I am working with a company that would like to get a certification on the trustworthyness of their ECM system (implementation and content) but we have doubts about which is the appropriate standard:
Is it possible to get certified on ISO 15801?… It seems that not because it is a TR; as 15489
Is it possible to be certified on ISO 18759? on ISO 18829:2017?
Can you tell me about certification bodies that are accredited to obtain this type of ISO certification?
Inforarea, Madrid- Spain
checking to see if either of you can help on this question from Elisa.
I sent this to Bob right after it was posted. he said he was working on a reply. I suspect it got buried under his many other priorities and demands on his time.
Yes, Elisa and i have been trying to find a good time to discuss this via a skype call. Once i get some more clarity on what Elisa is trying to accomplish, i will post a detailed message to the group on the discussion. If others have a similar question, we can setup a con call for all those who have interest in this topic.
As discussed over the phone, there is no agreed-upon industry certification for trustworthy content/records management solutions at this point. There are various other documents prepared by other bodies that use the term “certification” and “trusted repositories”, but neither of them meet the level of examination needed to properly perform a detailed assessment of not only how the technologies are begin used, but also how the technologies themselves have been designed and implemented/integrated.
The important item to note is that all organizations should have a compliant assessment performed by a qualified resource (ISO 18829) and that assessment should examine not only the policies and procedures but also the technologies that were implemented/deployed along with how the data was migrated from the existing storage locations into the secured environment.
Another standard that should be considered for any records environment is ISO 18759, Trusted Storage Sub-System (TSS) functional and technical requirements. This is the standard developed by several storage vendors documenting the core functionality of the repository allowing an organization to determine whether the information is properly maintained in accordance with the record schedule/policy(ies), whether user follow these procedures and policies, and ensuring information appropriate levels of history and audit functions are integrated/implemented. A key component within ISO 18759 is the “control head” within the environment ensuring/enforcing how the repository functions and protecting the data/records as the organization requires.
I hope this information helps.
Robert. First of all for your quick willingness to help me. Your response has been very helpful in helping to define the strategy in relation to assessing the trustworthiness of content/records management solutions.
Beyond the issue of records management, we have also the need to certify the reliability of the long-term preservation repository. In this sense I have seen that there is a certification body accredited for ISO 16363 called PTAB – Primary Trustworthy Authorisation Body. An interesting first experience towards certification is the Federal Digital System (FDsys) of GPO -iso-16363-2012-audit-and-certification .
I have the perception that, as in the profession, there is a gap between records management and archives/digital preservation. Several aspects of the standards seem to overlap. I would like to know the opinion of this group. I don’t know if there are connections between TC20 and TC171.
It has been a pleasure talking to you, an attentive greeting.
Inforarea, Madrid- Spain