ISO/TR 17068:2012 Information and documentation Certificate

ISO/TR 17068:2012 Information and Documentation – Trusted Third Party Repository for Digital Records

ISO/TR 17068:2012 is a technical report that provides guidelines for trusted third-party repositories (TTPRs) responsible for the long-term preservation of digital records. These repositories ensure the authenticity, reliability, and accessibility of digital records over time. The standard outlines requirements and best practices for establishing and operating TTPRs to support legal and organizational needs for trustworthy digital records management.


1. Overview of ISO/TR 17068:2012

1.1. Purpose and Scope The purpose of ISO/TR 17068:2012 is to offer guidance on the creation and management of trusted third-party repositories for digital records. It covers:

  • Roles and Responsibilities: Defines the roles of TTPRs in preserving digital records.
  • Best Practices: Provides best practices for the management, storage, and retrieval of digital records.
  • Compliance: Addresses compliance with legal, regulatory, and organizational requirements.

1.2. Importance

  • Authenticity: Ensures that digital records remain authentic and reliable over time.
  • Integrity: Protects the integrity of digital records from tampering and degradation.
  • Accessibility: Guarantees that digital records are accessible and usable when needed.

2. Key Requirements of ISO/TR 17068:2012

2.1. Governance and Management

Governance Structure

  • Establish Governance Framework: Implement a governance framework that outlines policies, procedures, and responsibilities for managing digital records.
  • Stakeholder Engagement: Engage stakeholders in the development and oversight of TTPR policies and practices.

Management Policies

  • Digital Preservation Policy: Develop a comprehensive digital preservation policy that addresses the long-term management of digital records.
  • Risk Management: Implement risk management practices to identify and mitigate risks associated with digital records preservation.

2.2. Technical Infrastructure

System Requirements

  • Reliable Storage Systems: Utilize reliable and scalable storage systems to securely store digital records.
  • Redundancy and Backup: Implement redundancy and backup mechanisms to protect against data loss.

Interoperability

  • Standards Compliance: Ensure that the TTPR system complies with relevant standards and protocols for interoperability.
  • Data Migration: Develop procedures for the migration of digital records to new formats or systems as needed.

2.3. Security and Privacy

Access Control

  • User Authentication: Implement strong user authentication mechanisms to control access to digital records.
  • Authorization Levels: Define authorization levels to restrict access based on user roles and responsibilities.

Data Protection

  • Encryption: Use encryption to protect digital records during storage and transmission.
  • Audit Trails: Maintain audit trails to track access and modifications to digital records.

2.4. Record Integrity and Authenticity

Integrity Checks

  • Checksums and Hashes: Utilize checksums and hash functions to verify the integrity of digital records.
  • Regular Audits: Conduct regular audits to ensure the integrity and authenticity of digital records.

Provenance Documentation

  • Metadata Management: Maintain comprehensive metadata for digital records to document their provenance and context.
  • Chain of Custody: Establish and document a chain of custody for digital records to ensure their authenticity.

2.5. Accessibility and Usability

Retrieval Systems

  • Efficient Retrieval: Implement efficient retrieval systems to ensure timely access to digital records.
  • User-Friendly Interfaces: Provide user-friendly interfaces for accessing and managing digital records.

Long-Term Accessibility

  • Format Preservation: Ensure the preservation of digital record formats to maintain long-term accessibility.
  • Usability Testing: Conduct usability testing to ensure that digital records remain usable over time.

3. Implementation Guidelines

3.1. Planning and Assessment

Needs Assessment

  • Identify Requirements: Conduct a needs assessment to identify specific requirements for the TTPR based on organizational goals and regulatory obligations.

Gap Analysis

  • Current State Evaluation: Evaluate the current state of digital records management and identify gaps in compliance with ISO/TR 17068:2012.
  • Future State Planning: Develop a roadmap for achieving compliance with the standard.

3.2. System Design and Development

Architectural Design

  • Modular Design: Design the TTPR system with a modular architecture to facilitate scalability and integration.
  • Standards-Based: Prioritize the use of standards-based technologies and protocols.

3.3. Deployment and Integration

Stakeholder Engagement

  • Collaborative Approach: Engage stakeholders, including IT staff, records managers, and legal advisors, in the implementation process.
  • Training and Education: Provide comprehensive training for users on TTPR policies and systems.

Phased Implementation

  • Pilot Testing: Conduct pilot testing to validate the TTPR system in a controlled environment.
  • Incremental Rollout: Implement the system in phases to manage risks and ensure smooth integration.

4. Case Studies

4.1. Case Study 1: National Archives

Overview: A national archive implemented ISO/TR 17068:2012 to establish a trusted third-party repository for preserving government records.

Results:

  • Improved Compliance: Achieved compliance with national and international regulations for digital records preservation.
  • Enhanced Security: Strengthened the security and integrity of government records through robust access controls and encryption.

4.2. Case Study 2: Corporate Records Management

Overview: A multinational corporation adopted ISO/TR 17068:2012 standards to manage and preserve its digital business records.

Results:

  • Operational Efficiency: Streamlined records management processes and improved efficiency in accessing and retrieving digital records.
  • Risk Mitigation: Reduced risks associated with data loss and unauthorized access through comprehensive risk management practices.

5. Conclusion

ISO/TR 17068:2012 provides a robust framework for the establishment and management of trusted third-party repositories for digital records. By adhering to these guidelines, organizations can ensure the authenticity, integrity, and accessibility of digital records over time. Implementing ISO/TR 17068:2012 is essential for meeting legal and regulatory requirements, safeguarding sensitive information, and supporting long-term digital preservation.


6. Recommendations

  • Adopt ISO/TR 17068:2012: Organizations should consider adopting ISO/TR 17068:2012 to enhance their digital records management practices.
  • Engage Stakeholders: Involve all relevant stakeholders in the implementation process to ensure success.
  • Continuous Improvement: Regularly review and update TTPR policies and systems to maintain compliance and address emerging challenges.

Contact Information:

For more information about ISO/TR 17068:2012 and its implementation, please contact:

  • Standards Organization: [Standards Organization Name]
  • Contact Person: [Contact Person Name]
  • Email: [Email Address]
  • Phone: [Phone Number]
  • Website: [Website URL]

Note: This white paper provides an overview of ISO/TR 17068:2012 and its significance for digital records management. For detailed implementation guidance, please refer to the official ISO/TR 17068:2012 document and consult with relevant experts.

What is required
ISO/TR 17068:2012 Information and documentation Certificate

Requirements for ISO/TR 17068:2012 Information and Documentation – Trusted Third Party Repository for Digital Records

ISO/TR 17068:2012 outlines a comprehensive framework for establishing and managing trusted third-party repositories (TTPRs) for digital records. The requirements are designed to ensure the authenticity, reliability, integrity, and accessibility of digital records over time. Here are the key requirements for achieving compliance with ISO/TR 17068:2012:

1. Governance and Management

1.1. Governance Framework

  • Policy Development: Establish a governance framework that includes policies, procedures, and responsibilities for digital records management.
  • Stakeholder Engagement: Engage relevant stakeholders in the development and oversight of TTPR policies and practices.

1.2. Management Policies

  • Digital Preservation Policy: Develop a comprehensive policy addressing the long-term preservation of digital records.
  • Risk Management: Implement risk management strategies to identify and mitigate risks associated with digital records preservation.

2. Technical Infrastructure

2.1. System Requirements

  • Reliable Storage Systems: Use reliable and scalable storage systems to securely store digital records.
  • Redundancy and Backup: Implement redundancy and backup mechanisms to protect against data loss.

2.2. Interoperability

  • Standards Compliance: Ensure that the TTPR system complies with relevant standards and protocols for interoperability.
  • Data Migration: Develop procedures for migrating digital records to new formats or systems as needed.

3. Security and Privacy

3.1. Access Control

  • User Authentication: Implement strong user authentication mechanisms to control access to digital records.
  • Authorization Levels: Define authorization levels to restrict access based on user roles and responsibilities.

3.2. Data Protection

  • Encryption: Use encryption to protect digital records during storage and transmission.
  • Audit Trails: Maintain audit trails to track access and modifications to digital records.

4. Record Integrity and Authenticity

4.1. Integrity Checks

  • Checksums and Hashes: Utilize checksums and hash functions to verify the integrity of digital records.
  • Regular Audits: Conduct regular audits to ensure the integrity and authenticity of digital records.

4.2. Provenance Documentation

  • Metadata Management: Maintain comprehensive metadata for digital records to document their provenance and context.
  • Chain of Custody: Establish and document a chain of custody for digital records to ensure their authenticity.

5. Accessibility and Usability

5.1. Retrieval Systems

  • Efficient Retrieval: Implement efficient retrieval systems to ensure timely access to digital records.
  • User-Friendly Interfaces: Provide user-friendly interfaces for accessing and managing digital records.

5.2. Long-Term Accessibility

  • Format Preservation: Ensure the preservation of digital record formats to maintain long-term accessibility.
  • Usability Testing: Conduct usability testing to ensure that digital records remain usable over time.

6. Compliance and Certification

6.1. Conformance Testing

  • Interoperability Testing: Conduct comprehensive testing to ensure that telehealth systems meet interoperability standards and can work together effectively.
  • Performance Testing: Test system performance under various conditions to ensure reliability and responsiveness.

6.2. Certification Process

  • Certification Bodies: Engage with recognized certification bodies to validate compliance with interoperability standards.
  • Continuous Monitoring: Implement continuous monitoring and regular audits to maintain compliance and address any issues that arise.

Steps to Achieve Certification

Step 1: Assessment and Planning

  • Conduct a needs assessment to identify specific requirements for your organization.
  • Evaluate the current state of digital records management and identify gaps.
  • Develop a roadmap for achieving compliance with ISO/TR 17068:2012.

Step 2: Policy and Procedure Development

  • Establish governance policies and procedures.
  • Develop a digital preservation policy and risk management strategies.

Step 3: System Design and Implementation

  • Design a reliable and scalable technical infrastructure.
  • Implement access control, encryption, and audit trail mechanisms.
  • Ensure interoperability and data migration capabilities.

Step 4: Testing and Validation

  • Conduct interoperability and performance testing.
  • Perform regular integrity checks and audits.
  • Validate metadata management and chain of custody processes.

Step 5: Certification and Continuous Improvement

  • Engage with certification bodies for validation.
  • Implement continuous monitoring and regular audits.
  • Update policies and procedures as needed to maintain compliance.

Achieving ISO/TR 17068:2012 certification ensures that your organization can effectively manage and preserve digital records, providing confidence in their authenticity, integrity, and accessibility over time.

Who is required
ISO/TR 17068:2012 Information and documentation Certificate

ISO/TR 17068:2012, Information and documentation – Trusted third party repository for digital records, is relevant to a range of organizations that manage digital records and need to ensure their long-term preservation, authenticity, reliability, and accessibility. The standard is particularly important for:

1. Archives and Libraries

  • National and State Archives: Institutions responsible for preserving government records and historical documents.
  • University Libraries and Archives: Institutions managing academic and research records, theses, dissertations, and historical documents.

2. Government Agencies

  • Public Sector Organizations: Agencies that manage public records and need to ensure compliance with legal and regulatory requirements for record preservation.
  • Judicial and Legal Departments: Agencies responsible for preserving legal documents and court records.

3. Corporations and Businesses

  • Multinational Corporations: Companies with significant digital records, such as financial records, corporate documents, and intellectual property, that require long-term preservation.
  • Healthcare Organizations: Hospitals, clinics, and other healthcare providers that need to preserve medical records and patient data.

4. Financial Institutions

  • Banks and Insurance Companies: Organizations that must preserve financial records, transaction data, and customer information securely and for extended periods.

5. Research Institutions

  • Scientific and Technical Research Centers: Institutions that generate and manage extensive research data, requiring preservation and accessibility for future reference.

6. Educational Institutions

  • Schools and Universities: Institutions managing student records, research data, and administrative documents that need to be preserved over time.

7. Legal and Professional Services

  • Law Firms: Firms that need to manage and preserve legal documents, case files, and other critical records.
  • Consulting Firms: Organizations that handle sensitive client data and need to ensure its long-term preservation.

8. Cultural Heritage Organizations

  • Museums and Galleries: Institutions responsible for preserving digital reproductions of artworks, artifacts, and related documentation.
  • Cultural Preservation Organizations: Entities focused on preserving cultural heritage, including digital archives of cultural materials.

9. Non-Profit Organizations

  • Historical Societies: Organizations dedicated to preserving historical records and documents.
  • Advocacy Groups: Non-profits managing records and documentation related to their advocacy work.

10. Technology and IT Service Providers

  • Data Centers and Cloud Service Providers: Companies offering storage solutions and services that need to ensure the long-term preservation and security of digital records for their clients.
  • Software Developers: Firms developing record management and archival software that must comply with ISO standards to ensure their products meet industry requirements.

11. Media and Publishing

  • Newspapers and Magazines: Media organizations that need to preserve digital copies of publications and related materials.
  • Publishing Houses: Companies responsible for maintaining digital archives of published works.

Importance of ISO/TR 17068:2012 Certification

For these organizations, ISO/TR 17068:2012 certification ensures:

  • Compliance: Meeting legal and regulatory requirements for record preservation.
  • Trust: Establishing trust in the authenticity and integrity of preserved records.
  • Security: Implementing robust security measures to protect sensitive information.
  • Accessibility: Ensuring that digital records remain accessible and usable over time.

When is required
ISO/TR 17068:2012 Information and documentation Certificate

The requirement for ISO/TR 17068:2012 certification for a trusted third-party repository (TTPR) for digital records arises in several scenarios where organizations need to ensure the long-term preservation, authenticity, reliability, and accessibility of digital records. Here are some specific instances when ISO/TR 17068:2012 certification might be required:

1. Compliance with Legal and Regulatory Requirements

  • Government Agencies: When government agencies are mandated by law to preserve public records and documents in a trustworthy and accessible manner.
  • Healthcare Organizations: When healthcare providers need to comply with regulations related to the preservation and security of medical records and patient data.
  • Financial Institutions: When banks and insurance companies are required to maintain records for extended periods to comply with financial regulations and audits.

2. Data Integrity and Security Needs

  • Corporate Compliance: When corporations need to ensure the integrity and security of their financial records, corporate documents, and intellectual property.
  • Legal Requirements: When law firms and legal departments need to preserve legal documents, contracts, and case files to maintain their authenticity and integrity.

3. Long-term Digital Preservation

  • Archives and Libraries: When national and state archives, as well as university libraries, need to preserve historical documents, academic research, and cultural heritage materials for future generations.
  • Research Institutions: When research centers need to ensure the long-term accessibility and reliability of scientific and technical research data.

4. Operational Efficiency and Risk Management

  • Business Continuity: When organizations need to ensure that critical business records are preserved and accessible in the event of a disaster or system failure.
  • Risk Mitigation: When companies implement risk management strategies to protect against data loss, unauthorized access, and digital record degradation.

5. Client and Stakeholder Assurance

  • Trust and Credibility: When organizations seek to establish trust and credibility with clients, stakeholders, and the public by demonstrating their commitment to best practices in digital records management.
  • Certification Requirements: When clients or partners require ISO/TR 17068:2012 certification as a condition for doing business, especially in industries where data security and preservation are critical.

6. Digital Transformation Initiatives

  • Technology Adoption: When organizations are adopting new technologies and systems for digital records management and need to ensure that these systems comply with international standards.
  • Cloud and Data Services: When data centers and cloud service providers need to offer certified, trusted third-party repository services to their clients.

7. Internal Policy and Best Practices

  • Organizational Policies: When organizations implement internal policies to align with international standards for digital records preservation and management.
  • Continuous Improvement: When organizations seek to continuously improve their records management practices by adhering to ISO/TR 17068:2012 guidelines.

Timing for Certification

Initiating Projects: When starting new projects involving significant volumes of digital records, it is beneficial to plan for ISO/TR 17068:2012 certification from the beginning to ensure that all processes and systems are compliant from the outset.

Upgrading Systems: When upgrading or replacing digital records management systems, it is an opportune time to pursue certification to ensure that new systems meet the required standards.

Post-Audit Recommendations: Following internal or external audits that highlight deficiencies in digital records management, organizations may seek certification to address identified gaps and improve compliance.

Strategic Planning: During strategic planning cycles, organizations can include ISO/TR 17068:2012 certification as part of their long-term goals for enhancing records management and preservation practices.

Conclusion

ISO/TR 17068:2012 certification is required in scenarios where there is a need to ensure the trustworthiness, security, and accessibility of digital records over the long term. This certification helps organizations comply with legal and regulatory requirements, manage risks, assure clients and stakeholders, and adopt best practices for digital records management. The decision to pursue certification should be aligned with the organization’s strategic goals, compliance obligations, and operational needs.

Where is required
ISO/TR 17068:2012 Information and documentation Certificate

ISO/TR 17068:2012 certification for a trusted third-party repository (TTPR) for digital records is required in various regions and sectors where the need for long-term preservation, authenticity, reliability, and accessibility of digital records is critical. Here are some specific locations and contexts where this certification is particularly relevant:

1. National and State Archives

  • Country-Wide: In countries where national and state archives are responsible for preserving government records and historical documents, ISO/TR 17068:2012 certification is essential to ensure the authenticity and integrity of these records.

2. Healthcare Sector

  • Hospitals and Clinics: Across regions where healthcare providers are required to preserve patient records and medical data securely and comply with healthcare regulations.
  • Health Information Exchanges: In regions with health information exchanges that manage and share patient data across multiple institutions.

3. Financial Institutions

  • Banks and Insurance Companies: In financial hubs and regions where financial institutions must comply with strict regulations for record-keeping and data security.
  • Stock Exchanges: In areas where stock exchanges need to preserve trading records and financial transactions.

4. Educational and Research Institutions

  • Universities and Colleges: In academic institutions worldwide that manage student records, research data, and historical documents.
  • Research Centers: In regions with significant scientific and technical research activities that require the preservation of research data for future reference.

5. Government Agencies

  • Public Sector: In countries and regions where government agencies manage public records, legal documents, and administrative data.
  • Judicial Systems: In jurisdictions where court records and legal documents need to be preserved and remain accessible over time.

6. Cultural Heritage Organizations

  • Museums and Galleries: In cultural centers and regions where museums and galleries need to preserve digital reproductions of artworks, artifacts, and related documentation.
  • Historical Societies: In areas where historical societies preserve cultural heritage materials and historical records.

7. Corporate and Business Sector

  • Multinational Corporations: In global business centers where corporations manage extensive digital records, including financial documents, intellectual property, and corporate data.
  • Consulting Firms: In regions where consulting firms handle sensitive client data and need to ensure its long-term preservation.

8. Technology and IT Services

  • Data Centers: In areas with significant data center operations that offer storage solutions and services to various industries.
  • Cloud Service Providers: In regions with advanced cloud infrastructure where providers offer long-term storage and data management services.

9. Legal and Professional Services

  • Law Firms: In legal markets where law firms manage large volumes of legal documents, contracts, and case files.
  • Professional Services: In regions where professional service firms handle critical business records and client information.

10. Media and Publishing

  • Publishing Houses: In regions where publishing houses need to maintain digital archives of published works.
  • Media Organizations: In areas where newspapers, magazines, and other media organizations preserve digital copies of publications and related materials.

Conclusion

ISO/TR 17068:2012 certification is required in various regions and sectors where the preservation of digital records is crucial for compliance, operational efficiency, and trust. This includes national and state archives, healthcare institutions, financial organizations, educational and research institutions, government agencies, cultural heritage organizations, corporations, technology and IT services, legal and professional services, and media and publishing houses. The need for certification is driven by legal and regulatory requirements, data integrity and security needs, long-term digital preservation, risk management, and the assurance of clients and stakeholders.

How is required
ISO/TR 17068:2012 Information and documentation Certificate

Obtaining ISO/TR 17068:2012 certification for a trusted third-party repository (TTPR) for digital records involves several steps and requirements. These ensure that the repository can effectively manage, preserve, and provide access to digital records over the long term while maintaining their authenticity, reliability, and integrity. Here’s an overview of the process and key requirements:

Steps to Achieve ISO/TR 17068:2012 Certification

1. Initial Assessment and Planning

1.1. Conduct a Needs Assessment

  • Identify the specific needs and objectives of your organization regarding digital records management and preservation.
  • Evaluate the current state of your digital records management practices and identify gaps.

1.2. Develop a Roadmap

  • Create a detailed plan outlining the steps to achieve ISO/TR 17068:2012 certification, including timelines and resource allocation.

2. Policy and Procedure Development

2.1. Establish Governance Policies

  • Develop a comprehensive governance framework that includes policies, procedures, and responsibilities for digital records management.
  • Define roles and responsibilities within the organization for managing and preserving digital records.

2.2. Create a Digital Preservation Policy

  • Develop a policy addressing the long-term preservation of digital records, including strategies for maintaining their authenticity and integrity.

3. Technical Infrastructure Implementation

3.1. Design Reliable Storage Systems

  • Implement reliable and scalable storage systems to securely store digital records.
  • Ensure redundancy and backup mechanisms to protect against data loss.

3.2. Ensure Interoperability

  • Comply with relevant standards and protocols for interoperability.
  • Develop procedures for migrating digital records to new formats or systems as needed.

4. Security and Privacy Measures

4.1. Implement Access Controls

  • Establish strong user authentication mechanisms to control access to digital records.
  • Define authorization levels to restrict access based on user roles and responsibilities.

4.2. Protect Data

  • Use encryption to protect digital records during storage and transmission.
  • Maintain audit trails to track access and modifications to digital records.

5. Record Integrity and Authenticity

5.1. Perform Integrity Checks

  • Utilize checksums and hash functions to verify the integrity of digital records.
  • Conduct regular audits to ensure the integrity and authenticity of digital records.

5.2. Document Provenance

  • Maintain comprehensive metadata for digital records to document their provenance and context.
  • Establish and document a chain of custody for digital records.

6. Accessibility and Usability

6.1. Develop Efficient Retrieval Systems

  • Implement efficient retrieval systems to ensure timely access to digital records.
  • Provide user-friendly interfaces for accessing and managing digital records.

6.2. Ensure Long-Term Accessibility

  • Ensure the preservation of digital record formats to maintain long-term accessibility.
  • Conduct usability testing to ensure that digital records remain usable over time.

7. Training and Awareness

7.1. Staff Training

  • Train staff on the policies, procedures, and technologies related to digital records management and preservation.
  • Promote awareness of the importance of maintaining the authenticity, reliability, and integrity of digital records.

8. Certification Process

8.1. Engage with Certification Bodies

  • Identify and engage with recognized certification bodies that can validate your compliance with ISO/TR 17068:2012.

8.2. Conduct Internal Audits

  • Perform internal audits to ensure compliance with ISO/TR 17068:2012 requirements before the external certification audit.

8.3. Certification Audit

  • Undergo an external audit conducted by the certification body to verify compliance with ISO/TR 17068:2012.
  • Address any non-conformities identified during the audit and implement corrective actions as needed.

Continuous Improvement and Maintenance

  • Regular Monitoring and Review: Continuously monitor and review your digital records management practices to ensure ongoing compliance with ISO/TR 17068:2012.
  • Update Policies and Procedures: Regularly update policies and procedures to reflect changes in technology, regulations, and organizational needs.
  • Conduct Periodic Audits: Perform periodic audits to maintain certification and address any emerging issues or improvements.

By following these steps and meeting the requirements outlined in ISO/TR 17068:2012, organizations can ensure the effective management and preservation of digital records, thereby enhancing their credibility and reliability.

Case Study on
ISO/TR 17068:2012 Information and documentation Certificate

Case Study: Implementation of ISO/TR 17068:2012 in a National Archives Repository

Background

The National Archives Repository (NAR) in Country X was established to preserve and provide access to the nation’s historical and governmental records. As digital records became increasingly prevalent, NAR faced challenges in ensuring the long-term preservation, authenticity, reliability, and accessibility of these digital assets. To address these challenges, NAR decided to pursue ISO/TR 17068:2012 certification for its trusted third-party repository (TTPR).

Objectives

  1. Enhance Digital Preservation: Implement robust systems and processes to ensure the long-term preservation of digital records.
  2. Ensure Record Authenticity: Maintain the authenticity and reliability of digital records over time.
  3. Improve Accessibility: Ensure that digital records are easily accessible to authorized users while protecting sensitive information.
  4. Achieve Certification: Obtain ISO/TR 17068:2012 certification to demonstrate compliance with international standards and best practices.

Steps Taken

1. Initial Assessment and Planning
  • Needs Assessment: NAR conducted a thorough assessment to identify gaps in its current digital records management practices.
  • Roadmap Development: A detailed implementation plan was created, outlining the steps to achieve ISO/TR 17068:2012 certification.
2. Policy and Procedure Development
  • Governance Framework: NAR established a comprehensive governance framework, defining roles and responsibilities for digital records management.
  • Digital Preservation Policy: A policy was developed to address strategies for long-term preservation, including the use of metadata and regular integrity checks.
3. Technical Infrastructure Implementation
  • Reliable Storage Systems: NAR implemented a scalable storage solution with redundancy and backup mechanisms to ensure data protection.
  • Interoperability: Procedures were established to ensure compatibility with relevant standards and protocols for data migration and system upgrades.
4. Security and Privacy Measures
  • Access Controls: Strong authentication and authorization mechanisms were put in place to control access to digital records.
  • Data Protection: Encryption was used to protect digital records during storage and transmission, and audit trails were maintained to track access and modifications.
5. Record Integrity and Authenticity
  • Integrity Checks: Regular integrity checks were performed using checksums and hash functions to verify the authenticity of digital records.
  • Provenance Documentation: Comprehensive metadata was maintained to document the provenance and context of digital records.
6. Accessibility and Usability
  • Retrieval Systems: Efficient retrieval systems were implemented to ensure timely access to digital records.
  • Long-Term Accessibility: Measures were taken to preserve digital record formats and ensure usability over time.
7. Training and Awareness
  • Staff Training: Employees were trained on the new policies, procedures, and technologies related to digital records management.
  • Awareness Programs: Awareness programs were conducted to emphasize the importance of maintaining the authenticity and integrity of digital records.
8. Certification Process
  • Internal Audits: NAR performed internal audits to ensure compliance with ISO/TR 17068:2012 requirements before the external certification audit.
  • Certification Audit: An external audit was conducted by a recognized certification body, which verified NAR’s compliance with ISO/TR 17068:2012.

Results

  1. Successful Certification: NAR achieved ISO/TR 17068:2012 certification, demonstrating its commitment to best practices in digital records management.
  2. Enhanced Preservation: Robust systems and processes were implemented, ensuring the long-term preservation of digital records.
  3. Improved Security and Integrity: Strong security measures and integrity checks ensured the authenticity and reliability of digital records.
  4. Increased Accessibility: Efficient retrieval systems and long-term accessibility measures made digital records easily accessible to authorized users.
  5. Staff Competency: Training programs enhanced staff competency in managing and preserving digital records.

Conclusion

The implementation of ISO/TR 17068:2012 at the National Archives Repository of Country X significantly improved the management, preservation, and accessibility of digital records. The certification process not only enhanced operational efficiency but also established NAR as a credible and reliable institution for digital records preservation. This case study highlights the importance of following international standards to ensure the effective management of digital records in an increasingly digital world.

White Paper on
ISO/TR 17068:2012 Information and documentation Certificate

Executive Summary

ISO/TR 17068:2012 provides guidelines for the establishment, implementation, and management of a trusted third-party repository (TTPR) for digital records. This standard aims to ensure the long-term preservation, authenticity, reliability, and accessibility of digital records, which is increasingly important in today’s digital age. This white paper explores the significance of ISO/TR 17068:2012, outlines the requirements for certification, and presents the benefits and challenges associated with implementing this standard.

Introduction

With the exponential growth of digital information, organizations across various sectors face the challenge of preserving digital records in a manner that ensures their authenticity, reliability, and accessibility over time. ISO/TR 17068:2012 provides a framework for trusted third-party repositories to manage digital records effectively. This white paper aims to:

  • Explain the key components and requirements of ISO/TR 17068:2012.
  • Discuss the process and benefits of obtaining certification.
  • Highlight challenges and best practices for implementation.

Key Components of ISO/TR 17068:2012

ISO/TR 17068:2012 outlines several critical aspects of digital records management that trusted third-party repositories must address:

  1. Governance and Policy Framework
    • Establishing a governance structure that defines roles, responsibilities, and policies for digital records management.
    • Developing a digital preservation policy to guide long-term preservation efforts.
  2. Technical Infrastructure
    • Implementing reliable and scalable storage systems with redundancy and backup mechanisms.
    • Ensuring interoperability with relevant standards and protocols for data migration and system upgrades.
  3. Security and Privacy
    • Implementing strong access controls to protect digital records from unauthorized access.
    • Using encryption and maintaining audit trails to ensure data protection and traceability.
  4. Record Integrity and Authenticity
    • Performing regular integrity checks using checksums and hash functions.
    • Maintaining comprehensive metadata to document the provenance and context of digital records.
  5. Accessibility and Usability
    • Developing efficient retrieval systems to ensure timely access to digital records.
    • Ensuring the long-term accessibility and usability of digital records through format preservation and usability testing.
  6. Training and Awareness
    • Conducting staff training on policies, procedures, and technologies related to digital records management.
    • Promoting awareness of the importance of digital records authenticity and integrity.

Process of Obtaining ISO/TR 17068:2012 Certification

The certification process involves several key steps:

  1. Initial Assessment
    • Conducting a needs assessment to identify gaps in current digital records management practices.
    • Developing a roadmap for achieving certification.
  2. Policy and Procedure Development
    • Establishing governance policies and a digital preservation policy.
    • Implementing procedures for storage, security, integrity checks, and accessibility.
  3. Technical Implementation
    • Setting up reliable storage systems and ensuring interoperability.
    • Implementing access controls, encryption, and audit trails.
  4. Internal Audits
    • Performing internal audits to ensure compliance with ISO/TR 17068:2012 requirements.
  5. External Certification Audit
    • Engaging with a recognized certification body to conduct an external audit.
    • Addressing any non-conformities and implementing corrective actions.

Benefits of ISO/TR 17068:2012 Certification

  • Enhanced Preservation: Ensures long-term preservation of digital records.
  • Improved Security: Protects digital records from unauthorized access and data loss.
  • Increased Accessibility: Facilitates efficient and timely access to digital records.
  • Credibility and Trust: Establishes the organization as a credible and reliable repository.
  • Regulatory Compliance: Helps meet legal and regulatory requirements for digital records management.

Challenges and Best Practices

Challenges
  • Resource Intensive: Implementing the standard can be resource-intensive in terms of time, effort, and cost.
  • Technical Complexity: Ensuring interoperability and maintaining long-term accessibility can be technically challenging.
  • Change Management: Managing organizational change and training staff can be difficult.
Best Practices
  • Strategic Planning: Develop a detailed implementation plan with clear timelines and resource allocation.
  • Continuous Monitoring: Regularly monitor and review digital records management practices to ensure ongoing compliance.
  • Stakeholder Engagement: Engage stakeholders throughout the process to ensure buy-in and support.

Conclusion

ISO/TR 17068:2012 provides a robust framework for the management and preservation of digital records by trusted third-party repositories. Obtaining certification ensures that organizations can effectively manage digital records over the long term, maintaining their authenticity, reliability, and accessibility. Despite the challenges associated with implementation, the benefits of enhanced preservation, improved security, increased accessibility, and regulatory compliance make ISO/TR 17068:2012 certification a valuable investment for organizations managing significant volumes of digital records.

References

  • ISO/TR 17068:2012. “Information and documentation – Trusted third-party repository for digital records.”

By adhering to the guidelines and requirements of ISO/TR 17068:2012, organizations can establish themselves as trustworthy stewards of digital information, ensuring that critical digital records are preserved and accessible for future generations.

Translate »
× How can I help you?
Exit mobile version