ISO/TS 24574:2025

Technical
Specification
ISO/TS 24574
First edition
Document management
2025-06
applications — Specification for a
digital safe
Applications en gestion des documents — Spécification pour un
coffre fort numérique
Reference number
© ISO 2025
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2  Normative references . 1
3  Terms and definitions . 1
4  Digital safe functional specifications . 2
4.1 Key concepts .2
4.2 Implementation functions .3
4.3 Users management .3
4.3.1 General .3
4.3.2 General administrator (USR-G) .3
4.3.3 Functional administrator (USR-F) .4
4.3.4 Standard user (USR-S) .4
4.3.5 Management of functional administrator (USR-F) .4
4.3.6 Management of standard user (USR-S) .4
4.3.7 User management environment .4
4.4 Digital safe mandatory functions .4
4.5 Invoke functions parameters .5
4.5.1 General .5
4.5.2 Write function .5
4.5.3 Read function .6
4.5.4 Delete function .6
4.5.5 Read technical metadata function .6
4.5.6 Verify function .7
4.5.7 Read audit trail function .7
4.5.8 List function .7
4.5.9 Count function .7
4.6 Function results.8
4.6.1 General .8
4.6.2 Write function .8
4.6.3 Read function .8
4.6.4 Delete function .9
4.6.5 Read technical metadata function .9
4.6.6 Verify function .9
4.6.7 Read audit trail function .10
4.6.8 List function .10
4.6.9 Count function .10
4.6.10 Other functions .11
4.7 Metadata .11
4.7.1 Technical metadata .11
4.7.2 Additional metadata.11
4.8 Version control of DOs .11
4.9 Retention and disposal .11
4.9.1 Retention .11
4.9.2 Disposal . 12
4.10 Secondary hosting . 12
4.11 Backup . . 12
4.12 Storage technology . 12
4.12.1 Storage technology used . 12
4.12.2 Migration . 12
4.13 Security of access, integrity and confidentiality of messages exchanged . 13
4.14 Encryption . 13
4.15 Date format . 13
4.16 Audit trail . 13

iii
4.16.1 General . 13
4.16.2 Audit trail related to DOs functions . 13
4.16.3 Audit trail content . 13
4.16.4 Audit trail implementation .14
4.17 Integrity of DOs and audit trails .14
4.17.1 Survey of integrity .14
4.17.2 Loss of integrity .14
4.18 Legal or regulatory requirements . . 15
5 Documentation .15
5.1 Technical manual . 15
5.1.1 General . 15
5.1.2 Minimum information . 15
5.1.3 Operating and maintenance environment .16
5.2 System version .16
5.3 Installation, operation, and user manuals .17
5.4 Terminology .17
6 Implementation . . 17
Annex A (informative)  Relation between this document and other standards dealing with
archiving .18
Bibliography .21

iv
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out through
ISO technical committees. Each member body interested in a subject for which a technical committee
has been established has the right to be represented on that committee. International organizations,
governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely
with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of ISO document should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
ISO draws attention to the possibility that the implementation of this document may involve the use of (a)
patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed patent
rights in respect thereof. As of the date of publication of this document, ISO had not received notice of (a)
patent(s) which may be required to implement this document. However, implementers are cautioned that
this may not represent the latest information, which may be obtained from the patent database available at
www.iso.org/patents. ISO shall not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 171, Document management applications,
Subcommittee SC 1, Quality, preservation and integrity of information.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.

v
Introduction
As part of their activities, public organizations and private companies increasingly use digital content,
whether it is produced by these organizations or by others. Digital content includes documents, data, images
and sound that can be referred to as digital objects. These can be natively electronic or result from the
digitization of printed documents.
To meet legal or management requirements, organizations and companies are expected to use trusted
technology to ensure the integrity over time of all types of digital content. Thus, there is a need for software
that can ensure the integrity, confidentiality and availability of the digital objects over time, including office
documents, PDF files, scan results, JPEG pictures, etc.
This document defines the minimum functions of a digital safe:
— maintaining the integrity, confidentiality and availability of digital objects over time;
— preserving the chain of custody;
— managing retention periods or freeze status, making it impossible to delete digital objects during a
determined period;
— defining the minimum elements to allow the transfer of digital objects between two different digital safes;
— defining the minimum elements of traceability of the software operation;
— managing replication of digital objects;
— ensuring the sustainability of business operations, business continuity and disaster recovery;
— defining encryption requirements.
This document is limited to the functions of integrity, traceability, confidentiality and availability of digital
objects of any kind. It does not address the sustainability of digital objects (i.e. the component does not
control and convert the formats in which digital objects are stored).
In order for users to have confidence in their electronic safe, this software should have the same basic
functions and maintain a common minimum of technical metadata, regardless of the software publisher.
These fundamental elements are also necessary conditions to ensure interoperability between several
electronic safes.
This document is intended for:
— software developers or integrators who wish to develop or integrate a digital safe;
— service providers, such as trust service providers of digital storages, who are looking for software to
support their services;
— software publishers who want to have a repository to develop digital safe software;
— consultants and auditors who wish to have a reference document to build or audit an archiving system.
This document is intended to complement other ISO documents that deal with electronic archiving. Annex A
provides a list of these documents and their link to this document.

vi
Technical Specification ISO/TS 24574:2025(en)
Document management applications — Specification for a
digital safe
1 Scope
This document specifies the minimum functional requirements of digital safe software in order to ensure
the integrity, confidentiality and availability of the digital objects it stores.
This document does not address system environments for the operation of the digital safe, such as physical
security (fire extinguishing systems, armoured doors, presence detectors, etc.), power supply security
(generators and transformers) or telecommunication lines.
2  Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
ISO 8601-1, Date and time — Representations for information interchange — Part 1: Basic rules
3  Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
application programming interface
API
collection of invocation methods and associated parameters used by one piece of software to request actions
from another piece of software
[SOURCE: ISO/IEC TR 13066-6:2014, 2.2]
3.2
audit trail
a record of the activity taking place in an information system over a period of time
[SOURCE: ISO/IEC TR 10032:2003, 2.7]
3.3
digital safe
DS
component of an information system consisting of software or a combination of software and hardware for
the preservation of digital objects in such conditions as to ensure their long-term integrity

3.4
digital object
DO
bit stream to be preserved
Note 1 to entry: A digital object can contain a file or a group of files, which can be accompanied by metadata, electronic
signatures, electronic seals, digital timestamps or other evidential records.
3.5
digital object identifier
DO_ID
identifier assigned unambiguously to a digital object in a digital safe
3.6
digital safe identifier
DS_ID
identifier of the digital safe assigned unambiguously to it by a technical administrator during the initial
configuration of the digital safe
3.7
hash code
string of bits which is the output of a hash-function (3.8)
[SOURCE: ISO 24534-4:2010, 3.34]
3.8
hash function
function which maps strings of bits of variable (but usually upper bounded) length to fixed-length strings of
bits, satisfying the following two properties:
— for a given output, it is computationally infeasible to find an input which maps to this output;
— for a given input, it is computationally infeasible to find a second input which maps to the same output
[SOURCE: ISO/IEC 11770-4:2017, 3.9, modified — Note 1 to entry was removed.]
3.9
user
USR
person or software that interacts with the digital safe
Note 1 to entry: There are three types of users: general administrator (USR-G), functional administrator (USR-F) and
standard user (USR-S). Their roles are defined in 4.3.
3.10
user identifier
USR_ID
identifier assigned unambiguously to a user of the digital safe
3.11
user identifier of the digital object
DO_USR_ID
identifier assigned to a digital object by a user
4  Digital safe functional specifications
4.1  Key concepts
The functional specifications of the digital safe are bundled into:
— management of users (4.3);
— eight functions that allow the management of digital objects (from 4.4 to 4.6);
— additional requirements (from 4.7 to 4.17).
The 8 functions on the DOs allow interoperability between digital safes.
The other requirements ensure that the digital safe has the minimum characteristics to protect DOs, that is
to say, to guarantee their integrity, availability and confidentiality.
Figure 1 shows the mechanism of the invocation functions and the mechanism of retrieving results.
Figure 1 — Functional entities of a digital safe
4.2  Implementation functions
All functions can be implemented either with a human interface or with an application programming
interface (API).
4.3  Users management
4.3.1  General
The digital safe shall be able to manage, at a minimum, the three types of users in 4.3.2, 4.3.3 and 4.3.4.
4.3.2  General administrator (USR-G)
A general administrator is authorized to create or remove functional administrators (USR-F).
A USR-G shall not be able to access DOs stored in the digital safe.
At least one USR-G shall exist when the digital safe is created.
The digital safe may contain multiple users with USR-G role.

4.3.3  Functional administrator (USR-F)
The functional administrator (USR-F) is only authorized to create, modify and remove standard users
(USR-S).
A USR-F shall not be able to access DOs stored in the digital safe.
The digital safe may contain multiple users with USR-F role.
4.3.4  Standard user (USR-S)
Each USR-S shall have a profile.
A profile indicates, for each function of the digital safe linked to DOs, whether a user is allowed to perform
this function.
For each function of the digital safe linked to DOs, Table 1 describes the basic profile.
Table 1 — USR-S profile
a
Functions Authorization
Write Yes / No
Read Yes / No
Delete Yes / No
Read technical metadata Yes / No
Verify Yes / No
Read audit trail Yes / No
List Yes / No
Count Yes / No
a
By default, when creating a USR-S, all authorizations shall be set to “No”.
4.3.5  Management of functional administrator (USR-F)
This function is used to create, deactivate and reactivate a functional administrator (USR-F).
Only the general administrator (USR-G) shall be able to perform this function.
4.3.6  Management of standard user (USR-S)
This function is used to create, deactivate and reactivate a USR-S.
Only the functional administrator (USR-F) shall be able to perform this function.
4.3.7  User management environment
The user management should be independent from the operating system.
4.4  Digital safe mandatory functions
At a minimum, a digital safe shall have the 8 functions listed in Table 2:
— functions 1 to 5 relate to a single DO;
— functions 6 to 8 can relate to one, more than one, or all DOs in a digital safe.

Table 2 — Digital safe functions
N° Function Description
1 Write This function is used to write a DO in the digital safe after verification of the
user’s write permissions.
2 Read This function is designed to retrieve a full copy of a DO held in the digital
safe.
3 Delete This function is used to render a DO preserved in the digital safe inaccessible
and to remove it from the digital safe. This function includes:
— destruction of the DO without any possibility of reconstruction;
— destruction of technical metadata and any link within the digital
Functions
safe to or from this DO.
that apply
to one DO
The DO_ID shall not be used for another DO.
only
All records in the audit trail linked to this destroyed DO are not affected by
this destruction (all records in the audit trail for this DO are retained).
4 Read technical This function is used to retrieve the technical metadata, as defined in 4.7,
metadata associated with a DO preserved in the digital safe.
5 Verify This function is used to verify the existence and integrity of a preserved DO
in the digital safe.
Verification concerns the existence of a DO in the digital safe and non-altera-
tion from its time of writing in the digital safe.
6 Read audit trail This function is used to retrieve some or all audit trail records of the digital
safe associated with a DO preserved or having been preserved in the digital
safe.
Filters may be used to limit the operation’s scope.
7 List This function is used to retrieve a list of DO_IDs assigned to DOs preserved in
the digital safe.
DO_IDs may be filtered using the technical metadata associated with DOs.
Functions
that apply
If no filter is used, this function returns all DO_IDs of DOs preserved in the
to one or
digital safe.
more DOs
8 Count This function is used to retrieve a number of DOs preserved in the digital
safe at a specific moment.
DOs may be filtered using the technical metadata associated with the ob-
jects.
If no filter is used, this function returns the total number of DOs preserved
in the digital safe. It is possible that this number does not reflect an accurate
count at one instance in time.
4.5  Invoke functions parameters
4.5.1  General
There may be filters on technical metadata. At a minimum, a filter displays a range defined by a lower limit
and an upper limit (limits included).
This document does not define filtering for functions that relate to one DO only.
Some functions may allow for ranges for parameters.
4.5.2  Write function
The parameters listed in Table 3 shall be transmitted when the write function is invoked.

Table 3 — Write function parameters
Parameter Mandatory Remarks
DO_ID No Shall not be entered when invoking the function.
DS_ID Yes
USR_ID Yes
Date and Time No Shall not be entered when invoking the function.
DO_USR_ID No
Name of the hash function used by the No Mandatory in the case of the verified mode.
USR-S input operator to calculate hash
code of the DO
Hash code of DO calculated by the No Mandatory in the case of the verified mode.
USR-S input operator with the above
algorithm
In verified mode, where the hash function and the hash code are specified:
a) the safe recalculates the DO hash with the same hash function and compares it to the provided hash,
b) if the two hashes are different, writing is not possible.
The digital safe never rewrites a DO. If a DO is sent to the digital safe and there already exists in the safe a
DO with the same hash, the digital safe shall write this
...