1、BSI Standards PublicationBS ISO 16919:2014Space data and informationtransfer systems Requirements for bodiesproviding audit andcertification of candidatetrustworthy digital repositoriesBS ISO 16919:2014 BRITISH STANDARDNational forewordThis British Standard is the UK implementation of ISO 16919:2014
2、. The UK participation in its preparation was entrusted to TechnicalCommittee ACE/68, Space systems and operations.A list of organizations represented on this committee can be obtained on request to its secretary.This publication does not purport to include all the necessary provisions of a contract
3、. Users are responsible for its correct application. The British Standards Institution 2014.Published by BSI Standards Limited 2014ISBN 978 0 580 74134 0 ICS 03.120.20; 49.140 Compliance with a British Standard cannot confer immunity from legal obligations.This British Standard was published under t
4、he authority of the Standards Policy and Strategy Committee on 30 November 2014.Amendments/corrigendaissued since publicationDate Text affectedReference numberISO 16919:2014(E)ISO 2014INTERNATIONALSTANDARDISO16919First edition2014-11-01Space data and information transfersystems Requirements for bodi
5、esproviding audit and certification ofcandidate trustworthy digital repositoriesSystmes de transfert des informations et donnes spatiales Exigences pour les organismes daudit et de certification desrfrentiels numriques potentiellement de confiance BS ISO 16919:2014ISO 16919:2014(E) COPYRIGHT PROTECT
6、ED DOCUMENT ISO 2014 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission.Permiss
7、ion can be requested from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO 2014 All rights r
8、eservedBS ISO 16919:2014ISO 16919:2014(E)BS ISO 16919:2014ISO 16919:2014(E) iiiForewordISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through IS
9、O technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates c
10、losely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criter
11、ia needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives). Attention is drawn to the possibility that some of the elements of this document may be the subject of
12、patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).Any trade name u
13、sed in this document is information given for the convenience of users and does not constitute an endorsement. For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISOs adherence to the WTO principles in the Technical
14、Barriers to Trade (TBT) see the following URL: Foreword - Supplementary informationISO 16919 was prepared by the Consultative Committee for Space Data Systems (CCSDS) (as CCSDS 652.1-M-2, March 2014) and was adopted (without modifications except those stated in Clause 2 of this International Standar
15、d) by Technical Committee ISO/TC 20, Aircraft and space vehicles, Subcommittee SC 13, Space data and information transfer systems. ISO 2014 All rights reservedBS ISO 16919:2014ISO 16919:2014(E)BS ISO 16919:2014BS ISO 16919:2014INTERNATIONAL STANDARD ISO 16919:2014(E) ISO 2014 All rights reserved 1Sp
16、ace data and information transfer systems Requirements for bodies providing audit and certification of candidate trustworthy digital repositories 1 ScopeThe main purpose of this document is to define a CCSDS Recommended Practice and ISO International Standard on which to base the operations of the o
17、rganization(s) which assess the trustworthiness of digital repositories using ISO 16363 and provide the appropriate certification. This document specifies requirements for bodies providing audit and certification of digital repositories, based on the metrics contained within ISO/IEC 17021 and CCSDS
18、652.0-M-1/ISO 16363. It is primarily intended to support the accreditation of bodies providing such certification. ISO/IEC 17021 provides the bulk of the requirements on bodies offering audit and certification for general types of management systems. However, for each specific type of system, specif
19、ic additional requirements will be needed, for example, to specify the standard against which the audit is to be made and the qualifications which auditors require. This document provides the (small number of) specific additions required for bodies providing audit and certification of candidate trus
20、tworthy digital repositories. Trustworthy here means that they can be trusted to maintain, over the long-term, the understandability and usability of digitally encoded information placed into their safekeeping. In order improve readability, the clause numbers are kept consistent with those of ISO/IE
21、C 17021. Some subclauses are applicable as they stand, and these are simply enumerated; otherwise additions to subclauses are explicitly given. In the former case, the clauses may consist of just a few sentences. As a result, this document must be read in conjunction with ISO/IEC 17021. The requirem
22、ents contained in this CCSDS Recommended Practice need to be demonstrated in terms of competence and reliability by any organization or body providing certification of digital repositories This document is meant primarily for those setting up and managing the organization performing the auditing and
23、 certification of digital repositories. It should also be of use to those who work in or are responsible for digital repositories seeking objective measurement of the trustworthiness of their repository and wishing to understand the processes involved. 2 RequirementsRequirements are the technical re
24、commendations made in the following publication (reproduced on the following pages), which is adopted as an International Standard: CCSDS 652.1-M-2, March 2014, Requirements for Bodies Providing Audit and Certification of Candidate Trustworthy Digital RepositoriesFor the purposes of international st
25、andardization, the modifications outlined below shall apply to the specific clauses and paragraphs of publication CCSDS 652.1-M-2. Pages i to vi BS ISO 16919:2014ISO 16919:2014(E) 2 ISO 2014 All rights reservedThis part is information which is relevant to the CCSDS publication only. 3 Revision of pu
26、blication CCSDS 652.1-M-2 It has been agreed with the Consultative Committee for Space Data Systems that Subcommittee ISO/TC 20/SC 13 will be consulted in the event of any revision or amendment of publication CCSDS 652.1-M-2. To this end, NASA will act as a liaison body between CCSDS and ISO.BS ISO
27、16919:2014Recommendation for Space Data System Practices REQUIREMENTS FOR BODIES PROVIDING AUDIT AND CERTIFICATION OF CANDIDATE TRUSTWORTHY DIGITAL REPOSITORIES RECOMMENDED PRACTICE CCSDS 652.1-M-2 MAGENTA BOOK March 2014 ISO 2014 All rights reservedISO 16919:2014(E) BS ISO 16919:2014ISO 16919:2014(
28、E)BS ISO 16919:2014Recommendation for Space Data System Practices REQUIREMENTS FOR BODIES PROVIDING AUDIT AND CERTIFICATION OF CANDIDATE TRUSTWORTHY DIGITAL REPOSITORIES RECOMMENDED PRACTICE CCSDS 652.1-M-2 MAGENTA BOOK March 2014 ISO 2014 All rights reservedISO 16919:2014(E) BS ISO 16919:2014ISO 16
29、919:2014(E)BS ISO 16919:2014RECOMMENDED PRACTICE FOR REQUIREMENTS FOR BODIES PROVIDING AUDIT AND CERTIFICATION OF CANDIDATE TRUSTWORTHY DIGITAL REPOSITORIES AUTHORITYIssue: Recommended Practice, Issue 2 Date: March 2014 Location: Washington, DC, USA This document has been approved for publication by
30、 the Management Council of the Consultative Committee for Space Data Systems (CCSDS) and represents the consensus technical agreement of the participating CCSDS Member Agencies. The procedure for review and authorization of CCSDS documents is detailed in Organization and Processes for the Consultati
31、ve Committee for Space Data Systems (CCSDS A02.1-Y-3), and the record of Agency participation in the authorization of this document can be obtained from the CCSDS Secretariat at the address below. This document is published and maintained by: CCSDS Secretariat Space Communications and Navigation Off
32、ice, 7L70 Space Operations Mission Directorate NASA Headquarters Washington, DC 20546-0001, USA CCSDS 652.1-M-2 Page i March 2014 ISO 2014 All rights reservedISO 16919:2014(E) BS ISO 16919:2014RECOMMENDED PRACTICE FOR REQUIREMENTS FOR BODIES PROVIDING AUDIT AND CERTIFICATION OF CANDIDATE TRUSTWORTHY
33、 DIGITAL REPOSITORIES AUTHORITYIssue: Recommended Practice, Issue 2 Date: March 2014 Location: Washington, DC, USA This document has been approved for publication by the Management Council of the Consultative Committee for Space Data Systems (CCSDS) and represents the consensus technical agreement o
34、f the participating CCSDS Member Agencies. The procedure for review and authorization of CCSDS documents is detailed in Organization and Processes for the Consultative Committee for Space Data Systems (CCSDS A02.1-Y-3), and the record of Agency participation in the authorization of this document can
35、 be obtained from the CCSDS Secretariat at the address below. This document is published and maintained by: CCSDS Secretariat Space Communications and Navigation Office, 7L70 Space Operations Mission Directorate NASA Headquarters Washington, DC 20546-0001, USA CCSDS 652.1-M-2 Page i March 2014 ISO 2
36、014 All rights reservedISO 16919:2014(E) BS ISO 16919:2014ISO 16919:2014(E)BS ISO 16919:2014RECOMMENDED PRACTICE FOR REQUIREMENTS FOR BODIES PROVIDING AUDIT AND CERTIFICATION OF CANDIDATE TRUSTWORTHY DIGITAL REPOSITORIES STATEMENT OF INTENT The Consultative Committee for Space Data Systems (CCSDS) i
37、s an organization officially established by the management of its members. The Committee meets periodically to address data systems problems that are common to all participants, and to formulate sound technical solutions to these problems. Inasmuch as participation in the CCSDS is completely volunta
38、ry, the results of Committee actions are termed Recommendations and are not in themselves considered binding on any Agency. CCSDS Recommendations take two forms: Recommended Standards that are prescriptive and are the formal vehicles by which CCSDS Agencies create the standards that specify how elem
39、ents of their space mission support infrastructure shall operate and interoperate with others; and Recommended Practices that are more descriptive in nature and are intended to provide general guidance about how to approach a particular problem associated with space mission support. This Recommended
40、 Practice is issued by, and represents the consensus of, the CCSDS members. Endorsement of this Recommended Practice is entirely voluntary and does not imply a commitment by any Agency or organization to implement its recommendations in a prescriptive sense. No later than five years from its date of
41、 issuance, this Recommended Practice will be reviewed by the CCSDS to determine whether it should: (1) remain in effect without change; (2) be changed to reflect the impact of new technologies, new requirements, or new directions; or (3) be retired or canceled. In those instances when a new version
42、of a Recommended Practice is issued, existing CCSDS-related member Practices and implementations are not negated or deemed to be non-CCSDS compatible. It is the responsibility of each member to determine when such Practices or implementations are to be modified. Each member is, however, strongly enc
43、ouraged to direct planning for its new Practices and implementations towards the later version of the Recommended Practice. CCSDS 652.1-M-2 Page ii March 2014 ISO 2014 All rights reservedISO 16919:2014(E) BS ISO 16919:2014RECOMMENDED PRACTICE FOR REQUIREMENTS FOR BODIES PROVIDING AUDIT AND CERTIFICA
44、TION OF CANDIDATE TRUSTWORTHY DIGITAL REPOSITORIES FOREWORDThis document is a technical Recommended Practice to use for setting the requirements for bodies providing audit and certification of trustworthy digital repositories. Through the process of normal evolution, it is expected that expansion, d
45、eletion, or modification of this document may occur. This Recommended Practice is therefore subject to CCSDS document management and change control procedures, which are defined in the Organization and Processes for the Consultative Committee for Space Data Systems(CCSDS A02.1-Y-3). Current versions
46、 of CCSDS documents are maintained at the CCSDS Web site: http:/www.ccsds.org/Questions relating to the contents or status of this document should be addressed to the CCSDS Secretariat at the address indicated on page i. CCSDS 652.1-M-2 Page iii March 2014 ISO 2014 All rights reservedISO 16919:2014(
47、E) BS ISO 16919:2014ISO 16919:2014(E)BS ISO 16919:2014RECOMMENDED PRACTICE FOR REQUIREMENTS FOR BODIES PROVIDING AUDIT AND CERTIFICATION OF CANDIDATE TRUSTWORTHY DIGITAL REPOSITORIES STATEMENT OF INTENT The Consultative Committee for Space Data Systems (CCSDS) is an organization officially establish
48、ed by the management of its members. The Committee meets periodically to address data systems problems that are common to all participants, and to formulate sound technical solutions to these problems. Inasmuch as participation in the CCSDS is completely voluntary, the results of Committee actions a
49、re termed Recommendations and are not in themselves considered binding on any Agency. CCSDS Recommendations take two forms: Recommended Standards that are prescriptive and are the formal vehicles by which CCSDS Agencies create the standards that specify how elements of their space mission support infrastructure shall operate and interoperate with others; and Recommended Practices that are more descriptive in nature and are intended to provide general guidance about how to approach a particular problem associated with space mission su
