1、INTERNATIONA1.STANDARDISO4669-1editionFirst202305Documentmanagement一Informationc1.assification,markingandhand1.ing一pUqqirementsGestiondesdocumentsTraitementfmarquageetc1.assificationdeinbrmaUon-Panie1:ExigencesReferencenumberISO4669-1.:2023(E)COPYRIGHTPROTECTEDDOCUMENTISO2023IUirhM*hedbdi1.iUedother
2、wiseupdhi.orbmtndH0tf1.ttoni(nc4nmpe*MqnrtiatfifiHipB1.andonnet8CH-1214Vernier,GenevaPhone:M1.227490111觥ftte:丽丽BQrgPub1.ishedinSwitzer1.andContentsForewordIntroductionv2 Scope13 Normativereferences14 Termsanddefinitions5 Princip1.es3ICMHsystemdesign45.1 C1.assificationschemedesign45.1.1 C1.assificat
3、ioncriteria45.1.3 Hbrafutqtionschemeequiva1.ence5.1.4 Inforniationasset1.ifecyc1.e65.1.5 Defau1.tc1.assifications7:UR三搬牌儡雌褴SJ三arked5.2 arkIngSChemedesign.95.2.1 Markingdesigncriteria95.35隘dMngP融三1E酶跳。1.M驱5.3.1 Hand1.ingdesigncriteria5.3.2 Informationhand1.ingduringcreationandcapture456ri3.3.旦5.5.tt1
4、Hft1.1.JEfiesintofterinformationassetsInformationaggregation11Accesstoandhand1.ingofinformationS;3:8Informationrep1.F舱脚。andrendering5.3.9 Informationredaction135.3.10 Infbnnationdistribution,sharingandexchange5312InfCnnatiOna西湖骸,Rddisposa1.5.4ICMHsystemeva1.uation155.4.1 Eva1.uationprogramme15蒯稠朋那蜘
5、匐腿Measurement16IncidentmanagementandinvestigationIC1t1.SySten】*eson166.1 Schemererision166.2 Changemanagement166.3 Progressiveintegro1.ib1.6Mtt1.ntothescopeorganizationAnneXA(informative)EXaB醺aftwhenapp1.yingtheICMHsystemtoai*urakUBib1.iographyForewordISO(theInternationa1.OrganizationforStandardizat
6、ion)isawor1.dwidefederationofnationa1.standardsttiugh(ISOm11tambif1.iniKhvcekdHPfff1.PbbGgbOdy1.Iitf1.CIrattod6tand)GfcnowhtdarredMt2committeehasbeenestab1.ishedhastherighttoberepresentedonthatcommittee.Internationa1.organizations,governmenta1.andnon-governmenta1.,in1.iaisonwithISO,a1.sotakepartinth
7、ework.ISOco1.1.aboratesc1.ose1.ywiththee1.ectrotechnica1.standardization.Internationa1.E1.ectrotechnica1.Commission(IEC)ona1.1.mattersofTheproceduresusedtodeve1.opthisdocumentandthoseintendedforitsfurthermaintenancearedyiFFHSOfISO雇etW1.kes,s姗抬”not1.f1.fcfcww1.蝌闾IC嚓COrdanCeftfitheeditoria1.ru1.esofth
8、eISO/IECDirectives.Part2(seewwsv.iso.org/direc1.ives).假)(撇nts)a鹤田MakeSt三嬲据i帆n曲teB瞄硼8硒ffiHFtm聊栖的野榴IVQdaimedpatentrightsinrespectthereof.Asofthedateofpub1.icationofthisdocumentISOhadnotreceivednoticeof(八)patent(三)whichmayberequiredtoimp1.ementthisdocument.However,imp1.ementorsare懈怖翻琳躺/mj,wWjSOQFg/眸Ien
9、tS曲舐砒ion,扁照Ospon蜘3i胸腿搬册醐魄Ora,1suchpatentrights.Anytradeusedinthisconstitutenameendorsenent.documentisinformationgivenfortheconvenienceofusersanddoesnotForanexp1.anationofthevo1.untarynatureofstandards,themeaningofISOspecifictermsand幽幽蛔豳照施厚侧小物O)assEif1.眦聚inwe帼1.吼。nBar池帆四dead朝乩CSvbr11iso0rgIso/forewor
10、d.htm1.?振曲删呢砺?/邺4/P)P刚“ddg你猛DowmenCmanagementapp1.ications,Anyfeedbackorquestionsonthisdocumentshou1.dbedirectedtotheusersnationa1.standardsbody.Acomp1.ete1.istingofthesebodiescanbefoundarwwwGF7embe4um1.IntroductionAcrossa1.1.businesssectors,thereareorganizationsthata1.readyidentify,c1.assifyanddist
11、inguishtheiruwIinfo(iratVhcdnikaiiifmctaftun(mda搠Mationmmft畸ndThisapproachcande1.iveraSignifiCantimprovementinhowinformation,andinparticu1.arsensitiveinformation,ismanaged,bothwithintheorganizationandwithinotherorganizationswithwhichthe三三8rft三fr副诃酬W%chno1.o时Wf1.1.的OIVedOrg1.RWWVestmente三Fmationcreat
12、ion(e.g.typesettingoremai1.software)thatadoptandintegratethespecificationsinthisdocumentintotheirso1.utionswi1.1.beab1.etocreatesecure,automateddocumenthand1.ingso1.utions,inc1.udingthatdetectandactuponthetransmissionofinformationassetsthathavebeenMorespecifica1.1.y,thisdocumentisintendedtosupportth
13、edesignofinformationc1.assification,markingandhand1.ing(ICMH)systemstohe1.porganizations:meettheirstrategicobjectives,governanceob1.igationsandenterpriseriskmanagementgoa1.s;meet1.ega1.,Iegu1.atoryandstandardscomp1.ianceob1.igations;identify,secure,protect,shareandtracksensitiveinformationappropriat
14、e1.y;andirfivcapfriateJ)ftR4fiSdiftteKt,ftents.andsignificanceofinformationassetsandfami1.iaritywithDocumentmanagementInformationc1.assification,markingandhand1.ing一qqirements1 ScopeThisdocumentspecifiesrequirementsforinformationc1.assification,markingandhand1.ing(ICMH).7tgsnkxocijU-hbQbfrn(iinmuoh.
15、informationcanbeaccessedbyusers,bothinsideandoutsidetheThisdocumentisapp1.icab1.eto,butnot1.imitedto,thefo1.1.owing:a) organizationsofanysizethatcreate,store,shareorotherwiseprocessinformation;b) individua1.swhocreate,store,shareorotherwiseprocessinformation;C)if1.5碗渊IhinfO懒M枪解附故痫搬出啷h昭州珀跖尔卅以岫冲四次rnan
16、ceand出翻2%ifiih三iood*auma嘀jw福都WMPa鹿瞠9阳心5ofitmediaorformat.WyEadio/VideO1.nf8FfiMfisaSSC圆1iUftong都砥限Iurvdinformatiori!HMtturcdinformatic附KCdPIPcsdatabasesandturnedintoatangib1.easset.2 NormativereferencesTherearenonormativereferencesinthisdocument.3 TermsanddefinitionsForthepurposesofthisdocument,thef
17、o1.1.owingtermsanddefinitionsapp1.y.ISOandIECmaintaintermino1.ogydatabasesforuseinstandardizationatthefo1.1.owingaddresses:ISOOn1.inebrowsingp1.atform:avai1.ab1.eathttps:/www.iso.org/obpX1.IECE1.ectropedia:avai1.ab1.eat4ttpsvww.e1.etF0ped.oFg/c1.assificationsystematicidentificationand/orarrangemento
18、finformationassets(3.7)intocategoriesaccordingto1.ogica1.1.ystructuredconventions,methodsandProCedUndru1.estotenfdntjortscineyiroriftMyftndsherIMCZ5川由eiufty。I1.wmm履Umi)assetto1.ossordamage.SOURCEecordsw1.54891:2016,entrymodificdinformationassets*hasrep1.acedbusinessactivities-503.2documentSOURCE:ISO
19、9000:201Sr3.8.5,modifiedtheexamp1.eandnotestoentryhavebeende1.eted.hand1.ing3.4informationc1.assification,markingandhand1.ingschemeICMHscheme3.5informationC1.aSSmeation,markingandhand1.ingsystemICMHsystem3.6informationaccuratecntr)r:timc1.y,specificOrganizcd1.ackingpurpose,presentedWithinintcqjrctit
20、smeaning,InformationandSOURCE:ISO9000:2015,3.8.2,modifiednote1toentryhasbeenadded.informationasset3.8informationasset1.ifecyc1.e(SOURCE:ISO13972:2022,definition;theinformationassetexamp1.ebeenaddedde1.eted.asset*-503.9informationprovidernatura1.persons.Otherwiseitworkersthirdparties,anorganizationwh
21、en,forexamp1.e,referringtothemas3.10markingand/orISOandNoteto3.5,hasbeenadded.information(3.6)andthemediumonwhichitiscontained3.3requiredactivsre1.atingtoinformationassets(3.7)thathavebeenmarkedwithaspecificc1.assification(3.1)respective,specificrequire11uuUandarrangemuutsestab1.ishedfortheindividua
22、1.activitiesofc1.assification(3.1),marking(3.10)orhand1.ing(3.3)setOfinterre1.atedorinteractinge1.ementstoestab1.ishinformationc1.assification(3.1),marking(3.10)andhand1.ing(3.3)po1.iciesandobjectiveswithprocessestoachievethoseobjectivesmeaningfu1.dataNote1toandDaucanbeandasforthecontextnecessaryIoa
23、contextthatgivesmeaningisre1.evance,andcan1.eadtanincreaseinunderstandinganddecreaseinuncertainty.Informationisva1.uab1.ebecauseitcanaffectbehaviour,adecisionoranoutcome.3.7setofinfbnnation(3.6)thatiscapab1.eofbeingsharedandcanbehe1.dinanyform,e.g,physica1.ordigita1.sequenceofeventsthatmarkthedeve1.
24、opmentanduseofaninformationasset(3.7)hasrep1.aced“resource“inthe3.1.40rmodified-note1entryandhashavebecntotheterm;individua1.orentitythathassharedinformation(3.6)withtheorganizationNote1toentry:ThisInc1.udcsrc1.atcsto(3.17)withinprocessbywhichac1.assification(3.1)isdocumentedandindicatedforaninforma
25、tionasset(3.7)(usua1.1.yontheinformationasset)3.11metadatadataaboutdata曲可drtddnicyrbesAUtedatWUtdfitiadBce30811帅mtkM11a(ig)A4dn出切assetstechno1.ogiesandtoo1.scommon1.yusemetadatatoconveydass1.cations.Withouttheuseofsuchtechno1.ogies,metadataare-ata1.waysimmediate1.yvisib1.eandpossib1.ywi1.1.notbeauto
26、matica1.1.ytransferredwhentheyJfation(3.6)changesformat.physica1.storagemediagicHdeviceonwhichinformation(3.6)canberecordedrecordinformation(3.6)createdorreceivedandmaintainedasevidenceandasanassetbyanorganization,inpursuitof1.ega1.ob1.igationsorinthecourseofconductingbusinessNote1toentry:Recordsare
27、norma1.1.yusedinp1.ura1.取PyRCE:ISO30300:2020,3.2.10,modifiednote2toentryhasbeende1.eted.redactionpermanentremova1.ofinformation(3.6)withinadocument(3.2)yyRCE:ISO/iEC27038:2014,2.4rep1.icationdigita1.dup1.icationwherethereisnochangetotheinformation(3.6)RCE:ISO/TS21547:2010,3.1.26storagemediayjTeonWhi
28、Chdigita1.information(3.6)canbestoredworkerindividua1.workingunderthecontro1.ofanorganization,inc1.udingemp1.oyees,temporarystaff,contractorsandconsu1.tants4Princip1.esTheinformationc1.assification,markingandhand1.ing(ICMI1.)systemsha1.1.inc1.udeadefinitionofaprocessthatcanhand1.einformationinawayth
29、atisappropriatetoitsc1.assificationandtoitsmarking.TheICMHsystemsha1.1.:MWiotK*JMJif1.YQy才且软if自QaiZatiOpanytoapp1.yandasimp1.isticprocessb) ref1.ectthesensib1.e1.imitsofwhatcanbeexpectedofitsworkerssothattheycanobtainanappropriateba1.anceofwhatisnecessary,recommendedandpossib1.etoachieve;c) producec
30、onsistentresu1.tsuponrepeateduse,regard1.essoftheuser;d) betraceab1.eandcapab1.eofverification;B.3E1.ectronicdocumentsanddigita1.1.es8.3.1 Creatingdigita1.informationassetsIna1.mosta1.1.circumstances,theprocessofcreatingadigita1.informationassetstartswithchoosingtoURdpnrtctiriaracct*wre11trbn.ICM1.i
31、iejucem(BtttiD2j.irHtori1.Hejqcdrtihra4detreforebet9raai1.rewhnthnrtbt:tiMu1.vrdmuiif1.bHfi1.efi1.8Mbc极桶如硼捣解dt蚓田Pre曼种aformationinaparticu1.arform.Digita1.fi1.escanbeeasytoa1.terinvisib1.y(inawaythatwou1.dbeimpossib1.ewithapaperdocument).躺歌麻跳与触邮融用心用招密解a1.o而用腆曲?摇砒asyin脚唱腑哝断种养扁麻,5.3.9,5.3.11and53.12).-
32、 UH曲版POSSi1.fteCe49if1.rf1.招搞Gmfnhfi用PdBriatedoCUmentCOnS用群?乱釉pro就1朗“sensitivecontent(see5.2,2,5,3.3r5.3.4and5.3.5).- 战烈的凯制岫虢Aea(IerSchang题嬴rstemp1.盘OmmOf送瞄TfOrm霸恕他rsbot?owerPoint2)is- Markingsp1.acedwithinmetadataare1.ike1.ynottobeseenbypeop1.eusingthedocument.B.4Audioandvideo8.4.1 Creatingaudioand
33、videoinformationassetsNOTE1Mostdigita1.informationassetsaredocumentswithastartandanend,andafiniteamountofQoa1.CA1.nceTM由电QeWgMnW*drjncbeaai1.a1.w啪IeSPaPerPaedodH11uuth)mudgNnitooudWngs3Dfi1.es.tjersBPFthisaairtteuh1.H曲VrtMUte3WpH制的d)Th*甲Cnn戒Onisgivenfortheconvenienceof2) WordandPowerPointareexamp1.e
34、sofsuitab1.eproductsavai1.ab1.ecommercia1.1.y.ThisinformationisgivenfortheconvenienceofusersofthisdocumentanddoesnotconstituteanendorsementbyISOoftheseproducts.uditfyaccbdinga电由diUrtanondigZkfib1.prandaymtfiusIhegeptrtiUipoek(td)iBtMteaqht&ttykrnutucha1.1.engingtoattachamarkingto.r88f瓶n5th论,居轴I丛鹤濯?阚
35、戕片舐ffhthefo1.1.owingmethodsOfmarkingaudioandvideoa) markingthemediumthatcarriesorcontainstheasset;EXAMP1.E1Markingthecasecontainingatapeorfi1.m.b) addingthemarkingpriortothestartoftherecordingsothatitisheardorseenbeforetheinformationassetitse1.f;c) addingthemarkingattheendoftherecording;d) foraudioa
36、ssets,addingadesignatedaudib1.etone(uniquetoagivenc1.assification)throughouttherecording(a1.thoughthisis1.ike1.ytoimpactabi1.itytoc1.ear1.yunderstandtheaudioandrecognizeH1.sti1.1.1三i1.At。曲舜hemM口“FstdbAherUWftft曜松kc也即C咽iM贰能M1.三a11ymngandawareness;e)蜘冰限跳题掘唱就怩渊闹感三幅诧the三瓢魄标用咻OUtOt踊斑观H)瞰品资Onsuchasspeechc
37、aptions;aspecificca1.1.centrereceivethesamec1.assificationand黝潞谿and儡黯1幅SSMePhoneca1.1.stog)markingtheassetwithinthemetadataassociatedwiththeinformationasset,a1.thoughcareshou1.dsometimeson1.yappropriaterenditionoftheaudioiswithinacontro1.1.edsystemthatNtaftfCfter69uandrt011ksksUctof1.afcpdbitaGCWtHp
38、csareIIke1.ytofa1.1.underdataprivacy1.egis1.ationand1.1.2 Sharingandtransportingtapesandfi1.msWithintheirICMHsystem,organizationscanoptfortapesandfi1.msc1.assifiedatcertain4wk-tobetaiectaccountsp6chinrt1.infeth(r三iiantsbhytica1.c1.spaotraIsticsf1.iawtediaanjyp(j5eefifot(arahthsatets,theICMHsystemsho
39、u1.dspecifywhethercertaintapeorfi1.massetsshou1.dnot1.eavethepremises.1.1.3 Storingtapesandfi1.msTapesandfi1.msshou1.dhavethesameconsiderationapp1.iedtotheirstorageaspaperassets(see5.3.7).8.5 Voice8.5.1 DirectconversationInformationthatisc1.assifiedassensitiveshou1.dbeprotected,wheneverandwhereverit
40、isexposed,inttdiationwhena5pdMw1型de0eciaH)YiMCThBht1.ip-ed0ub1.ajretbRifiMSbJietui0x1.ihnu1.sensitiveinc1.udedintheirhand1.ingschemehowthec1.assificationofaconversationiscommunicatedtotheparticipantsandtheexpected1.imitationsonuseoftheinformationthatISshared.Workersshou1.dbemadeawareoftherisksofbein
41、goverheard.268.5.2 Communicationservicesadditiona1.risks.Te1.ephonesandmobi1.ephonesSkypc3)beandintercep1.cdconferencingconversationsrecorded.NOTEAdditiona1.informationaboutsharingprotoco1.scanbefoundin1SO1EC27010.8.6 Imagetoimageinformationassets.andthemediauponwhichtheycanbestored.manipu1.ated,sui
42、tab1.ycurrent),andarethemostappropriateimageforthepurposeandofasuitab1.eorigina1.capturc.organizationcana1.soberequiredtoprovideevidenceoftheseattributes,c.g.thedateandtimeofSChemeMobi1.eWOrkingwhetherthemarkingappearsuponit,e.g.asawatermark.TherequirementsShouIdscreenaddressused,viewinginformationWebsitesmobi1.einfbrmationshou1.drendcreddevicesAssistiveittechno1.ogyto
