ISO/TS 18759:2022

TECHNICAL ISO/TS
SPECIFICATION 18759
First edition
2022-08
Document management —
Trustworthy storage system
(TSS) — Functional and technical
requirements
Gestion des documents — Système de stockage fiable (TSS) —
Exigences fonctionnelles et techniques
Reference number
© ISO 2022
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .v
Introduction . vi
1 S c op e . 1
2 Nor m at i ve r ef er enc e s . 1
3 Terms and definitions . 1
4 T SS concepts and functional requirements . 4
4 .1 O ver v iew . 4
4 . 2 T S S c onc ep t s . 5
4.2.1 General . 5
4.2.2 I mmutable ESI . . 5
4.2.3 C hangeable ESI . 5
4.3 E SI preservation . 6
4.4 I mmutable ESI preservation period . 6
4 .4 .1 O ver v iew . 6
4 . 5 E S I dele t ion . 7
4.6 T SS functional requirements . 8
5 TSS ESI lifecycle management technical requirements .10
5.1 G eneral . 10
5.2 T SS ESI security, protection and hold restrictions requirements . 11
5.2.1 G eneral . 11
5.2.2 TSS ESI security requirements . 11
5.2.3 TSS ESI hold restriction requirements .12
5.2.4 TSS ESI protection requirements . 15
5.2.5 TSS ESI deletion requirements . 16
5.3 C hangeable ESI requirements . 16
5.4 T SS immutable ESI requirements . 17
5.5 T SS retained ESI requirements . . 18
5.6 T SS expired-ESI requirements . 19
5.7 I mmutable ESI retention period . 19
5.7.1 General . 19
5.7.2 Immutable ESI retention period requirements. 19
5.7.3 I mmutable ESI permanent retention period . 20
5.7.4 Immutable ESI fixed retention period . 20
5.7.5 I mmutable ESI hybrid retention period . 21
5.7.6 I mmutable ESI indefinite retention period .22
6 TSS integration and management interfaces .22
7 TSS integrity, auditing, security requirements .23
7.1 S torage security . 23
7.2 E SI encryption . 23
7.3 S ecure delete and erasure .23
7.4 I mmutable ESI integrity checks . 24
7.5 R edundancy and replication . 24
7.6 S torage migration and upgrades . 24
7.7 A uditability . 24
7.7.1 General . 24
7.7.2 TSS audit capabilities .25
7.7.3 T SS audit trail . 25
8 T SS technical methods for trusted storage .25
8.1 General . 25
8.2 S ecurity . 25
8.3 V alidate and detect corruption . 26
iii
8.4 Ransomware protection .26
8 . 5 E r r or c or r e c t ion . 26
8.6 M onitoring, notifications and alerts . 26
8.7 Encryption . 27
8 . 8 Per m i s s ion s . 28
8.9 I ntegrity of storage devices and media .28
9 T SS requirements and mitigating technical methods .28
9.1 M igration of information between media .28
9.2 T echnical obsolescence .28
9.3 D iscovery requests .29
9.4 A ddressing ad hoc deletion requests .29
9.5 E SI degradation . 30
9.6 M alicious actions by employees or outside parties .30
9.7 E SI store errors .30
9.8 T SS hardware controls . 30
9.9 A ccidental or premature deletion of ESI . 31
Bibliography .32
iv
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO d
...