ISO/IEC INTERNATIONAL STANDARD 30121 First edition 2015-03-15 Information technology - Governance of digital forensic risk framework Technologies de I'information -Gouvernance du cadre de risque forensique numerique Referencenumber IS0/IEC30121:2015(E) ISO IEC @IS0/IEC2015 IS0/IEC30121:2015(E) COPYRIGHTPROTECTEDDOCUMENT IS0/IEC2015 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISo's member body in the country of the requester. ISO copyright office Case postale 56.CH-1211Geneva 20 Tel.+41227490111 Fax+41227490947 E-mail [email protected] Web www.iso.org Published in Switzerland IS0/IEC 2015-All rights reserved IS0/IEC30121:2015(E) Contents Page Foreword ..iv Introduction. ..V 1 Scope. .1 2 Normativereferences ..1 3 Terms and definitions .1 4 Principles .2 4.1 Responsibility 2 4.2 Strategy. 2 4.3 Acquisition. 2 4.4 Performance 2 4.5 .2 Conformance 4.6 Human behaviour 2 5 The framework. .2 5.1 Stakeholdermandate .2 5.2 Establishment. 2 5.3 Evaluate .2 5.4 Direct .3 5.5 Monitor 3 6 Processes 3 6.1 Archival strategy .3 6.2 Discovery strategy. 3 6.3 Disclosure strategy .3 6.4 Digital forensic capability strategy 3 6.5 Risk compliance strategy .3 7 Metrics .4 7.1 General. .4 7.2 Key goal indicators. .4 7.3 Key performance indicators .4 7.4 Key business indicators .4 Annex A (informative) International Standard overview Bibliography ..6 isnscaaa-Allrightsreserved ili