BS ISO IEC 27038-2014 pdf – Information technology — Security techniques — Specification for digital redaction

BS ISO IEC 27038-2014 pdf – Information technology — Security techniques — Specification for digital redaction

BS ISO IEC 27038-2014 pdf – Information technology — Security techniques — Specification for digital redaction.
4 General principles of digital redaction 4.1 Introduction Redaction is carried out in order to permanently remove particular information from a copy of a document. It should be used when, for example, one or two individual words, a sentence or paragraph, an image, a name, address and/or signature needs to be removed from a document prior to it being disclosed to individuals who are not authorized to view the removed information. The process of digital redaction is not simply to remove information but also to indicate where necessary that some information has been removed, so that the reader knows that the document has been redacted. For example, there can be a need to know that some words or some paragraphs have been deleted in order to maintain the semantics of the non-redacted information. 4.2 Anonymization As an example, one of the purposes of redaction is to remove personally identifiable information (PII) from a document (anonymization). Where such a purpose is applicable, then redaction processes shall be so designed such that the identity of the individual about whose information is being redacted is protected. It can be, for example, that even though a name has been redacted from a document, the identity of the individual is evident from the remaining information. Where anonymization is required, all information that could be used to identify the individual shall be redacted. This shall include all information that could be used in conjunction with other information (which can be obtained from other sources) to identify the individual. 5 Requirements 5.1 Overview Organizations should have the capability to identify documents that need to be redacted prior to their release to other parts of the organization or to others (such as the public).
When identifying information that needs to be redacted prior to release, whole sentences or paragraphs should not be identified if only one or two words in that sentence or paragraph are to be redacted, unless the release would enable the identification of the redacted information by context. Where necessary, information relating to the effect that a digital document has been redacted shall be linked with the digital document. To identify the fact that a redaction process has been undertaken, redacted information may be replaced by a sentence stating that some information has been redacted. When redaction is performed on a digital document, any metadata included within the digital document shall be reviewed for redaction requirements and appropriate redactions undertaken. Where redaction is performed on a digital document that contains images, video and/or voice information, redaction techniques that remove the necessary information shall be used. 5.2 Redaction principles The redaction of digital documents shall be carried out in accordance with the following principles: — Retention of digital original document The original or master version of a digital document shall not be redacted – redaction shall be carried out on a copy of the digital document. Original digital documents (e.g. the un-redacted document) shall be retained and be accessible only to those authorized. — Complete removal of redacted information Redaction shall irreversibly remove the required information from the redacted version of the document. The information shall be completely removed from the digital document, not simply from the displayable content. — Security evaluated redaction
6 Redaction processes 6.1 Introduction The redaction of digital documents is a relatively new area of information and records management practice, and raises unique issues and potential risks. Redaction may be carried out using a number of approaches: — use of paper intermediaries; — use of digital image intermediaries; — simple redaction using plain text format files; — complex redaction using original “complex” format files. The following specifies the technical aspects of redacting digital documents. 6.2 Paper intermediaries For digital documents which can be printed as a hardcopy, redaction techniques utilizing paper intermediaries may be used. There are 2 methods that can be used within this technique: — The digital document is printed onto paper and redaction carried out on the printed copy. In this case, the equipment / process used for the redaction shall ensure that the redacted information cannot be retrieved. The use of black marker pens may not be sufficient for this requirement. To ensure that redacted information cannot be retrieved, a photocopy of the redacted paper document shall be taken and it shall be used as the final redacted document.

The previous

BS ISO IEC 29109-5-2014 pdf - Information technology — Conformance testing methodology for biometric data interchange formats defined in ISO/IEC 19794 Part 5: Face image data

The next

BS ISO IEC 17839-2014 pdf - Information technology — Biometric System-on-Card Part 1 : Core requirements

Related Standards