ISO 16919:2014 (CCSDS 652.1-M.2) Preview
Space data and information transfer systems -- Requirements for bodies providing audit and certification of candidate trustworthy digital repositories
ISO 16919:2014 is meant primarily for those setting up and managing the organization performing the auditing and certification of digital repositories.
It should also be of use to those who work in or are responsible for digital repositories seeking objective measurement of the trustworthiness of their repository and wishing to understand the processes involved.
The main purpose is to define a CCSDS Recommended Practice (and ISO International Standard) on which to base the operations of the organization(s) which assess the trustworthiness of digital repositories using ISO 16363 and provide the appropriate certification. ISO 16919:2014 specifies requirements for bodies providing audit and certification of digital repositories, based on the metrics contained within ISO/IEC 17021 and CCSDS 652.0-M-1/ISO 16363. It is primarily intended to support the accreditation of bodies providing such certification.
ISO/IEC 17021 provides the bulk of the requirements on bodies offering audit and certification for general types of management systems. However, for each specific type of system, specific additional requirements will be needed, for example, to specify the standard against which the audit is to be made and the qualifications which auditors require.
ISO 16919:2014 provides the (small number of) specific additions required for bodies providing audit and certification of candidate trustworthy digital repositories. Trustworthy here means that they can be trusted to maintain, over the long-term, the understandability and usability of digitally encoded information placed into their safekeeping.
In order improve readability, the clause numbers are kept consistent with those of ISO/IEC 17021. Some subclauses are applicable as they stand, and these are simply enumerated; otherwise additions to subclauses are explicitly given. In the former case, the clauses may consist of just a few sentences. As a result, this document must be read in conjunction with ISO/IEC 17021.
The requirements contained in this document need to be demonstrated in terms of competence and reliability by any organization or body providing certification of digital repositories.