The ISO 27038 standard specifies the characteristics of techniques for performing digital redaction on digital documents. It also specifies requirements for software redaction tools and methods of testing that digital redaction has been securely completed. It does not cover techniques for the redaction of information from databases.
Digital redaction is a relatively new area of document management practice, and raises unique issues and potential risks. Where digital documents are redacted, removed information must not be recoverable, so care needs to be taken to ensure that redacted information is permanently removed from the digital document and not, for example, simply hidden within non-displayable portions of the document.
One example of the application of redaction techniques is the anonymisation of information in a document, such as by removing names and other personally identifiable information. Redaction can also be used to remove metadata or information (e.g. images) that have been imported into a document.
The ISO 27038 standard specifies the characteristics of techniques used to digitally redact digital documents, and sets out the requirements for software redaction tools and testing methods. It introduces two levels of redaction:
The Standard does not cover the redaction of information from databases.