ISO/IEC 27038 2014 (ISO 27038 Standard) – Specification for digital redaction

Description

ISO/IEC 27038:2014 – Information technology – Security techniques – Specification for digital redaction

Digital redaction is a relatively new area of document management practice, and raises unique issues and potential risks. Where digital documents are redacted, removed information must not be recoverable, so care needs to be taken to ensure that redacted information is permanently removed from the digital document and not, for example, simply hidden within non-displayable portions of the document.

One example of the application of redaction techniques is the anonymisation of information in a document, such as by removing names and other personally identifiable information. Redaction can also be used to remove metadata or information (e.g. images) that have been imported into a document.

The ISO 27038 standard specifies the characteristics of techniques used to digitally redact digital documents, and sets out the requirements for software redaction tools and testing methods. It introduces two levels of redaction:

• Basic redaction, where context is not taken into consideration; and
• Enhanced redaction, where context is taken into consideration.

The Standard does not cover the redaction of information from databases.

Customer Reviews