iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/TR 22428-1:2020

(Main)

Managing records in cloud computing environments — Part 1: Issues and concerns

Managing records in cloud computing environments — Part 1: Issues and concerns

This document presents a model for cloud records management and outlines the risks and issues that are considered by records managers before adopting cloud services for records management. The model for cloud records management includes a stakeholder model, processes, metadata, architecture, and use cases. Risks and issues are classified into those originating from cloud services internally and those originating from cloud services externally. Internal risks are associated with cloud services, systems and stakeholders. External risks and issues can occur in the social and legal context in which cloud services operate. The target audience of this document includes: — records, information, knowledge, and governance professionals; — cloud service architects; — archivists using cloud services for managing records; — developers of cloud-deployed records management software; — ICT staff; and — providers of cloud-based records management services.

Gestion des documents d'activité dans les environnements d'informatique en nuage — Partie 1: Enjeux et préoccupations

Upravljanje zapisov v okoljih računalništva v oblaku - 1. del: Vprašanja in pomisleki

General Information

Status
Published
Publication Date
14-Sep-2020
ICS
01.140.20 - Information sciences
Technical Committee
ISO/TC 46/SC 11 - Archives/records management
Drafting Committee
ISO/TC 46/SC 11/WG 17 - Records in the cloud
Current Stage
6060 - International Standard published
Start Date
15-Sep-2020
Completion Date
15-Sep-2020
Ref Project
SIST-TP ISO/TR 22428-1:2021 - Managing records in cloud computing environments - Part 1: Issues and concerns

Relations

Consolidated By
ISO 13468-2:2021 - Plastics — Determination of the total luminous transmittance of transparent materials — Part 2: Double-beam instrument
Effective Date
06-Jun-2022
TP ISO/TR 22428-1:2021 - BARVETP ISO/TR 22428-1:2021 - BARVE
PreviousNext
Technical report
TP ISO/TR 22428-1:2021 - BARVE
English language
30 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day
ISO/TR 22428-1:2020 - Managing records in cloud computing environmentsISO/TR 22428-1:2020 - Managing records in cloud computing environments
PreviousNext
Technical report
ISO/TR 22428-1:2020 - Managing records in cloud computing environments
English language
24 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


SLOVENSKI STANDARD
01-marec-2021
Upravljanje zapisov v okoljih računalništva v oblaku - 1. del: Vprašanja in
pomisleki
Managing records in cloud computing environments - Part 1: Issues and concerns
Gestion des documents d'activité dans les environnements d'informatique en nuage
Ta slovenski standard je istoveten z: ISO/TR 22428-1:2020
ICS:
01.140.20 Informacijske vede Information sciences
35.210 Računalništvo v oblaku Cloud computing
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

TECHNICAL ISO/TR
REPORT 22428-1
First edition
2020-09
Managing records in cloud computing
environments —
Part 1:
Issues and concerns
Gestion des documents d'activité dans les environnements
d'informatique en nuage —
Partie 1: Enjeux et préoccupations
Reference number
©
ISO 2020
© ISO 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2020 – All rights reserved

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Stakeholder model . 4
4.1 General . 4
4.2 Cloud records management service customer . 5
4.2.1 General. 5
4.2.2 Cloud records producer . 5
4.2.3 Cloud records manager . 6
4.2.4 Cloud records user . 6
4.3 Cloud records management service provider . 6
4.3.1 General. 6
4.3.2 Records management SaaS provider . 6
4.3.3 PaaS provider . 7
4.3.4 IaaS provider . 7
4.4 Cloud records management service partner . 7
4.4.1 Cloud records management agent . 7
4.4.2 Cloud records management auditor . 7
5 Cloud records management environments . 8
5.1 General . 8
5.2 Records management processes in the cloud environment . 8
5.3 Metadata in cloud records management services . 9
5.4 Cloud reference architecture for managing authoritative records .10
6 Use cases in cloud records management .11
6.1 General .11
6.2 SaaS shared by customers .12
6.3 SaaS developed by customers .13
6.4 Records management based on IaaS .13
6.5 Multiple IaaS used by customers .14
6.6 Records management agent .15
7 Risks in cloud records system .16
7.1 General .16
7.2 Cloud service risks .16
7.3 Cloud system risks .18
7.4 Cloud stakeholder risks .19
8 Social and legal issues of cloud services .19
8.1 General .19
8.2 Legal issues .20
8.2.1 General.20
8.2.2 Cross-border data jurisdictional issues .20
8.2.3 Inability to enforce contractual terms .20
8.2.4 Non-negotiable licensing terms .21
8.2.5 Data ownership issues .21
8.2.6 Conflict between the terms and conditions .21
8.3 Social issues .21
8.3.1 General.21
8.3.2 Limitations of technical security .22
8.3.3 Social impact of personal information leakage accidents .22
8.3.4 Unavailability of personal records.23
8.3.5 Risk of long-term preservation of records in the cloud service .23
Bibliography .24
iv © ISO 2020 – All rights reserved

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out by
ISO technical committees. Each member body interested in a subject has the right to be represented on
the relevant technical committee if such committee has been established. International organizations,
governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates
closely with the International Electro-technical Commission (IEC) on all matters related to electro-
technical standardization.
The procedures used to develop the present document and those intended for its further maintenance
are described in the ISO/IEC Directives, Part 1. In particular, the various approval criteria needed for
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be listed in the Introduction
and/or on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is given for the purpose of information for users’ convenience
and does not constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO-specific terms and
expressions related to conformity assessment, as well as information on ISO's adherence to the World
Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/ iso/
foreword .html.
This document was prepared by Technical Committee ISO/TC 46, Information and documentation,
Subcommittee SC 11, Archives/records management.
A list of all parts in the ISO 22428 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
Introduction
A cloud service refers to capabilities offered via cloud computing where users can borrow, to use
flexibly, physical or virtual resources which include software and platform, as well as computing
infrastructure, such as data storage and computing servers. The cloud service offers benefits, such as
dynamic scalability, enhanced organizational agility, resilience and cost reduction, enabling improved
organizational competitiveness and efficiency. Cloud services are emerging as an essential aspect of
information technology due to location-independent resource shar
...


TECHNICAL ISO/TR
REPORT 22428-1
First edition
2020-09
Managing records in cloud computing
environments —
Part 1:
Issues and concerns
Gestion des documents d'activité dans les environnements
d'informatique en nuage —
Partie 1: Enjeux et préoccupations
Reference number
©
ISO 2020
© ISO 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2020 – All rights reserved

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Stakeholder model . 4
4.1 General . 4
4.2 Cloud records management service customer . 5
4.2.1 General. 5
4.2.2 Cloud records producer . 5
4.2.3 Cloud records manager . 6
4.2.4 Cloud records user . 6
4.3 Cloud records management service provider . 6
4.3.1 General. 6
4.3.2 Records management SaaS provider . 6
4.3.3 PaaS provider . 7
4.3.4 IaaS provider . 7
4.4 Cloud records management service partner . 7
4.4.1 Cloud records management agent . 7
4.4.2 Cloud records management auditor . 7
5 Cloud records management environments . 8
5.1 General . 8
5.2 Records management processes in the cloud environment . 8
5.3 Metadata in cloud records management services . 9
5.4 Cloud reference architecture for managing authoritative records .10
6 Use cases in cloud records management .11
6.1 General .11
6.2 SaaS shared by customers .12
6.3 SaaS developed by customers .13
6.4 Records management based on IaaS .13
6.5 Multiple IaaS used by customers .14
6.6 Records management agent .15
7 Risks in cloud records system .16
7.1 General .16
7.2 Cloud service risks .16
7.3 Cloud system risks .18
7.4 Cloud stakeholder risks .19
8 Social and legal issues of cloud services .19
8.1 General .19
8.2 Legal issues .20
8.2.1 General.20
8.2.2 Cross-border data jurisdictional issues .20
8.2.3 Inability to enforce contractual terms .20
8.2.4 Non-negotiable licensing terms .21
8.2.5 Data ownership issues .21
8.2.6 Conflict between the terms and conditions .21
8.3 Social issues .21
8.3.1 General.21
8.3.2 Limitations of technical security .22
8.3.3 Social impact of personal information leakage accidents .22
8.3.4 Unavailability of personal records.23
8.3.5 Risk of long-term preservation of records in the cloud service .23
Bibliography .24
iv © ISO 2020 – All rights reserved

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out by
ISO technical committees. Each member body interested in a subject has the right to be represented on
the relevant technical committee if such committee has been established. International organizations,
governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates
closely with the International Electro-technical Commission (IEC) on all matters related to electro-
technical standardization.
The procedures used to develop the present document and those intended for its further maintenance
are described in the ISO/IEC Directives, Part 1. In particular, the various approval criteria needed for
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be listed in the Introduction
and/or on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is given for the purpose of information for users’ convenience
and does not constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO-specific terms and
expressions related to conformity assessment, as well as information on ISO's adherence to the World
Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/ iso/
foreword .html.
This document was prepared by Technical Committee ISO/TC 46, Information and documentation,
Subcommittee SC 11, Archives/records management.
A list of all parts in the ISO 22428 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
Introduction
A cloud service refers to capabilities offered via cloud computing where users can borrow, to use
flexibly, physical or virtual resources which include software and platform, as well as computing
infrastructure, such as data storage and computing servers. The cloud service offers benefits, such as
dynamic scalability, enhanced organizational agility, resilience and cost reduction, enabling improved
organizational competitiveness and efficiency. Cloud services are emerging as an essential aspect of
information technology due to location-independent resource sharing, availability via the Internet and
mobile devices, and the ability to deliver on-demand services and lower costs.
Currently, the explosive growth of digital content through mobile platforms and the Internet of things
is driving organizations to move their computing systems and information assets to the cloud. As a
result, a number of companies and government organizations have shifted their business systems to
cloud services, and many other organizations are planning to adopt cloud services. In the near future, it
is expected that most data will be processed and stored in cloud services.
Cloud services might prove to be an alternative for organizations that are reluctant to invest in
establishing their own computer systems for digital records management. Cloud services can provide
the software, hardware, and platform needed to implement a system for records at an affordable price.
It is often n
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO 30302:2022/Amd 1:2025(Amendment)
Information and documentation — Management systems for records — Guidelines for implementation — Amendment 1: Non conformities, corrective actions and climate change requirements
SIST ISO 30302:2023/Amd 1:2025
  • Standard
    1 page
    English language
    sale 15% off
  • Amendment
    4 pages
    English language
    sale 10% off
    e-Library read for
    1 day
ISO
ISO/TR 24332:2025(Main)
Information and documentation — Blockchain and distributed ledger technology (DLT) in relation to authoritative records, records systems and records management

This document analyses challenges, considerations, and potential benefits of blockchain and distributed ledger technology (DLT) in relation to records management standards and related standards for systems that: — create records that are required to be authoritative records; — can be used as records systems; or — can be used for records management, including records controls. The target audience of this document includes records managers and allied professionals, IT professionals and application developers, legal and compliance professionals, researchers, educators and other interested parties.

  • Technical report
    33 pages
    English language
    sale 15% off
  • Technical report
    33 pages
    English language
    sale 15% off
ISO
ISO/TS 7538:2024(Main)
Functional requirements for disposition of records
SIST-TS ISO/TS 7538:2025

This document identifies the purpose and benefits of disposition and provides organizations with guidance about how to manage disposition-related processes. In particular, it: — specifies responsibilities for records disposition processes; — provides guidance on the key areas against which records disposition processes can be assessed; — provides requirements and guidance for those implementing disposition processes; and — provides guidance on how to integrate records disposition processes into an organization’s operations.

  • Technical specification
    19 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Technical specification
    14 pages
    English language
    sale 15% off
ISO
ISO/TR 8344:2024(Main)
Information and documentation — Issues and considerations for managing records in structured data environments
SIST-TP ISO/TR 8344:2024

This document identifies issues and considerations for managing records in structured data environments.

  • Technical report
    67 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Technical report
    61 pages
    English language
    sale 15% off
ISO
ISO 18128:2024(Main)
Information and documentation — Records risks — Risk assessment for records management
SIST ISO 18128:2024

The document: a) provides methods for identifying and documenting risks related to records, records processes, controls and systems (records risks); b) provides techniques for analysing records risks; c) provides guidelines for conducting an evaluation of records risks. This document intends to assist organizations in assessing records risks so they can ensure records continue to meet identified business needs as long as required. This document can be used by all organizations regardless of size, nature of their activities, or complexity of their functions and structure. This document does not directly address the mitigation of risks, as methods for these vary from organization to organization. It can be used by records professionals or people who have responsibility for records and records processes, controls and/or systems in their organizations, and by auditors or managers who have responsibility for risk management programs in their organizations.

  • Standard
    33 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    27 pages
    English language
    sale 15% off
ISO
ISO 30301:2019/Amd 1:2024(Amendment)
Information and documentation — Management systems for records — Requirements — Amendment 1: Climate action changes
  • Standard
    1 page
    English language
    sale 15% off
  • Standard
    1 page
    French language
    sale 15% off
  • Standard
    1 page
    French language
    sale 15% off
ISO
ISO 13008:2022(Main)
Information and documentation — Digital records conversion and migration process
SIST ISO 13008:2022

This document specifies the planning issues, requirements and procedures for the conversion and/or migration of digital records in order to preserve the authenticity, reliability, integrity and usability of such records as evidence of business functions, processes, activities and transactions. These procedures do not comprehensively cover: — backup systems; — preservation of digital records; — functionality of trusted digital repositories; — the process of converting analogue formats to digital formats and vice versa.

  • Standard
    34 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    34 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    28 pages
    English language
    sale 15% off
  • Standard
    31 pages
    French language
    sale 15% off
ISO
ISO 30302:2022(Main)
Information and documentation — Management systems for records — Guidelines for implementation
SIST ISO 30302:2023

This document gives guidance for the implementation of an MSR in accordance with ISO 30301. This document is intended to be used in conjunction with ISO 30301. It describes the activities to be undertaken when designing, implementing and monitoring an MSR. This document is intended to be used by any organization, or across organizations, implementing an MSR. It is applicable to all types of organization (e.g. commercial enterprises, government agencies, non-profit organizations) of all sizes. This document is intended to be used by those responsible for leading the implementation and maintenance of the MSR. It can also help top management in making decisions on the establishment, scope and implementation of management systems in their organization.

  • Standard
    39 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    33 pages
    English language
    sale 15% off
  • Standard
    36 pages
    French language
    sale 15% off
  • Standard
    36 pages
    French language
    sale 15% off
ISO
ISO 23081-2:2021(Main)
Information and documentation — Metadata for managing records — Part 2: Conceptual and implementation issues
SIST ISO 23081-2:2021

This document establishes a framework for defining metadata elements consistent with the principles and implementation considerations outlined in ISO 23081-1. The purpose of this framework is to: a) enable standardized description of records and critical contextual entities for records; b) provide common understanding of fixed points of aggregation to enable interoperability of records and information relevant to records between organizational systems; and c) enable reuse and standardization of metadata for managing records over time, space and across applications. It further identifies some of the critical decision points that need to be addressed and documented to enable implementation of metadata for managing records. It aims to: — identify the issues that need to be addressed in implementing metadata for managing records; — identify and explain the various options for addressing the issues; and — identify various paths for making decisions and choosing options in implementing metadata for managing records.

  • Standard
    39 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    33 pages
    English language
    sale 15% off
ISO
ISO/TS 16175-2:2020(Main)
Information and documentation — Processes and functional requirements for software for managing records — Part 2: Guidance for selecting, designing, implementing and maintaining software for managing records
SIST ISO/TS 16175-2:2021

This document provides guidance for decision making and processes associated with the selection, design, implementation and maintenance of software for managing records, according to the principles specified in ISO 15489-1. This document is applicable to any kind of records system supported by software, including paper records managed by software, but is particularly focused on software for managing digital records. This document provides guidance to records professionals charged with, or supporting the selection, design, implementation and maintenance of systems for managing records using a variety of software. It can also provide assistance to information technology professionals such as solution architects/designers, IT procurement decision makers, business analysts, business owners and software developers and testers seeking to understand records requirements.

  • Technical specification
    28 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Technical specification
    22 pages
    English language
    sale 15% off
  • Technical specification
    25 pages
    French language
    sale 15% off