Information technology - Governance of digital forensic risk framework

ISO/IEC 30121:2015 provides a framework for Governing bodies of organizations (including owners, board members, directors, partners, senior executives, or similar) on the best way to prepare an organization for digital investigations before they occur. This International Standard applies to the development of strategic processes (and decisions) relating to the retention, availability, access, and cost effectiveness of digital evidence disclosure. This International Standard is applicable to all types and sizes of organizations.

Technologies de l'information — Gouvernance du cadre de risque forensique numérique

ISO/IEC 30121:2015 fournit un cadre pour les organes de gouvernance des organismes (comprenant les propriétaires, les membres du conseil d'administration, les directeurs, les partenaires, les cadres dirigeants ou des fonctions similaires), sur la meilleure façon de préparer un organisme aux investigations numériques avant leur occurrence. La présente Norme internationale s'applique au développement de processus (et de décisions) stratégiques concernant la conservation, la disponibilité, l'accès et l'efficience économique de la divulgation de preuves numériques. Elle s'applique aux organismes de tous types et de toutes tailles.

General Information

Status
Published
Publication Date
16-Mar-2015
ICS
35.080 - Software
Technical Committee
ISO/IEC JTC 1/SC 40 - IT service management and IT governance
Drafting Committee
ISO/IEC JTC 1/SC 40 - IT service management and IT governance
Current Stage
9060 - Close of review
Completion Date
04-Mar-2031

Overview

ISO/IEC 30121:2015, titled Information technology - Governance of digital forensic risk framework, is an international standard developed by ISO that provides guidance for governing bodies on preparing organizations for digital forensic investigations. The standard focuses on strategic processes related to the retention, availability, access, and cost efficiency of digital evidence prior to investigations occurring. It is applicable to organizations of all sizes and types, emphasizing the importance of proactive digital forensic readiness as part of overall corporate governance.

This framework supports organizations in managing risks associated with digital evidence-critical in legal disputes, security breaches, fraud investigations, and compliance requirements. Implementing ISO/IEC 30121 equips governance bodies with the tools and principles necessary to embed forensic risk management within IT and organizational strategies.

Key Topics

  • Governance Responsibilities
    The standard clarifies the roles and responsibilities of owners, board members, directors, and senior executives in overseeing digital forensic readiness. Accountability and authority are fundamental for effective governance of forensic risk.

  • Strategic Framework
    It outlines a governance cycle involving evaluation, direction, and monitoring of forensic risk strategies and policies. The framework encourages establishing capabilities that support digital evidence preservation and accessibility.

  • Core Principles
    ISO/IEC 30121 identifies key principles such as:

    • Responsibility for evidence provision and investigation competence
    • Strategy for managing digital evidence retention and access with economic efficiency
    • Acquisition balancing benefits, costs, and risks of IT assets supporting forensic needs
    • Performance to meet organizational and legal requirements regarding digital evidence
    • Compliance with legal and regulatory mandates related to digital forensic processes
    • Human behavior recognizing the changing needs of personnel involved in forensic operations

  • Strategic Processes
    The framework defines essential strategic processes including:

    • Archiving strategy for digital evidence preservation
    • Discovery strategy addressing methods to locate relevant digital information
    • Disclosure strategy managing access and release of evidence for legal purposes
    • Forensic capability strategy ensuring organizational readiness for investigations
    • Risk compliance strategy aligning forensic activities with organizational risk tolerance

  • Measurement and Indicators
    ISO/IEC 30121 promotes using measurable indicators such as Key Goal Indicators (KGIs), Key Performance Indicators (KPIs), and Key Activity Indicators (KBIs) to monitor and improve digital forensic risk governance.

Applications

  • Corporate Governance
    Board members and executives can use this standard to integrate forensic risk management into IT governance, ensuring preparedness for digital investigations aligned with business objectives.

  • Legal and Regulatory Compliance
    Organizations facing regulatory scrutiny or litigation can implement the framework to systematically manage digital evidence, protecting organizational integrity and reducing legal risks.

  • Information Security and Incident Response
    Integrating digital forensic risk governance helps streamline incident response processes by ensuring readiness and clear policies on digital evidence handling during breaches or fraud investigations.

  • IT Asset Management
    Supports acquisition and lifecycle management of IT assets with forensic utility in mind, optimizing investments for both operational and evidentiary purposes.

  • Small & Medium Enterprises (SMEs) and Large Corporations
    The standard is scalable and applicable across all organization sizes, enhancing forensic readiness in diverse contexts from SMEs to multinational corporations.

Related Standards

  • ISO/IEC 38500: IT Governance for the Enterprise
    Provides overarching principles for governance of IT that ISO/IEC 30121 complements by focusing specifically on digital forensic risk.

  • ISO 73:2009 Risk Management Vocabulary
    Offers terminology related to risk management that supports consistent understanding within the forensic governance framework.

  • ISO/IEC 27037:2012 Guidelines for Identification, Collection, Acquisition, and Preservation of Digital Evidence
    Provides detailed practices for digital evidence handling aligned with ISO/IEC 30121’s strategic governance approach.

  • ISO/IEC 38502:2014 Governance of IT Framework
    Supports the development of governance frameworks into which forensic risk governance can be integrated.

Implementing the ISO/IEC 30121:2015 standard empowers organizations to adopt comprehensive governance practices that proactively prepare them for digital forensic investigations. This enhances organizational resilience, ensures compliance, and optimizes the handling and disclosure of digital evidence through strategic alignment with corporate objectives and regulatory demands.

ISO/IEC 30121:2015 - Information technology -- Governance of digital forensic risk framework - Page 1 previewISO/IEC 30121:2015 - Information technology -- Governance of digital forensic risk framework - Page 2 previewISO/IEC 30121:2015 - Information technology -- Governance of digital forensic risk framework - Page 3 previewISO/IEC 30121:2015 - Information technology -- Governance of digital forensic risk framework - Page 4 preview
PreviousNext
Standard

ISO/IEC 30121:2015 - Information technology -- Governance of digital forensic risk framework

English language
6 pages
sale 15% off
Preview
sale 15% off
Preview
ISO/IEC 30121:2015 - Technologies de l'information -- Gouvernance du cadre de risque forensique numérique - Page 1 previewISO/IEC 30121:2015 - Technologies de l'information -- Gouvernance du cadre de risque forensique numérique - Page 2 previewISO/IEC 30121:2015 - Technologies de l'information -- Gouvernance du cadre de risque forensique numérique - Page 3 previewISO/IEC 30121:2015 - Technologies de l'information -- Gouvernance du cadre de risque forensique numérique - Page 4 preview
PreviousNext
Standard

ISO/IEC 30121:2015 - Technologies de l'information -- Gouvernance du cadre de risque forensique numérique

French language
6 pages
sale 15% off
Preview
sale 15% off
Preview

Frequently Asked Questions

ISO/IEC 30121:2015 is a standard published by the International Organization for Standardization (ISO). Its full title is "Information technology - Governance of digital forensic risk framework". This standard covers: ISO/IEC 30121:2015 provides a framework for Governing bodies of organizations (including owners, board members, directors, partners, senior executives, or similar) on the best way to prepare an organization for digital investigations before they occur. This International Standard applies to the development of strategic processes (and decisions) relating to the retention, availability, access, and cost effectiveness of digital evidence disclosure. This International Standard is applicable to all types and sizes of organizations.

ISO/IEC 30121:2015 provides a framework for Governing bodies of organizations (including owners, board members, directors, partners, senior executives, or similar) on the best way to prepare an organization for digital investigations before they occur. This International Standard applies to the development of strategic processes (and decisions) relating to the retention, availability, access, and cost effectiveness of digital evidence disclosure. This International Standard is applicable to all types and sizes of organizations.

ISO/IEC 30121:2015 is classified under the following ICS (International Classification for Standards) categories: 35.080 - Software. The ICS classification helps identify the subject area and facilitates finding related standards.

ISO/IEC 30121:2015 is available in PDF format for immediate download after purchase. The document can be added to your cart and obtained through the secure checkout process. Digital delivery ensures instant access to the complete standard document.

Standards Content (Sample)


INTERNATIONAL ISO/IEC
STANDARD 30121
First edition
2015-03-15
Information technology — Governance
of digital forensic risk framework
Technologies de l’information — Gouvernance du cadre de risque
forensique numérique
Reference number
©
ISO/IEC 2015
© ISO/IEC 2015
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2015 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Principles . 2
4.1 Responsibility . 2
4.2 Strategy . 2
4.3 Acquisition . 2
4.4 Performance . 2
4.5 Conformance . 2
4.6 Human behaviour . 2
5 The framework . 2
5.1 Stakeholder mandate. 2
5.2 Establishment . 2
5.3 Evaluate . 2
5.4 Direct . 3
5.5 Monitor . 3
6 Processes . 3
6.1 Archival strategy . 3
6.2 Discovery strategy . 3
6.3 Disclosure strategy . 3
6.4 Digital forensic capability strategy . 3
6.5 Risk compliance strategy . 3
7 Metrics . 4
7.1 General . 4
7.2 Key goal indicators . 4
7.3 Key performance indicators . 4
7.4 Key business indicators . 4
Annex A (informative) International Standard overview . 5
Bibliography . 6
© ISO/IEC 2015 – All rights reserved iii

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
Details of any patent rights identified during the development of the document will be in the Introduction
and/or on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity
assessment, as well as information about ISO’s adherence to the WTO principles in the Technical Barriers
to Trade (TBT), see the following URL: Foreword — Supplementary information.
The committee responsible for this document is ISO/IEC JTC 1, Information technology, Subcommittee SC
40, IT Service Management and IT Governance.
iv © ISO/IEC 2015 – All rights reserved

Introduction
Organizations of any kind face both internal and external factors and influences that can lead to the
occurrence of legal actions and placement of demands on the Information Technology (IT) and related
Information Systems (IS) to disclose digital evidence. The occurrence of legal action may be the result
of an uncertain, unplanned, or unexpected event or it may occur as a planned course of action against
employees, competitors, or service suppliers. Whether a risk is significant or not will depend on the level
of risk and the organization’s risk attitude. Its risk attitude will be reflected in its risk criteria. Because
it is almost certain that digital evidence will be discovered and, therefore, be subject to legal disclosure,
organizations should plan and develop capability to deal with such legal actions before they occur.
This International Standard is about the prudent strategic preparation for digital investigation of an
organization. Forensic readiness assures that an organization has made the appropriate and relevant
strategic preparation for accepting potential events of an evidential nature. Actions may occur as the
result of inevitable security breaches, fraud, and reputation assertion. In every situation, IT should be
strategically deployed to maximise the effectiveness of evidential availability, accessibility, and cost
efficiency.
The responsibility of the Governing body is to provide strategic direction in all matters of relevance to
...


NORME ISO/IEC
INTERNATIONALE 30121
Première édition
2015-03-15
Technologies de l’information —
Gouvernance du cadre de risque
forensique numérique
Information technology — Governance of digital forensic risk
framework
Numéro de référence
©
ISO/IEC 2015
DOCUMENT PROTÉGÉ PAR COPYRIGHT
© ISO/IEC 2015, Publié en Suisse
Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite ni utilisée
sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie, l’affichage sur
l’internet ou sur un Intranet, sans autorisation écrite préalable. Les demandes d’autorisation peuvent être adressées à l’ISO à
l’adresse ci-après ou au comité membre de l’ISO dans le pays du demandeur.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii  © ISO/IEC 2015 – Tous droits réservés

Sommaire Page
Avant-propos .iv
Introduction .v
1 Domaine d’application . 1
2 Références normatives . 1
3 Termes et définitions . 1
4 Principes . 2
4.1 Responsabilité . 2
4.2 Stratégie . 2
4.3 Acquisition . 2
4.4 Performance . 2
4.5 Conformité . 2
4.6 Comportement humain . 2
5 Le cadre . 2
5.1 Mandat des parties prenantes . 2
5.2 Établissement . 2
5.3 Évaluer . 3
5.4 Diriger . 3
5.5 Surveiller . 3
6 Processus . 3
6.1 Stratégie d’archivage . 3
6.2 Stratégie de découverte . 3
6.3 Stratégie de divulgation. 3
6.4 Stratégie de capacité forensique numérique . 3
6.5 Stratégie de conformité aux risques . 4
7 Mesures . 4
7.1 Généralités . 4
7.2 Indicateurs clés des objectifs . 4
7.3 Indicateurs clés des performances . 4
7.4 Indicateurs clés des performances de l’activité . 4
Annexe A (informative) Vue d’ensemble de la Norme internationale . 5
Bibliographie . 6
© ISO/IEC 2015 – Tous droits réservés iii

Avant-propos
L’ISO (Organisation internationale de normalisation) et l’IEC (Commission électrotechnique
internationale) forment le système spécialisé de la normalisation mondiale. Les organismes
nationaux membres de l’ISO ou de l’IEC participent au développement de Normes internationales
par l’intermédiaire des comités techniques créés par l’organisation concernée afin de s’occuper des
domaines particuliers de l’activité technique. Les comités techniques de l’ISO et de l’IEC collaborent
dans des domaines d’intérêt commun. D’autres organisations internationales, gouvernementales et non
gouvernementales, en liaison avec l’ISO et l’IEC, participent également aux travaux. Dans le domaine
des technologies de l’information, l’ISO et l’IEC ont créé un comité technique mixte, l’ISO/IEC JTC 1.
Les procédures utilisées pour élaborer le présent document et celles destinées à sa mise à jour sont
décrites dans les Directives ISO/IEC, Partie 1. Il convient, en particulier de prendre note des différents
critères d’approbation requis pour les différents types de documents ISO. Le présent document a été
rédigé conformément aux règles de rédaction données dans les Directives ISO/IEC, Partie 2 (voir www
.iso .org/ directives).
L’attention est attirée sur le fait que certains des éléments du présent document peuvent faire l’objet
de droits de propriété intellectuelle ou de droits analogues. L’ISO et l’IEC ne sauraient être tenues pour
responsables de ne pas avoir identifié de tels droits de propriété et averti de leur existence. Les détails
concernant les références aux droits de propriété intellectuelle ou autres droits analogues identifiés
lors de l’élaboration du document sont indiqués dans l’Introduction et/ou dans la liste des déclarations
de brevets reçues par l’ISO (voir www .iso .org/ brevets).
Les appellations commerciales éventuellement mentionnées dans le présent document sont données
pour information, par souci de commodité, à l’intention des utilisateurs et ne sauraient constituer un
engagement.
Pour une explication de la nature volontaire des normes, la signification des termes et expressions
spécifiques de l’ISO liés à l’évaluation de la conformité, ou pour toute information au sujet de l’adhésion
de l’ISO aux principes de l’Organisation mondiale du commerce (OMC) concernant les obstacles
techniques au commerce (OTC), voir le lien suivant: w w w . i s o .org/ avant -propos.
Le présent document a été élaboré par le comité technique ISO/IEC JTC 1, Technologies de l’information,
sous-comité SC 40, Gestion des services IT et gouvernance IT.
iv © ISO/IEC 2015 – Tous droits réservés

Introduction
Les organismes de n’importe quel type sont confrontés à la fois à des facteurs et influences internes et
externes qui peuvent mener à la survenue d’actions en justice et à la formulation d’exigences concernant
les technologies de l’information (TI) et les systèmes d’information (SI) associés aux fins de divulguer
des preuves numériques. La survenue d’actions en justice peut être le résultat d’un événement
incertain, non planifié ou inattendu ou il peut s’agir d’un plan d’action planifié à l’encontre d’employés,
de concurrents et de fournisseurs de service. L’importance d’un risque dépend du niveau de risque et
de l’attitude face au risque de l’organisme. L’attitude de ce dernier face au risque est reflétée par ses
critères de risque. Étant donné qu’il est presque certain que des preuves numériques seront découvertes
et qu’elles seront, par conséquent, soumises à une divulgation légale, il convient que les organismes
planifient et développent leur capacité à faire face à de telles actions en justice avant qu’elles ne se
produisent.
La présente Norme internationale concerne la préparation stratégique avisée d’un organisme pour
l’investigation numérique. La préparation à l’approche forensique garantit qu’un organisme a engagé
une préparation stratégique appropriée et pertinente pour donner son aval concernant des événements
potentiels de nature probatoire. Des actions peuvent se produire suite à d’inévitables violations de
sécurité, fraudes et déclarations de réputation. Dans chaque situation, il convient que les technologies
de l’information (TI) soient déployées de manière stratégique afin de maximiser la disponibilité des
preuves, leur accessibilité et leur efficience économique.
La responsabilité de l’organe de gouvernance est de fournir une direction stratégique pour toutes
les questions pertinentes pour l’organisme. L’organe de gouvernance est informé via les principes
des pratiques d’excellence qui fournissent des préconisations générales concernant les questions
de certitude et de conformité. Ces principes peuvent provenir de mandats légaux, de normes ou
d’impératifs sociaux et culturels. Dans la présente Norme internationale, les
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

Loading comments...