scope:

The present document addresses the assessment of the Information Security Management System ("ISMS") of a Data Preservation System, by specifying guidelines for Assessors when reviewing and auditing a DPS. No provisions are stated on:

a) Assessors' qualification for which existing documentation provides specification of an exhaustive set of provisions; for this purpose ISO/IEC 17021 [i.8] and ISO/IEC 27006 [i.5] are referred to;

b) basic Assessors' activities, such as examining the procedures audit trail, since Assessors are assumed to be familiar with them. Additional information is specified in annex B.

The present document specifies recommendations on how to assess reliable electronic data object preservation services against the ICT security measures provided for in the sister document TS 101 533-1 [i.4].

These recommendations are based on provisions of ISO/IEC 27001 [i.1], ISO/IEC 27002 [i.2] and TS 102 573 [i.3], enhancing them where necessary.

The present document does not address specific document management related issues that are addressed by a number of ISO standards, such as ISO 14721 [i.9], ISO 15489 [i.10], ISO 23081 [i.11] and, more in general, those dealt with by ISO/TC 46/SC11 that the reader of the present document should refer to.

NOTE: The present document and its sister document TS 101 533-1 [i.4] can be referred to by various archival management standards and standard families as a complementary and detailed set of specifications through which a reliable Information Security Management System can be implemented, managed and assessed, as regards the Data Preservation peculiarities.