ImageVerifierCode 换一换
格式:PDF , 页数:54 ,大小:1,022KB ,
资源ID:1257704      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-1257704.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ISO TR 15801-2017 Document management - Electronically stored information - Recommendations for trustworthiness and reliability《文件管理 信息电子存储 可信和可靠性推荐规范》.pdf)为本站会员(花仙子)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ISO TR 15801-2017 Document management - Electronically stored information - Recommendations for trustworthiness and reliability《文件管理 信息电子存储 可信和可靠性推荐规范》.pdf

1、 ISO 2017 Document management Electronically stored information Recommendations for trustworthiness and reliability Gestion de document Information stocke lectroniquement Recommandations pour contribuer lintgrit et la fiabilit des informations stockes TECHNICAL REPORT ISO/TR 15801 Reference number I

2、SO/TR 15801:2017(E) Third edition 2017-05 ISO/TR 15801:2017(E)ii ISO 2017 All rights reserved COPYRIGHT PROTECTED DOCUMENT ISO 2017, Published in Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any mea

3、ns, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Ch. de Blandonnet 8 CP 401 CH-

4、1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 copyrightiso.org www.iso.org ISO/TR 15801:2017(E)Foreword vi Introduction vii 1 Scope . 1 2 Normative references 1 3 T erms and definitions . 1 4 Information management policy . 2 4.1 General . 2 4.2 Information management

5、policy document 2 4.2.1 Contents . 2 4.2.2 ESI covered . 3 4.2.3 ESI roles and responsibilities 3 4.2.4 ESI security classification . 3 4.2.5 Storage media . 4 4.2.6 Data file formats and compression 4 4.2.7 Outsourcing 4 4.2.8 Standards related to information management 4 4.2.9 Retention and dispos

6、al schedules . 5 4.2.10 Information management responsibilities 5 4.2.11 Compliance with policy 5 5 Duty of care 5 5.1 General . 5 5.1.1 Trusted system 5 5.1.2 Controls 5 5.1.3 Segregation of roles . 6 5.2 Information security management 6 5.2.1 Information security policy 6 5.2.2 Risk assessment 7

7、5.2.3 Information security framework . 8 5.3 Business continuity planning . 8 5.4 Consultations 8 6 Procedures and processes 9 6.1 General . 9 6.2 Procedures manual . 9 6.2.1 Documentation 9 6.2.2 Content . 9 6.2.3 Compliance with procedures .10 6.2.4 Updating and reviews .10 6.3 ESI capture .10 6.3

8、.1 General.10 6.3.2 Creation and importing .11 6.3.3 Information loss 11 6.3.4 Metadata 12 6.4 Document image capture 12 6.4.1 General.12 6.4.2 Preparation of paper documents 12 6.4.3 Document batching .13 6.4.4 Photocopying .13 6.4.5 Scanning processes .14 6.4.6 Quality control 15 6.4.7 Rescanning

9、.17 6.4.8 Image processing 17 6.5 Data capture .17 ISO 2017 All rights reserved iii Contents Page ISO/TR 15801:2017(E)6.5.1 Data creation 17 6.5.2 Conversion and migration 18 6.6 Database considerations .18 6.6.1 General.18 6.6.2 Database systems .18 6.6.3 Database schemas 20 6.6.4 Master data manag

10、ement 20 6.6.5 Transactional vs. updating .21 6.7 Indexing .21 6.7.1 General.21 6.7.2 Manual indexing 21 6.7.3 Automatic indexing .21 6.7.4 Index storage 21 6.7.5 Index amendments .22 6.7.6 Index accuracy 22 6.8 Authenticated output procedures .22 6.9 ESI transmission .23 6.9.1 Intra-system ESI tran

11、sfer .23 6.9.2 External transmission of files 23 6.10 Information retention 24 6.11 Information preservation .25 6.12 Information destruction 25 6.13 Backup and system recovery .25 6.14 System maintenance .26 6.14.1 General.26 6.14.2 Scanning systems .26 6.15 Security and protection 27 6.15.1 Securi

12、ty procedures .27 6.15.2 Encryption keys .27 6.16 Use of contracted services . .28 6.16.1 General.28 6.16.2 Procedural considerations .28 6.16.3 Transportation of paper documents 29 6.16.4 Use of trusted third party 29 6.17 Workflow .29 6.18 Date and time stamps .30 6.19 Version control .30 6.19.1 I

13、nformation30 6.19.2 Documentation .30 6.19.3 Procedures and processes 31 6.20 Maintenance of documentation .31 7 Enabling technologies 31 7.1 General 31 7.2 System description manual .32 7.3 Storage media and sub-system considerations .32 7.4 Access levels .33 7.5 System integrity checks 33 7.5.1 Ge

14、neral.33 7.5.2 Digital and electronic signatures (including biometric signatures) .34 7.6 Image processing .34 7.7 Compression techniques .35 7.8 Form overlays and form removal .36 7.9 Environmental considerations .36 7.10 Migration .36 7.11 Information deletion and/or expungement .37 8 Audit trails

15、 .37 8.1 General 37 iv ISO 2017 All rights reserved ISO/TR 15801:2017(E)8.1.1 Audit trail data 37 8.1.2 Creation 38 8.1.3 Date and time .38 8.1.4 Storage .38 8.1.5 Access .39 8.1.6 Security and protection .39 8.2 System39 8.2.1 General.39 8.2.2 Audit trail information .40 8.2.3 Migration and convers

16、ion .40 8.3 ESI .40 8.3.1 General.40 8.3.2 ESI capture .40 8.3.3 Batch information 41 8.3.4 Indexing 42 8.3.5 Change control 42 8.3.6 Digital signatures 42 8.3.7 Destruction of information 43 8.3.8 Workflow .43 Bibliography .44 ISO 2017 All rights reserved v ISO/TR 15801:2017(E) Foreword ISO (the In

17、ternational Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee h

18、as been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical

19、 standardization. The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in

20、accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives). Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights

21、. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents). Any trade name used in this document is information given for the convenience of users and does not consti

22、tute an endorsement. For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISOs adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see

23、the following URL: w w w . i s o .org/ iso/ foreword .html. This document was prepared by Technical Committee ISO/TC 171, Document management applications, Subcommittee SC 1, Quality, preservation and integrity of information. This third edition cancels and replaces the second edition (ISO/TR 15801:

24、2009), which has been technically revised.vi ISO 2017 All rights reserved ISO/TR 15801:2017(E) Introduction This document defines recommended practices for electronic storage of business or other information in an electronic form. As such, complying with its recommendations is of value to organizati

25、ons even when the trustworthiness of the stored information is not being challenged, especially in jurisdictions with e-discovery legislation. Information originates from many sources. This document covers information in any form, from the traditional scanned images, word processed documents and spr

26、eadsheets to the more “modern” forms which include e-mail, web content, instant messages, CAD drawing files, blogs, wikis, etc. Also included is information stored in databases and other data storage systems. Recommendations in this document can be useful in systems that use local and/or cloud stora

27、ge. Users of this document should be aware that the implementation of these recommendations does not automatically ensure acceptability of the evidence contained within the information. Where electronically stored information (ESI) might be required in court or other adversarial situation, implement

28、ers of this document are advised to seek legal advice to ascertain the precise situation within their relevant legal environment. This document describes means by which it can be demonstrated, at any time, that the information created or existing within an information management system has not chang

29、ed since it was created within the system or imported into it. Regardless of the original format, it will be possible to demonstrate that information stored in a trustworthy information management system can be reliably reproduced in a consistent manner and accurately reflects what was originally st

30、ored without any material modification. Alternative versions of the information in a document might legitimately develop, e.g. revision of a contract. In these cases, the new versions are treated as new documents. The same principle can be applied when a significant change is made to a document in a

31、 workflow environment. Information technology based systems can store, in an electronic form, both documents and records. This document describes means for storing all types of ESI in a trustworthy and reliable manner, as part of an information governance strategy. Where records (as defined in ISO 1

32、5489-1) are stored, the requirements of this document can be used in conjunction with those specified in ISO 15489-1 to ensure that the policies and procedures described in this document work in conjunction with those specified in ISO 15489-1. When information preservation is considered, the require

33、ments of ISO 14641 can be used in conjunction with this document. Readers are advised to use this document in conjunction with other local sources, particularly with relevance to governmental and legal requirements in their respective jurisdictions. ISO 2017 All rights reserved vii Document manageme

34、nt Electronically stored information Recommendations for trustworthiness and reliability 1 Scope This document describes the implementation and operation of information management systems that store and make available for use electronically stored information (ESI) in a trustworthy and reliable mann

35、er. Such ESI can be of any type, including “page based” information, information in databases and audio/video information. This document is for use by any organization that uses systems to store trustworthy ESI over time. Such systems incorporate policies, procedures, technology and audit requiremen

36、ts that ensure that trustworthiness of the ESI is maintained. This document does not cover processes used to evaluate whether ESI can be considered to be trustworthy prior to it being stored or imported into the system. However, it can be used to demonstrate that, once the electronic information is

37、stored, output from the system will be a true and accurate reproduction of the ESI created and/or imported. 2 Normative references The following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only

38、 the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO 12651 (all parts), Electronic document management Vocabulary 3 T erms a nd definiti ons For the purposes of this document, the terms and definitions given in ISO

39、12651 (all parts) and the following apply. ISO and IEC maintain terminological databases for use in standardization at the following addresses: IEC Electropedia: available at h t t p :/ www .electropedia .org/ ISO Online browsing platform: available at h t t p :/ www .iso .org/ obp 3.1 electronicall

40、y stored information ESI data or information of any kind and from any source, whose temporal existence is evidenced by being stored in or on any electronic medium Note 1 to entry: ESI includes traditional e-mail, memos, letters, spreadsheets, databases, office documents, presentations and other elec

41、tronic formats commonly found on a computer. ESI also includes system, application and file-associated metadata such as timestamps, revision history, file type, etc. Note 2 to entry: Electronic medium can take the form of, but is not limited to, storage devices and storage elements. SOURCE: ISO/IEC

42、27040:2015, 3.16 TECHNICAL REPORT ISO/TR 15801:2017(E) ISO 2017 All rights reserved 1 ISO/TR 15801:2017(E) 3.2 information type groups of related information Note 1 to entry: In specific applications, “groups” can be identified as “sets”, “files”, “collections” or other similar terms. EXAMPLE Invoic

43、es, financial documents, data sheets, correspondence. 3.3 trustworthy ability to demonstrate authenticity, integrity and availability of ESI (3.1) over time 3.4 trusted system information technology system with the capability of managing ESI (3.1) in a trustworthy (3.3) manner 4 Information manageme

44、nt policy 4.1 General Information is one of the most important assets that any organization has at its disposal. Everything an organization does involve using information in some way. The quantity of information can be vast and there are many different ways of representing and storing it. The value

45、of information used and the manner in which it is applied and moved within and between organizations can determine the success or failure of those organizations. Information, like any other asset, needs to be classified, structured, validated, valued, secured, monitored, measured and managed efficie

46、ntly and effectively. This clause describes documentation that states the organizations policy for the management of ESI. Additionally, this clause provides guidance to organizations with respect to the level of documentation required to enable an organization to clearly establish how the ESI contai

47、ned in a trusted system is reliable, accurate and trustworthy. Availability of this documentation can also be used to demonstrate that ESI management is part of normal business procedures. Where an information management system manages ESI that might be used as evidence in any legal or business proc

48、ess, the appropriate legal advisors should be consulted (see 5.4) to ensure that compliance with relevant legal or regulatory requirements is demonstrable. As legal and regulatory requirements vary from country to country (and sometimes within a country), legal advice should cover all relevant juris

49、dictions. 4.2 Information management policy document 4.2.1 Contents An information management policy document (the policy document) should be produced, documenting the organizations policy on the storage of ESI, as applicable to the trusted system. The policy document should contain sections which: specify what ESI is covered (see 4.2.2); state policy regarding roles and responsibilities for ESI (see 4.2.3); state ESI security classification policies (see 4.2.4); state policy regarding storage media (see 4.2.5); st

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1