ISO/TR TECHNICAL REPORT 15801 Third edition 2017-05 Document management Electronically stored information - Recommendations for trustworthiness and reliability Gestion dedocument-Information stockée électroniquement- Recommandations pour contribuer a I'integrité et a la fiabilite des informationsstockées Reference number ISO/TR 15801:2017(E) os1 ZHEJIANG INST OF STANDARDIZATION C15956617 @IS02017 IHS under ed without license from IHS IS0/TR 15801:2017(E) COPYRIGHTPROTECTEDDOCUMENT IS0 2017, Published in Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO's member body in the country of the requester. ISO copyrightoffice Ch. de Blandonnet 8 . CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 copyright@iso.org www.iso.org Intenationaibr PrganizationforStandardization icensee-ZHEJIANG INST OF STANDARDIZRoISQ s1.7 - All rights reserved etworking permitted without license from IHS IS0/TR 15801:2017(E) Contents Page Foreword ..vi Introduction. ..vii 1 Scope. 2 Normative references 3 Terms and definitions 4 Information management policy. ..2 4.1 General .2 4.2 Information management policy document .2 4.2.1 Contents.. .2 4.2.2 EsI covered 4.2.3 ESI roles and responsibilities. 3 4.2.4 ESI security classification. .3 4.2.5 Storage media. 4 4.2.6 Data file formats and compression .4 4.2.7 Outsourcing 4 4.2.8 Standards related to information management .4 4.2.9 Retention and disposal schedules. .5 4.2.10 Information management responsibilities. .5 4.2.11 Compliance with policy ..5 5 Duty of care 5.1 General .5 Trusted system .5 5.1.1 5.1.2 Controls. .5 5.1.3 Segregation of roles .6 5.2 Information security management .6 5.2.1 Information security policy .6 5.2.2 Risk assessment. .7 5.2.3 Information security framework 8 5.3 Business continuity planning. .8 5.4 Consultations. ..8 6 Procedures and processes .9 6.1 General. .9 6.2 Procedures manual .9 6.2.1 Documentation 6.2.2 Content. .9 6.2.3 Compliance with procedures .10 6.2.4 Updating and reviews. ..10 6.3 ESI capture. ..10 6.3.1 General .10 6.3.2 Creation and importing .11 6.3.3 Information loss. ..11 6.3.4 Metadata .12 6.4 Document image capture. ..12 6.4.1 General ..12 6.4.2 Preparation of paper documents .12 6.4.3 Document batching. ..13 6.4.4 Photocopying .13 6.4.5 Scanning processes. .14 6.4.6 Quality control .15 6.4.7 Rescanning .17 6.4.8 Image processing ..17 6.5 Data capture. ..17 iii ee=ZHEJIANG INST OF STANDARDIZATION C1 5956617 d without license from IHS Not for Resale, 2017/8/21 02:40:40