1、raising standards worldwideNO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAWBSI Standards PublicationBS ISO 16363:2012Space data and informationtransfer systems Audit andcertification of trustworthydigital repositoriesBS ISO 16363:2012 BRITISH STANDARDNational forewordThis Briti
2、sh Standard is the UK implementation of ISO 16363:2012.The UK participation in its preparation was entrusted to TechnicalCommittee ACE/68/-/7, Space systems and operations - Space dataand information transfer systems.A list of organizations represented on this committee can beobtained on request to
3、its secretary.This publication does not purport to include all the necessaryprovisions of a contract. Users are responsible for its correctapplication. The British Standards Institution 2012. Published by BSI StandardsLimited 2012ISBN 978 0 580 72840 2ICS 49.140Compliance with a British Standard can
4、not confer immunity fromlegal obligations.This British Standard was published under the authority of theStandards Policy and Strategy Committee on 29 February 2012.Amendments issued since publicationDate Text affectedBS ISO 16363:2012Reference numberISO 16363:2012(E)ISO 2012INTERNATIONAL STANDARD IS
5、O16363First edition2012-02-15Space data and information transfer systems Audit and certification of trustworthy digital repositories Systmes de transfert des informations et donnes spatiales Audit et certification des rfrentiels numriques de confiance BS ISO 16363:2012ISO 16363:2012(E) COPYRIGHT PRO
6、TECTED DOCUMENT ISO 2012 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs
7、member body in the country of the requester. ISO copyright office Case postale 56 g120 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO 2012 All rights reservedBS ISO 16363:2012ISO 16363:2012(E) ISO 2012 All rights
8、 reserved iiiForeword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject
9、for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) o
10、n all matters of electrotechnical standardization. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees
11、are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held
12、 responsible for identifying any or all such patent rights. ISO 16363 was prepared by the Consultative Committee for Space Data Systems (CCSDS) (as CCSDS 652.0-M-1, September 2011) and was adopted (without modifications except those stated in Clause 2 of this International Standard) by Technical Com
13、mittee ISO/TC 20, Aircraft and space vehicles, Subcommittee SC 13, Space data and information transfer systems. BS ISO 16363:2012BS ISO 16363:2012INTERNATIONAL STANDARD ISO 16363:2012(E) ISO 2012 All rights reserved 1Space data and information transfer systems Audit and certification of trustworthy
14、digital repositories 1 Scope This International Standard defines a recommended practice for assessing the trustworthiness of digital repositories. It is applicable to the entire range of digital repositories. This International Standard can be used as a basis for certification. The scope and field o
15、f application are furthermore detailed in subclauses 1.1 and 1.2 of the enclosed CCSDS publication. 2 Requirements Requirements are the technical recommendations made in the following publication (reproduced on the following pages), which is adopted as an International Standard: CCSDS 652.0-M-1, Sep
16、tember 2011, Audit and certification of trustworthy digital respositories For the purposes of international standardization, the modifications outlined below shall apply to the specific clauses and paragraphs of publication CCSDS 652.0-M-1. Pages i to v This part is information which is relevant to
17、the CCSDS publication only. Page 1-6 Add the following information to the reference indicated: 1 Document CCSDS 650.0-B-1, January 2002, is equivalent to ISO 14721:2003. Page B-1 Add the following information to the reference indicated: B5 Document CCSDS 661.0-B-1, September 2008, is equivalent to I
18、SO 13527:2010. B6 Document CCSDS 644.0-B-3, June 2010, is equivalent to ISO 15889:2011. B7 Document CCSDS 647.1-B-1, June 2001, is equivalent to ISO 21961:2003. 3 Revision of publication CCSDS 652.0-M-1 It has been agreed with the Consultative Committee for Space Data Systems that Subcommittee ISO/T
19、C 20/SC 13 will be consulted in the event of any revision or amendment of publication CCSDS 652.0-M-1. To this end, NASA will act as a liaison body between CCSDS and ISO. BS ISO 16363:2012ISO 16363:2012(E) 2 ISO 2012 All rights reserved(blank page) Recommendation for Space Data System Practices AUDI
20、T AND CERTIFICATION OF TRUSTWORTHY DIGITAL REPOSITORIES RECOMMENDED PRACTICE CCSDS 652.0-M-1 MAGENTA BOOK September 2011 ISO 16363:2012(E) ISO 2012 All rights reserved3BS ISO 16363:20124 ISO 2012 All rights reserved(blank page) ISO 16363:2012(E) AUDIT AND CERTIFICATION OF TRUSTWORTHY DIGITAL REPOSIT
21、ORIES CCSDS 652.0-M-1 Page i September 2011 AUTHORITY Issue: Recommended Practice, Issue 1 Date: September 2011 Location: Washington, DC, USA This document has been approved for publication by the Management Council of the Consultative Committee for Space Data Systems (CCSDS) and represents the cons
22、ensus technical agreement of the participating CCSDS Member Agencies. The procedure for review and authorization of CCSDS documents is detailed in the Procedures Manual for the Consultative Committee for Space Data Systems, and the record of Agency participation in the authorization of this document
23、 can be obtained from the CCSDS Secretariat at the address below. This document is published and maintained by: CCSDS Secretariat Space Communications and Navigation Office, 7L70 Space Operations Mission Directorate NASA Headquarters Washington, DC 20546-0001, USA ISO 2012 All rights reserved5ISO 16
24、363:2012(E)AUDIT AND CERTIFICATION OF TRUSTWORTHY DIGITAL REPOSITORIES CCSDS 652.0-M-1 Page ii September 2011 STATEMENT OF INTENT The Consultative Committee for Space Data Systems (CCSDS) is an organization officially established by the management of its members. The Committee meets periodically to
25、address data systems problems that are common to all participants, and to formulate sound technical solutions to these problems. Inasmuch as participation in the CCSDS is completely voluntary, the results of Committee actions are termed Recommendations and are not in themselves considered binding on
26、 any Agency. CCSDS Recommendations take two forms: Recommended Standards that are prescriptive and are the formal vehicles by which CCSDS Agencies create the standards that specify how elements of their space mission support infrastructure shall operate and interoperate with others; and Recommended
27、Practices that are more descriptive in nature and are intended to provide general guidance about how to approach a particular problem associated with space mission support. This Recommended Practice is issued by, and represents the consensus of, the CCSDS members. Endorsement of this Recommended Pra
28、ctice is entirely voluntary and does not imply a commitment by any Agency or organization to implement its recommendations in a prescriptive sense. No later than five years from its date of issuance, this Recommended Practice will be reviewed by the CCSDS to determine whether it should: (1) remain i
29、n effect without change; (2) be changed to reflect the impact of new technologies, new requirements, or new directions; or (3) be retired or canceled. In those instances when a new version of a Recommended Practice is issued, existing CCSDS-related member Practices and implementations are not negate
30、d or deemed to be non-CCSDS compatible. It is the responsibility of each member to determine when such Practices or implementations are to be modified. Each member is, however, strongly encouraged to direct planning for its new Practices and implementations towards the later version of the Recommend
31、ed Practice. 6 ISO 2012 All rights reservedISO 16363:2012(E) AUDIT AND CERTIFICATION OF TRUSTWORTHY DIGITAL REPOSITORIES CCSDS 652.0-M-1 Page iii September 2011 FOREWORD This document is a technical Recommendation to use as the basis for providing audit and certification of the trustworthiness of di
32、gital repositories. It provides a detailed specification of criteria by which digital repositories shall be audited. The OAIS Reference Model (reference 1) contained a roadmap which included the need for a certification standard. The initial work was to be carried out outside CCSDS and then brought
33、back into CCSDS to take into the standard. In 2003, Research Libraries Group (RLG) and the National Archives and Records Administration (NARA) created a joint task force to specifically address digital repository certification. That task force published Trustworthy Repositories Audit covers Digital
34、Object Management; covers Infrastructure and Security Risk Management. Each section groups metrics into one or more subsections. Security considerations are discussed in annex A. Annex B provides Informative References. 1.5 DEFINITIONS 1.5.1 ACRONYMS AND ABBREVIATIONS AIP Archival Information Packag
35、e (defined in reference 1) CCSDS Consultative Committee for Space Data Systems DEDSL Data Entity Specification Language (see reference B7) DIP Dissemination Information Package (defined in reference 1) FITS Flexible Image Transport System GIS Geographic Information System ISO International Organizat
36、ion for Standardization OAIS Open Archival Information System (see reference 1) PDI Preservation Description Information (defined in reference 1) SIP Submission Information Package (defined in reference 1) TEI Text Encoding Initiative UML Unified Modeling Language XML Extensible Markup Language 1.5.
37、2 TERMINOLOGY Digital preservation interests a range of different communities, each with a distinct vocabulary and local definitions for key terms. A glossary is included in this document, but it is important to draw attention to the usage of several key terms. In general, key terms in this document
38、 have been adopted from the OAIS Reference Model. One of the great strengths of the OAIS Reference Model has been to provide a common terminology made up of terms not already overloaded with meaning so as to reduce conveying unintended meanings (reference 1). Because the OAIS has become a ISO 16363:
39、2012(E) ISO 2012 All rights reserved15AUDIT AND CERTIFICATION OF TRUSTWORTHY DIGITAL REPOSITORIES CCSDS 652.0-M-1 Page 1-4 September 2011 foundational document for digital preservation, the common terms are well understood and are therefore used within this document. The OAIS Reference Model uses di
40、gital archive to mean the organization responsible for digital preservation. In this document, the term repository or phrase digital repository is used to convey the same concept in all instances except when quoting from the OAIS. It is important to understand that in all instances in this document,
41、 repository and digital repository are used to convey digital repositories and archives that have, or contribute to, long-term preservation responsibilities and functionality. This document uses the OAIS concept of the Designated Community. A repository may have a single, generalized Designated Comm
42、unity (e.g., every citizen of a country), while other repositories may have several, distinct Designated Communities with highly specialized needs, each requiring different functionality or support from the repository; this document uses the term Designated Community to cover this second case also.
43、Finally, this document names criteria that, combined, evaluate the trustworthiness of digital repositories and archives. 1.5.2.1 Glossary Unless otherwise indicated, other definitions are taken from the OAIS Reference Model (reference 1). Access Policy: Written statement, authorized by the repositor
44、y management, that describes the approach to be taken by the repository for providing access to objects accessioned into the repository. The Access Policy may distinguish between different types of access rights, for example between system administrators, Designated Communities, and general users. P
45、ractice: Actions conducted to execute procedures. Practices are measured by logs or other evidence that record actions completed. Preservation Implementation Plan: A written statement, authorized by the management of the repository, that describes the services to be offered by the repository for pre
46、serving objects accessioned into the repository in accordance with the Preservation Policy. NOTE The relationship between these terms is motivated as follows. A repository is assumed to have an overall Repository Mission Statement, part of which will be concerned with preservation. The Preservation
47、Strategic Plan states how the mission will be achieved, in general terms with goals and objectives. The Preservation Policy then declares the range of approaches that the repository will employ to ensure preservation (that is, to implement the Preservation Strategic Plan), and finally the Preservati
48、on Implementation Plan translates those into services that the repository must carry out. This is an abstract documentary model that, in reality, can result in different documents, a different distribution of subjects between documents, different document names, etc. 16 ISO 2012 All rights reservedI
49、SO 16363:2012(E) AUDIT AND CERTIFICATION OF TRUSTWORTHY DIGITAL REPOSITORIES CCSDS 652.0-M-1 Page 1-5 September 2011 Preservation Policy: Written statement, authorized by the repository management, that describes the approach to be taken by the repository for the preservation of objects accessioned into the repository. The Preservation Policy is consistent with the Preservation Strategic Plan. Preservation Strategic Plan: A written statement, authorized by the management of the repository, t