ISO INTERNATIONAL STANDARD 18829 First edition 2017-06 Document management Assessing ECM/EDRM implementations Trustworthiness Gestion de documents - Evaluation de la mise en oeuvre des ECM/ EDRM-Fiabilite Reference number ISO 18829:2017(E) International Organization for Standardization @ IS0 2017 =ZHEJIANG INST OF STANDARDIZATION C1 5956617 vided by IHS underI Not for Resale, 2017/8/21 02:12:37 ted without license from IHS IS0 18829:2017(E) COPYRIGHTPROTECTEDDOCUMENT IS0 2017, Published in Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO's member body in the country of the requester. ISOcopyrightoffice Ch. de Blandonnet 8 . CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 copyright@iso.org www.iso.org Internatinair PrganizationforStandardization icensee-ZHEJIANG INSTOF STANDARDIZAoISQ07 -All rights reserved Not for Resale, 2017/8/21 02:12:37 etworking permitted without license from IHS IS0 18829:2017(E) Contents Page Foreword ..iv Introduction. ..V 1 Scope. 2 Normative references ..1 3 Terms and definitions. ..1 4 Trustworthy ECM system assessment .2 4.1 General .2 4.1.1 Assessment output. .2 4.1.2 Process review. ..3 4.1.3 Fulfilling legal, government and regulatory requirements 4 4.2 Assessment activities 4 4.2.1 Review of existing business practice and other organizational documentation... 4 4.2.2 Evaluating information ingested into the system.. 4 4.2.3 Readability .5 4.3 Evaluating information retention, preservation and destruction .6 4.3.1 Application interoperability .6 4.3.2 Data migration between electronic storage media .6 4.3.3 Data format conversion ..6 4.3.4 Media monitoring program 4.3.5 Data expunging/deletion. .6 4.4 System security. 4.4.1 Security-related information to be collected/reviewed ..6 4.4.2 Securing the information to prevent unauthorized modification or deletion of ESI ..7 4.5 Evaluating information access. .7 4.5.1 General .7 4.5.2 Managing authorized modification. .8 4.6 Evaluating history and audit trail information 4.6.1 General ..8 4.6.2 Retrievalofpreviousdocumentversionreguiredtobemaintained 4.6.3 Management of notes and annotations as part of a business record .9 4.6.4 Management of ESI containing macros and/or external links. 4.7 Evaluating technical and data storage environments ..10 4.7.1 Information security models. .10 4.7.2 Storage technologies assessment .10 4.7.3 Technology standards being followed by organization .10 4.7.4 Primary and secondary storage. 10 Bibliography .12 iii ZHEJIANG INST OF STANDARDIZATION C1 5956617 vithoutlicense from IHS Not for Resale, 2017/8/21 02:12:37