Defines requirements for bodies providing audit and certification of digital repositories, based on the metrics contained within ISO/IEC 17021 and CCSDS 652.0-M-1/ISO 16363.

The main purpose of this document is to define a CCSDS Recommended Practice and ISO International Standard on which to base the operations of the organization(s) which assess the trustworthiness of digital repositories using ISO16363 and provide the appropriate certification. This document specifies requirements for bodies providing audit and certification of digital repositories, based on the metrics contained within ISO/IEC17021 and CCSDS652.0‑M‑1/ISO16363 . It is primarily intended to support the accreditation of bodies providing such certification. ISO/IEC17021 provides the bulk of the requirements on bodies offering audit and certification for general types of management systems. However, for each specific type of system, specific additional requirements will be needed, for example, to specify the standard against which the audit is to be made and the qualifications which auditors require. This document provides the (small number of) specific additions required for bodies providing audit and certification of candidate trustworthy digital repositories. Trustworthy here means that they can be trusted to maintain, over the long-term, the understandability and usability of digitally encoded information placed into their safekeeping. In order improve readability, the clause numbers are kept consistent with those of ISO/IEC17021 . Some subclauses are applicable as they stand, and these are simply enumerated; otherwise additions to subclauses are explicitly given. In the former case, the clauses may consist of just a few sentences. As a result, this document must be read in conjunction with ISO/IEC17021 . The requirements contained in this CCSDS Recommended Practice need to be demonstrated in terms of competence and reliability by any organization or body providing certification of digital repositories This document is meant primarily for those setting up and managing the organization performing the auditing and certification of digital repositories. It should also be of use to those who work in or are responsible for digital repositories seeking objective measurement of the trustworthiness of their repository and wishing to understand the processes involved.