Digital processes and services

In addition to setting out standards for the requirements for records management, ISO TC 46 SC 11 also sets standards for the provision of processes and services which enable or support good records management. The current standards below have been published to support the requirements and guidance as set out for good records management practice in ISO15489.

 

 

ISO 13008:2012: Information and documentation — Digital records conversion and migration process

 

ISO 13008:2012 specifies the planning issues, requirements, and procedures for the conversion and/or migration of digital records (which includes digital objects plus metadata) in order to preserve the authenticity, reliability, integrity, and usability of such records as evidence of business transactions, whether the digital records are active or residing in a repository.  It provides guidance for the conversion of records from one format to another and the migration of records from one hardware or software configuration to another.  It contains:

  • applicable records management requirements
  • the organizational and business framework for conducting the conversion and migration process
  • the technology planning issues, and monitoring/controls for the process.

This Standard also identifies the steps, components, and particular methodologies for each of these processes, covering such topics as workflow, testing, version control, and validation.

Conversion and migration represent separate approaches to preserving digital records.

The Standard outlines the program components, planning issues, recordkeeping requirements, and procedures for performing the conversion and migration of digital records to preserve their authenticity, reliability, integrity, and usability so that they continue to act as evidence of business transactions.

In addition, it will assist organizations to incorporate future planning for further conversion and/or migration of records among requirements for managing enterprise electronic recordkeeping systems.

Since 2018, the standard is under revision. A Working Group has established to revise the standard to update it with the latest knowledge and good practices.

ISO/TR 13028:2010: Information and documentation - Implementation guidelines for digitization of records

 

ISO/TR 13028 establishes guidelines for creating and maintaining records in digital format, where the original paper (or other non-digital) source record has been copied by digitization and the disposal of the original records. It establishes:

  • best practice guidelines for the trustworthiness of the digitized records which may impact on the legal admissibility and evidential weight of such records;
  • best practice guidelines for the accessibility of digitized records for as long as they are required;
  • specifies strategies to assist in creating digitized records fit for long-term retention; and
  • establishes best practice guidelines for the management of non-digital source records following digitization.

ISO/TR 13028:2010 can be used in the design and conduct of responsible digitization by all organizations undertaking digitization, either business process digitization or legacy digitization projects for records management purposes, as outlined in ISO 15489-1:2001 and ISO/TR 15801:2009.

ISO 17068:2017: Information and documentation - Trusted third party repository for digital records

 

ISO 17068:2017 sets the guidelines, and gives an overview of the processes for the delivery of authorized custody services for the storage records between third parties and their clients, i.e. Trusted Third Party Repositories.

It outlines the authorized custody services of a Trusted Third Party Repository which ensures the provable integrity and authenticity of the clients' digital records so that they may serve as a source of reliable evidence.

It describes the services and processes to be provided by a provider for the clients' digital records during the full retention period, to ensure the usability of those records for ongoing legal, regulatory and business process use. It also details the criteria of ensuring the attributes that ensure "trustworthiness" and the particular requirements of TTPR services, hardware and software systems, and their management.