records management in the Cloud 1.png

ISO/TR 22428-1:2020 titled 'Information and documentation – Records management in the cloud: Issues and concerns was published in September 2020. This document offers guidance on how to establish a basic management model to address the security, legal, and technical challenges associated with records stored in the cloud.

While there are many resources available that outline the essential elements of information security, such as ISO/IEC 27001, which cover hardware, software, and more, there is limited information specifically focused on digital assets stored in the cloud.

The development of this model by ISO/TC 46/SC 11 also takes into consideration regulatory and legal issues. Since different countries have varying legislation and regulations, the model aims to provide an understanding of best practices that can be implemented across most jurisdictions.

The Technical Report provides the following information:

  1. Processes for managing records in the cloud, based on standards such as ISO15489, ISO30301, ISO17068, and others.

  2. Reference architectures for managing digital records.

  3. How to assess the main risk factors associated with cloud services, from the perspectives of both stakeholders and providers.

The document includes use cases that help explain the main issues in a non-technical manner, addressing:

  • Security concerns related to digital records
  • Regulatory, legal, and normative requirements
  • Risk assessment in any cloud-based context for records management
  • Consideration of data backup and preservation failures

The goal of this document is to provide a practical and easy-to-understand tool for both technical and business professionals operating in cloud environments. It includes use cases and examples of commonly used schemas from around the world.