ISO 17068:2017

INTERNATIONAL ISO
STANDARD 17068
First edition
2017-10
Information and documentation —
Trusted third party repository for
digital records
Information et documentation — Référentiel tiers de confiance pour
les documents d’activité électroniques
Reference number
©
ISO 2017
© ISO 2017, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO 2017 – All rights reserved

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Overview of a TTPR . 3
4.1 Necessity for a TTPR . 3
4.2 Requirements for TTPR trustworthiness . 4
4.3 TTPR components . 5
4.4 Characteristics of a TTPR . 6
5 TTPR services . 7
5.1 General . 7
5.2 Service procedure . 7
5.3 TTPR service agreements . 7
5.3.1 Service level agreement (SLA) . 7
5.3.2 Service agreement items . 8
5.4 TTPR subservices .10
5.4.1 General.10
5.4.2 Acquisition service .11
5.4.3 Repository service .12
5.4.4 Access and use of service .12
5.4.5 Issuance service .13
5.4.6 Conversion service .14
5.4.7 Delivery and/or migration service .14
5.4.8 Disposal service .15
5.4.9 TTPR certification service .16
5.4.10 Non-repository certification service (Remote Certification Service) .18
6 Technological requirements .19
6.1 General .19
6.2 Digital record repository .20
6.3 Transmitter–receiver .20
6.4 Network system .20
6.5 Time-stamping .20
6.6 Audit trail .21
6.7 Network security system .21
6.8 Access control equipment .21
6.9 Disaster recovery facility .22
6.10 System for certificate issuance and validation of digital records .22
6.11 Backup system .23
7 Operational requirements .23
7.1 General .23
7.2 Client management .24
7.3 Administrator’s role and authority management .24
7.4 Network and security management .25
7.5 Digital records management .25
7.6 Operation of transmitted and received messages .28
7.7 Audit record .29
7.8 Data backup and recovery .29
7.9 Security management .30
7.10 Migration and receipt management .30
7.11 Client system management .31
Bibliography .33
iv © ISO 2017 – All rights reserved

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following
URL: www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 46, Information and documentation,
Subcommittee SC 11, Archives/records management.
Introduction
As digital records are the inevitable by-products of various business activities in digital systems, there
is an increasing need to secure the authenticity and legal admissibility of digital records during their
period of retention. It is internationally agreed that "digital records shall not be denied validity or
1)
enforceability of legal recognition by reason of their format alone" . Despite this, it is very difficult
for an organization to assert that its digital records are authentic and able to act as effective evidence
of business action over a long period. In many cases, legal admissibility of digital records managed
by organizations’ records systems is not ensured. As a result, there is a growing need for services
safeguarding these characteristics for digital records by neutral third parties.
In order to protect digital records from business disputes during the period they are required for
sustaining legal obligation and ongoing retention, it is essential to ensure that the authenticity,
reliability and integrity of digital records endures.
Digital signatures are a well-known means to ascertain if digital records have been tampered with.
However, as a digital signature only safeguards integrity within its validity time (generally one to two
years or less), most digitally signed records do not ensure their integrity for longer than this validity
time. It may thus be very difficult for an individual record system to prove the integrity of their digital
records for the period of retention obligation, where this is longer than the validity period of the digital
signature.
A possible solution is provided by a Trusted Third Party Repository (TTPR). A TTPR is defined as a
third party’s qualified retention service that ensure that digital records, entrusted to it by a client,
remain and are asserted to be reliable and authentic, with the aim of providing reliable access to
managed digital records to its clients for the period of obligation for retention. A TTPR for digital
records provides trustworthy services for clients, which should be examined by interested parties (i.e.
inspector, auditor, evaluator). These TTPR services are helpful to identify the evidence admissibility of
clients’ digital records as a source of evidence.
Clause 4 provides an overview of a TTPR including rationale for the criteria and the mechanism of
trustworthiness and characteristics and components of TTPR.
Clause 5 specifies the services to be provided by a TTPR for the clients’ digital records during the
retention period. Clause 5 specifies the technological requirements of hardware and software systems
and Clause 6 provides the operational processes requirements.

1) Article 8, Chapter 3, UNCITRAL 2007, United Nations Convention on the Use of Electronic Communication in
International Contracts.
vi © ISO 2017 – All rights reserved

INTERNATIONAL STANDARD ISO 17068:2017(E)
Information and documentation — Trusted third party
repository for digital records
1 Scope
This document specifies requirements for a trusted third party repository (TTPR) to support the
authorized custody service in order to safeguard provable integrity and authenticity of clients’ digital
records and serve as a source of reliable evidence.
This document is applicable to retention or repository services for digital records as a source of
evidence during the retention periods of legal obligation in both the private and the public sectors.
This document has the limitation that the authorized custody of the stored records is between only the
TTPR and the client.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 30300, Information and documentation — Management systems for records — Fundamentals and
vocabulary
ISO 30301, Information and documentation — Management system for records — Requirements
ISO 30302, Information and documentation — Management systems for records — Guidelines for
implementation
UNCITRAL 2007, United Nations Convention on the Use of Electronic Communications in International
Contracts
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at http://www.iso.org/obp
— IEC Electropedia: available at http://www.electropedia.org/
3.1
authenticity certificate
document issued to authenticate the digital record in the TTPR
3.2
authenticated copy
digital copy of a digital record (3.5) for which authenticity has been verified before
3.3
client
individual or organization that has an agreement with the TTPR (3.15)
3.4
client system
hardware and software used by a client to use the service provided by the TTPR (3.15)
3.5
digital record
information in any format created, received and maintained by digital means, used as evidence and
information by an organization or person, in pursuance of legal obligations or in the transaction of
business, which is packaged with necessary data for submission, dissemination, and archive
[SOURCE: ISO 15489-1:2016, 3.14, modified]
3.6
digital signature
data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the digital
record to prove integrity of the digital record (3.5)
Note 1 to entry: A data unit is a binary block created cryptographically from original data record.
[SOURCE: ISO 7498-2:1989, 3.3.26, modified]
3.7
information package
digital record (3.5) and associated description information which is needed to aid in the identification
and operation for the authentic and reliable digital records, consisting of the digital record, creator’s
digital signature (3.6) and/or a TTPR (3.15) or third party’s timestamp, and the associated preservation
description information
Note 1 to entry: The information package has associated packaging information used to delimit and identify the
digital record and description information of operation such as submission, preservation or dissemination for
the authentic and reliable records.
Note 2 to entry: See ISO 14721.
3.8
process
series of actions or events taking place in a defined manner leading to the provision of TTPR services (3.16)
3.9
public key certificate
public key of a user, together with some other information, rendered unforgeable by digital signature
(3.6) with the private key of the certification authority which issued it
Note 1 to entry: Public key certificates are issued and signed by a certification authority (CA). The entity that
receives a certificate from a CA is the subject of that certificate.
3.10
service level agreement
SLA
written agreement between a service provider and a client that documents services and agreed
service levels
[SOURCE: ISO/IEC 20000-1:2011, 3.29, modified]
3.11
system
hardware and software of the TTPR (3.15)
3.12
trusted archival information package
TAIP
information package (3.7) which is preserved in a TTPR (3.15) after verification of TSIP (3.14)
2 © ISO 2017 – All rights reserved

3.13
trusted dissemination information package
TDIP
information package (3.7), derived from one or more TAIPs (3.12), received by a client in response to a
request to a TTPR (3.15)
3.14
trusted submission information package
TSIP
information package (3.7) that is delivered by a client to a TTPR (3.15) with creator’s and/or sender’s digital
signature (3.6) and a TTPR or third party’s timestamp, delivering the time and information of the sender
Note 1 to entry: Herein, the digital signature is prepared using the public key certificate (3.9) and the time stamp
is created in accordance with the time stamping module provided by a TTPR.
[SOURCE: ISO/TR 17068:2012, 2.12]
3.15
trusted third party repository
TTPR
third party’s qualified retention service that ensure that the digital records (3.5) entrusted to it by a
client remain and are asserted to be reliable and authentic
Note 1 to entry: This has the goal of providing reliable access to managed digital records to its clients in the
period of obligation for retention.
3.16
TTPR service
intangible product that is the result of at least one activity performed at the interface between a TTPR
(3.15) and a client
[SOURCE: ISO/TR 17068:2012, 2.15]
3.17
third party
person or body that is recognized as being independent of the parties involved, as concerns the issue in
question
3.18
trustworthiness
quality [of a TTPR (3.15)] of being dependable and reliable
Note 1 to entry: A trustworthy TTPR is trusted to deliver its services in an authentic manner by following
documented policies and processes and ensuring the accuracy, reliability and authenticity of the records in the
repository over time.
4 Overview of a TTPR
4.1 Necessity for a TTPR
With the development and advancement of information and communication technology (ICT) over the
last two decades, the use of digital records has increased greatly. Accordingly, the number of electronic
transactions carried out by individuals and organizations in their daily activities has increased. For
example, in international transactions, many documents and records in digital formats are exchanged
in order to initiate, process and complete transactions between importers and exporters. Banks are also
involved in digital records exchanges to confirm credit or payment. In the health industry, treatment
records are exchanged between clinics or patients and insurance companies; order of treatment
records are exchanged between general clinics and specialized clinics. These kinds of individual or
organizational transactions are very common within one sector or across several industries. During
these transactions, digital records is easily copied, modified and distributed by an unauthorized
person. This aspect of documents and records retained in digital formats creates the risk of alteration
or forgery, and has raised awareness of the need for the secure management and transaction of digital
records.
To help prevent possible risks, some countries have enacted laws and regulations requiring provable
authenticity, reliability, integrity and accessibility as a precondition for legal effect and enforceability
of digital records. These regulations explain the requirements for adopting secured digital records
and for judging their evidential admissibility. However, these requirements only typically describe the
mandatory characteristics that retained digital records need to have, regardless of an organization’s
records management capability. While many organizations have implemented a records system for
themselves, implementation of digital records exchange across organizations often faces a number
of challenges. Individuals are also limited in their ability to comply with legal requirements for the
admissibility of their digital records. This limitation might cause social problems, delay operational
processes, reduce efficiency and prevent electronic exchange.
Therefore, as the exchange of secure records becomes more significant for individual and/or
organizational collaboration, the social demand for a trustworthy electronic transaction environment
has emerged as one of the major issues in digital environments today. Protecting information in digital
records is beginning to be regarded as an indispensable precondition for operational efficiency and
economic benefit in organizations across all sectors and industries.
One way of resolving this situation is to use a TTPR. A third party is an independent individual or
organization that is separate from the direct interests of mutual parties, and that acts as an intermediary
when two parties are exchanging digital information in a secure manner. Society and governments shall
be in a position to trust the third party. To prevent any complications that can arise during electronic
transactions, a TTPR operates systems and facilities and follows well-defined procedures according to
the principles and guidelines for managing digital records in a secure manner. During these processes,
the TTPR ensures the authenticity, reliability, integrity and usability of digital records, for the period
of the agreed service. In addition, the TTPR shall provide an official source of digital records that can
be admissible as evidence from a third party in the event of a dispute between parties regarding their
records.
TTPRs play a significant role and provide several benefits to parties involved. A TTPR could provide
document digitization services for converting paper documents into authentic digital records. It could
also provide services for managing digital records. A TTPR is endowed with authorized custody over
the stored records. A TTPR also provides services by issuing certificates on digital records processed
and retained by the TTPR. Furthermore, a TTPR works as an intermediary to provide a secure exchange
of digital records between creators, senders and receivers in many forms of electronic transactions (e.g.
one-to-one party, one-to-many parties, many-to-many parties in business transactions and operational
workflows). As such, a TTPR provides a public service for secure electronic information exchange
between individuals or organizations.
As a result, a TTPR can have a role in the management of digital records produced or received in both
the public and the private sector. The TTPR helps reduce the cost of constructing and operating internal
repositories by enabling the outsourcing aspects of digital records management. Recently, with the
increasing popularity of cloud computing service environments, the shift from traditional records
management to service-oriented approaches is appropriate. Therefore, TTPR services are helpful for
effective and efficient management of digital records.
4.2 Requirements for TTPR trustworthiness
A TTPR is provided by an independent organization as a service for its clients. This organization,
as any other, should have its own management system, which may be based on ISO Management
Systems Standards. Dealing with digital records of clients, the implementation of a Management
System for Records compliant with ISO 30301 requirements for their own records is an extra factor of
trustworthiness.
TTPR trustworthiness shall be achieved by meeting the high level requirements in terms of authenticity,
reliability and integrity described in ISO 30300, ISO 30301, ISO 30302 and by following the requirements
4 © ISO 2017 – All rights reserved

for electronic communications formulated by UNCITRAL. Moreover, TTPR trustworthiness extends to
information packages described by the open archival information system suggested in ISO 14721 for
the purpose of reliable custody.
The trustworthiness requirements are broken down into the attributes of authenticity, reliability and
integrity described below.
— The authenticity of the client’s digital records is accounted for in a business context, for example,
the creators’ place of business at time of creation of the record is retained. The TTPR shall check this.
— The TTPR agrees with the client regarding the client’s role and responsibility for authenticity
during the service agreement period. When the TTPR checks the state of authenticity of the
clients’ records, the client is able to account for this. If a client can’t account for the authenticity
of its digital records, the TTPR is unable to classify those digital records as authentic.
— The authenticity of digital records created by the client can be managed at the time of "freezing"
the record by using authentication technology such as the timestamp, digital signature, etc. To
manage this, the clients’ digital records system can attach the timestamp to create records,
sourced from the time stamping module provided by the TTPR. It can also attach the clients’
digital signature to the digital records. Using this digital signature, digital records that have
been falsified can be recognized.
— The reliability of digital records can be confirmed by verifying the custody of digital records.
However, the TTPR specifies only where the custody is between the TTPR and its clients. The TTPR
and the client shall check this.
— A client transfers digital records to the TTPR as a package in the form of a trusted submission
information package (hereinafter referred to as "TSIP").
— The TTPR confirms the reliable custody of clients’ digital records by validating received clients’
TSIP regarding any change in the digital records and/or any transmission errors.
— The integrity of digital records shall be managed after creation for the period of retention. After
verifying the authenticity and reliability requirements of transmitted digital records, the TTPR
shall allow to verify the integrity for the period of retention by registering these records as a TAIP
package.
— The availability of digital records shall be confirmed by TTPR’s robustness with backup and
recovery policy and system. TTPR shall provide adequate security and resilience for ensuring the
availability of digital records.
The TTPR retains and manages metadata for the registration event, including the time of registration,
retention period, client information and history of digital records. In order to be able to confirm
trustworthiness of the stored digital records, the TTPR shall document key processes in the
management of digital records, such as acquisition, retention, distribution, delivery and/or migration
and disposition, and provide the document to a client as proof when requested.
4.3 TTPR components
A TTPR comprises services provided by technology and operations as shown in Figure 1.
TTPR services are provided to a client after the client has been authorized to use the TTPR service
through an agreement. The TTPR guarantees all the qualified retention service specified in the
agreement to the client, to the agreed level of service quality. The client makes a service level agreement
(SLA) (see 5.3) with the TTPR, which includes the service item and the quality level maintained by
TTPR. The client also fulfils all the obligations in the agreement. For example, the client provides the
metadata required for validation of the authenticity of digital records into information packages. The
TTPR is able to verify the authenticity of the transmitted digital records. The client shall have social
credit which can be estimated quantitatively by a reliable organization.
Besides the TTPR and the client, there are other parties indirectly related to the quality assessment,
for example, the inspector, auditor and evaluator. They are referred to as ‘interested parties’.
The inspector is an individual/organization that reviews technical issues in detail to determine
whether the digital records stored in a TTPR can be demonstrated as authentic. The auditor is an
individual/organization that audits and monitors whether a TTPR is managed according to the defined
procedures and guidelines. The evaluator is an individual/organization that mainly judges whether a
software/hardware system satisfies the necessary functional requirements. The evaluator checks and
verifies the TTPR based on objective and formally established criteria, to provide the basis by which
TTPR can secure the confidence of its clients.
Figure 1 — TTPR overview
The technology fulfils its role as a tool, allowing the TTPR to maintain trustworthiness and provide
different services required by clients. The transmission system, which allows the client’s created
digital record to be transmitted reliably with integrity, its verification system which automatically
validates the metadata required for authenticity check during the acquisition stage, and the repository
and its verification system for the retention and management of the digital record, are included in
such technology. Also, the client’s system is necessary for the TTPR to establish a safe and reliable
transmission channel and use a standardized transmission package.
The TTPR’s operations are performed by a TTPR expert, who understands the process of TTPR and is
capable of coping with various situations. Operations cover software/hardware management to provide
the TTPR services and preserves service quality and public relationship and clients’ requirements
collection.
4.4 Characteristics of a TTPR
For a TTPR to be regarded as a reliable agent to clients, the TTPR shall have the capability of providing
qualified service to safeguard the authenticity of the digital records, and maintain neutrality toward all
parties. The TTPR requires three characteristics: stability, expertise and neutrality.
Stability: For trustworthy management of the stored digital records, a TTPR shall ensure stability;
it has sufficient capital and human resources, a management strategy and execution capability.
Furthermore, the TTPR is able to manage digital records normally, even in an emergency situation. To
ensure this capacity, the TTPR has in place a disaster prevention and recovery system.
Expertise: A TTPR shall have expertise in coping with all the matters which cause risks in managing
digital records. Expertise is the essential attribute of the TTPR in ensuring the authenticity, reliability,
integrity and usability of their client’s digital records. The trustworthy management is also based on such
expertise. The TTPR employs experts and is equipped with specialized processes and systems to ensure its
own expertise. Specialized procedures are established for activities related to digital record management,
such as acquisition, archiving, delivery and/or migration and disposition of the digital record. The TTPR
6 © ISO 2017 – All rights reserved

is equipped with a specialized system to provide functions related to digital record management, such as
metadata processing, reliable messaging, security, digital signatures and time-stamps.
Neutrality: A TTPR shall maintain its neutrality toward all parties. A TTPR is only recognized within
society if its neutrality is maintained. In addition, a TTPR satisfies the requirements in this document,
and is independent in its performance of trustworthy digital record management, regardless of any
external pressure; political institution, client organization and all the stakeholders.
5 TTPR services
5.1 General
This clause specifies the detailed requirements for qualified retention service.
5.2 Service procedure
TTPR service procedure shall be provided to the client as follows.
The client shall construct a system by adopting modules or specifications provided by the TTPR. Those
functions are packaging digital records, where applicable attaching a digital signature and a timestamp
token and transmitting the digital records. After constructing the client system, the client transmits
digital records packaged in the form of a TSIP to the TTPR through the transmission channel at a specific
time or at any time. When the TTPR receives the package, it verifies the package and its integrity. If
there are no problems, the TTPR repackages the submitted package into a TAIP and places it in digital
storage. The client can request confirmation documents to demonstrate that the digital records have
reached each stage of submission without problems.
A TTPR shall have a facility to transfer the digital records stored in the TTPR to other TTPRs, or to
the client who owns the records. When the agreed retention period expires or the client requests the
disposition of the records, the TTPR shall implement the agreed disposition process.
5.3 TTPR service agreements
5.3.1 Service level agreement (SLA)
A TTPR service shall be pre-described and agreed in order to clarify the liability between the client and
the TTPR in the event of a dispute from alteration, forgery, leak, loss, etc. of digital records and quality,
procedures, etc. of service.
A TTPR shall agree with a client to provide services to the client. The agreement specifies the engagement
of the service type, the service period, the authority and duty of the client, and the responsibility
of the TTPR. In particular, a TTPR service agreement clearly states how the client needs to provide
information to the TTPR to demonstrate the authenticity of digital records submitted by them. In cases
where it is necessary to demonstrate the authenticity of the client’s record, the agreement shall include
the authenticity certificate in issuance service (refer to 5.4.4). It is required that the agreement includes
a service level agreement (SLA) between a client and a TTPR. An SLA clarifies the quality factors and
the levels of TTPR services agreed by the client and the TTPR. An SLA shall also describe the method
and amount of compensation when the TTPR does not meet the service level agreed in the SLA. The
agreement shall also fix the TTPR’s authority or determine the limitation of the client’s responsibility,
and provide a reasonable solution for any case or incident which shall arise. The client’s damages due to
TTPR service problems shall be minimized through the SLA. The SLA may allow for the client to give a
penalty or incentive to the TTPR based on the quality of the provided service quality.
5.3.2 Service agreement items
To use the TTPR service, clients (individuals or organizations) shall enter into a service agreement with
the TTPR. The following shall be included in the service agreement:
— service fees;
— service period;
— the procedure for confirmation of digital record’s authenticity;
— the procedure and method of TSIP(or TDIP) transmission;
— the scope of accountability and responsibility of the TTPR and the client;
— the method of security and data protection;
— the file type/format by which conversion shall be allowed;
— the type of service the client is required to use, e.g. an issuance service or a conversion service;
— the client’s authority of access and use for consigned digital records;
— requirements for security related to consigned digital records;
— provision of necessary information by the client and the TTPR during the service period;
— requirements for insurance coverage in the event of compensation due to service or disaster;
— requirements for service quality and evaluation on the quality.
The client shall be able to cancel the service agreement in case of the fault due to a TTPR. In this case,
the agreement item for cancellation shall include post service such as temporal retention, return, or
disposal and the compensation related to the damage.
The client shall consent to the service agreement in order to use the TTPR service. The TTPR shall
provide the service in compliance with the agreement to which the client has consented, and the client
also shall conform to the service agreement and have the right to receive the service. The main items of
an SLA are described below.
5.3.2.1 Service period
A TTPR is obliged to provide the service to the client in accordance with the agreement during the
agreed period, and the client has the right to receive the service in accordance with the agreement
during the period. The client shall specify the following regarding the service period:
— effective period of service agreement;
— period of renewals;
— period of reporting to the client;
— period of monitoring target services;
— retention period for each digital record;
— available period of optional non-repository certification service (refer to 5.4.9).
8 © ISO 2017 – All rights reserved

5.3.2.2 Transmission procedure and method
The transmission procedure and method of digital records shall be specified in the TTPR’s acquisition
service and agreed by the client. The following items shall be included in the agreement:
— transmission method, whether online or offline;
— transmission interval, whether a record is transmitted to the TTPR whenever it takes place, or
transmitted at period;
— transmission security, whether an encrypted transmission channel is used, or what kind of
encryption algorithm is used;
— protocol for reliable transmission, whether At Least Once delivery, At Most Once delivery, Exactly
Once delivery and/or In Order delivery is used.
In case of any failure of transmission, records shall be retransmitted to assure that they are transmitted
at least once, at most once, exactly once or in order.
5.3.2.3 Types of service
The agreement describes the types and characteristics of each of its services to clients in a manner that
the client can clearly understand. In the agreement the client can select subscribing types of service as
follows.
—  Acquisition service type:
This service is to receive an information package including digital records from a client. The
TTPR shall register the received records in its repository storage after verifying the validity of
the whole information package.
—  Access and use of service type:
This service is to enable a client to access and search the client’s consigned digital records.
—  Issuance service type:
This service is to issue the digital record consigned by the client.
—  Conversion service type:
This service is to convert the format of the digital record consigned by the client in formats suit-
able for long-term storage purposes. This conversion service is optional according to the client’s
request.
—  Simple retention service type:
The TTPR provides retention service for the digital records of the client during the time period
specified in the agreement. However, no certificate is provided for the records. Unless there is a
time extension, the consigned digital records can be returned in the TDIP package to the client
and/or disposed of in a manner preventing their physical recovery.
—  Delivery and/or migration service type:
When a client requests the delivery and/or migration of the consigned digital records, the TTPR
acts as a mediator transmitting the records to another TTPR or another assigned client. When
the client only uses the delivery and/or migration service but not the retention service, and
wishes to migrate the digital records to a certain party’s storage, the TTPR migrates the digital
records to the second party’s storage through a series of processes and disposes of the digital
records afterwards.
—  Retention and certification service type:
The TTPR provides a retention service for the digital records of the client during the time pe-
riod specified in the SLA. Based on the stored rec
...