SIST ISO 13008:2013

INTERNATIONAL ISO
STANDARD 13008
First edition
2012-06-15
Information and documentation — Digital
records conversion and migration process
Information et documentation — Processus de conversion et migration
des documents d’activité numériques
Reference number
ISO 13008:2012(E)
©
ISO 2012

---------------------- Page: 1 ----------------------
ISO 13008:2012(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2012
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISO’s
member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2012 – All rights reserved

---------------------- Page: 2 ----------------------
ISO 13008:2012(E)
Contents Page
Foreword .iv
Introduction . v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Organizational and business framework . 4
4.1 General . 4
4.2 Conversion and migration drivers . 4
4.3 Planning for the conversion and migration process . 5
4.4 Establishing a conversion and migration program . 6
5 Recordkeeping requirements . 8
5.1 General . 8
5.2 Conversion and migration requirements . 8
5.3 Conversion/migration process metadata . 9
5.4 Recordkeeping process metadata implementation issues . 9
6 Conversion and migration planning .10
6.1 General .10
6.2 Business requirements .10
6.3 General administrative planning . 11
6.4 Technology planning requirements .12
7 Conversion and migration procedures .12
7.1 General .12
7.2 Procedures .13
7.3 Conversion/migration project planning .15
7.4 Testing .18
7.5 Conversion/migration .20
7.6 Validating .22
8 Monitoring .24
Bibliography .25
© ISO 2012 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO 13008:2012(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
(ISO member bodies). The work of preparing International Standards is normally carried out through ISO
technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International
Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of technical committees is to prepare International Standards. Draft International Standards
adopted by the technical committees are circulated to the member bodies for voting. Publication as an
International Standard requires approval by at least 75 % of the member bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this International Standard may be the subject
of patent rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO 13008 was prepared by Technical Committee ISO/TC 46, Information and documentation, Subcommittee
SC 11, Archives/records management.
iv © ISO 2012 – All rights reserved

---------------------- Page: 4 ----------------------
ISO 13008:2012(E)
Introduction
This International Standard provides guidance for the conversion of records from one format to another and
the migration of records from one hardware or software configuration to another. It contains applicable records
management requirements, the organizational and business framework for conducting the conversion and
migration process, technology planning issues, and monitoring/controls for the process. It also identifies
the steps, components and particular methodologies for each of these processes, covering such topics as
workflow, testing, version control and validation.
The development of this International Standard was derived from Reference [13].
With the rapid pace of technological change, many records in digital form will, at some point, need to be
converted from one format to another, or migrated from one system to another to ensure their continued
accessibility and processability.
This is not to suggest that conversion and migration are the only approaches to preserving digital records.
Other methods, such as emulation, do exist or are under development. Conversion and migration are, however,
two of the more prevalent methods of digital preservation at this time. While this International Standard does
not address digital preservation per se, the conversion and migration processes can have an impact on a digital
preservation strategy. How an organization chooses to set up the conversion and migration processes (which
format to employ, the level of control needed, and so on) largely influences its view of the record. At the time of
the development of this International Standard, no single preferred preservation method had been identified.
However, institutions recognize the benefit of standardized procedures; many test beds and task forces have
been established to explore and research conversion, migration, emulation and refreshment, among other
preservation procedures, to determine what should work best.
Conversion and migration represent separate approaches to preserving digital records. It is important to
implement them in a managed way to prevent any degradation or loss in the authenticity, reliability, integrity and
usability of the records, thus ensuring an “authoritative record” as described in ISO 15489-1:2001, 7.2.2 to 7.2.5.
This International Standard outlines the program components, planning issues, recordkeeping requirements and
procedures for performing the conversion and migration of digital records so as to preserve their authenticity,
reliability, integrity and usability so that they continue to act as evidence of business transactions.
From the outset, note that it is not necessary to adopt all of the procedures recommended in this International
Standard to ensure that records management requirements are met. The decision regarding which procedures
to adopt depends on such factors as the type of conversion or migration to be performed and the level of risk
the organization is willing to accept. In addition, organizations would be well advised to incorporate future
planning for further conversion and/or migration of records among requirements for managing enterprise
electronic recordkeeping systems.
Before starting a conversion or migration project, individuals designated as “key” to the process need to be
aware of records management requirements. The term “recordkeeping criteria/requirements” in records and
information management means an adherence to a set of principles that relate to record integrity, authenticity,
reliability and usability. Adherence to these principles ensures that record content, context and structure
are maintained and that a given record’s standing as evidence of business activity is not compromised. The
principles apply regardless of how long the record is retained.
This International Standard does not specifically address conversions and migrations as a routine, ongoing
business-as-usual work.
© ISO 2012 – All rights reserved v

---------------------- Page: 5 ----------------------
INTERNATIONAL STANDARD ISO 13008:2012(E)
Information and documentation — Digital records conversion
and migration process
1 Scope
This International Standard specifies the planning issues, requirements and procedures for the conversion
and/or migration of digital records (which includes digital objects plus metadata) in order to preserve the
authenticity, reliability, integrity and usability of such records as evidence of business transactions. These
digital records can be active or residing in a repository.
These procedures do not comprehensively cover:
— backup systems;
— preservation of digital records;
— functionality of trusted digital repositories;
— the process of converting analogue formats to digital formats and vice versa.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced document
(including any amendments) applies.
ISO 15489-1, Information and documentation — Records management — Part 1: General
ISO 23081-2, Information and documentation — Managing metadata for records — Part 2: Conceptual and
implementation issues
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 15489-1 and the following apply.
3.1
access
right, opportunity, means of finding, using, or retrieving information
[ISO 15489-1:2001, definition 3.1]
3.2
attribute
characteristic of an object or entity
NOTE Adapted from ISO/IEC 11179-3:2003.
3.3
authenticity
record that can be proven to be what it purports to be, to have been created or sent by the person purported to
have created or sent it, and to have been created or sent at the time purported
NOTE This term is further described in ISO 15489-1:2001, 7.2.2.
© ISO 2012 – All rights reserved 1

---------------------- Page: 6 ----------------------
ISO 13008:2012(E)
3.4
content
subject information of a document
[IEC 82045-1:2001, definition 3.2.2]
3.5
conversion
〈record〉 process of changing records from one format to another while maintaining the characteristics of the records
3.6
data cleansing
process of reviewing and correcting data to ensure data are in a standardized format
NOTE Correction may be carried out for incompleteness, incorrect formatting, obsolescence, duplication, etc. It is
often done prior to merging data sets or converting data from one system/database to another.
3.7
data object
discrete data, considered as a unit, representing an instance of a data structure that is known or assumed to
be known
[ISO/IEC 2382-17:1999, definition 17.01.11]
3.8
emulation
use of a data processing system to imitate another data processing system, so that the imitating system
accepts the same data, executes the same programs, and achieves the same results as the imitated system
NOTE Adapted from ISO/IEC 2382-1:1993.
3.9
encryption
(reversible) transformation of data by a cryptographic algorithm to produce ciphertext, i.e. to hide the information
content of the data
NOTE Adapted from ISO/IEC 18033-1:2005.
3.10
file format
encoding of a file type that can be rendered or interpreted in a consistent, expected and meaningful way through
the intervention of a particular piece of software or hardware which has been designed to handle that format
NOTE A file may (or may not) be a container containing zero or more files of various formats. File formats may
be defined by a specification, or by a reference software system. Many file formats exist in forms with minor variations
and many also in more than one version. Typing of file formats should be interpreted generously rather than strictly, but
sufficiently precisely to distinguish versions where such distinctions have significant interpretive consequences.
[PRONOM]
3.11
integrity
quality of being complete and unaltered
NOTE This term is further described in ISO 15489-1:2001, 7.2.4.
3.12
metadata
〈records〉 data describing context, content, and structure of records and their management through time
[ISO 15489-1:2001, definition 3.12]
2 © ISO 2012 – All rights reserved

---------------------- Page: 7 ----------------------
ISO 13008:2012(E)
3.13
migration
〈records〉 process of moving records, including their existing characteristics, from one hardware or software
configuration to another without changing the format
3.14
originating
initial manifestation of something
3.15
preservation
processes and operations involved in ensuring the technical and intellectual survival of authentic records
through time
[ISO 15489-1:2001, definition 3.14]
3.16
preservation metadata
metadata that supports the viability, renderability, understandability, authenticity and identity of digital objects
in a preservation context
[PREMIS Data Dictionary for Preservation Metadata, version 2.0, March 2008]
3.17
record
information created, received, and maintained as evidence and/or as an asset by an organization or person, in
pursuance of legal obligations or in the transaction of business, regardless of medium, form or format
NOTE Adapted from ISO 15489-1:2001.
3.18
refreshment
data migration where the media is replaced with equivalent media such that all storage hardware and software
functionality is unchanged
NOTE Adapted from ISO 14721:2003.
3.19
reliability
measure of the completeness and accuracy of the representation of transactions and activities, or of the facts
to which they attest
NOTE This term is further described in ISO 15489-1:2001, 7.2.3.
3.20
replication
digital migration where there is no change to the packaging information, the content information, and the
preservation description information
NOTE The bits used to represent these information objects are preserved in the transfer to the same or new
media instance.
NOTE Adapted from ISO 14721:2003.
3.21
usability
〈records〉 property of being able to be located, retrieved, presented and interpreted
NOTE This term is further described in ISO 15489-1:2001, 7.2.5.
© ISO 2012 – All rights reserved 3

---------------------- Page: 8 ----------------------
ISO 13008:2012(E)
3.22
validation
confirmation, through the provision of objective evidence, that the requirements for a specific intended use or
application have been fulfilled
NOTE Adapted from ISO 9000:2005.
4 Organizational and business framework
4.1 General
This clause addresses the drivers that often prompt the need for the conversion or migration of digital records,
the issues that organizations should consider when evaluating the need for conversion or migration of their
records, and the steps taken in developing a conversion and migration program. It discusses the decision making
and resource allocation associated with the conversion or migration within the organizational framework, as
well as the technical infrastructure that supports the conversion and migration processes and which shall be
used to ensure the records’ authenticity and integrity for as long as they are needed.
4.2 Conversion and migration drivers
4.2.1 General
A variety of drivers can compel an organization to convert or migrate its digital records. Some records
have longer retention requirements than a software application or storage medium can sustain, prompting
organizations to convert or migrate their records while supporting systems are still viable. Organizations
might also choose to convert or migrate records proactively on the basis of operational factors relating to
record volume, access, storage efficiency, business and technology cycles, or organizational change (such as
mergers and acquisitions). In extreme circumstances, organizations might be compelled to convert or migrate
records in response to regulatory or legal actions.
4.2.2 Conversion drivers
Conversion is defined as the process of changing records from one format to another. Some examples of
drivers that could require digital conversion include the following.
a) Format change: for example, records stored in a closed format are converted to an open file format, such
as a conversion of a Word file to PDF/A.
b) Format obsolescence: for example, records stored in an obsolete but still readable word processing format
are converted to a current word processing format.
4.2.3 Migration drivers
Migration is defined as the process of moving records from one hardware or software configuration to another
without changing the format. Some examples of drivers that could require digital migration include the following.
a) There may be a need to migrate records from one structure to another. For example, records existing in several
legacy databases might be restructured into a new consolidated database (e.g. from Oracle to SQL Server).
b) The platform in which the records were created is changing and the records need to be migrated to the new
platform. For example, records might need to be moved from a Microsoft Windows platform to a UNIX platform.
c) A migration is prudent from a business perspective (e.g. to introduce a new system with improved
functionality). For example, a migration of records might be needed to support a change from a physical
business presence to a web-based storefront or to move records from a shared drive to an electronic
document and records management system (EDRMS).
4 © ISO 2012 – All rights reserved

---------------------- Page: 9 ----------------------
ISO 13008:2012(E)
Organizations have an obligation to assess, document and manage their records in the normal course of
business. Ongoing accessibility and compliance of digital records with a dynamic regulatory and technical
environment demand rigorous, coordinated efforts and sustained funding.
Decisions related to conversion and migration shall be based on analysis of the importance of the organization’s
digital records and the impact of technology infrastructure and investments during the records’ existence, as
well as on knowledge about standards and best practices relating to conversion and migration of digital records.
4.3 Planning for the conversion and migration process
4.3.1 General
Records conversion and migration planning falls into the domain of the organization’s information governance
protocols and systems. As with more traditional asset (capital, facilities, human resources) management,
established policies and procedures regarding the acquisition, management and disposition of information
assets should be established, followed, documented and periodically audited for compliance and efficacy.
Business managers (and their respective IS/IT support officers) should know where and how their record
assets are being created, managed and stored, and should therefore be able to plan and justify the case for
conversion or migration.
In a given organization, conversion or migration might take place as a one-time project or regularly as an
ongoing activity in response to any of the above-mentioned situations. However, for effective preservation of
digital records, conversion or migration shall be performed as part of an ongoing, well-planned and structured
program. In all cases, it is preferable to plan, execute and validate the records conversion or migration process
proactively, with adequate time and resources and with the least disruption to stakeholders and their respective
business cycles and functions. During an unplanned event (natural or human-made), conversion or migration
may have to be undertaken under extreme and therefore less than ideal conditions, which make it more costly
and disruptive.
4.3.2 Risk management
Significant costs can be associated with the conversion and migration of digital records. As a result, an
organization shall decide whether to convert or migrate some, all, or no records, based upon its level of
acceptable risk. Records shall be analysed to determine their importance to the organization and the risk
associated with their potential loss or corruption. Part of the organization’s records management program
should be to conduct an evaluation of records for retention purposes and assess the risks associated with
them. Normally, the organization’s records retention policies document these decisions.
An organization’s records management practices are based on operational and other needs and perceptions
of risks. Operational needs (e.g. fulfilling regulatory requirements, product development, providing access or
documenting financial transactions) determine the strategies and levels of effort an organization undertakes
to ensure the trustworthiness of a record. Risk assessment and risk mitigation, along with other techniques,
are used to establish both management controls for and documentation requirements of activities. These
risk assessments can also be used to establish records management controls. Risk assessments shall be
conducted to establish appropriate levels of management controls prior to undertaking new initiatives.
From a records management perspective, two main risks are assessed when considering digital records:
1) challenges to the trustworthiness of the records (e.g. legal challenges) that can be expected over the
life of the records;
2) loss, including loss of access to or unauthorized destruction of records.
Consequences are measured by the degree of loss that the organization or its customers would suffer if
the trustworthiness of the records could not be verified or in the event of unauthorized loss or unauthorized
destruction of records.
© ISO 2012 – All rights reserved 5

---------------------- Page: 10 ----------------------
ISO 13008:2012(E)
4.3.3 When to convert or migrate
Conversion or migration of records shall be performed before the technology and media (e.g. magnetic disks
such as floppy disks, magnetic tape, and optical disks such as CDs and DVDs) upon which they depend
become obsolete. Depending on factors such as volume and access requirements, it may be desirable to
convert or migrate the records as soon as the target or end environment is known. If the perceived value of
and/or risk to the records are sufficiently low, organizations might choose to wait until some other driver (e.g.
software upgrade, system replacement, acquisition or merger) triggers the justification to convert or migrate.
4.3.4 Conversion and migration activities
In the digital environment, conversion and migration of an organization’s records will be a routine activity, and
therefore the organization should have a program, plans, and directives as necessary to ensure this activity is
conducted in accordance with standards and business practices. Document obligations and interdependencies
related to records preservation shall be acknowledged as early as possible in the analysis and requirements
definition phase of both business process planning and technology investment planning.
When deciding whether internal or external resources, or a combination, will execute the conversion and
migration activities (project-based), the following factors shall be taken into account.
— Skill sets: whether the organization has staff with the experience and knowledge to perform conversion
and migration activities.
— Availability of human and technical resources: whether staff members with the appropriate skill sets are
available during the project timeframe.
— Equipment: whether the organization has the right environment and tools to perform conversion and
migration activities.
— Cost and timeline: whether the organization has the resources (budget and time) to perform conversion
and migration activities.
— Capability to perform quality assurance/quality control: whether the organization has personnel with the
experience and knowledge to perform quality assurance and quality control activities.
— Data sharing/data stewardship/ownership: which person(s) or business unit(s) in the organization will lead
the conversion and migration activities.
— Validation: whether the organization has staff with the experience and knowledge needed to validate
conversion and migration activities.
— Business cycles: which person(s) or business unit(s) in the organization will decide when conversion and
migration activities shall occur.
4.4 Establishing a conversion and migration program
4.4.1 General
Organizations that maintain digital records for such periods that necessitate regular and ongoing conversion
or migration shall establish a conversion and migration program before carrying out major digital records
conversions or migrations.
This implies that the requirement to convert or migrate the digital components making up the organization’s
records is recognized, and a governance structure with direct or delegated executive authority is in place. The
corporate policies of the organization shall authorize the establishment of a conversion and migration program.
The conversion and migration program governance structure authorizes when and how conversions and
migrations occur and who is to carry them out. Normally, records professionals are responsible for authorizing
the conversion and migration process with assistance from IT, the owner(s) of the business and the legal staff.
The conversion and migration program governance structure also authorizes whatever audit process is to be
implemented and identifies who is responsible for performing it.
6 © ISO 2012 – All rights reserved

---------------------- Page: 11 ----------------------
ISO 13008:2012(E)
Setting out the authorization and business area(s) responsible is essential to establishing conversion and
migration as a normal and routine business activity for an organization.
To minimize risk in larger organizations, the conversion and migration program shall include authorization for:
— a limited number of events that trigger conversion or migration;
— the types of conversions and migrations to be done, and their intervals;
— the method of recording (and certifying if necessary) that the above activities are carried out as required.
The organization’s policy or procedures document shall list these authorizations.
4.4.2 Development of procedures manuals
The process of converting and migrating digital records interferes significantly with the records’ existence,
creating risks to their authenticity, integrity, reliability and usability. To mitigate these risks, it is important to
control the process by applying approved and documented procedures.
The approach to the development of a conversion and migration procedures manual is at the discretion of the
individual organization. There c
...