We use cookies to give you the best experience and to help improve our website

Find out what cookies we use and how to disable them

ISO/TC 171/SC 2 N 1432, ISO/NP TS 18759 Document management - Trustworthy storage system (TSS) functional and technical requirements

Scope

This document specifies the functional, technology-neutral requirements for trustworthy storage systems (TSS) that ensure storing and managing electronically stored information (ESI) in a protected and secure fashion during the lifecycle of the information.

It does not specify specific storage media types or configurations.

Purpose

This document is applicable to all information systems in which users and applications have to manage the protection, preservation and security of stored ESI throughout its entire lifecycle to meet organizational and compliance requirements to enforce:

- Immutability, authenticity and trustworthiness of the stored ESI;

- protection of application managed ESI and other stored ESI against tampering, malicious acts and ransomware;

- organizational ESI preservation and retention policies;

- provide protection for unstructured and unmanaged data

The TSS is storage technology independent and intentionally focuses on the core functionality and capabilities to provide the following:

1. The TSS must be infrastructure and configuration agnostic

2. The TSS protection must survive changes to underlying storage infrastructure without compromising the immutability and trustworthiness of the stored ESI

3. The TSS stored ESI protection and persistence must survive independent of the application to ensure that the integrity of the protected ESI cannot be destroyed even if the application is compromised or discontinued

4. The TSS must prevent any user or malware that could potentially undo or bypass the application and destroy valuable data prematurely regardless of their motivation malicious or accidental.

This document is intended for the following users and use cases.

a) Organizations that need to protect high value ESI against malicious acts and accidental loss

b) Organizations implementing trusted information systems in which ESI must be stored in an environment that ensures authenticity, long-term preservation, integrity and chain of custody.

c) Organizations providing information technology services that evaluate, implement trustworthy storage systems including third-party TSS. 

Comment on proposal

Required form fields are indicated by an asterisk (*) character.


Please email further comments to: debbie.stead@bsigroup.com

Follow standard

You are now following this standard. Weekly digest emails will be sent to update you on the following activities:

You can manage your follow preferences from your Account. Please check your mailbox junk folder if you don't receive the weekly email.

Unfollow standard

You have successfully unsubscribed from weekly updates for this standard.

Error