Records in the cloud

The ISO/TR 22428-1:2020 'Information and documentation – Records management in the cloud: Issues and concerns' was published in September 2020.  It provides guidance on how to implement a basic management model regarding the security, legal and technical issues relating to records.

Many resources describe the main elements of information security (e.g. ISO/IEC 27001), covering hardware, software, etc, plus some emerging schemas for the Service Level Agreements between clients and providers (e.g. from the Cloud Security Alliance), but there is little about digital assets stored in the cloud.

Regulatory and legal issues are also key aspects of this model being developed by ISO/TC 46/SC 11, taking into account that it should provide understanding on good practice for most countries where different legislation and normative regulations will determine how to implement the model.

The Technical Report describes:

  • Records  processes in the cloud (based on ISO15489, ISO30301, ISO17068, etc)
  • Reference architectures for digital records management
  • How to assess the main cloud service risk factors (from the stakeholder and provider points of view).

Work on this document includes use cases, helping to explain the main issues in a non-technical environment  including:

  • Security regarding digital records 
  • Regulatory, legal, and normative requirements 
  • Risk assessment in any Cloud-based context for records
  • Data backup and preservation failures to be taken into account.

The goal is to provide a practical and easy-to-understand tool for either the technical and business cloud environment, introducing use cases and examples of main schemas used worldwide.