Records on the cloud
A Technical Report is under development on 'Information and documentation – Records management in the cloud: Issues and concerns'. It will provide guidance on how to implement a basic management model regarding the security, legal and technical issues relating to records.
Many resources describe the main elements of information security (e.g. ISO/IEC 27001), covering hardware, software, etc, plus some emerging schemas for the Service Level Agreements between clients and providers (e.g. from the Cloud Security Alliance), but there is little about digital assets stored in the cloud.
Regulatory and legal issues are also key aspects of this model being developed by ISO/TC 46/SC 11, taking into account that it should provide understanding on good practice for most countries where different legislation and normative regulations will determine how to implement the model.
The Technical Report will describe:
- Records processes in the cloud (based on ISO15489, ISO30301, ISO17068, etc)
- Reference architectures for digital records management
- How to assess the main cloud service risk factors (from the stakeholder and provider points of view).
Work on this document includes use cases, helping to explain the main issues in a non technical environment including:
- Security regarding digital records
- Regulatory, legal and normative requirements
- Risk assessment in any Cloud-based context for records
- Data backup and preservation failures to be taken into account.
The goal is provide a practical and easy to understand tool for either the technical and business cloud environment, introducing use cases and examples of main schemas used worldwide.