ISO 19475:2021

INTERNATIONAL ISO
STANDARD 19475
First edition
2021-06
Document management — Minimum
requirements for the storage of
documents
Gestion de documents — Exigences minimales pour le stockage des
documents
Reference number
©
ISO 2021
© ISO 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2021 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 General . 2
4.1 Policy . 2
4.2 Document types . 3
4.3 Controlling a received and delivered document . 4
4.4 Risks in document handling and measures . 4
4.4.1 Receipt and conversion . 4
4.4.2 Recipient and delivery . 4
5 Receipt and approval . 5
5.1 Requirements . 5
5.2 Controls for receipt . 5
5.3 Controls for approval . 5
5.4 Document to be used at processing . 5
5.5 Preserving the receiving and approved context . 6
6 Delivery . 6
6.1 Requirements . 6
6.2 Controls for the delivery process . 6
6.3 Controls for the recipient process . 7
6.4 Preservation of the delivery context . 7
6.5 Monitoring of the delivered document . 8
7 Storage . 8
Annex A (informative) Requirements for EDMS/ECM . 9
Annex B (informative) Approval processes .11
Annex C (informative) Delivery – Format of the document to be delivered .13
Bibliography .15
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/
iso/ foreword .html.
This document was prepared by Technical Committee ISO/TC 171, Document management applications,
Subcommittee SC 1, Quality, preservation and integrity of information.
This first edition cancels and replaces ISO/TS 19475-1, ISO/TS 19475-2, and ISO/TS 19475-3.
Any feedback or questions about this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www .iso .org/ members .html.
iv © ISO 2021 – All rights reserved

Introduction
This document specifies the minimum requirements for the operation of a document management
system necessary to maintain authenticity, integrity and readability of those managed documents.
Overall business operations are composed of the functions of receiving the document(s), performing
the work processes according to its contents, reporting the results of the processes and delivering
an outcome. A document management system serves the basic purpose of controlling the handling of
the received document, establishing the work processes and delivering the result of those processes.
Therefore, the reliability of the business processes and the process itself heavily depend on the
reliability of the document used as well as the reliability of the document management system.
The following operations are specified in this document, which relate to maintaining the reliability of
business activities:
— an operation that maintains the reliability of the received documents;
— an operation that maintains the integrity of the process activities; and
— an operation that ensures the authenticity of the delivered documents.
The reliability of the work processes is demonstrated by the effectiveness evaluation of the internal
controls of the organizations. Management is responsible for creating evidence during the organization's
business activities, ensuring and maintaining authenticity and integrity of the documents. Retained
documents produced as evidence of work are audited and assessed for validity. The framework and the
controls for preserving documents are described in ISO 15489.
ISO 14641 describes the methods for storing created or received electronic documents and provides
the guidelines for maintaining their integrity.
An electronic document management system (EDMS) is an effective technology for handling storage to
ensure the reliability of documents processed internally in an organization.
The above-mentioned mechanisms are a useful foundation for demonstrating the integrity of work
processes.
However, in executing their business operations, organizations create or receive various types of
documents and deliver them to other organizations. Sharing documents has the potential for a variety
of risks.
There is the risk that the organization can receive a document without any right to use it. There is
also the risk that the document contains false information, that the information was received through
inappropriate communication channels or, that the information is inappropriate for business purposes.
Any of these circumstances degrade the reliability of the work processes.
There are also risks involved when delivering a document to another organization. For example, it can
be delivered to the wrong party or the information is not appropriate to be shared. Organizations need
to take the necessary steps to mitigate these risks.
Organizations need to clarify their handling process procedures for receipt and delivery of documents.
Document handling procedures need to include quality criteria for the documents to be processed.
By applying the controls described in this document, an organization can operate their document
management system appropriately.
INTERNATIONAL STANDARD ISO 19475:2021(E)
Document management — Minimum requirements for the
storage of documents
1 Scope
This document specifies the minimum requirements necessary to maintain the authenticity, integrity
and readability of documents managed by an electronic document management system. Clarifying the
methods and procedures for appropriately handling electronic documents promotes the usability of the
documents, in both a legal and business context.
This document expresses a general business process as a document handling process. The document
handling processes include receiving, processing and delivering the documents as follows:
— approving the receipt of a document in a manner that is appropriate for a work process;
— storing the formal document in the work process environment;
— delivery of the document to another organization.
This document establishes the controls for execution of the work processes while maintaining the
authenticity and integrity of the document received.
This document establishes the policies for the storage of documents used as part of the work process. It
also details the controls for performing the receipt and conversion process appropriately.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes the requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 14641, Electronic document management — Design and operation of an information system for the
preservation of electronic documents — Specifications
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
enterprise content management
ECM
strategies, methods and tools used to capture, manage, store, preserve and deliver content and
documents (3.6) related to organizational processes
[SOURCE: ISO 12651-1:2012, 4.53, modified — Note 1 to ent
...