Long term archiving (LTA) of digital product data which are not based on technical drawings. Part 4: Certification

Transcription

1 VDA Long term archiving (LTA) of digital product data which are not based on technical drawings 4958 Part 4: Certification T 4 These non-binding recommendations serve to establish basic, common requirements regarding the processes for and organization of the long-term archiving of digital product data generated during product development which is not based on technical drawings. They were drawn up in the VDA Long-Term Archiving project group, which is part of the VDA CAD/CAM working group. 1st edition from June 2007 Working Group "CAD/CAM" Published by: Verband der Automobilindustrie Copyright Westendstraße 61 Copies and any other form of Postfach duplication shall include a correct Frankfurt citation of the source. Telephone / Telefax / Internet:

2 VDA Recommendation 4958 T 4 1st edition, June 2007 Page 2 of 28 Disclaimer The VDA recommendations are recommendations that are available for anyone to use. Anyone using these recommendations is responsible for ensuring that they are used correctly. The VDA recommendations give due consideration to the prevailing state-of-the-art at the time of publication. Use of the VDA recommendations does not allow a person to avoid assuming responsibility for his or her actions. In this respect, everyone acts at their own risk. The VDA and the parties involved in drawing up the VDA recommendations assume no liability whatsoever. We request that anyone encountering an error or the possibility of an incorrect interpretation when using the VDA recommendations contact the VDA immediately so that any errors can be rectified. The document is a translation of the German version. Therefore the German document represents the original and should be referenced in the case of discrepancies. Due to the fact that this document is a translation, it may be the case that the English text leaves room for interpretation because certain terms are often deeply rooted in the original language, and therefore it is not possible to translate them into another language without a certain degree of ambiguity arising.

3 VDA Recommendation 4958 T 4 1st edition, June 2007 Page 3 of 28 Contents Contents...3 List of Figures General Preface Objectives and scope of application Changes compared with previous version Compatibility with previous versions Structure of the recommendation Abbreviations, definitions Abbreviations Definition of terms Further applicable documents Further references Basic principles of assessment Assessment aspects Overview of the assessment areas Benefits Assessment criteria Assessment area 1: General description of the area of application Description of the organization Organizational structure Procedural organization Assessment area 2: User-oriented description of the LTA solution Key data and goals Organizational description Documents in the archive Processing rules Electronic signatures Additional guidelines Assessment area 3: Technical LTA solution and migration Storage system Converters for content information Output systems Servers Clients Network components Other devices Graphical system representation LTA software and customizing User interfaces Interfaces Network system description Electronic signatures Signature generation and verification components Conditions for migration...16

4 VDA Recommendation 4958 T 4 1st edition, June 2007 Page 4 of Assessment area 4: IT Security Threats and measures Disaster recovery planning LTA-specific data protection concept User administration and authorization concept Transaction and data consistency protection Logging System stability Access control Data privacy laws and control system Assessment area 5: Technical operation Responsibilities Building Related prerequisites Operating conditions for the hardware components of the LTA solution Operating conditions for the software components of the LTA solution Occupational health and safety Operating procedures Data protection concept Handling of data storage media System maintenance Monitoring of proper operation Hardware upgrades Software updates Restart Recovery Assessment area 6: Processes Ingest of content information Handling digital content information and administrative data Quality assurance measures Access and processing of content information and administrative data Version control for content information Logging Data transfer of content information and administrative data Granting and logging authorizations Immutability Logging archiving operations Retrieval time for archived data History of content information and administrative data Retrieving content information Proof relating to associated product documentation Assessment area 7: Employee qualifications Roles Required know-how Responsibilities Qualification measures Documentation of qualifications and measures Assessment area 8: Tests Test concept Test plans and test specifications Execution of tests Test records... 23

5 VDA Recommendation 4958 T 4 1st edition, June 2007 Page 5 of Assessment area 9: Maintenance Responsibility for maintenance and troubleshooting...24 Maintenance Troubleshooting Documentation Assessment area 10: Integration of organizational and technical measures Documentation of organizational measures Documentation of change processes for the LTA solution Documentation of technical measures Internal revision Areas of responsibility Testing and certification Procedural documentation Technical LTA solutions Responsibilities in an audit intensions Operator Certification body Audit management team Audit team...28 List of Figures Figure 1: Assessment aspects...10 Figure 2: Integration of organizational and technical measures...25

6 VDA Recommendation 4958 T 4 1st edition, June 2007 Page 6 of 28 1 General 1.1 Preface The introduction of digital technology throughout the lifecycle of an automobile has brought about fundamental changes in the handling of product data. These changes also affect the long-term archiving of digital product data in particular. Up until now, the long-term archiving (LTA) of product data involved the creation and storage of 2D drawings. Administrative and organizational product data (PDM/PLM data) was archived as part of the 2D drawing (e. g. in the title block) and/or in other documents. Without 2D drawings, the 3D CAD model shall now fulfill the same requirements for longterm archiving. The recommendation VDA 4958 was drawn up because there were previously no rules according to which 3D CAD data could be archived securely and later be accessed and interpreted. The fourth part of the recommendation addresses the following aspects: - Identification of assessment areas and test criteria for conformity testing involving an LTA solution for digital product data which is not based on technical drawings with respect to the recommendations in Parts 1 to 3 (see 1.5). - Description of special characteristics regarding the testing and certification of this LTA solution as an extension of the generally applicable criteria for proper documentation. ISO9001 provides a process-oriented approach for the definition of requirements relating to quality management systems. It can be used, for example, to verify the ability to ensure the permanent availability of products or satisfy the requirements of customers and/or government agencies. Based on the generally accepted principles of computer-based accounting systems (GoBS) and ISO9001, the IT association Verband Organisations- und Informationssysteme e.v. (VOI) and TÜViT have already developed test criteria for document management solutions (PK-DML) that allow for a proper certification procedure. These criteria create a basis for a neutral third party to verify trustworthy and audit-safe document management solutions. Part 4 of VDA 4958 provides recommendations for the verification of reliable LTA workflows as the basis for certification based on, and in addition to, IS09001 while giving due consideration to PK-DML. Certification of the LTA workflows serves as proof that, at the respective time, everything humanly possible was done according to the prevailing state of the art with regard to the proper and adequate archiving and corresponding documentation. The recommendations contained in Part 4 are to be viewed as an extension of the archiving and certification processes already established in 2D environments, i.e. previously valid certification criteria also apply to product data which is not based on technical drawings and which falls within the scope of application of VDA Annex A (Source: PK-DML) provides a comparison of VDA 4958 and ISO9001.

7 VDA Recommendation 4958 T 4 1st edition, June 2007 Page 7 of Objectives and scope of application VDA 4958 is relevant to development and documentation processes if 3D representations (3D master models) are the only basis for development and documentation and if the established 2D archiving processes are not longer applicable due to economic or technical aspects. The description of the data and models relevant to long-term archiving refers to 3D CAD data and requisite non-geometric data. With regard to this data, every company shall give due consideration to generally accepted rules and recommendations regarding the archiving of digital documents such as, for example, security and backup solutions in the archive system. VDA provides recommendations for the verification of reliable LTA workflows as the basis for certification with the following technical background: Basic conditions shall be created that ensure that 3D CAD models and product data for drawing-based documentation can be put on par with each other from both a technical and legal point of view. This includes understanding and verification of the integrity (see VDA ). The characteristics of potential company-specific LTA solutions can be evaluated on the basis of generally accepted assessment aspects. The assessment relates to all aspects of an LTA solution such as, for example, organizational measures, man-machine interfaces, IT infrastructure as well as all securityrelated requirements within the overall context of the LTA process. Transparency shall be established for all aspects in order to ensure verifiability. 1.3 Changes compared with previous version Version Change Chapter Page 1.0 No changes; first edition 1.4 Compatibility with previous versions Not applicable; first edition. 1.5 Structure of the recommendation Part 1 identifies requirements relating to the long-term archiving of product data that exists in digital form only, summarizes certain legal and technical aspects and provides the basis for the other parts of the recommendation. Part 2 provides recommendations for designing the processes used to prepare the data for long-term archiving, the archiving of the data itself, and the steps required to access and reprocess the archived data. Part 3 defines the minimum requirements to be satisfied by the information in the 3D CAD representations and non-geometric product structure descriptions that is to be archived both from the user s point of view and on the basis of the process definition. Part 4 provides recommendations for the verification of reliable LTA workflows as the basis for certification. Chapter 2 describes the basic principles for assessing LTA solutions. Chapter 3 identifies the relevant assessment areas and the test criteria that shall be taken into consideration.

8 VDA Recommendation 4958 T 4 1st edition, June 2007 Page 8 of 28 Chapter 4 provides information on conducting a test and certification. 1.6 Abbreviations, definitions Abbreviations 3D three-dimensional AIP DIP E/E GoBS LTA PK-DML SIP SoD VDA VOI TÜViT Archival Information Package Dissemination Information Package Electric/Electronic Grundsätze ordnungsgemäßer DV-gestützter BuchführungsSysteme (generally accepted principles of computer-based accounting systems) Long-Term Archive, Long-Term Archiving PrüfKriterien für DokumentenManagementLösungen (test criteria for document management solutions) Submission Information Package Separation of Duties Verband Der Automobilindustrie Verband Organisations- und Informationssysteme e.v. Technischer ÜberwachungsVerein InformationsTechnik GmbH is an accredited testing and certification service provider in the field of IT security Definition of terms According to PK-DML, a Document Management System (DMS) is an electronic system which provides features that safeguard the probative force of electronic documents throughout their lifecycle including versioning handling and processing control archiving output and reproduction protection functions (access authorization, integrity, authenticity, etc.) Document management systems are initially all-purpose solutions, i.e. they are not subject to any factual or legal restrictions regarding usage. Systems with these kinds of restrictions are solutions of special applications (e. g. financial accounting systems). This distinction is important for the operator because the factual and legal significance of all-purpose solutions arises from its individual usage. LTA solutions are comparable to DMS solutions. probative force is a term used to refer to features that are fully transparent and are protected against unintentional changes and manipulations in a defined manner. operator of an LTA solution is the legally responsible party. If operative application is outsourced to a third party (e. g. to a computer center), this does not change the legal operator. LTA solution is the holistic view of a technical and organizational overall solution. The view of an LTA system is therefore expanded in the assessment criteria to an LTA solution (LTA).

9 VDA Recommendation 4958 T 4 1st edition, June 2007 Page 9 of 28 LTA system: see LTA solution Content Information (CI in accordance with ISO14721) is the actual digital (user) data that is to be archived, i.e. the actual content and the corresponding presentation information Procedural documentation is, in addition to the concrete LTA solution, the second, important test object. It comprises the description of the processing processes functionalities management functions provided by the LTA solution measures for data protection and data security administrative data is information which is directly associated with the usage of the archive environment, the storage and later use of the content information. 1.7 Further applicable documents DIN EN ISO9001, quality management systems; requirements 1.8 Further references PK-DML - test criteria for document management solutions, Second edtion, VOI Verband Organisations- und Informationssysteme e.v. CEFE Leitfaden für die Langzeitarchivierung technischer Daten und Dokumente; CEFE CAD/CAM-Entwicklungsgesellschaft; ISBN GoBS Grundsätze ordnungsgemäßer DV-gestützter Buchführungssysteme

10 VDA Recommendation 4958 T 4 1st edition, June 2007 Page 10 of 28 2 Basic principles of assessment The criteria described comprises the minimum requirements. Fulfilment of these requirements is a prerequisite for successful certification. In this sense, they are K.O. criteria. 2.1 Assessment aspects The test criteria in Chapter 3 result from giving due consideration to the following aspects: - correctness - completeness - transparency - immutability - availability To ensure a separation of testing responsibilities, a distinction is made between technical/organizational aspects and legal aspects. The legal aspects do, however, have an impact on the correct technical and organizational implementation. LTA solution Technical fields of application Manufact. documents 3D CAD data E/E documen - tation Objects subject to technical tests Tech. + organizational implementation Correctness Completeness Transparency Immutability Availability Core criteria Objects according to VDA Procedural documentation Figure 1: Assessment aspects Figure 1 shows the assessment aspects for an LTA solution for storing 3D CAD data. Specifications for other areas of application such as, for example, manufacturing documents or electric/electronic documentation could be made in the same way. 2.2 Overview of the assessment areas The procedural documentation that provides the basis for the examination shall give consideration to all the relevant aspects of the solution, thus making an assessment of the requirements possible. It shall therefore provide information on, at least the assessment areas listed below.

11 VDA Recommendation 4958 T 4 1st edition, June 2007 Page 11 of 28 These assessment areas and the measures recommended for these areas are based on the PK-DML test criteria and are described in Chapter 3. (1) General description of the area of application (2) Factually logical system solution (3) Technical system solution and migration (4) IT security (5) Technical operation (6) Processes (7) Employee qualifications (8) Tests (9) Maintenance (10) Internal control system (ICS) The development of suitable procedural documentation is one of the main tasks involved in ensuring verifiability, and it is a prerequisite for possible certification. The procedural documentation provides a red thread and explains the implementation concepts as well as the main coherencies. The full particulars for company-specific implementation are explained in referenced secondary documents. This also makes it easier to maintain the documentation. The following provides brief guidelines for creating procedural documentation. To facilitate the study of the documents within the context of an examination, it is appropriate and necessary to adhere to the above-mentioned 10-point structure. To keep creation and maintenance as simple as possible, references to existing company-specific documentation and other related documentation in which, for example, organizational structures are maintained make sense and are permitted. In this case, however, it shall be ensured that prompt access to these documents is possible and that the overall context remains fully transparent with regard to content and chronology. Information and aspects that are subject to frequent change or updates should be separated from the main body of text as easily maintainable appendices or secondary documents. An appropriate reference in the appropriate chapter is then sufficient. Certification is always performed on the basis of ISO 9001 at a minimum. Certification according to the PK-DML test criteria and in consideration of the recommendations provided in VDA 4958 is recommended with regard to the specific needs relating to the LTA of 3D product data. 2.3 Benefits The structural organization and the holistic IT approach create transparency in complex LTA solutions. Transparency provides an opportunity to avoid risks and costs. The criteria described comprise the minimum requirements that shall be satisfied in order for an LTA solution to be certified. All the individual criteria have been formulated as positive statements. Certification can only be performed if all the statements apply to the LTA solution being examined or have been implemented accordingly. In this sense the statements are K.O. criteria.

12 VDA Recommendation 4958 T 4 1st edition, June 2007 Page 12 of 28 3 Assessment criteria The following sections provide a description of the main assessment criteria that are to be examined. The assessment is performed using individual test criteria, which are listed separately for each assessment criterion and described briefly. The assessment criteria comprise both requirements relating to the operator of an LTA solution as well as the actual test criteria. 3.1 Assessment area 1: General description of the area of application The general description of the area of application provides an overview of the company, its structural and procedural organization, as well as the general conditions and integration of the LTA solution in the company Description of the organization The company and the organizational units involved in the archiving process shall be described in sufficient detail and their organization-specific focus shall be identified. This includes - a general description of what the company does, its core competences and a brief description of the branches of industry it is involved in (e. g. by means of appropriate company brochures if these provide a complete picture of the company) - a list of the organizational units involved in the archiving process and a general description of what they do The exact location of the organizational units involved in the archiving process shall be described. This includes - the exact address of the location(s) - the names of the divisions Organizational structure The organizational structure shall be described in an easily understood manner, both in text and graphic form. This description shall illustrate in particular the relationships between the organizational units, e. g. using an organizational chart and responsibility matrix. It should also include a description of the role for which each organizational unit involved in the archiving process assumes responsibility according to VDA The description of the organizational structure provides the framework for assessing the individual organizational measures throughout the entire LTA process Procedural organization The procedural organization shall be described in an easily understood manner, both in text and graphic form. It shall be an abstract containing from the generation of the content information to data preparation, ingest and archival storage to retrieval from the archive and further use of the archived data. The procedural organization shows what happens to the data and documents as they pass through the organizational units and thus provides information, for example, about who creates, modifies, releases which data and/or documents, as well as who adds data and/or documents to the archive or retrieves data and/or documents from the archive. The description depth should be oriented to the top level of the reference process description according to VDA Classification of the archiving process with regard to the engineering and/or product development process shall also be provided.

13 VDA Recommendation 4958 T 4 1st edition, June 2007 Page 13 of 28 The responsibilities of the organizational units involved shall be shown in relation to the existing process and illustrated by an appropriate figure. 3.2 Assessment area 2: User-oriented description of the LTA solution A description shall be provided which illustrates the following: - agreements relating to the goals to be achieved by and tasks to be performed by the LTA solution - description of the main target groups of data users who are (to be) provided with information from the LTA solution - structural and procedural organization of the organizational units involved - the technical tasks connected with the LTA solution from the user s point of view - the documents (stocks) relevant to the LTA solution - the general legal conditions relevant to the LTA solution and the resulting requirements to be satisfied by the LTA solution - other company-specific requirements to be satisfied by the LTA solution The purpose of the LTA solution is described from the factually logical view of the technical departments (see also VDA ). The description depth shall illustrate the concrete design of the LTA solution against the background of the technical goals Key data and goals The key data and the goals of the LTA solution shall be described, and the legal context of the LTA solution shall be provided. The requirements to be satisfied are to be documented precisely on the basis of the use cases that are to be supported (see VDA ). Examples include - storage of data as proof in the event of any legal disputes - proof of the application of and compliance with valid safety regulations - proof of state-of-the-art design - safeguarding the quality and long-term availability of the data and thus safeguarding company know-how Organizational description An organizational description of the divisions involved shall be drawn up. In particular, the separation between the roles in the testing and decision-making instances within the organizational units involved shall be apparent. The description is a further detailing of the documentation provided in 3.1.2, but only with regard to the organizational units affected by the LTA solution. In particular, the person-specific and system-specific roles that are actually assigned within the company shall be described and compared with the role requirements from the LTA reference process (VDA ). Additional information about a separation of roles will be provided in section Documents in the archive A list of the documents in the archive and their retention periods shall be maintained, and proof of compliance with the retention periods shall be provided. The retention periods follow the recommendations made in VDA and are documented using the LTA metadata (see data directory in VDA ).

14 VDA Recommendation 4958 T 4 1st edition, June 2007 Page 14 of Processing rules The processing rules shall be described as company-specific operating and procedural instructions. They shall be in line with the LTA reference process. This not only includes instructions for the organizational units and employees but also technical rules for automated procedures in the LTA solution. In the procedural documentation relevant to certification, it is sufficient to name the main procedural instructions together with a brief description of what they regulate and who shall follow them Electronic signatures Electronic signatures shall used in accordance with the LTA reference process. A distinction shall be made between signed incoming documents (e. g. in the SIP Submission Information Package) and the time signature generated during archiving as proof of the integrity of a digital document Additional guidelines All the guidelines to be observed by the archiving process and the IT solutions involved such as laws, regulations, requirements and agreements shall be documented individually. The documentation shall be supplemented with VDA The responsibility and authority of the person assigned to the archiving environment shall be defined to ensure that requirements of VDA 4958 are met and that company-specific QM systems and guidelines continue to be supported. 3.3 Assessment area 3: Technical LTA solution and migration The technical implementation of the LTA solution and the audit-proof archiving it provides shall be described in an easily understood manner. The description shall include not only a general survey of the hardware and software used, but also a description of the individual components and their interaction. A concept for ensuring the long-term availability of the archived document shall also be included. The degree of detail provided in the description of the technical hardware components is determined by the significance of the respective component to the LTA solution. All the components that are directly involved in the LTA process and have an impact on the integrity, quality and consistency of the content information and administrative data shall be documented in detail. Block diagrams, for example, are very useful for describing the hardware components and software modules. A description of which systems are involved with which functions shall be provided. This includes documentation of the names, tasks, interactions and interfaces of the software components used. The LTA-specific components and modules shall be described in more detail. The following sections contain current examples of important components in the archiving solution (hardware and software) Storage system Storage systems shall be defined specifically for each company and shall be oriented towards recognized national and international standards. The storage system also includes the LTA-compliant storage medium. The main criteria for selecting a suitable storage medium according to CEFE guidelines are: durability

15 VDA Recommendation 4958 T 4 1st edition, June 2007 Page 15 of 28 proven technology availability cost handling Converters for content information Converters convert the content information from the source format to the archive format as well as subsequently to the desired target format. A description of the measures used to ensure the equivalence of the formats with regard to content shall be included (see VDA and -3). If the formats are the same, the conversion step in the process is omitted (see VDA ) Output systems Output systems are devices and software components for the visualization of the content information and administrative data. The output system shall ensure complete and correct retrieval Servers The infrastructure components that communicate with the LTA solution or upon which the LTA solution is based shall be described (e. g. operating systems, databases, application servers) Clients Clients active in the archiving process (e. g. capture, indexing) shall be described in detail. Passive clients in the archiving process (search) shall be described with regard to functionality and security-related matters of LTA tasks Network components The network components constitute a major quality characteristic of an LTA solution with regard to the security and performance. Therefore, a complete and detailed description is required Other devices Other devices include, for example, uninterruptible power supplies (UPS) and card readers for electronic signatures. These devices shall also be described Graphical system representation The technical system solution shall be outlined graphically. The representation should provide a general survey of the individual system components and their context within the LTA solution so that the components described can be classified and assessed properly LTA software and customizing The LTA software components used, as well as any company-specific customizing, shall be described. In the case of standard software, the documentation provided by the manufacturer (data sheets, user manuals, etc.) is sufficient for describing the functionality. Any customizing performed shall be described in detail.

16 VDA Recommendation 4958 T 4 1st edition, June 2007 Page 16 of User interfaces The user interfaces for input and output shall be described. In the case of standard software, a reference to the manufacturer s user manual is sufficient Interfaces The interfaces to other integrated and adjoining systems shall be described. They constitute a major quality characteristic and safety feature within the LTA solution. Therefore, a complete and detailed description is required. It is recommended that you supplement the description with a graphical representation which illustrates the connection between the systems involved. In the case of interfaces to key system components (e. g. CAD systems, PDM systems, archive systems) in particular, it is important to describe how the completeness of the data and documents is checked and safeguarded Network system description The infrastructure and layout of the network(s) shall be described. In complex networks, the level of detail used for the description can be oriented towards the significance of the respective parts of the network to the LTA solution Electronic signatures The signature technologies used shall be documented. Proof shall be provided that the requirements relating to the signature processes formulated in assessment area 2 are satisfied by the procedures used. Signatures have to be verifiable consistently Signature generation and verification components The components used to generate and verify signatures shall be described. The descriptions correspond to the documentation of the named software components (see section LTA software and customizing) and indicate the type of signature technology used and basic principles of this technology. If required, the certificates used shall be included and the issuing body named Conditions for migration The conditions for migration from the point of view of the manufacturer and with regard to the migration capability of the system solution shall be described. The further development, long-term use of information and migration of all types shall be provided for and documented beyond the respective realization and production phases. 3.4 Assessment area 4: IT Security Every company that operates an LTA solution shall establish and utilize a general IT security concept (e. g. a disaster recovery plan according to ISO 27001). The general security concept comprises rules and practices that specify how sensitive operating resources and information are protected. It describes threats and risks security measures

17 VDA Recommendation 4958 T 4 1st edition, June 2007 Page 17 of 28 the operational structuring of the measures the technical components used The protection requirements and specific threats to the components of the LTA solution shall be identified and the measures needed to address these threats shall be described. This also includes the logging of all sensitive operations and transactions that involve the archive according to VDA Threats and measures The protection requirements and specific threats to the components of the LTA solution shall be identified. The protection requirements relating to the individual components are determined by the extent to which they merit protection and an analysis of the threats. The measures needed to address these threats shall be described on the basis of organizational and technical solutions Disaster recovery planning Disaster recovery planning for the LTA solution shall be described. It ensures that the content information and administrative data, as well as all the AIPs stored in the archive, can be recovered in the event of a disaster or other breakdown LTA-specific data protection concept The specific data protection measures for the LTA solution shall be described. The description, including the appropriate and easily understood rationale behind the measures, shows how data loss can be reliably avoided User administration and authorization concept The various types of access and access rights shall be described according to the roles in the LTA process (see VDA ). Due to the security risks (3.4.1) and sensitivity of the LTA data, the differences with regard to the general IT user administration and authorization concept in particular shall be documented for the LTA solution. Measures for access protection can be implemented directly at operating system level or in the application level of the LTA solution Transaction and data consistency protection As part of the LTA system solution, especially with regard to the interfaces to third-party systems from which documents are received, the mechanisms and concepts for transaction and data consistency protection shall be documented Logging All procedures and transactions in the LTA solution that are relevant to logging are identified in VDA The requisite logging depth shall be specified and documented as required for each use case and the company in question. It shall be possible to present the logs at any time for the purpose of transparency and providing proof of the correctness of the procedures in the LTA environment System stability Measures to ensure the stability of LTA solution shall be documented, and the reasons for these measures shall be given.

18 VDA Recommendation 4958 T 4 1st edition, June 2007 Page 18 of Access control LTA solutions require special measures for access control. These measures shall be described according to the role in question. Access control includes, for example, access to buildings, departments, individual rooms and the archive itself as well as access control relating to the entry, editing and reading of information (see also 3.4.4) Data privacy laws and control system Proof shall be provided that the requirements relating to control measures in accordance with current data protection regulations are fulfilled. In addition to data protection legislation, attention shall also be given to other regulations such as, for example, employee data protection based on the Works Constitution Act, depending on the usage involved. The requisite control measures arise from the data protection regulations and have normally already been taken into consideration by the general IT security concept or access protection. 3.5 Assessment area 5: Technical operation A description of the measures taken to ensure the proper operation of the LTA solution (operating conditions, operating requirements and operating processes) and their implementation shall be provided. The organizational structure of the organizational units responsible for operation and their interaction with regard to the implementation of the defined measures shall be described. The following sections examine the general constructional and organizational prerequisites for proper LTA operation. Technical operation is subdivided into general organizational conditions, operational processes during normal operation and operational processes in emergency scenarios. During standard operation, focus is placed on the handling of the LTA system components and the data storage media as well as on monitoring. In emergency scenarios, on the other hand, focus is placed on ensuring fast recovery of the system, the content information and the administrative data without any losses Responsibilities Responsibilities relating to operation of the LTA solution shall be regulated and documented accordingly. This documentation shall include, at a minimum, the responsibilities and a description of the roles. It is recommended that a distinction be made between internal and external persons and organizational units in the description of the roles involved and their respective responsibilities. A detailed description of the responsibilities supplements the information provided in the assessment area 1 (3.1) Building Related prerequisites Proof shall be provided that the site used for operating the LTA solution satisfies the contractual prerequisites, so that the requirements of other assessment areas (e. g ) are met. The special test and certification program Trusted Site Infrastructure from TÜViT can, for example, be used to perform a detailed examination of the availability of the IT infrastructure also from a physical point of view in order to assess the aspects relating to site structure and supply systems.

19 VDA Recommendation 4958 T 4 1st edition, June 2007 Page 19 of Operating conditions for the hardware components of the LTA solution The operating conditions (such as, for example, air-conditioned rooms) are determined by the requirements specified for the hardware components by the manufacturer, and these requirements shall be fulfilled Operating conditions for the software components of the LTA solution The operating conditions (such as, for example, certain operating systems) are determined by the requirements specified for the software components by the manufacturer, and these requirements shall be fulfilled Occupational health and safety It shall be ensured that the requisite occupational health and safety measures, e. g. workstation design and arrangement, are implemented and complied with Operating procedures The operating procedures for LTA operation relate to working with the LTA solution and are normally based on the general procedures for IT operation. It includes procedures for normal operation (including maintenance) and for emergency scenarios Data protection concept The data protection concept and the description of its contents are part of the IT security concept (3.4). It shall be ensured that the concept is implemented in day-to-day operation by authorized persons Handling of data storage media Rules regarding the handling of the data storage media (e. g. labelling, storage, removal from a jukebox, monitoring data redundancy) shall be established by means of operating procedures. Backup copies that have been generated shall be stored in a safe place (in a different building or somewhere equivalent). The procedural documentation shall provide proof of how the content on the data storage media came about. A description shall be provided, for example, of who (person or process) stored or transferred which data to a certain data storage medium and when System maintenance Adequate maintenance of the LTA solution shall be ensured by authorized persons (see also 3.3.9) Monitoring of proper operation It shall be ensured that a defined process role (represented by a person or an organizational unit) monitors operation of the LTA solution according to the recommendations of the manufacturer or system integrator Hardware upgrades It shall be ensured that someone at the LTA operator s end be designated as responsible for upgrading the system. A procedure that has been coordinated with the hardware manufacturer and the person responsible for LTA and which outlines the upgrading or modification of hardware shall be provided Software updates It shall be ensured that a person at the LTA operator s end be designated as responsible for updating the software. The LTA software is normally updated or modified by the LTA solution provider. A procedure that has been coordinated with the person responsible for

20 VDA Recommendation 4958 T 4 1st edition, June 2007 Page 20 of 28 LTA at the LTA operator s end and which outlines the updating or modification of software shall be provided. It shall include or give due consideration to the specific supplementary programs, modules and/or scripts with which the solution provider is not normally familiar due to the fact that they have been created by the user, for example, by customizing Restart A restart is taken to mean the restart of the LTA solution after a disruption of operations. A process role responsible for initiating a system restart shall be defined, and an operating procedure shall be provided. It is recommended that restarting the system be practiced at regular intervals using a test system Recovery A process role responsible for initiating a recovery of the LTA solution shall be defined, and an operating procedure or a disaster recovery plan shall be provided. It is recommended that recovery be practiced at regular intervals using a test system. 3.6 Assessment area 6: Processes All the processes associated with the LTA solution that are relevant to the handling and processing of content information and administrative data are described in VDA Only the processes not attributed to the ongoing technical and organizational operation of an archive according to section 3.5 are described in this section. The main assessment criteria of the LTA processes are listed in the following sections Ingest of content information The consistency of the content of the data to be archived (SIP) and, optionally, storage of presentation information for this data shall be ensured during the ingest process (AIP), and proof shall be provided. The technical requirements are determined by the use cases for future data usage (VDA ) Handling digital content information and administrative data The digital content information and administrative data shall be handled in accordance with the recommendations in VDA including any company-specific process customizing. This includes the design of the processes used to prepare the data for long-term archival, the archiving of the data itself and the steps required to access and reprocess the archived data in order to assure an adequate level of quality for the data and documents. Operating procedures and process specifications for the roles defined in VDA shall be created and submitted. The handling of the digital content information and administrative data shall also be taken into consideration by IT security (3.4), including the authorization concept Quality assurance measures The measures taken to safeguard the assessment aspects (2.1) by means of validation mechanisms (VDA ) shall be described, and proof of their error-free functioning shall be provided. This proof can be provided by suitable procedures (e. g. checksum procedures, random checks, plausibility checks), as well as by technical and organizational measures.

21 VDA Recommendation 4958 T 4 1st edition, June 2007 Page 21 of Access and processing of content information and administrative data Regulations and functions regarding access to and processing of data that apply to IT solutions (e. g. check-in/check-out mechanisms, locking mechanisms, write permissions, logging) also apply to the LTA solution. They shall be described and their correct functioning shall be validated by spot checks, e. g. in the audit Version control for content information Changes to content information are subject to version control. A description of how versioning is performed and what nomenclature is used shall be included Logging Changes to administrative data shall be logged for a complete change history. Changes to index information and documents shall be indicated. A description of how logging is performed and what nomenclature is used shall be included. If, as the case may be, logging of any changes made is only to be performed for a subset of the administrative data, this shall be specified and described as it pertains to the company in question Data transfer of content information and administrative data Significant data transfer steps (forwarding) of content information and administrative data shall be logged. This includes, at a minimum, data transfer involving the process roles data creator, preparer, archive and consumer Granting and logging authorizations Organizational stipulations for the granting of authorizations by authorized persons shall be made, and appropriate procedures shall ensure compliance with these stipulations. These types of authorizations can, for example, be granted for dissemination of content information to consumers access to information that has a security rating the deleting of documents in the archive The stipulations relating to the granting of authorizations are normally reflected in the guidelines governing IT security (3.4). It shall be possible at all times to determine which authorized person granted which authorization at what point in time Immutability The LTA process (VDA ) shall ensure that the content information cannot be changed and this shall be verified by means of certification Logging archiving operations To ensure transparency, every archiving operation (Archival Storage process step in VDA ) shall be logged Retrieval time for archived data It shall be ensured, from both a technical and organizational point of view, that the archived data can be located and retrieved quickly enough. The retrieval of information from the archive refers to complete documentation pursuant to mandatory archiving and applies, at a minimum, to all the documents relevant for (product) approval. Spot checks should be performed at regular intervals to ensure retrieval.

22 VDA Recommendation 4958 T 4 1st edition, June 2007 Page 22 of History of content information and administrative data It shall be possible to examine the processing history of the content information (e. g. validation, changes to the formats) and the change history of administrative data Retrieving content information The consistency of the content of the archived data (AIP) and, optionally, the accurate reproduction of this data shall be ensured during the dissemination process (DIP), and proof shall be provided. This is a result of the technical requirements for the use cases for data usage (VDA ). Random samplings should be used to prove that the content information and/or documents can be made available at any time and after appropriate editing if applicable Proof relating to associated product documentation Proof shall be provided of the correlation between product documentation and the relevant product or part. Proof shall be provided, for example, that the product documentation provided can be used to manufacture the product or part in question. 3.7 Assessment area 7: Employee qualifications The qualifications required for employees to use and properly operate the LTA solution shall be described. Proof shall be provided of the pertinent qualifications of the respective employees and appropriate qualification measures shall be documented. The operator of the LTA solution shall ensure that all employees involved with operation have the requisite know-how and skills. At the very least, the roles according to VDA shall be specified and their corresponding activities, as well as any resulting requirements regarding the level of know-how, shall be described Roles The roles shall be described in accordance with VDA , and the employees involved shall be familiar with their role(s) in the LTA process Required know-how The know-how required for each role shall be defined, e. g. technical know-how regarding the LTA processes and utilization of the LTA solution knowledge of the LTA system components used and their administration, as well as knowledge of the administrative processes The requirements profile for the respective tasks shall be adapted to current needs at regular intervals Responsibilities The operator of the LTA solution shall name one or more persons who are then responsible for employee qualifications. This could, for example, be the IT manager who is responsible for the qualifications of system administrators or a person who is responsible for the qualifications of the people generating the data and using the data in the individual departments Qualification measures The responsible persons initiate and document the concrete measures for employee qualification as determined by the requirements of the roles on the one hand (3.7.2) and