BS ISO IEC 30121:2015 pdf free download – Information technology — Governance of digital forensic risk framework.
4 Principles
4.1 Responsibility
Individuals and groups within the organization understand and accept their responsibilities in respectof both supply of, and demand for digital evidence. Those with responsibility for investigations also havethe skill, independence and authority to perform those actions.
4.2Strategy
The organization’sstrategy development takes into account the current and future retention, availability,access to and cost effectiveness of digital evidence; the strategic plans for evidential capability satisfythe current and ongoing needs of the organization.
4.3Acquisition
IT asset acquisitions are made to support the organization’s strategies, on the basis of appropriate andongoing analysis,with clear and transparent decision making.There is appropriate balance betweenbenefits, opportunities, costs, and risks, in both the short term and the long term.
4.4Performance
IT is fit for purpose in supporting the organization, providing the services, levels of service and servicequality required to meet current and future organization digital evidence requirements.
4.5Conformance
IT assets comply with all mandatory legislation and regulations.Policies and practices are clearlydefined, implemented and enforced in accordance with the organization’s risk criteria.
4.6Human behaviour
Digital forensic policies, practices and decisions demonstrate respect for human behaviour, includingthe current and evolving needs of all the people in the organization’s processes.
5The framework
5.1Stakeholder mandate
The Governing body should be constituted to represent the stakeholders, is to have the authority to setthe strategic direction of the organization, and should establish the capabilities to function.
5.2 Establishment
The work cycle of the Governing body should be aligned with the tasks of Evaluate -Direct – Monitor;and to facilitate the adoption of strategic policy,strategic planning and strategic capability.
5.3Evaluate
The Governing body should examine and make judgement on the current and future requirements fordigital evidence, including strategies,proposals,plans and supply arrangements (whether internal,external, or both). In evaluating the use of IT, the requirement to produce digital evidence and therequirements for forensic processes should be assessed.
5.4Direct
The Governing body should assign responsibility for,and direct preparation and implementation ofstrategies, plans and policies. Plans should set the strategic direction for digital evidence, IT operationsand capabilities. Governing bodies should encourage a culture of good governance of lT in theirorganization by requiring managers to provide timely information, to comply with strategic directionsand to conform to the risk criteria.
5.5 Monitor
The Governing body should monitor, through appropriate measurement systems, the performance andconformance of IT systems for digital evidence. They should reassure themselves that performanceis in accordance with strategic plans and its levels of risk are within the organization’s risk criteria,Responsibility for the effective,efficient and acceptable use of lT for evidential purposes by anorganization, remains with the Governing body and cannot be delegated.
6 Processes
6.1 Archival strategy
An organization shouldestablish a comprehensive archival retention of information properties.Archivalprocesses should be structured, complete, efficient, secure, and maintain the integrity of the data.
6.2 Discovery strategy
An organization should establish efficient and effective information retrieval capabilities.Accurateand timely access to organization information is critical for decision-making and the presentation ofevidence.
6.3Disclosure strategy
An organization should establish criteria for the securing and the disclosing of information.For anyassessment of the digital-related risk that the organization faces, it should apply its risk criteria todetermine if the level of risk is acceptable or whether the adoption of further strategic risk is required.Information that is disclosed should be preserved so that it is auditable.
6.4 Digital forensic capability strategy
An organization should adopt policies and plans to assure the preservation of digital evidence and theretention of and/or access to digital forensic skills. The organization should maintain processes thatassure the integrity of investigations, the independence of experts, and the evidential value of binaryinformation.BS ISO IEC 30121 pdf download.