Difference between revisions 657272299 and 657272560 on enwiki

== Scope ==
This International Standard specifies functional and technical requirements associated with storage sub-systems storing/managing organizational records, in a protected/secured fashion, during the lifecycle of the information.   This standard provides sufficient detail enabling organizations, including product suppliers, to identify/specify functionality of all aspects of the information storage environment considered to be non-alterable storage environments (or Trusted WORM), preventing modifica(contracted; show full)
* Write and modify actions of ESI should only take place through the ECM maintaining retention controls
* Every action, including read, write, and modify, should be auditable through a reporting interface

ISO 18759 addresses the requirements for storage subsystems as regards non-alterability, security and verification, and as are expressed in authoritative documents such as by ISO 15801, 
AIIM ARP 1 - 2009<ref>[http://www.aiim.org/Research-and-Publications/Standards/Articles/ARP1-2009 AIIM ARP 1 – 2009]</ref>, and ANSI/AIIM 25 Trusted Assessments <ref>http://www.aiim.org/documents/standards/ANSI_AIIM_25-2012.pdf</ref>.  The title of the standard, “Trusted WORM Functionality” is meant to reflect the objective of the standard, which is to provide additional, comprehensive detail on the characteristics of storage subsystems that meet the non-alterability requirement.  It is not meant to suggest that compliant storage subsystems by themselves constitute or are sufficient for a system to be designated a trusted system.

This standard is motivated by the evolution of storage technologies.  The de facto paradigm for trusted storage has been optical media, which is “write once” by virtue of the nature of the media and the method of writing to it.  However, new non-optical storage subsystems have evolved that accomplish “write once” objectives through a combination of hardware and software controls.  Understanding what specific functionality is required of these systems to meet trusted system requirements is the primary motivation for this standard.  Planning, design and implementation best practices (<ref>ISO 22957 ISO 22957 (2013)  Analysis, Selection, & Implementation of Electronic Content Management (ECM) Systems</ref>) associated with Trusted ECM Technologies further expands on the concept of trustworthiness and reliability of the content during the information lifecycle.
 
The ISO 15801 definition of a trusted system contains two elements. The first element is the requirement that any information retrieved from the system can at the time of the retrieval be proven to be accurate, reliable, complete and unspoiled as a record. The second element is that during the life cycle of the system itself, it can be proven that the system continues to maintain the integrity of all its records in accord with their retention policies and will continue to do so into the future provided that its normal operating conditions are maintained.  These two elements of the definition of a trusted system correspond to distinct but interconnected legal requirements, such as those developed by courts as regards the admissibility of ESI as evidence into legal proceedings, and those developed by regulators as regards the obligations of both public and private organizations to maintain reliable and accurate records systems for purposes of accountability and transparency.   

The Trusted Storage standard (ISO 18759) for trusted storage environments addresses both these criteria and will therefore provide guidance to organizations seeking to meet diverse legal requirements and mandates as regards the production and management of their electronic records.