ISO 16363
ISO 16363 is an international standard that defines criteria for auditing and certifying whether a digital repository is trustworthy enough to preserve digital records over the long term.
ISO 16363 is the standard for “Audit and Certification of Trustworthy Digital Repositories,” built directly on the OAIS reference model (ISO 14721). It translates the abstract OAIS framework into concrete, assessable criteria across three areas: organizational infrastructure (governance, staffing, financial sustainability, succession planning), digital object management (ingest, storage, metadata, fixity, and access controls), and infrastructure and security risk management.
In recordkeeping, ISO 16363 matters because long-term retention is meaningless if the repository holding the records cannot demonstrate that those records remain authentic, intact, and retrievable years or decades later. An auditor using ISO 16363 checks not just that files exist, but that the institution has documented provenance, integrity-checking processes, and a credible plan to migrate formats before they become obsolete.
It is a measurement and certification standard, not a software specification. A repository that merely stores files is not “trustworthy”; one that can prove, through evidence and process, that it preserves meaning and authenticity over time can be certified against ISO 16363.