Information and documentation -- Digital records conversion and migration process

This International Standard specifies the planning issues, requirements and procedures for the conversion and/or migration of digital records (which includes digital objects plus metadata) in order to preserve the authenticity, reliability, integrity and usability of such records as evidence of business transactions. These digital records can be active or residing in a repository. These procedures do not comprehensively cover: - backup systems; - preservation of digital records; - functionality of trusted digital repositories; - the process of converting analogue formats to digital formats and vice versa.

Information et documentation -- Processus de conversion et migration des documents d'activité numériques

Informatika in dokumentacija - Proces konverzije in migracije digitalnih zapisov

Ta mednarodni standard določa vprašanja pri načrtovanju, zahteve in postopke za prehod in/ali migracijo digitalnih zapisov (ki vključujejo digitalne objekte in metapodatke), da se ohranijo pristnost, zanesljivost, neoporečnost in uporabnost takih zapisov kot dokaz poslovne izmenjave. Ti digitalni zapisi so lahko aktivni ali v shrambi. Ti postopki celovito ne obravnavajo: – sistemov varnostnega kopiranja; – shranjevanja digitalnih zapisov; – funkcionalnosti zaupanja vrednih digitalnih shramb; – postopka pretvorbe analognih formatov v digitalne formate in obratno.

General Information

Status
Withdrawn
Publication Date
06-Jun-2013
Withdrawal Date
09-Nov-2022
Current Stage
9900 - Withdrawal (Adopted Project)
Start Date
03-Nov-2022
Due Date
26-Nov-2022
Completion Date
10-Nov-2022

RELATIONS

Buy Standard

Standard
SIST ISO 13008:2013
English language
33 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day
Standard
ISO 13008:2012 - Information and documentation -- Digital records conversion and migration process
English language
28 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

SLOVENSKI STANDARD
SIST ISO 13008:2013
01-julij-2013
Informatika in dokumentacija - Proces konverzije in migracije digitalnih zapisov

Information and documentation -- Digital records conversion and migration process

Information et documentation -- Processus de conversion et migration des documents

d'activité numériques
Ta slovenski standard je istoveten z: ISO 13008:2012
ICS:
01.140.20 Informacijske vede Information sciences
SIST ISO 13008:2013 en,fr,de

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST ISO 13008:2013
---------------------- Page: 2 ----------------------
SIST ISO 13008:2013
INTERNATIONAL ISO
STANDARD 13008
First edition
2012-06-15
Information and documentation — Digital
records conversion and migration process
Information et documentation — Processus de conversion et migration
des documents d’activité numériques
Reference number
ISO 13008:2012(E)
ISO 2012
---------------------- Page: 3 ----------------------
SIST ISO 13008:2013
ISO 13008:2012(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2012

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,

electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISO’s

member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2012 – All rights reserved
---------------------- Page: 4 ----------------------
SIST ISO 13008:2013
ISO 13008:2012(E)
Contents Page

Foreword ............................................................................................................................................................................iv

Introduction ........................................................................................................................................................................ v

1 Scope ...................................................................................................................................................................... 1

2 Normative references ......................................................................................................................................... 1

3 Terms and definitions ......................................................................................................................................... 1

4 Organizational and business framework ...................................................................................................... 4

4.1 General ................................................................................................................................................................... 4

4.2 Conversion and migration drivers .................................................................................................................. 4

4.3 Planning for the conversion and migration process ................................................................................. 5

4.4 Establishing a conversion and migration program ................................................................................... 6

5 Recordkeeping requirements ........................................................................................................................... 8

5.1 General ................................................................................................................................................................... 8

5.2 Conversion and migration requirements ...................................................................................................... 8

5.3 Conversion/migration process metadata ..................................................................................................... 9

5.4 Recordkeeping process metadata implementation issues ...................................................................... 9

6 Conversion and migration planning .............................................................................................................10

6.1 General .................................................................................................................................................................10

6.2 Business requirements ....................................................................................................................................10

6.3 General administrative planning ................................................................................................................... 11

6.4 Technology planning requirements ..............................................................................................................12

7 Conversion and migration procedures .......................................................................................................12

7.1 General .................................................................................................................................................................12

7.2 Procedures ..........................................................................................................................................................13

7.3 Conversion/migration project planning ......................................................................................................15

7.4 Testing ..................................................................................................................................................................18

7.5 Conversion/migration .......................................................................................................................................20

7.6 Validating .............................................................................................................................................................22

8 Monitoring ...........................................................................................................................................................24

Bibliography .....................................................................................................................................................................25

© ISO 2012 – All rights reserved iii
---------------------- Page: 5 ----------------------
SIST ISO 13008:2013
ISO 13008:2012(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies

(ISO member bodies). The work of preparing International Standards is normally carried out through ISO

technical committees. Each member body interested in a subject for which a technical committee has been

established has the right to be represented on that committee. International organizations, governmental and

non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International

Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.

International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.

The main task of technical committees is to prepare International Standards. Draft International Standards

adopted by the technical committees are circulated to the member bodies for voting. Publication as an

International Standard requires approval by at least 75 % of the member bodies casting a vote.

Attention is drawn to the possibility that some of the elements of this International Standard may be the subject

of patent rights. ISO shall not be held responsible for identifying any or all such patent rights.

ISO 13008 was prepared by Technical Committee ISO/TC 46, Information and documentation, Subcommittee

SC 11, Archives/records management.
iv © ISO 2012 – All rights reserved
---------------------- Page: 6 ----------------------
SIST ISO 13008:2013
ISO 13008:2012(E)
Introduction

This International Standard provides guidance for the conversion of records from one format to another and

the migration of records from one hardware or software configuration to another. It contains applicable records

management requirements, the organizational and business framework for conducting the conversion and

migration process, technology planning issues, and monitoring/controls for the process. It also identifies

the steps, components and particular methodologies for each of these processes, covering such topics as

workflow, testing, version control and validation.
The development of this International Standard was derived from Reference [13].

With the rapid pace of technological change, many records in digital form will, at some point, need to be

converted from one format to another, or migrated from one system to another to ensure their continued

accessibility and processability.

This is not to suggest that conversion and migration are the only approaches to preserving digital records.

Other methods, such as emulation, do exist or are under development. Conversion and migration are, however,

two of the more prevalent methods of digital preservation at this time. While this International Standard does

not address digital preservation per se, the conversion and migration processes can have an impact on a digital

preservation strategy. How an organization chooses to set up the conversion and migration processes (which

format to employ, the level of control needed, and so on) largely influences its view of the record. At the time of

the development of this International Standard, no single preferred preservation method had been identified.

However, institutions recognize the benefit of standardized procedures; many test beds and task forces have

been established to explore and research conversion, migration, emulation and refreshment, among other

preservation procedures, to determine what should work best.

Conversion and migration represent separate approaches to preserving digital records. It is important to

implement them in a managed way to prevent any degradation or loss in the authenticity, reliability, integrity and

usability of the records, thus ensuring an “authoritative record” as described in ISO 15489-1:2001, 7.2.2 to 7.2.5.

This International Standard outlines the program components, planning issues, recordkeeping requirements and

procedures for performing the conversion and migration of digital records so as to preserve their authenticity,

reliability, integrity and usability so that they continue to act as evidence of business transactions.

From the outset, note that it is not necessary to adopt all of the procedures recommended in this International

Standard to ensure that records management requirements are met. The decision regarding which procedures

to adopt depends on such factors as the type of conversion or migration to be performed and the level of risk

the organization is willing to accept. In addition, organizations would be well advised to incorporate future

planning for further conversion and/or migration of records among requirements for managing enterprise

electronic recordkeeping systems.

Before starting a conversion or migration project, individuals designated as “key” to the process need to be

aware of records management requirements. The term “recordkeeping criteria/requirements” in records and

information management means an adherence to a set of principles that relate to record integrity, authenticity,

reliability and usability. Adherence to these principles ensures that record content, context and structure

are maintained and that a given record’s standing as evidence of business activity is not compromised. The

principles apply regardless of how long the record is retained.

This International Standard does not specifically address conversions and migrations as a routine, ongoing

business-as-usual work.
© ISO 2012 – All rights reserved v
---------------------- Page: 7 ----------------------
SIST ISO 13008:2013
---------------------- Page: 8 ----------------------
SIST ISO 13008:2013
INTERNATIONAL STANDARD ISO 13008:2012(E)
Information and documentation — Digital records conversion
and migration process
1 Scope

This International Standard specifies the planning issues, requirements and procedures for the conversion

and/or migration of digital records (which includes digital objects plus metadata) in order to preserve the

authenticity, reliability, integrity and usability of such records as evidence of business transactions. These

digital records can be active or residing in a repository.
These procedures do not comprehensively cover:
— backup systems;
— preservation of digital records;
— functionality of trusted digital repositories;
— the process of converting analogue formats to digital formats and vice versa.
2 Normative references

The following referenced documents are indispensable for the application of this document. For dated

references, only the edition cited applies. For undated references, the latest edition of the referenced document

(including any amendments) applies.

ISO 15489-1, Information and documentation — Records management — Part 1: General

ISO 23081-2, Information and documentation — Managing metadata for records — Part 2: Conceptual and

implementation issues
3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO 15489-1 and the following apply.

3.1
access
right, opportunity, means of finding, using, or retrieving information
[ISO 15489-1:2001, definition 3.1]
3.2
attribute
characteristic of an object or entity
NOTE Adapted from ISO/IEC 11179-3:2003.
3.3
authenticity

record that can be proven to be what it purports to be, to have been created or sent by the person purported to

have created or sent it, and to have been created or sent at the time purported
NOTE This term is further described in ISO 15489-1:2001, 7.2.2.
© ISO 2012 – All rights reserved 1
---------------------- Page: 9 ----------------------
SIST ISO 13008:2013
ISO 13008:2012(E)
3.4
content
subject information of a document
[IEC 82045-1:2001, definition 3.2.2]
3.5
conversion

〈record〉 process of changing records from one format to another while maintaining the characteristics of the records

3.6
data cleansing

process of reviewing and correcting data to ensure data are in a standardized format

NOTE Correction may be carried out for incompleteness, incorrect formatting, obsolescence, duplication, etc. It is

often done prior to merging data sets or converting data from one system/database to another.

3.7
data object

discrete data, considered as a unit, representing an instance of a data structure that is known or assumed to

be known
[ISO/IEC 2382-17:1999, definition 17.01.11]
3.8
emulation

use of a data processing system to imitate another data processing system, so that the imitating system

accepts the same data, executes the same programs, and achieves the same results as the imitated system

NOTE Adapted from ISO/IEC 2382-1:1993.
3.9
encryption

(reversible) transformation of data by a cryptographic algorithm to produce ciphertext, i.e. to hide the information

content of the data
NOTE Adapted from ISO/IEC 18033-1:2005.
3.10
file format

encoding of a file type that can be rendered or interpreted in a consistent, expected and meaningful way through

the intervention of a particular piece of software or hardware which has been designed to handle that format

NOTE A file may (or may not) be a container containing zero or more files of various formats. File formats may

be defined by a specification, or by a reference software system. Many file formats exist in forms with minor variations

and many also in more than one version. Typing of file formats should be interpreted generously rather than strictly, but

sufficiently precisely to distinguish versions where such distinctions have significant interpretive consequences.

[PRONOM]
3.11
integrity
quality of being complete and unaltered
NOTE This term is further described in ISO 15489-1:2001, 7.2.4.
3.12
metadata

〈records〉 data describing context, content, and structure of records and their management through time

[ISO 15489-1:2001, definition 3.12]
2 © ISO 2012 – All rights reserved
---------------------- Page: 10 ----------------------
SIST ISO 13008:2013
ISO 13008:2012(E)
3.13
migration

〈records〉 process of moving records, including their existing characteristics, from one hardware or software

configuration to another without changing the format
3.14
originating
initial manifestation of something
3.15
preservation

processes and operations involved in ensuring the technical and intellectual survival of authentic records

through time
[ISO 15489-1:2001, definition 3.14]
3.16
preservation metadata

metadata that supports the viability, renderability, understandability, authenticity and identity of digital objects

in a preservation context
[PREMIS Data Dictionary for Preservation Metadata, version 2.0, March 2008]
3.17
record

information created, received, and maintained as evidence and/or as an asset by an organization or person, in

pursuance of legal obligations or in the transaction of business, regardless of medium, form or format

NOTE Adapted from ISO 15489-1:2001.
3.18
refreshment

data migration where the media is replaced with equivalent media such that all storage hardware and software

functionality is unchanged
NOTE Adapted from ISO 14721:2003.
3.19
reliability

measure of the completeness and accuracy of the representation of transactions and activities, or of the facts

to which they attest
NOTE This term is further described in ISO 15489-1:2001, 7.2.3.
3.20
replication

digital migration where there is no change to the packaging information, the content information, and the

preservation description information

NOTE The bits used to represent these information objects are preserved in the transfer to the same or new

media instance.
NOTE Adapted from ISO 14721:2003.
3.21
usability

〈records〉 property of being able to be located, retrieved, presented and interpreted

NOTE This term is further described in ISO 15489-1:2001, 7.2.5.
© ISO 2012 – All rights reserved 3
---------------------- Page: 11 ----------------------
SIST ISO 13008:2013
ISO 13008:2012(E)
3.22
validation

confirmation, through the provision of objective evidence, that the requirements for a specific intended use or

application have been fulfilled
NOTE Adapted from ISO 9000:2005.
4 Organizational and business framework
4.1 General

This clause addresses the drivers that often prompt the need for the conversion or migration of digital records,

the issues that organizations should consider when evaluating the need for conversion or migration of their

records, and the steps taken in developing a conversion and migration program. It discusses the decision making

and resource allocation associated with the conversion or migration within the organizational framework, as

well as the technical infrastructure that supports the conversion and migration processes and which shall be

used to ensure the records’ authenticity and integrity for as long as they are needed.

4.2 Conversion and migration drivers
4.2.1 General

A variety of drivers can compel an organization to convert or migrate its digital records. Some records

have longer retention requirements than a software application or storage medium can sustain, prompting

organizations to convert or migrate their records while supporting systems are still viable. Organizations

might also choose to convert or migrate records proactively on the basis of operational factors relating to

record volume, access, storage efficiency, business and technology cycles, or organizational change (such as

mergers and acquisitions). In extreme circumstances, organizations might be compelled to convert or migrate

records in response to regulatory or legal actions.
4.2.2 Conversion drivers

Conversion is defined as the process of changing records from one format to another. Some examples of

drivers that could require digital conversion include the following.

a) Format change: for example, records stored in a closed format are converted to an open file format, such

as a conversion of a Word file to PDF/A.

b) Format obsolescence: for example, records stored in an obsolete but still readable word processing format

are converted to a current word processing format.
4.2.3 Migration drivers

Migration is defined as the process of moving records from one hardware or software configuration to another

without changing the format. Some examples of drivers that could require digital migration include the following.

a) There may be a need to migrate records from one structure to another. For example, records existing in several

legacy databases might be restructured into a new consolidated database (e.g. from Oracle to SQL Server).

b) The platform in which the records were created is changing and the records need to be migrated to the new

platform. For example, records might need to be moved from a Microsoft Windows platform to a UNIX platform.

c) A migration is prudent from a business perspective (e.g. to introduce a new system with improved

functionality). For example, a migration of records might be needed to support a change from a physical

business presence to a web-based storefront or to move records from a shared drive to an electronic

document and records management system (EDRMS).
4 © ISO 2012 – All rights reserved
---------------------- Page: 12 ----------------------
SIST ISO 13008:2013
ISO 13008:2012(E)

Organizations have an obligation to assess, document and manage their records in the normal course of

business. Ongoing accessibility and compliance of digital records with a dynamic regulatory and technical

environment demand rigorous, coordinated efforts and sustained funding.

Decisions related to conversion and migration shall be based on analysis of the importance of the organization’s

digital records and the impact of technology infrastructure and investments during the records’ existence, as

well as on knowledge about standards and best practices relating to conversion and migration of digital records.

4.3 Planning for the conversion and migration process
4.3.1 General

Records conversion and migration planning falls into the domain of the organization’s information governance

protocols and systems. As with more traditional asset (capital, facilities, human resources) management,

established policies and procedures regarding the acquisition, management and disposition of information

assets should be established, followed, documented and periodically audited for compliance and efficacy.

Business managers (and their respective IS/IT support officers) should know where and how their record

assets are being created, managed and stored, and should therefore be able to plan and justify the case for

conversion or migration.

In a given organization, conversion or migration might take place as a one-time project or regularly as an

ongoing activity in response to any of the above-mentioned situations. However, for effective preservation of

digital records, conversion or migration shall be performed as part of an ongoing, well-planned and structured

program. In all cases, it is preferable to plan, execute and validate the records conversion or migration process

proactively, with adequate time and resources and with the least disruption to stakeholders and their respective

business cycles and functions. During an unplanned event (natural or human-made), conversion or migration

may have to be undertaken under extreme and therefore less than ideal conditions, which make it more costly

and disruptive.
4.3.2 Risk management

Significant costs can be associated with the conversion and migration of digital records. As a result, an

organization shall decide whether to convert or migrate some, all, or no records, based upon its level of

acceptable risk. Records shall be analysed to determine their importance to the organization and the risk

associated with their potential loss or corruption. Part of the organization’s records management program

should be to conduct an evaluation of records for retention purposes and assess the risks associated with

them. Normally, the organization’s records retention policies document these decisions.

An organization’s records management practices are based on operational and other needs and perceptions

of risks. Operational needs (e.g. fulfilling regulatory requirements, product development, providing access or

documenting financial transactions) determine the strategies and levels of effort an organization undertakes

to ensure the trustworthiness of a record. Risk assessment and risk mitigation, along with other techniques,

are used to establish both management controls for and documentation requirements of activities. These

risk assessments can also be used to establish records management controls. Risk assessments shall be

conducted to establish appropriate levels of management controls prior to undertaking new initiatives.

From a records management perspective, two main risks are assessed when considering digital records:

1) challenges to the trustworthiness of the records (e.g. legal challenges) that can be expected over the

life of the records;
2) loss, including loss of access to or unauthorized destruction of records.

Consequences are measured by the degree of loss that the organization or its customers would suffer if

the trustworthiness of the records could not be verified or in the event of unauthorized loss or unauthorized

destruction of records.
© ISO 2012 – All rights reserved 5
---------------------- Page: 13 ----------------------
SIST ISO 13008:2013
ISO 13008:2012(E)
4.3.3 When to convert or migrate

Conversion or migration of records shall be performed before the technology and media (e.g. magnetic disks

such as floppy disks, magnetic tape, and optical disks such as CDs and DVDs) upon which they depend

become obsolete. Depending on factors such as volume and access requirements, it may be desirable to

convert or migrate the records as soon as the target or end environment is known. If the perceived value of

and/or risk to the records are sufficiently low, organizations might choose to wait until some other driver (e.g.

software upgrade, system replacement, acquisition or merger) triggers the justification to convert or migrate.

4.3.4 Conversion and migration activities

In the digital environment, conversion and migration of an organization’s records will be a routine activity, and

therefore the organization should have a program, plans, and directives as necessary to ensure this activity is

conducted in accordance with standards and business practices. Document obligations and interdependencies

related to records preservation shall be acknowledged as early as possible in the analysis and requirements

definition phase of both business process planning and technology investment planning.

When deciding whether internal or external resources, or a combination, will execute the conversion and

migration activities (project-based), the following factors shall be taken into account.

— Skill sets: whether the organization has staff with the experience and knowledge to perform conversion

and migration activities.

— Availability of human and technical resources: whether staff members with the appropriate skill sets are

available during the project timeframe.

— Equipment: whether the organization has the right environment and tools to perform conversion and

migration activities.

— Cost and timeline: whether the organization has the resources (budget and time) to perform conversion

and migration activities.

— Capability to perform quality assurance/quality control: whether the organization has personnel with the

experience and knowledge to perform quality assurance and quality control activities.

— Data sharing/data stewardship/ownership: which person(s) or business unit(s) in the organization will lead

the conversion and migration activities.

— Validation: whether the organization has staff with the experience and knowledge needed to validate

conversion and migration activities.

— Business cycles: which person(s) or business unit(s) in the organization will decide when conversion and

migration activities shall occur.
4.4 Establishing a conversion and migration program
4.4.1 General

Organizations that maintain digital records for such periods that necessitate regular and ongoing conversion

or migration shall establish a conversion and migration program before carrying out major digital records

conversions or migrations.

This implies that the requirement to convert or migrate the digital components making up the organization’s

records is recognized, and a governance structure with direct or delegated executive authority is in place. The

corporate policies of the organization shall authorize the establishment of a conversion and migration program.

The conversion and migration program governance structure authorizes when and how conversions and

migrations occur and who is to carry them out. Normally, records professionals are responsible for authorizing

the conversion and migration process with assistance from IT, the owner(s) of the business and the legal staff.

The conversion and migration program governance structure also authorizes whatever audit process is to be

implemented and identifies who is responsible for performing it.
6 © ISO 2012 – All rights reserved
---------------------- Page: 14 ----------------------
SIST ISO 13008:2013
ISO 13008:2012(E)
Setting out the authorization and business area(s) respon
...

INTERNATIONAL ISO
STANDARD 13008
First edition
2012-06-15
Information and documentation — Digital
records conversion and migration process
Information et documentation — Processus de conversion et migration
des documents d’activité numériques
Reference number
ISO 13008:2012(E)
ISO 2012
---------------------- Page: 1 ----------------------
ISO 13008:2012(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2012

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,

electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISO’s

member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2012 – All rights reserved
---------------------- Page: 2 ----------------------
ISO 13008:2012(E)
Contents Page

Foreword ............................................................................................................................................................................iv

Introduction ........................................................................................................................................................................ v

1 Scope ...................................................................................................................................................................... 1

2 Normative references ......................................................................................................................................... 1

3 Terms and definitions ......................................................................................................................................... 1

4 Organizational and business framework ...................................................................................................... 4

4.1 General ................................................................................................................................................................... 4

4.2 Conversion and migration drivers .................................................................................................................. 4

4.3 Planning for the conversion and migration process ................................................................................. 5

4.4 Establishing a conversion and migration program ................................................................................... 6

5 Recordkeeping requirements ........................................................................................................................... 8

5.1 General ................................................................................................................................................................... 8

5.2 Conversion and migration requirements ...................................................................................................... 8

5.3 Conversion/migration process metadata ..................................................................................................... 9

5.4 Recordkeeping process metadata implementation issues ...................................................................... 9

6 Conversion and migration planning .............................................................................................................10

6.1 General .................................................................................................................................................................10

6.2 Business requirements ....................................................................................................................................10

6.3 General administrative planning ................................................................................................................... 11

6.4 Technology planning requirements ..............................................................................................................12

7 Conversion and migration procedures .......................................................................................................12

7.1 General .................................................................................................................................................................12

7.2 Procedures ..........................................................................................................................................................13

7.3 Conversion/migration project planning ......................................................................................................15

7.4 Testing ..................................................................................................................................................................18

7.5 Conversion/migration .......................................................................................................................................20

7.6 Validating .............................................................................................................................................................22

8 Monitoring ...........................................................................................................................................................24

Bibliography .....................................................................................................................................................................25

© ISO 2012 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO 13008:2012(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies

(ISO member bodies). The work of preparing International Standards is normally carried out through ISO

technical committees. Each member body interested in a subject for which a technical committee has been

established has the right to be represented on that committee. International organizations, governmental and

non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International

Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.

International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.

The main task of technical committees is to prepare International Standards. Draft International Standards

adopted by the technical committees are circulated to the member bodies for voting. Publication as an

International Standard requires approval by at least 75 % of the member bodies casting a vote.

Attention is drawn to the possibility that some of the elements of this International Standard may be the subject

of patent rights. ISO shall not be held responsible for identifying any or all such patent rights.

ISO 13008 was prepared by Technical Committee ISO/TC 46, Information and documentation, Subcommittee

SC 11, Archives/records management.
iv © ISO 2012 – All rights reserved
---------------------- Page: 4 ----------------------
ISO 13008:2012(E)
Introduction

This International Standard provides guidance for the conversion of records from one format to another and

the migration of records from one hardware or software configuration to another. It contains applicable records

management requirements, the organizational and business framework for conducting the conversion and

migration process, technology planning issues, and monitoring/controls for the process. It also identifies

the steps, components and particular methodologies for each of these processes, covering such topics as

workflow, testing, version control and validation.
The development of this International Standard was derived from Reference [13].

With the rapid pace of technological change, many records in digital form will, at some point, need to be

converted from one format to another, or migrated from one system to another to ensure their continued

accessibility and processability.

This is not to suggest that conversion and migration are the only approaches to preserving digital records.

Other methods, such as emulation, do exist or are under development. Conversion and migration are, however,

two of the more prevalent methods of digital preservation at this time. While this International Standard does

not address digital preservation per se, the conversion and migration processes can have an impact on a digital

preservation strategy. How an organization chooses to set up the conversion and migration processes (which

format to employ, the level of control needed, and so on) largely influences its view of the record. At the time of

the development of this International Standard, no single preferred preservation method had been identified.

However, institutions recognize the benefit of standardized procedures; many test beds and task forces have

been established to explore and research conversion, migration, emulation and refreshment, among other

preservation procedures, to determine what should work best.

Conversion and migration represent separate approaches to preserving digital records. It is important to

implement them in a managed way to prevent any degradation or loss in the authenticity, reliability, integrity and

usability of the records, thus ensuring an “authoritative record” as described in ISO 15489-1:2001, 7.2.2 to 7.2.5.

This International Standard outlines the program components, planning issues, recordkeeping requirements and

procedures for performing the conversion and migration of digital records so as to preserve their authenticity,

reliability, integrity and usability so that they continue to act as evidence of business transactions.

From the outset, note that it is not necessary to adopt all of the procedures recommended in this International

Standard to ensure that records management requirements are met. The decision regarding which procedures

to adopt depends on such factors as the type of conversion or migration to be performed and the level of risk

the organization is willing to accept. In addition, organizations would be well advised to incorporate future

planning for further conversion and/or migration of records among requirements for managing enterprise

electronic recordkeeping systems.

Before starting a conversion or migration project, individuals designated as “key” to the process need to be

aware of records management requirements. The term “recordkeeping criteria/requirements” in records and

information management means an adherence to a set of principles that relate to record integrity, authenticity,

reliability and usability. Adherence to these principles ensures that record content, context and structure

are maintained and that a given record’s standing as evidence of business activity is not compromised. The

principles apply regardless of how long the record is retained.

This International Standard does not specifically address conversions and migrations as a routine, ongoing

business-as-usual work.
© ISO 2012 – All rights reserved v
---------------------- Page: 5 ----------------------
INTERNATIONAL STANDARD ISO 13008:2012(E)
Information and documentation — Digital records conversion
and migration process
1 Scope

This International Standard specifies the planning issues, requirements and procedures for the conversion

and/or migration of digital records (which includes digital objects plus metadata) in order to preserve the

authenticity, reliability, integrity and usability of such records as evidence of business transactions. These

digital records can be active or residing in a repository.
These procedures do not comprehensively cover:
— backup systems;
— preservation of digital records;
— functionality of trusted digital repositories;
— the process of converting analogue formats to digital formats and vice versa.
2 Normative references

The following referenced documents are indispensable for the application of this document. For dated

references, only the edition cited applies. For undated references, the latest edition of the referenced document

(including any amendments) applies.

ISO 15489-1, Information and documentation — Records management — Part 1: General

ISO 23081-2, Information and documentation — Managing metadata for records — Part 2: Conceptual and

implementation issues
3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO 15489-1 and the following apply.

3.1
access
right, opportunity, means of finding, using, or retrieving information
[ISO 15489-1:2001, definition 3.1]
3.2
attribute
characteristic of an object or entity
NOTE Adapted from ISO/IEC 11179-3:2003.
3.3
authenticity

record that can be proven to be what it purports to be, to have been created or sent by the person purported to

have created or sent it, and to have been created or sent at the time purported
NOTE This term is further described in ISO 15489-1:2001, 7.2.2.
© ISO 2012 – All rights reserved 1
---------------------- Page: 6 ----------------------
ISO 13008:2012(E)
3.4
content
subject information of a document
[IEC 82045-1:2001, definition 3.2.2]
3.5
conversion

〈record〉 process of changing records from one format to another while maintaining the characteristics of the records

3.6
data cleansing

process of reviewing and correcting data to ensure data are in a standardized format

NOTE Correction may be carried out for incompleteness, incorrect formatting, obsolescence, duplication, etc. It is

often done prior to merging data sets or converting data from one system/database to another.

3.7
data object

discrete data, considered as a unit, representing an instance of a data structure that is known or assumed to

be known
[ISO/IEC 2382-17:1999, definition 17.01.11]
3.8
emulation

use of a data processing system to imitate another data processing system, so that the imitating system

accepts the same data, executes the same programs, and achieves the same results as the imitated system

NOTE Adapted from ISO/IEC 2382-1:1993.
3.9
encryption

(reversible) transformation of data by a cryptographic algorithm to produce ciphertext, i.e. to hide the information

content of the data
NOTE Adapted from ISO/IEC 18033-1:2005.
3.10
file format

encoding of a file type that can be rendered or interpreted in a consistent, expected and meaningful way through

the intervention of a particular piece of software or hardware which has been designed to handle that format

NOTE A file may (or may not) be a container containing zero or more files of various formats. File formats may

be defined by a specification, or by a reference software system. Many file formats exist in forms with minor variations

and many also in more than one version. Typing of file formats should be interpreted generously rather than strictly, but

sufficiently precisely to distinguish versions where such distinctions have significant interpretive consequences.

[PRONOM]
3.11
integrity
quality of being complete and unaltered
NOTE This term is further described in ISO 15489-1:2001, 7.2.4.
3.12
metadata

〈records〉 data describing context, content, and structure of records and their management through time

[ISO 15489-1:2001, definition 3.12]
2 © ISO 2012 – All rights reserved
---------------------- Page: 7 ----------------------
ISO 13008:2012(E)
3.13
migration

〈records〉 process of moving records, including their existing characteristics, from one hardware or software

configuration to another without changing the format
3.14
originating
initial manifestation of something
3.15
preservation

processes and operations involved in ensuring the technical and intellectual survival of authentic records

through time
[ISO 15489-1:2001, definition 3.14]
3.16
preservation metadata

metadata that supports the viability, renderability, understandability, authenticity and identity of digital objects

in a preservation context
[PREMIS Data Dictionary for Preservation Metadata, version 2.0, March 2008]
3.17
record

information created, received, and maintained as evidence and/or as an asset by an organization or person, in

pursuance of legal obligations or in the transaction of business, regardless of medium, form or format

NOTE Adapted from ISO 15489-1:2001.
3.18
refreshment

data migration where the media is replaced with equivalent media such that all storage hardware and software

functionality is unchanged
NOTE Adapted from ISO 14721:2003.
3.19
reliability

measure of the completeness and accuracy of the representation of transactions and activities, or of the facts

to which they attest
NOTE This term is further described in ISO 15489-1:2001, 7.2.3.
3.20
replication

digital migration where there is no change to the packaging information, the content information, and the

preservation description information

NOTE The bits used to represent these information objects are preserved in the transfer to the same or new

media instance.
NOTE Adapted from ISO 14721:2003.
3.21
usability

〈records〉 property of being able to be located, retrieved, presented and interpreted

NOTE This term is further described in ISO 15489-1:2001, 7.2.5.
© ISO 2012 – All rights reserved 3
---------------------- Page: 8 ----------------------
ISO 13008:2012(E)
3.22
validation

confirmation, through the provision of objective evidence, that the requirements for a specific intended use or

application have been fulfilled
NOTE Adapted from ISO 9000:2005.
4 Organizational and business framework
4.1 General

This clause addresses the drivers that often prompt the need for the conversion or migration of digital records,

the issues that organizations should consider when evaluating the need for conversion or migration of their

records, and the steps taken in developing a conversion and migration program. It discusses the decision making

and resource allocation associated with the conversion or migration within the organizational framework, as

well as the technical infrastructure that supports the conversion and migration processes and which shall be

used to ensure the records’ authenticity and integrity for as long as they are needed.

4.2 Conversion and migration drivers
4.2.1 General

A variety of drivers can compel an organization to convert or migrate its digital records. Some records

have longer retention requirements than a software application or storage medium can sustain, prompting

organizations to convert or migrate their records while supporting systems are still viable. Organizations

might also choose to convert or migrate records proactively on the basis of operational factors relating to

record volume, access, storage efficiency, business and technology cycles, or organizational change (such as

mergers and acquisitions). In extreme circumstances, organizations might be compelled to convert or migrate

records in response to regulatory or legal actions.
4.2.2 Conversion drivers

Conversion is defined as the process of changing records from one format to another. Some examples of

drivers that could require digital conversion include the following.

a) Format change: for example, records stored in a closed format are converted to an open file format, such

as a conversion of a Word file to PDF/A.

b) Format obsolescence: for example, records stored in an obsolete but still readable word processing format

are converted to a current word processing format.
4.2.3 Migration drivers

Migration is defined as the process of moving records from one hardware or software configuration to another

without changing the format. Some examples of drivers that could require digital migration include the following.

a) There may be a need to migrate records from one structure to another. For example, records existing in several

legacy databases might be restructured into a new consolidated database (e.g. from Oracle to SQL Server).

b) The platform in which the records were created is changing and the records need to be migrated to the new

platform. For example, records might need to be moved from a Microsoft Windows platform to a UNIX platform.

c) A migration is prudent from a business perspective (e.g. to introduce a new system with improved

functionality). For example, a migration of records might be needed to support a change from a physical

business presence to a web-based storefront or to move records from a shared drive to an electronic

document and records management system (EDRMS).
4 © ISO 2012 – All rights reserved
---------------------- Page: 9 ----------------------
ISO 13008:2012(E)

Organizations have an obligation to assess, document and manage their records in the normal course of

business. Ongoing accessibility and compliance of digital records with a dynamic regulatory and technical

environment demand rigorous, coordinated efforts and sustained funding.

Decisions related to conversion and migration shall be based on analysis of the importance of the organization’s

digital records and the impact of technology infrastructure and investments during the records’ existence, as

well as on knowledge about standards and best practices relating to conversion and migration of digital records.

4.3 Planning for the conversion and migration process
4.3.1 General

Records conversion and migration planning falls into the domain of the organization’s information governance

protocols and systems. As with more traditional asset (capital, facilities, human resources) management,

established policies and procedures regarding the acquisition, management and disposition of information

assets should be established, followed, documented and periodically audited for compliance and efficacy.

Business managers (and their respective IS/IT support officers) should know where and how their record

assets are being created, managed and stored, and should therefore be able to plan and justify the case for

conversion or migration.

In a given organization, conversion or migration might take place as a one-time project or regularly as an

ongoing activity in response to any of the above-mentioned situations. However, for effective preservation of

digital records, conversion or migration shall be performed as part of an ongoing, well-planned and structured

program. In all cases, it is preferable to plan, execute and validate the records conversion or migration process

proactively, with adequate time and resources and with the least disruption to stakeholders and their respective

business cycles and functions. During an unplanned event (natural or human-made), conversion or migration

may have to be undertaken under extreme and therefore less than ideal conditions, which make it more costly

and disruptive.
4.3.2 Risk management

Significant costs can be associated with the conversion and migration of digital records. As a result, an

organization shall decide whether to convert or migrate some, all, or no records, based upon its level of

acceptable risk. Records shall be analysed to determine their importance to the organization and the risk

associated with their potential loss or corruption. Part of the organization’s records management program

should be to conduct an evaluation of records for retention purposes and assess the risks associated with

them. Normally, the organization’s records retention policies document these decisions.

An organization’s records management practices are based on operational and other needs and perceptions

of risks. Operational needs (e.g. fulfilling regulatory requirements, product development, providing access or

documenting financial transactions) determine the strategies and levels of effort an organization undertakes

to ensure the trustworthiness of a record. Risk assessment and risk mitigation, along with other techniques,

are used to establish both management controls for and documentation requirements of activities. These

risk assessments can also be used to establish records management controls. Risk assessments shall be

conducted to establish appropriate levels of management controls prior to undertaking new initiatives.

From a records management perspective, two main risks are assessed when considering digital records:

1) challenges to the trustworthiness of the records (e.g. legal challenges) that can be expected over the

life of the records;
2) loss, including loss of access to or unauthorized destruction of records.

Consequences are measured by the degree of loss that the organization or its customers would suffer if

the trustworthiness of the records could not be verified or in the event of unauthorized loss or unauthorized

destruction of records.
© ISO 2012 – All rights reserved 5
---------------------- Page: 10 ----------------------
ISO 13008:2012(E)
4.3.3 When to convert or migrate

Conversion or migration of records shall be performed before the technology and media (e.g. magnetic disks

such as floppy disks, magnetic tape, and optical disks such as CDs and DVDs) upon which they depend

become obsolete. Depending on factors such as volume and access requirements, it may be desirable to

convert or migrate the records as soon as the target or end environment is known. If the perceived value of

and/or risk to the records are sufficiently low, organizations might choose to wait until some other driver (e.g.

software upgrade, system replacement, acquisition or merger) triggers the justification to convert or migrate.

4.3.4 Conversion and migration activities

In the digital environment, conversion and migration of an organization’s records will be a routine activity, and

therefore the organization should have a program, plans, and directives as necessary to ensure this activity is

conducted in accordance with standards and business practices. Document obligations and interdependencies

related to records preservation shall be acknowledged as early as possible in the analysis and requirements

definition phase of both business process planning and technology investment planning.

When deciding whether internal or external resources, or a combination, will execute the conversion and

migration activities (project-based), the following factors shall be taken into account.

— Skill sets: whether the organization has staff with the experience and knowledge to perform conversion

and migration activities.

— Availability of human and technical resources: whether staff members with the appropriate skill sets are

available during the project timeframe.

— Equipment: whether the organization has the right environment and tools to perform conversion and

migration activities.

— Cost and timeline: whether the organization has the resources (budget and time) to perform conversion

and migration activities.

— Capability to perform quality assurance/quality control: whether the organization has personnel with the

experience and knowledge to perform quality assurance and quality control activities.

— Data sharing/data stewardship/ownership: which person(s) or business unit(s) in the organization will lead

the conversion and migration activities.

— Validation: whether the organization has staff with the experience and knowledge needed to validate

conversion and migration activities.

— Business cycles: which person(s) or business unit(s) in the organization will decide when conversion and

migration activities shall occur.
4.4 Establishing a conversion and migration program
4.4.1 General

Organizations that maintain digital records for such periods that necessitate regular and ongoing conversion

or migration shall establish a conversion and migration program before carrying out major digital records

conversions or migrations.

This implies that the requirement to convert or migrate the digital components making up the organization’s

records is recognized, and a governance structure with direct or delegated executive authority is in place. The

corporate policies of the organization shall authorize the establishment of a conversion and migration program.

The conversion and migration program governance structure authorizes when and how conversions and

migrations occur and who is to carry them out. Normally, records professionals are responsible for authorizing

the conversion and migration process with assistance from IT, the owner(s) of the business and the legal staff.

The conversion and migration program governance structure also authorizes whatever audit process is to be

implemented and identifies who is responsible for performing it.
6 © ISO 2012 – All rights reserved
---------------------- Page: 11 ----------------------
ISO 13008:2012(E)

Setting out the authorization and business area(s) responsible is essential to establishing conversion and

migration as a normal and routine business activity for an organization.

To minimize risk in larger organizations, the conversion and migration program shall include authorization for:

— a limited number of events that trigger conversion or migration;
— the types of conversions and migrations to be done, and their intervals;

— the method of recording (and certifying if necessary) that the above activities are carried out as required.

The organization’s policy or procedures document shall list these authorizations.

4.4.2 Development of procedures manuals

The process of converting and migrating digital records interferes significantly with the records’ existence,

creating risks to their authenticity, integrity, reliability and usability. To mitigate these risks, it is important to

control the process by applying approved and documented procedures.

The approach to the development of a conversion and migration procedures manual is at the discretion of the

individual organization. There c
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.