shall evaluate aspects of the ECM system, focusing on the policies and
procedures related to how information is captured, managed and secured.
Furthermore, the assessment team shall review how the policies and procedures have been disseminated
throughout the organization, including any training programs and ascertain the familiarity with them
by the individuals charged with implementing or enforcing those policies.
Specifically, even if no BPD exists, the assessment team shall evaluate all the policies and procedures
established under the principles identified in ISO/TR 15801 and ISO/TR 22957 regarding a trustworthy
ECM system. Though the terms in these documents may differ slightly, the concept between key
activities is consistent.
While the naming convention or existence of a particular policy or procedure is dependent upon the
specific business operation, an assessment team could be expected to obtain and review policies and
procedures in 4.2.2.
4.2.2 Evaluating information ingested into the system
4.2.2.1 General
The assessment team shall review in detail the processes associated with importing born digital
data and information converted from hardcopy formats. The import, migration and/or conversion
process(es) used to create ESI shall be reviewed in detail to ensure all information (as described in
the BPD, if one exists, otherwise, the BPD needs to be developed; see 4.1.1) imported/converted and
“indexed” is searchable and retrievable by all end-users upon request.
The assessment team shall prepare test scenarios from which the total number of pages and documents
imported and/or converted can be compared and validated against the volume of information in
original formats and structures.
4 © ISO 2017 – All rights reserved

---------------------- Page: 9 ----------------------
ISO 18829:2017(E)

4.2.2.2 Data conversion from hardcopy format into electronic format
The assessment team shall evaluate how documents were prepared for conversion and how the
organization ensured that all documents, notes, etc. were converted from hardcopy format to ESI as
described in the BPD. The assessment shall include examining whether users follow the processes and
procedures, or which processes and procedures are not in conformance with international standards
and best practices.
4.2.2.3 Born digital capture
This subclause deals with the capture of born digital data and storage in the ECM environment/solution
being assessed. The assessment team shall evaluate the process used to capture data from external
storage media to determine the following:
— the process utilized ensures all data anticipated to be stored in the trustworthy ECM solution was
actually captured, indexed and stored as described in the policies and procedures;
— the process used to identify data duplication and/or replication between users who may have
multiple copies of the same document;
— the process used for any existing content conversion from “out of date” or “proprietary” formats
and how the user/migration team ensured all relevant data was converted without loss of fidelity
or readability while ensuring all “material” information was converted as described in the BPD.
For data that required conversion, if some information was lost due to inability of conversion tool to
convert as described in the BPD, the assessment team shall review whether the user/migration team
also stored the original data in original format for historical purposes.
The assessment team shall identify and validate processes used during electronic information ingestion
that required conversion from other formats in which the information was originally received.
4.2.3 Readability
Trustworthy ECM systems support the concept of ESI readability. Readability is the ability of the
system to accurately reproduce the stored information in a consistent fashion over a period of time
without unintended modification(s) to the original content in any way that materially changes what
was originally stored.
The assessment team shall prepare test scenarios using a process of verifying readability of samples of
the imported and/or converted information with standardized image/data “viewers”. Proprietary or
specialized “viewing” software shall not be used to verify readability of ESI, unless the proprietary or
specialized “viewing” software is the only available software to access the ESI being evaluated. If this
is the case, the evaluation team shall assess the “viewing” software from the perspective of availability
into the future wherever possible. These test scenarios shall be executed by the system and the output
examined by the assessment team for a “sampling of ESI” to
— determine whether there have been unintentional modifications to the ESI being managed by
the system,
— enable the assessment team to evaluate whether the content between original document/record
and the electronic version has changed,
— identify whether any specialized tools are required to extract/display the information that perform
any interpolation or extrapolation of the data, and/or
— identify whether the ESI formats/structures are standardized and which standards are being
followed.
© ISO 2017 – All rights reserved 5

---------------------- Page: 10 ----------------------
ISO 18829:2017(E)

4.3 Evaluating information retention, preservation and destruction
4.3.1 Application interoperability
Evaluate whether metadata used within the ECM system is duplicated between ECM systems, can be
changed or modified changing accessibility to the ESI or preventing future accessibility and/or can
produce different results depending on which system is used to search, store and/or retrieve ESI.
4.3.2 Data migration between electronic storage media
Evaluate how information was migrated into the ECM solution including procedures to ensure ESI and
related metadata remained intact including file formats, compression, metadata, etc. Evaluate what
type and level of auditing was implemented during the migration and how the organization determined
that all anticipated ESI was migrated as described in the BPD.
4.3.3 Data format conversion
Evaluate the process utilized to convert the ESI from the original format to the desired format. Evaluate
the methodology used to ensure no loss of information along with process documentation on the
procedures followed to perform the conversion(s).
4.3.4 Media monitoring program
Evaluate the storage technology used fo
...