iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty!
ISO

ISO/PRF TS 18759

(Amendment)

Document management — Trustworthy storage system (TSS) — Functional and technical requirements

Document management — Trustworthy storage system (TSS) — Functional and technical requirements

Gestion des documents — Système de stockage fiable (TSS) — Exigences fonctionnelles et techniques

General Information

Status
Not Published
ICS
35.240.30 - IT applications in information, documentation and publishing
37.080 - Document imaging applications
Technical Committee
ISO/TC 171/SC 2 - Document file formats, EDMS systems and authenticity of information
Drafting Committee
ISO/TC 171/SC 2 - Document file formats, EDMS systems and authenticity of information
Current Stage
5020 - FDIS ballot initiated: 2 months. Proof sent to secretariat
Start Date
11-May-2022
Completion Date
11-May-2022
Ref Project

Buy Standard

REDLINE ISO/PRF TS 18759 - Document management — Trustworthy storage system (TSS) — Functional and technical requirements Released:5/11/2022REDLINE ISO/PRF TS 18759 - Document management — Trustworthy storage system (TSS) — Functional and technical requirements Released:5/11/2022
PreviousNext
Draft
REDLINE ISO/PRF TS 18759 - Document management — Trustworthy storage system (TSS) — Functional and technical requirements Released:5/11/2022
English language
32 pages
sale 15% off
Preview
sale 15% off
Preview
ISO/PRF TS 18759 - Document management — Trustworthy storage system (TSS) — Functional and technical requirements Released:5/11/2022ISO/PRF TS 18759 - Document management — Trustworthy storage system (TSS) — Functional and technical requirements Released:5/11/2022
PreviousNext
Draft
ISO/PRF TS 18759 - Document management — Trustworthy storage system (TSS) — Functional and technical requirements Released:5/11/2022
English language
32 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
ISO TC 171/SC 2
Style Definition
...
Date: 2022-03-2505-10
Style Definition
...
ISO/TS 18759:2022
Style Definition
...
ISO TC 171/SC 2/WG 11
Style Definition
...
Style Definition
Secretariat: ANSI ...
Style Definition
...

Document management — Trustworthy storage system (TSS) functional— Functional and

technical requirements
Style Definition
...
Style Definition

Gestion des documents — Système de stockage fiable (TSS) — Exigences fonctionnelles et techniques du

...
système de stockage fiable (TSS)
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
Style Definition
...
© ISO 2022
Style Definition
...
Style Definition

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no ...

part of this publication may be reproduced or utilized otherwise in any form or by any means,

Style Definition
...

electronic or mechanical, including photocopying, or posting on the internet or an intranet, without

Style Definition
...

prior written permission. Permission can be requested from either ISO at the address below or

Formatted
ISO's member body in the country of the requester. ...
Formatted
...
ISO Copyright Office
Formatted
...
CP 401 • CH-1214 Vernier, Geneva Formatted
...
Formatted
...
Phone: + 41 22 749 01 11
Formatted
...
Fax: + 41 22 749 09 47 Formatted
...
Formatted
...
Email: copyright@iso.org
Formatted
...
Email: copyright@iso.org Formatted
...
Formatted
...
Website: www.iso.orgwww.iso.org
Formatted
...
Published in Switzerland.
Formatted
...
Formatted
...
Formatted
...
Formatted
...
Formatted
...
Formatted
...
Formatted
...
Formatted
...
---------------------- Page: 1 ----------------------
ISO/DIS 18759:2018(E)
Contents Page

Foreword .................................................................................................................................................................................................................................... iv

Introduction ................................................................................................................................................................................................................................. v

1 Scope ............................................................................................................................................................................................................................ 6

2 Normative references ............................................................................................................................................................................................ 6

3 Terms and definitions ........................................................................................................................................................................................... 6

3.1 .................................................................................................................................................................................................................................. 6

trusted system .......................................................................................................................................................................................................... 6

3.2 Terms related to electronically stored information (ESI) ...................................................................................................... 7

electronically stored information (ESI)........................................................................................................................................................... 7

3.2.1 ............................................................................................................................................................................................................ 7

changeable electronically stored information ............................................................................................................................ 7

3.2.2 ............................................................................................................................................................................................................ 7

immutable electronically stored information ............................................................................................................................. 7

3.2.3 ............................................................................................................................................................................................................ 7

immutable-ESI preservation period immutable-ESI retention period ............................................................................. 7

3.2.4 ............................................................................................................................................................................................................ 7

retained-ESI ............................................................................................................................................................................................. 7

3.2.5 ............................................................................................................................................................................................................ 7

expired-ESI .............................................................................................................................................................................................. 7

3.2.6 ............................................................................................................................................................................................................ 7

retention expiration date and time preservation expiration date and time .................................................................... 7

3.2.7 ............................................................................................................................................................................................................ 8

retention preservation target expiration date and time ......................................................................................................... 8

3.3 .................................................................................................................................................................................................................................. 8

deletion-hold ............................................................................................................................................................................................................. 8

3.4 .................................................................................................................................................................................................................................. 8

access-hold ................................................................................................................................................................................................................ 8

3.5 .................................................................................................................................................................................................................................. 8

modification-hold ................................................................................................................................................................................................... 8

3.6 .................................................................................................................................................................................................................................. 8

application ................................................................................................................................................................................................................. 8

3.7 .................................................................................................................................................................................................................................. 8

legal hold litigation hold ....................................................................................................................................................................................... 8

3.8 .................................................................................................................................................................................................................................. 8

ransomware .............................................................................................................................................................................................................. 8

4 TSS concepts and functional requirements ................................................................................................................................................... 9

4.1 Overview .................................................................................................................................................................................................. 9

4.2 TSS concepts ......................................................................................................................................................................................... 10

4.2.1 General .................................................................................................................................................................................... 10

4.2.2 Immutable-ESI ...................................................................................................................................................................... 10

4.2.3 Changeable-ESI ..................................................................................................................................................................... 10

4.3 ESI preservation .................................................................................................................................................................................. 11

4.4 Immutable-ESI preservation period............................................................................................................................................. 11

4.4.1 Overview ................................................................................................................................................................................. 11

4.5 ESI deletion............................................................................................................................................................................................ 12

4.6 TSS functional requirements .......................................................................................................................................................... 13

5 TSS ESI lifecycle management technical requirements........................................................................................................................... 15

5.1 General .................................................................................................................................................................................................... 15

5.2 TSS ESI security, protection and hold restrictions requirements ..................................................................................... 16

5.2.1 General .................................................................................................................................................................................... 16

5.2.2 TSS ESI security requirements ....................................................................................................................................... 16

5.2.3 TSS ESI hold restriction requirements ........................................................................................................................ 17

5.2.4 TSS ESI protection requirements (Optional) ............................................................................................................. 19

5.2.5 TSS ESI deletion requirements ....................................................................................................................................... 20

5.3 Changeable-ESI (writeable-ESI) requirements ........................................................................................................................ 20

5.4 TSS immutable-ESI requirements ................................................................................................................................................. 21

5.5 TSS retained-ESI requirements ...................................................................................................................................................... 22

5.6 TSS expired-ESI requirements ....................................................................................................................................................... 23

ii © ISO 2018 – All rights reserved
---------------------- Page: 2 ----------------------

5.7 Immutable-ESI retention period ................................................................................................................................................... 23

5.7.1 General .................................................................................................................................................................................... 23

5.7.2 Immutable-ESI retention period requirements ....................................................................................................... 23

5.7.3 Immutable-ESI permanent-retention period ............................................................................................................ 24

5.7.4 Immutable-ESI fixed-retention period ........................................................................................................................ 24

5.7.5 Immutable-ESI hybrid-retention period ..................................................................................................................... 25

5.7.6 Immutable-ESI indefinite-retention period ............................................................................................................... 26

6 TSS integration and management interfaces .............................................................................................................................................. 27

7 TSS integrity, auditing, security requirements .......................................................................................................................................... 27

7.1 Storage security ................................................................................................................................................................................... 27

7.2 ESI encryption ...................................................................................................................................................................................... 28

7.3 Secure delete and erasure ............................................................................................................................................................... 28

7.4 Immutable-ESI integrity checks .................................................................................................................................................... 28

7.5 Redundancy and replication ........................................................................................................................................................... 28

7.6 Storage migration and upgrades ................................................................................................................................................... 29

7.7 Auditability............................................................................................................................................................................................ 29

7.7.1 General .................................................................................................................................................................................... 29

7.7.2 TSS audit capabilities ......................................................................................................................................................... 29

7.7.3 TSS audit trail ....................................................................................................................................................................... 29

8 TSS technical methods for trusted storage .................................................................................................................................................. 30

8.1 General .................................................................................................................................................................................................... 30

8.2 Security ................................................................................................................................................................................................... 30

8.3 Validate and detect corruption ...................................................................................................................................................... 30

8.4 Ransomware protection ................................................................................................................................................................... 31

8.5 Error correction .................................................................................................................................................................................. 31

8.6 Monitoring, notifications and alerts ............................................................................................................................................. 31

8.7 Encryption ............................................................................................................................................................................................. 31

8.8 Permissions ........................................................................................................................................................................................... 32

8.9 Integrity of storage devices and media ....................................................................................................................................... 32

9 TSS compliance requirements and mitigating technical methods ...................................................................................................... 32

9.1 Migration of information between media .................................................................................................................................. 32

9.2 Technical obsolescence .................................................................................................................................................................... 33

9.3 Discovery requests ............................................................................................................................................................................. 33

9.4 Addressing ad-hoc deletion requests .......................................................................................................................................... 33

9.5 ESI degradation ................................................................................................................................................................................... 34

9.6 Malicious actions by employees or outside parties ................................................................................................................ 34

9.7 ESI store errors .................................................................................................................................................................................... 35

9.8 TSS hardware controls ...................................................................................................................................................................... 35

9.9 Accidental or premature deletion of ESI .................................................................................................................................... 35

Bibliography ............................................................................................................................................................................................................................. 36

DRAFT
© ISO 2021 – All rights reserved iii
SUBMISSION
---------------------- Page: 3 ----------------------
ISO/DIS 18759:2018(E)
iv © ISO 2018 – All rights reserved
---------------------- Page: 4 ----------------------
Contents

Foreword ................................................................................................................................................................................................................... v

Introduction ............................................................................................................................................................................................................. vi

1 Scope ...................................................................................................................................................................................................... 10

2 Normative references ....................................................................................................................................................................... 10

3 Terms and definitions ...................................................................................................................................................................... 10

4 TSS concepts and functional requirements .............................................................................................................................. 13

4.1 Overview ............................................................................................................................................................................. 13

4.2 TSS concepts ...................................................................................................................................................................... 14

4.2.1 General.................................................................................................................................................................. 14

4.2.2 Immutable ESI .................................................................................................................................................... 15

4.2.3 Changeable ESI .................................................................................................................................................. 15

4.3 ESI preservation ............................................................................................................................................................... 15

4.4 Immutable ESI preservation period .......................................................................................................................... 16

4.4.1 Overview .............................................................................................................................................................. 16

4.5 ESI deletion ........................................................................................................................................................................ 17

4.6 TSS functional requirements ....................................................................................................................................... 18

5 TSS ESI lifecycle management technical requirements ....................................................................................................... 20

5.1 General ................................................................................................................................................................................. 20

5.2 TSS ESI security, protection and hold restrictions requirements .................................................................. 22

5.2.1 General.................................................................................................................................................................. 22

5.2.2 TSS ESI security requirements ..................................................................................................................... 22

5.2.3 TSS ESI hold restriction requirements ...................................................................................................... 23

5.2.4 TSS ESI protection requirements ................................................................................................................ 27

5.2.5 TSS ESI deletion requirements .................................................................................................................... 28

5.3 Changeable ESI requirements ..................................................................................................................................... 28

5.4 TSS immutable ESI requirements .............................................................................................................................. 29

5.5 TSS retained ESI requirements ................................................................................................................................... 30

5.6 TSS expired-ESI requirements .................................................................................................................................... 31

5.7 Immutable ESI retention period ................................................................................................................................. 31

5.7.1 General.................................................................................................................................................................. 31

5.7.2 Immutable ESI retention period requirements ..................................................................................... 32

5.7.3 Immutable ESI permanent retention period .......................................................................................... 32

5.7.4 Immutable ESI fixed retention period ....................................................................................................... 32

5.7.5 Immutable ESI hybrid retention period ................................................................................................... 33

5.7.6 Immutable ESI indefinite retention period ............................................................................................. 34

6 TSS integration and management interfaces ........................................................................................................................... 35

7 TSS integrity, auditing, security requirements ....................................................................................................................... 36

7.1 Storage security ................................................................................................................................................................ 36

7.2 ESI encryption ................................................................................................................................................................... 36

7.3 Secure delete and erasure ............................................................................................................................................ 36

7.4 Immutable ESI integrity checks .................................................................................................................................. 36

7.5 Redundancy and replication ........................................................................................................................................ 37

7.6 Storage migration and upgrades ................................................................................................................................ 37

7.7 Auditability......................................................................................................................................................................... 37

7.7.1 General.................................................................................................................................................................. 37

7.7.2 TSS audit capabilities ...................................................................................................................................... 37

7.7.3 TSS audit trail ..................................................................................................................................................... 38

8 TSS technical methods for trusted storage ...................................................................................

...

TECHNICAL ISO/TS
SPECIFICATION 18759
First edition
Document management —
Trustworthy storage system
(TSS) — Functional and technical
requirements
Gestion des documents — Système de stockage fiable (TSS) —
Exigences fonctionnelles et techniques
PROOF/ÉPREUVE
Reference number
ISO/TS 18759:2022(E)
© ISO 2022
---------------------- Page: 1 ----------------------
ISO/TS 18759:2022(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2022

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on

the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below

or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
PROOF/ÉPREUVE © ISO 2022 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/TS 18759:2022(E)
Contents Page

Foreword ..........................................................................................................................................................................................................................................v

Introduction .............................................................................................................................................................................................................................. vi

1 S c op e ................................................................................................................................................................................................................................. 1

2 Nor m at i ve r ef er enc e s ..................................................................................................................................................................................... 1

3 Terms and definitions .................................................................................................................................................................................... 1

4 T SS concepts and functional requirements ............................................................................................................................ 4

4 .1 O ver v iew ...................................................................................................................................................................................................... 4

4 . 2 T S S c onc ep t s ............................................................................................................................................................................................. 5

4.2.1 General ........................................................................................................................................................................................ 5

4.2.2 I mmutable ESI ................................... .................................................................................................................................... 5

4.2.3 C hangeable ESI ..................................................................................................................................................................... 5

4.3 E SI preservation .................................................................................................................................................................................... 6

4.4 I mmutable ESI preservation period .................................................................................................................................... 6

4 .4 .1 O ver v iew ................................................................................................................................................................................... 6

4 . 5 E S I dele t ion ................................................................................................................................................................................................ 7

4.6 T SS functional requirements ..................................................................................................................................................... 8

5 TSS ESI lifecycle management technical requirements ..........................................................................................10

5.1 G eneral ........................................................................................................................................................................................................ 10

5.2 T SS ESI security, protection and hold restrictions requirements ......................................................... 11

5.2.1 G eneral ..................................................................................................................................................................................... 11

5.2.2 TSS ESI security requirements ........................................................................................................................... 11

5.2.3 TSS ESI hold restriction requirements ........................................................................................................12

5.2.4 TSS ESI protection requirements .................................................................................................................... 15

5.2.5 TSS ESI deletion requirements ........................................................................................................................... 16

5.3 C hangeable ESI requirements ................................................................................................................................................ 16

5.4 T SS immutable ESI requirements ....................................................................................................................................... 17

5.5 T SS retained ESI requirements ........................................................................................................................................... .. 18

5.6 T SS expired-ESI requirements .............................................................................................................................................. 19

5.7 I mmutable ESI retention period .......................................................................................................................................... 19

5.7.1 General ..................................................................................................................................................................................... 19

5.7.2 Immutable ESI retention period requirements.................................................................................... 19

5.7.3 I mmutable ESI permanent retention period .......................................................................................... 20

5.7.4 Immutable ESI fixed retention period .......................................................................................................... 20

5.7.5 I mmutable ESI hybrid retention period ...................................................................................................... 21

5.7.6 I mmutable ESI indefinite retention period ..............................................................................................22

6 TSS integration and management interfaces .....................................................................................................................22

7 TSS integrity, auditing, security requirements ...............................................................................................................23

7.1 S torage security .................................................................................................................................................................................. 23

7.2 E SI encryption ...................................................................................................................................................................................... 23

7.3 S ecure delete and erasure .........................................................................................................................................................23

7.4 I mmutable ESI integrity checks ........................................................................................................................................... 24

7.5 R edundancy and replication ................................................................................................................................................... 24

7.6 S torage migration and upgrades ......................................................................................................................................... 24

7.7 A uditability ............................................................................................................................................................................................. 24

7.7.1 General ..................................................................................................................................................................................... 24

7.7.2 TSS audit capabilities ..................................................................................................................................................25

7.7.3 T SS audit trail ..................................................................................................................................................................... 25

8 T SS technical methods for trusted storage ..........................................................................................................................25

8.1 General ........................................................................................................................................................................................................ 25

8.2 S ecurity ...................................................................................................................................................................................................... 25

8.3 V alidate and detect corruption ............................................................................................................................................. 26

iii
© ISO 2022 – All rights reserved PROOF/ÉPREUVE
---------------------- Page: 3 ----------------------
ISO/TS 18759:2022(E)

8.4 Ransomware protection .............................................................................................................................................................26

8 . 5 E r r or c or r e c t ion ................................................................................................................................................................................. 26

8.6 M onitoring, notifications and alerts ................................................................................................................................ 26

8.7 Encryption ............................................................................................................................................................................................... 27

8 . 8 Per m i s s ion s ............................................................................................................................................................................................ 28

8.9 I ntegrity of storage devices and media .........................................................................................................................28

9 T SS requirements and mitigating technical methods ..............................................................................................28

9.1 M igration of information between media ...................................................................................................................28

9.2 T echnical obsolescence ................................................................................................................................................................28

9.3 D iscovery requests ..........................................................................................................................................................................29

9.4 A ddressing ad hoc deletion requests ...............................................................................................................................29

9.5 E SI degradation ................................................................................................................................................................................... 30

9.6 M alicious actions by employees or outside parties ............................................................................................30

9.7 E SI store errors ...................................................................................................................................................................................30

9.8 T SS hardware controls ................................................................................................................................................................. 30

9.9 A ccidental or premature deletion of ESI ....................................................................................................................... 31

Bibliography .............................................................................................................................................................................................................................32

PROOF/ÉPREUVE © ISO 2022 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/TS 18759:2022(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www.iso.org/patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to

the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see

www.iso.org/iso/foreword.html.

This document was prepared by Technical Committee ISO/TC 171, Document management applications,

Subcommittee SC 2, Document file formats, EDMS systems and authenticity of information.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www.iso.org/members.html.
© ISO 2022 – All rights reserved PROOF/ÉPREUVE
---------------------- Page: 5 ----------------------
ISO/TS 18759:2022(E)
Introduction

The trustworthy storage system (TSS) provides a secure storage framework to preserve and

protect all types of electronically stored information (ESI) independent of the application and is not

intended to be limited to the use cases of content and records management applications. It provides

a unified tamper-resistant storage repository for the preservation and protection of ESI for various

environments. In a digital world where information is created, authored and captured electronically,

the TSS provides the vital security, protection and preservation of ESI against an ever-growing list of

evolving vulnerabilities including accidental and malicious acts, malware and ransomware as well as

operational and application errors.

Organizations designing and implementing information and content management systems

need guidance on how to select and implement a trustworthy storage system to safeguard the

trustworthiness, reliability, authenticity, integrity and immutability of ESI throughout its entire

lifecycle. A trusted system needs a TSS in order to maintain ESI trustworthiness ensuring chain of

custody, compliance with organizational mandates, legal and regulatory requirements and admissibility

standards, including enforcement of retention requirements and deletion-holds. The TSS also benefits

organizations that do not have a formal records programme or application, but need to protect, manage

and secure information important to their organization.

Readers are advised to use this document taking into account their local jurisdictions and applicable

liabilities, paying special attention to legal, regulatory and other organizational requirements,

obligations and expectations.
PROOF/ÉPREUVE © ISO 2022 – All rights reserved
---------------------- Page: 6 ----------------------
TECHNICAL SPECIFICATION ISO/TS 18759:2022(E)
Document management — Trustworthy storage system
(TSS) — Functional and technical requirements
1 S cope

This document specifies the functional, technology-neutral requirements for trustworthy storage

systems (TSS) that ensure storing and managing electronically stored information (ESI) in a protected

and secure fashion during the lifecycle of the information. The TSS as specified in this document is

storage technology neutral and accordingly does not specify any specific storage media types or

configurations.

This document is applicable to all information systems in which users and applications must manage

the protection, preservation and security of stored ESI throughout its entire lifecycle to meet

organizational and regulatory requirements to enforce:
— immutability, authenticity and trustworthiness of the stored ESI;

— protection of application managed ESI and other stored ESI against tampering, malicious acts and

ransomware;
— organizational ESI preservation and retention policies;
— protection for unstructured and unmanaged data.
2 Normat ive references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO 12651-1, Electronic document management — Vocabulary — Part 1: Electronic document imaging

ISO 13008, Information and documentation — Digital records conversion and migration process

ISO 14641, Electronic document management — Design and operation of an information system for the

preservation of electronic documents — Specifications

ISO 15489-1, Information and documentation — Records management — Part 1: Concepts and principles

ISO/TR 15801, Document management — Electronically stored information — Recommendations for

trustworthiness and reliability

ISO 18829, Document management — Assessing ECM/EDRM implementations — Trustworthiness

ISO/TR 22957, Document management — Analysis, selection and implementation of enterprise content

management (ECM) systems
3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO 12651-1, ISO 14641,

ISO 15489-1 and the following apply.

ISO and IEC maintain terminology databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https:// www .iso .org/ obp
© ISO 2022 – All rights reserved PROOF/ÉPREUVE
---------------------- Page: 7 ----------------------
ISO/TS 18759:2022(E)
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
trusted system

information technology system with the capability of managing electronically stored information (ESI)

(3.2) in a trustworthy manner

Note 1 to entry: A trusted system demonstrates authenticity, integrity and availability of ESI over time.

3.2
electronically stored information
ESI
information created, used, edited, modified and stored in digital form

Note 1 to entry: Electronically stored information (ESI) includes documents and records (unstructured and

structured data) created or managed by the organization in the course of business and requiring a computer or

other device for access.
3.2.1
changeable electronically stored information
changeable ESI
writeable ESI

electronically stored information (ESI) (3.2) stored on a trustworthy storage system (TSS) without

any write-once immutable protection, allowing all changes to electronically stored information (ESI)

(contents, size, properties, attributes and checksums)
3.2.2
immutable electronically stored information
immutable ESI

electronically stored information (ESI) on a trustworthy storage system (TSS) with write-once

immutable protection that permanently prevents changes to ESI (contents, size, properties, attributes

and checksums)
3.2.3
immutable ESI preservation period
immutable ESI retention period

period that defines the length of time for which an immutable ESI (electronically stored information)

(3.2.2) in a trustworthy storage system (TSS) is to be preserved, prohibiting its deletion

3.2.4
retained ESI

preservation state of an immutable ESI (electronically stored information) (3.2.2) in a trustworthy

storage system (TSS) that has been assigned a preservation target expiration date and time, which has

not lapsed and is therefore ineligible for deletion
3.2.5
expired ESI

preservation state of an immutable ESI (electronically stored information) (3.2.2) in a trustworthy

storage system (TSS) that has been assigned a preservation target expiration date and time, which has

lapsed and expired and is therefore eligible for deletion
3.2.6
preservation expiration date and time
retention expiration date and time

preservation date and time that the immutable ESI (electronically stored information) (3.2.2) be retained

and preserved at a minimum prohibiting deletion

Note 1 to entry: The immutable ESI (electronically stored information) minimum retention expiration date and

time may be increased but can never be reduced.
PROOF/ÉPREUVE © ISO 2022 – All rights reserved
---------------------- Page: 8 ----------------------
ISO/TS 18759:2022(E)
3.2.7
preservation target expiration date and time

immutable ESI (electronically stored information) (3.2.2) in a trustworthy storage system (TSS) assigned

preservation target expiration date and time that is used by the TSS to determine eligibility for deletion

Note 1 to entry: The immutable ESI (3.2.2) is eligible for deletion any time after the assigned preservation target

expiration date and time has lapsed, provided that the immutable ESI (3.2.2) does not have a deletion hold (3.3).

The assigned preservation target expiration date and time can never be reduced.

Note 2 to entry: Alternatively, reference preservation target expiration date and time or retention period target

expiration date and time.
3.3
deletion-hold

trustworthy storage system (TSS) preventing the destruction of any specific electronically stored

information (ESI) within a TSS
3.4
access-hold

trustworthy storage system (TSS) preventing the access of any specific electronically stored

information (ESI) within a TSS
3.5
modification-hold

trustworthy storage system (TSS) preventing the modification of any specific changeable electronically

stored information within a TSS
3.6
application

system for collecting, saving, processing, and presenting data by means of a computer

[SOURCE: ISO/IEC/IEEE 24765:2017, 3.167, definition 1]
3.7
legal hold
litigation hold

operation that tags or otherwise cues special access management and destruction suspension for record

[electronically stored information (ESI)] entries deemed relevant, consistent with organization policy

under the legal doctrine of “duty to preserve”, also notifying records ESI owners and other designated

parties of the special data controls on access, retention, and destruction processes

Note 1 to entry: The Add Legal Hold Record ESI Lifecycle Event occurs when an agent causes the system to tag

or otherwise indicate special access management and suspension of ESI entry deletion or destruction, if deemed

relevant to a lawsuit or which are reasonably anticipated to be relevant to fulfil organizational policy under the

legal doctrine of “duty to preserve”.

[SOURCE: ISO/TS 21089:2018(en), 3.82, modified — added electronically stored information (ESI) to

the definition.]
3.8
ransomware

malicious software that infects computer systems, restricts access to the victim’s data and requires a

ransom
[SOURCE: ITU-T X.1215 (01/2019), 7.1]
© ISO 2022 – All rights reserved PROOF/ÉPREUVE
---------------------- Page: 9 ----------------------
ISO/TS 18759:2022(E)
4 T SS concepts and functional requirements
4.1 Overview

The trustworthy storage system (TSS) in conformity with the technical and functional requirements of

this document provides a storage environment capable of ensuring and maintaining the trustworthiness

and reliability of electronically stored information (ESI) throughout its lifecycle independent of the

application or the underlying storage technology. The primary purpose of a TSS is to protect and

preserve ESI in a manner that reliably ensures security, immutability, integrity and authenticity. The

TSS maintains and safeguards ESI against tampering and corruption in conformity with relevant

laws, regulations and business requirements as well as with international standards associated with

trustworthy storage environments (ISO/TR 15801, ISO/TR 22957, ISO 18829, ISO 14641, ISO 15489-1

and other related standards).

A TSS is the key component of any trusted environment that manages and maintains the trustworthiness

of ESI from creation to deletion. The TSS is designed to enforce provable immutability, integrity,

authenticity, retention, security, privacy, tamper-evident protection, enforcing destruction and access

holds. The TSS allows the deletion of TSS-stored ESI based on determining deletion eligibility.

Using a non-TSS platform leaves the ESI at risk since the integrity and viability of the entire lifecycle

of the ESI cannot be independently secured and protected with provable immutability. There are

fundamental limitations to the extent any individual component of a trusted environment can address

the requirements without employing the immutability protection and the deletion restrictions of a TSS.

Application-defined security controls are limited to the context of operations performed within the

internal components of the application. Modifications to application-managed ESI executed outside the

context of the application-defined security can jeopardize the trustworthiness of the entire solution.

In a non-TSS platform, any privileged user or privileged process may directly modify, encrypt or delete

application-managed ESI bypassing all the security provisions of the application-defined security.

Applications cannot prevent, prohibit, inhibit or detect any changes to application-managed ESI on non-

TSS storage.

For example, malicious users or malware can manipulate, corrupt or destroy the application-managed

ESI without the application’s knowledge by simply bypassing the application and modifying the

application-managed ESI on a non-TSS platform.

To compensate for the application-managed ESI security and protection, the operating system standard

access controls and permissions shall be used. Though deemed a necessity in the context of any trusted

environment, operating system enforced access controls and permissions are limited to enforcing

privileges without taking into consideration the status of the ESI and associated requirements of

a TSS. Without a TSS to protect and safeguard the trustworthiness of ESI, an authenticated process,

a privileged user, rogue administrator or anything executing in their context, whether ransomware,

malicious code, or any accidental act, can destroy, encrypt and modify any application-managed ESI.

In the age of ransomware, malicious and accidental acts, a TSS should be included when implementing

any trusted environment to ensure the trustworthiness of ESI and protection of its authenticity and

immutability against internal and external vulnerabilities and exploits that can compromise ESI in a

non-TSS or application-managed environment.

In many instances, an application can contain many different types of applications within it, or share

ESI with other applications and organizational entities, resulting in a c
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO 3421:2022(Amendment)
Petroleum and natural gas industries — Drilling and production equipment — Offshore conductor design, setting depth and installation

This document specifies the requirements and recommendations for the design, setting depth and installation of conductors for the offshore petroleum and natural gas industries. This document specifically addresses: — design of the conductor, i.e. determination of the diameter, wall thickness, and steel grade; — determination of the setting depth for three installation methods, namely, driving, drilling and cementing, and jetting; — requirements for the three installation methods, including applicability, procedures, and documentation and quality control. This document is applicable to: — platform conductors: installed through a guide hole in the platform drill floor and then through guides attached to the jacket at intervals through the water column to support the conductor, withstand actions, and prevent excessive displacements; — jack-up supported conductors: a temporary conductor used only during drilling operations, which is installed by a jack-up drilling rig. In some cases, the conductor is tensioned by tensioners attached to the drilling rig; — free-standing conductors: a self-supporting conductor in cantilever mode installed in shallow water, typically water depths of about 10 m to 20 m. It provides sole support for the well and sometimes supports a small access deck and boat landing; — subsea wellhead conductors: a fully submerged conductor extending only a few metres above the sea floor to which a BOP and drilling riser are attached. The drilling riser is connected to a floating drilling rig. The BOP, riser and rig are subject to wave and current actions while the riser can also be subject to VIV. This document is not applicable to the design of drilling risers.

  • Standard
    36 pages
    English language
    sale 15% off
  • Standard
    42 pages
    French language
    sale 15% off
ISO
ISO/TR 4340:2022(Amendment)
Water aggressiveness evaluation and optimized lining choice

This document provides details about the aggressiveness factors, evaluation indicators of raw water, or inlet water of ductile iron pipe system and relevant lining information applicable to ductile iron pipes, fittings and accessories used in water mains and distribution system. This document is intended to serve as a tool for estimating the properties of certain water and their effect on internal linings of ductile iron pipes, fittings and accessories used in water mains and distribution system which are specified in ISO 2531, ISO 16631 and can be used to decide the most appropriate protective measures to ensure long term durability of pipeline. It is not always possible to definitively determine the aggressive parameters of certain water, and fully considered by limited test and evaluation. Therefore, the history information of the evaluated water, experiences of local water works can be taken for reference. The aggressiveness evaluation of water can be carried out before determining the internal lining materials of certain pipeline, and the evaluation and relevant tests can be done by qualified laboratories and engineers. Water that leads to high-level scaling in the pipeline is believed aggressive. Drainage and waste water are not in the scope of this document, the internal protection of drainage and waste water can be recommended by pipe suppliers.

  • Technical report
    19 pages
    English language
    sale 15% off
ISO
ISO 4042:2022(Amendment)
Fasteners — Electroplated coating systems

This document specifies requirements for steel fasteners with electroplated coatings and coating systems. The requirements related to dimensional properties also apply to fasteners made of copper or copper alloys. It also specifies requirements and gives recommendations to minimize the risk of hydrogen embrittlement, see 4.4 and Annex B. It mainly applies to fasteners with zinc and zinc alloy coating systems (zinc, zinc-nickel, zinc-iron) and cadmium, primarily intended for corrosion protection and other functional properties: — with or without conversion coating, — with or without sealant, — with or without top coat, — with or without lubricant (integral lubricant and/or subsequently added lubricant). Specifications for other electroplated coatings and coating systems (tin, tin-zinc, copper-tin, copper-silver, copper, silver, copper-zinc, nickel, nickel-chromium, copper-nickel, copper-nickel-chromium) are included in this document only for dimensional requirements related to fasteners with ISO metric threads. The requirements of this document for electroplated fasteners take precedence over other documents dealing with electroplating. This document applies to steel bolts, screws, studs and nuts with ISO metric thread, to other threaded fasteners and to non-threaded fasteners such as washers, pins, clips and rivets. NOTE Electroplating is also applied to stainless steel fasteners, e.g. for the purpose of lubrication in order to avoid galling. Information for design and assembly of coated fasteners is given in Annex A. This document does not specify requirements for properties such as weldability or paintability.

  • Standard
    57 pages
    English language
    sale 15% off
  • Standard
    58 pages
    French language
    sale 15% off
  • Draft
    57 pages
    English language
    sale 15% off
  • Draft
    57 pages
    French language
    sale 15% off
ISO
ISO 13479:2022(Amendment)
Polyolefin pipes for the conveyance of fluids — Determination of resistance to crack propagation — Test method for slow crack growth on notched pipes

This document specifies a test method for determining the resistance to slow crack growth of polyolefin pipes, expressed in terms of time to failure in a hydrostatic pressure test on a pipe with machined longitudinal notches in the outside surface. The test is applicable to pipes of wall thickness greater than 5 mm.

  • Standard
    19 pages
    English language
    sale 15% off
  • Standard
    19 pages
    French language
    sale 15% off
ISO
ISO/IEC 18181-1:2022/Amd 1:2022(Amendment)
Information technology — JPEG XL image coding system — Part 1: Core coding system — Amendment 1: Profiles and levels for JPEG XL image coding system
  • Standard
    3 pages
    English language
    sale 15% off
ISO
ISO 4954:2022(Amendment)
Steels for cold heading and cold extruding

This document specifies requirements for non-alloy and alloy steels that are intended for cold heading or cold extruding and are delivered as wire rods, wire or bars. It also contains specific requirements for: — steels not intended for heat treatment, with diameters from 2 mm to 100 mm (see Annex A); — case-hardening steels with diameters from 2 mm to 100 mm (see Annex B); — steels for quenching and tempering, including boron-alloyed steels (see Table C.3), with diameters from 2 mm to 100 mm (see Annex C); — stainless steels with diameters of 0,8 mm up to 50 mm for austenitic steels, up to 25 mm for ferritic steels and up to 100 mm for martensitic steels (see Annex D). This document (except Annex A) is applicable to the properties of cold-headed or cold-extruded parts which have been subjected to a subsequent heat treatment. As the properties of the parts in the cold-headed or cold-extruded, and subsequently not-heat-treated condition, are largely dependent on the applied cold-heading or cold-extruding conditions, these are, if necessary, subject to agreement between the purchaser and the manufacturer of the parts.

  • Standard
    67 pages
    English language
    sale 15% off
  • Standard
    67 pages
    English language
    sale 15% off
  • Standard
    67 pages
    English language
    sale 15% off
ISO
ISO/TS 5346:2022(Amendment)
Health informatics — Categorial structure for representation of traditional Chinese medicine clinical decision support system

This document specifies the categorial structure within the field of traditional Chinese medicine clinical decision support system by defining a set of domain constraints of sanctioned characteristics, each composed of a relationship and an applicable information model. This document is not applicable to Western medicine and Japanese Kampo medicine. It is not applicable to the design and management of artificial intelligence diagnosis and treatment.

  • Technical specification
    7 pages
    English language
    sale 15% off
  • Technical specification
    7 pages
    English language
    sale 15% off
  • Technical specification
    7 pages
    English language
    sale 15% off
ISO
ISO 8133:2022(Amendment)
Hydraulic fluid power — Mounting dimensions for accessories for single rod cylinders, 16 MPa (160 bar) compact series

This document specifies the mounting dimensions required for interchangeability of accessories for 16 MPa (160 bar) compact cylinders conforming to ISO 6020‑2. The accessories have been designed specifically for use with cylinders manufactured in accordance with ISO 6020‑2, but this does not limit their application[1]. This document covers the following accessories, identified in accordance with ISO 6099: — AP6 — rod eye spherical, female thread (see Figure 1 and Table 1); — AB5 — clevis bracket, spherical eye, in angle (see Figure 2 and Table 2); — AA6-L — pivot pin, spherical bearing, locking plate (see Figure 3 and Table 3); — AL6 — locking plate for pivot pin (see Figure 4 and Table 4); — AP2 — rod clevis, female thread (see Figure 5 and Table 5); — AP4 — rod eye plain, female thread (see Figure 6 and Table 6); — AB2 — eye bracket (see Figure 7 and Table 7); — AB4 — clevis bracket, straight (see Figure 8 and Table 8); — AA4-S — pivot pin, plain (split pins) (see Figure 9 and Table 9); — AA4-R — pivot pin, plain (rings) (see Figure 10 and Table 10); — AT4 — trunnion bracket (see Figure 11 and Table 11). These accessories are used on hydraulic cylinders for mechanically transmitting the cylinder force. The design of these accessories is based on the maximum forces resulting from the specified internal diameters of the cylinders and pressures according to ISO 3320 and ISO 2944. This document only applies to the dimensional criteria of products manufactured in conformity with this document; it does not apply to their functional characteristics. [1] 1 bar = 0,1 MPa = 105 Pa; 1 MPa = 1 N/mm2

  • Standard
    14 pages
    English language
    sale 15% off
  • Standard
    15 pages
    French language
    sale 15% off
ISO
ISO 18768-1:2022(Amendment)
Organic coatings on aluminium and its alloys — Methods for specifying decorative and protective organic coatings on aluminium — Part 1: Powder coatings

This document specifies methods for specifying decorative and protective powder coatings on aluminium and its alloys. It defines the characteristic properties of powder coatings and provides testing methods with minimum performance requirements, with reference to the application and the aggressiveness of the environment in which the coated aluminium exists. This document does not apply to coil coatings on aluminium.

  • Standard
    29 pages
    English language
    sale 15% off
ISO
ISO 16152:2022(Amendment)
Plastics — Determination of xylene-soluble matter in polypropylene

This document specifies two methods of determining the mass fraction of a polypropylene homopolymer or copolymer which is amorphous, expressed as soluble in xylene at 25 °C. — Method 1: Reference method; — Method 2: Automated instrumental method.

  • Standard
    13 pages
    English language
    sale 15% off