Long term archiving (LTA) of digital product data which are not based on technical drawings. Part 4: Certification

(1)

which are not based on technical drawings

Part 4: Certification

_{T 4}

These non-binding recommendations serve to establish basic, common requirements regarding the processes for and organization of the long-term archiving of digital product data generated during product development which is not based on technical drawings. They were drawn up in the VDA “Long-Term Archiving” project group, which is part of the VDA “CAD/CAM” working group.

1st edition from June 2007

Working Group "CAD/CAM"

Published by: Verband der Automobilindustrie Copyright

Westendstraße 61 Copies and any other form of Postfach 17 05 63 duplication shall include a correct 60079 Frankfurt citation of the source.

Telephone +49 69/97507-284 Telefax +49 69/97507-300 Internet: www.vda.de

(2)

Copyright: VDA

Disclaimer

The VDA recommendations are recommendations that are available for anyone to use. Anyone using these recommendations is responsible for ensuring that they are used correctly.

The VDA recommendations give due consideration to the prevailing state-of-the-art at the time of publication. Use of the VDA recommendations does not allow a person to avoid assuming responsibility for his or her actions. In this respect, everyone acts at their own risk. The VDA and the parties involved in drawing up the VDA recommendations assume no liability whatsoever.

We request that anyone encountering an error or the possibility of an incorrect interpretation when using the VDA recommendations contact the VDA immediately so that any errors can be rectified.

The document is a translation of the German version. Therefore the German document represents the original and should be referenced in the case of discrepancies. Due to the fact that this document is a translation, it may be the case that the English text leaves room for interpretation because certain terms are often deeply rooted in the original language, and therefore it is not possible to translate them into another language without a certain degree of ambiguity arising.

(3)

List of Figures

Figure 1: Assessment aspects... 10

(6)

Copyright: VDA

1 General

1.1 Preface

The introduction of digital technology throughout the lifecycle of an automobile has brought about fundamental changes in the handling of product data. These changes also affect the long-term archiving of digital product data in particular.

Up until now, the long-term archiving (LTA) of product data involved the creation and storage of 2D drawings. Administrative and organizational product data (PDM/PLM data) was archived as part of the 2D drawing (e. g. in the title block) and/or in other documents. Without 2D drawings, the 3D CAD model shall now fulfill the same requirements for long-term archiving.

The recommendation VDA 4958 was drawn up because there were previously no rules according to which 3D CAD data could be archived securely and later be accessed and interpreted.

The fourth part of the recommendation addresses the following aspects:

- Identification of assessment areas and test criteria for conformity testing involving an LTA solution for digital product data which is not based on technical drawings with respect to the recommendations in Parts 1 to 3 (see 1.5).

- Description of special characteristics regarding the testing and certification of this LTA solution as an extension of the generally applicable criteria for proper documentation.

ISO9001 provides a process-oriented approach for the definition of requirements relating to quality management systems. It can be used, for example, to verify the ability to ensure the permanent availability of products or satisfy the requirements of customers and/or government agencies.

Based on the generally accepted principles of computer-based accounting systems (GoBS) and ISO9001, the IT association Verband Organisations- und Informationssysteme e.V. (VOI) and TÜViT have already developed test criteria for document management solutions (PK-DML) that allow for a proper certification procedure. These criteria create a basis for a neutral third party to verify trustworthy and audit-safe document management solutions.

Part 4 of VDA 4958 provides recommendations for the verification of reliable LTA workflows as the basis for certification based on, and in addition to, IS09001 while giving due consideration to PK-DML. Certification of the LTA workflows serves as proof that, at the respective time, everything “humanly possible” was done according to the prevailing state of the art with regard to the proper and adequate archiving and corresponding documentation.

The recommendations contained in Part 4 are to be viewed as an extension of the archiving and certification processes already established in 2D environments, i.e. previously valid certification criteria also apply to product data which is not based on technical drawings and which falls within the scope of application of VDA 4958.

(7)

1.2 Objectives and scope of application

VDA 4958 is relevant to development and documentation processes if 3D representations (3D master models) are the only basis for development and documentation and if the established 2D archiving processes are not longer applicable due to economic or technical aspects.

The description of the data and models relevant to long-term archiving refers to 3D CAD data and requisite non-geometric data. With regard to this data, every company shall give due consideration to generally accepted rules and recommendations regarding the archiving of digital documents such as, for example, security and backup solutions in the archive system.

VDA4958-4 provides recommendations for the verification of reliable LTA workflows as the basis for certification with the following technical background:

Basic conditions shall be created that ensure that 3D CAD models and product data for drawing-based documentation can be put on par with each other from both a technical and legal point of view. This includes understanding and verification of the integrity (see VDA 4958-1).

The characteristics of potential company-specific LTA solutions can be evaluated on the basis of generally accepted assessment aspects.

The assessment relates to all aspects of an LTA solution such as, for example, organizational measures, man-machine interfaces, IT infrastructure as well as all security-related requirements within the overall context of the LTA process. Transparency shall be established for all aspects in order to ensure verifiability.

1.3 Changes compared with previous version

Version Change Chapter Page

1.0 No changes; first edition

1.4 Compatibility with previous versions

Not applicable; first edition.

1.5 Structure of the recommendation

Part 1 identifies requirements relating to the long-term archiving of product data that exists in digital form only, summarizes certain legal and technical aspects and provides the basis for the other parts of the recommendation.

Part 2 provides recommendations for designing the processes used to prepare the data for long-term archiving, the archiving of the data itself, and the steps required to access and reprocess the archived data.

Part 3 defines the minimum requirements to be satisfied by the information in the 3D CAD representations and non-geometric product structure descriptions that is to be archived – both from the user’s point of view and on the basis of the process definition.

Part 4 provides recommendations for the verification of reliable LTA workflows as the basis for certification.

Chapter 2 describes the basic principles for assessing LTA solutions.

Chapter 3 identifies the relevant assessment areas and the test criteria that shall be taken into consideration.

(8)

Copyright: VDA

Chapter 4 provides information on conducting a test and certification.

1.6 Abbreviations,

definitions

1.6.1 Abbreviations

3D three-dimensional

AIP Archival Information Package DIP Dissemination Information Package E/E Electric/Electronic

GoBS Grundsätze ordnungsgemäßer DV-gestützter BuchführungsSysteme (generally accepted principles of computer-based accounting systems) LTA Long-Term Archive, Long-Term Archiving

PK-DML PrüfKriterien für DokumentenManagementLösungen (test criteria for document management solutions)

SIP Submission Information Package SoD Separation of Duties

VDA Verband Der Automobilindustrie

VOI Verband Organisations- und Informationssysteme e.V.

TÜViT Technischer ÜberwachungsVerein InformationsTechnik GmbH is an accredited testing and certification service provider in the field of IT security

1.6.2 Definition of terms

According to PK-DML, a Document Management System (DMS) is an electronic system which provides features that safeguard the probative force of electronic documents throughout their lifecycle including

• versioning

• handling and processing control • archiving

• output and reproduction

• protection functions (access authorization, integrity, authenticity, etc.)

Document management systems are initially all-purpose solutions, i.e. they are not subject to any factual or legal restrictions regarding usage. Systems with these kinds of restrictions are solutions of special applications (e. g. financial accounting systems). This distinction is important for the operator because the factual and legal significance of all-purpose solutions arises from its “individual usage”.

LTA solutions are comparable to DMS solutions.

probative force is a term used to refer to features that are fully transparent and are protected against unintentional changes and manipulations in a defined manner.

operator of an LTA solution is the legally responsible party. If operative application is outsourced to a third party (e. g. to a computer center), this does not change the legal operator.

LTA solution is the holistic view of a “technical and organizational” overall solution. The view of an “LTA system” is therefore expanded in the assessment criteria to an “LTA solution” (LTA).

(9)

LTA system: see LTA solution

Content Information (CI in accordance with ISO14721) is the actual digital (user) data that is to be archived, i.e. the actual content and the corresponding presentation information

Procedural documentation is, in addition to the concrete LTA solution, the second, important test object. It comprises the description of the

• processing processes • functionalities

• management functions provided by the LTA solution • measures for data protection and data security

administrative data is information which is directly associated with the usage of the archive environment, the storage and later use of the content information.

1.7 Further applicable documents

DIN EN ISO9001, quality management systems; requirements

1.8 Further

references

PK-DML - test criteria for document management solutions, Second edtion, VOI Verband Organisations- und Informationssysteme e.V.

CEFE Leitfaden für die Langzeitarchivierung technischer Daten und Dokumente; CEFE CAD/CAM-Entwicklungsgesellschaft; ISBN 3-00-016551-7

(10)

Copyright: VDA

2 Basic principles of assessment

The criteria described comprises the minimum requirements. Fulfilment of these requirements is a prerequisite for successful certification. In this sense, they are K.O. criteria.

2.1 Assessment

aspects

The test criteria in Chapter 3 result from giving due consideration to the following aspects: - correctness

- completeness - transparency - immutability - availability

To ensure a separation of testing responsibilities, a distinction is made between technical/organizational aspects and legal aspects. The legal aspects do, however, have an impact on the correct technical and organizational implementation.

Figure 1: Assessment aspects

Figure 1 shows the assessment aspects for an LTA solution for storing 3D CAD data. Specifications for other areas of application such as, for example, manufacturing documents or electric/electronic documentation could be made in the same way.

2.2 Overview of the assessment areas

The procedural documentation that provides the basis for the examination shall give consideration to all the relevant aspects of the solution, thus making an assessment of the requirements possible. It shall therefore provide information on, at least the assessment areas listed below.

LTA solution

Procedural documentation Technical fields of application

Tech. + organizational implementation

Objects subject to technical tests Objects according to VDA4958 -4 Manufact.

documents 3DdataCAD

E/E documen -tation Core criteria Correctness Completeness Transparency Immutability Availability

(11)

These assessment areas and the measures recommended for these areas are based on the PK-DML test criteria and are described in Chapter 3.

(1) General description of the area of application (2) Factually logical system solution

(3) Technical system solution and migration (4) IT security (5) Technical operation (6) Processes (7) Employee qualifications (8) Tests (9) Maintenance

(10) Internal control system (ICS)

The development of suitable procedural documentation is one of the main tasks involved in ensuring verifiability, and it is a prerequisite for possible certification.

The procedural documentation provides a “red thread” and explains the implementation concepts as well as the main coherencies. The full particulars for company-specific implementation are explained in referenced secondary documents. This also makes it easier to maintain the documentation.

The following provides brief guidelines for creating procedural documentation. To facilitate the study of the documents within the context of an examination, it is appropriate and necessary to adhere to the above-mentioned 10-point structure. To keep creation and maintenance as simple as possible, references to existing company-specific documentation and other related documentation – in which, for example, organizational structures are maintained – make sense and are permitted. In this case, however, it shall be ensured that prompt access to these documents is possible and that the overall context remains fully transparent with regard to content and chronology.

Information and aspects that are subject to frequent change or updates should be separated from the main body of text as easily maintainable appendices or secondary documents. An appropriate reference in the appropriate chapter is then sufficient.

Certification is always performed on the basis of ISO 9001 at a minimum. Certification according to the PK-DML test criteria and in consideration of the recommendations provided in VDA 4958 is recommended with regard to the specific needs relating to the LTA of 3D product data.

2.3 Benefits

The structural organization and the holistic IT approach create transparency in complex LTA solutions. Transparency provides an opportunity to avoid risks and costs.

The criteria described comprise the minimum requirements that shall be satisfied in order for an LTA solution to be certified. All the individual criteria have been formulated as positive statements. Certification can only be performed if all the statements apply to the LTA solution being examined or have been implemented accordingly. In this sense the statements are K.O. criteria.

(12)

Copyright: VDA

3 Assessment criteria

The following sections provide a description of the main assessment criteria that are to be examined. The assessment is performed using individual test criteria, which are listed separately for each assessment criterion and described briefly.

The assessment criteria comprise both requirements relating to the operator of an LTA solution as well as the actual test criteria.

3.1 Assessment area 1: General description of the area of application

The general description of the area of application provides an overview of the company, its structural and procedural organization, as well as the general conditions and integration of the LTA solution in the company.

3.1.1 Description of the organization

The company and the organizational units involved in the archiving process shall be described in sufficient detail and their organization-specific focus shall be identified. This includes

- a general description of what the company does, its core competences and a brief description of the branches of industry it is involved in (e. g. by means of appropriate company brochures if these provide a complete picture of the company) - a list of the organizational units involved in the archiving process and a general

description of what they do

The exact location of the organizational units involved in the archiving process shall be described. This includes

- the exact address of the location(s) - the names of the divisions

3.1.2 Organizational structure

The organizational structure shall be described in an easily understood manner, both in text and graphic form. This description shall illustrate in particular the relationships between the organizational units, e. g. using an organizational chart and responsibility matrix. It should also include a description of the role for which each organizational unit involved in the archiving process assumes responsibility according to VDA 4958-2.

The description of the organizational structure provides the framework for assessing the individual organizational measures throughout the entire LTA process.

3.1.3 Procedural organization

The procedural organization shall be described in an easily understood manner, both in text and graphic form. It shall be an abstract containing from the generation of the content information to data preparation, ingest and archival storage to retrieval from the archive and further use of the archived data. The procedural organization shows what happens to the data and documents as they pass through the organizational units and thus provides information, for example, about who creates, modifies, releases which data and/or documents, as well as who adds data and/or documents to the archive or retrieves data and/or documents from the archive.

The description depth should be oriented to the top level of the reference process description according to VDA 4958-2. Classification of the archiving process with regard to the engineering and/or product development process shall also be provided.

(13)

The responsibilities of the organizational units involved shall be shown in relation to the existing process and illustrated by an appropriate figure.

3.2 Assessment area 2: User-oriented description of the LTA solution

A description shall be provided which illustrates the following:

- agreements relating to the goals to be achieved by and tasks to be performed by the LTA solution

- description of the main target groups of data users who are (to be) provided with information from the LTA solution

- structural and procedural organization of the organizational units involved

- the technical tasks connected with the LTA solution from the user’s point of view - the documents (stocks) relevant to the LTA solution

- the general legal conditions relevant to the LTA solution and the resulting requirements to be satisfied by the LTA solution

- other company-specific requirements to be satisfied by the LTA solution

The purpose of the LTA solution is described from the factually logical view of the technical departments (see also VDA 4958-1). The description depth shall illustrate the concrete design of the LTA solution against the background of the technical goals.

3.2.1 Key data and goals

The key data and the goals of the LTA solution shall be described, and the legal context of the LTA solution shall be provided. The requirements to be satisfied are to be documented precisely on the basis of the use cases that are to be supported (see VDA 4958-3). Examples include

- storage of data as proof in the event of any legal disputes

- proof of the application of and compliance with valid safety regulations - proof of state-of-the-art design

- safeguarding the quality and long-term availability of the data and thus safeguarding company know-how

3.2.2 Organizational description

An organizational description of the divisions involved shall be drawn up. In particular, the separation between the roles in the testing and decision-making instances within the organizational units involved shall be apparent. The description is a further detailing of the documentation provided in 3.1.2, but only with regard to the organizational units affected by the LTA solution.

In particular, the person-specific and system-specific roles that are actually assigned within the company shall be described and compared with the role requirements from the LTA reference process (VDA 4958-2).

Additional information about a separation of roles will be provided in section 3.10.5.

3.2.3 Documents in the archive

A list of the documents in the archive and their retention periods shall be maintained, and proof of compliance with the retention periods shall be provided. The retention periods follow the recommendations made in VDA 4958-1 and are documented using the LTA metadata (see data directory in VDA 4958-3).

(14)

Copyright: VDA

3.2.4 Processing rules

The processing rules shall be described as company-specific operating and procedural instructions. They shall be in line with the LTA reference process. This not only includes instructions for the organizational units and employees but also technical rules for automated procedures in the LTA solution.

In the procedural documentation relevant to certification, it is sufficient to name the main procedural instructions together with a brief description of what they regulate and who shall follow them.

3.2.5 Electronic signatures

Electronic signatures shall used in accordance with the LTA reference process. A distinction shall be made between signed incoming documents (e. g. in the SIP – Submission Information Package) and the time signature generated during archiving as proof of the integrity of a digital document.

3.2.6 Additional guidelines

All the guidelines to be observed by the archiving process and the IT solutions involved such as laws, regulations, requirements and agreements shall be documented individually. The documentation shall be supplemented with VDA 4958.

The responsibility and authority of the person assigned to the archiving environment shall be defined to ensure that requirements of VDA 4958 are met and that company-specific QM systems and guidelines continue to be supported.

3.3 Assessment area 3: Technical LTA solution and migration

The technical implementation of the LTA solution and the audit-proof archiving it provides shall be described in an easily understood manner. The description shall include not only a general survey of the hardware and software used, but also a description of the individual components and their interaction. A concept for ensuring the long-term availability of the archived document shall also be included.

The degree of detail provided in the description of the technical hardware components is determined by the significance of the respective component to the LTA solution. All the components that are directly involved in the LTA process and have an impact on the integrity, quality and consistency of the content information and administrative data shall be documented in detail. Block diagrams, for example, are very useful for describing the hardware components and software modules.

A description of which systems are involved with which functions shall be provided. This includes documentation of the names, tasks, interactions and interfaces of the software components used. The LTA-specific components and modules shall be described in more detail.

The following sections contain current examples of important components in the archiving solution (hardware and software).

3.3.1 Storage system

Storage systems shall be defined specifically for each company and shall be oriented towards recognized national and international standards.

The storage system also includes the LTA-compliant storage medium. The main criteria for selecting a suitable storage medium according to CEFE guidelines are:

(15)

• proven technology • availability

• cost • handling

3.3.2 Converters for content information

Converters convert the content information from the source format to the archive format as well as subsequently to the desired target format. A description of the measures used to ensure the equivalence of the formats with regard to content shall be included (see VDA 4958-2 and -3).

If the formats are the same, the conversion step in the process is omitted (see VDA 4958-2).

3.3.3 Output systems

Output systems are devices and software components for the visualization of the content information and administrative data. The output system shall ensure complete and correct retrieval.

3.3.4 Servers

The infrastructure components that communicate with the LTA solution or upon which the LTA solution is based shall be described (e. g. operating systems, databases, application servers).

3.3.5 Clients

Clients active in the archiving process (e. g. capture, indexing) shall be described in detail. Passive clients in the archiving process (search) shall be described with regard to functionality and security-related matters of LTA tasks.

3.3.6 Network components

The network components constitute a major quality characteristic of an LTA solution with regard to the security and performance. Therefore, a complete and detailed description is required.

3.3.7 Other devices

Other devices include, for example, uninterruptible power supplies (UPS) and card readers for electronic signatures. These devices shall also be described.

3.3.8 Graphical system representation

The technical system solution shall be outlined graphically. The representation should provide a general survey of the individual system components and their context within the LTA solution so that the components described can be classified and assessed properly.

3.3.9 LTA software and customizing

The LTA software components used, as well as any company-specific customizing, shall be described.

In the case of standard software, the documentation provided by the manufacturer (data sheets, user manuals, etc.) is sufficient for describing the functionality. Any customizing performed shall be described in detail.

(16)

Copyright: VDA

3.3.10 User interfaces

The user interfaces for input and output shall be described.

In the case of standard software, a reference to the manufacturer’s user manual is sufficient.

3.3.11 Interfaces

The interfaces to other integrated and adjoining systems shall be described. They constitute a major quality characteristic and safety feature within the LTA solution. Therefore, a complete and detailed description is required. It is recommended that you supplement the description with a graphical representation which illustrates the connection between the systems involved.

In the case of interfaces to key system components (e. g. CAD systems, PDM systems, archive systems) in particular, it is important to describe how the completeness of the data and documents is checked and safeguarded.

3.3.12 Network system description

The infrastructure and layout of the network(s) shall be described.

In complex networks, the level of detail used for the description can be oriented towards the significance of the respective parts of the network to the LTA solution.

3.3.13 Electronic signatures

The signature technologies used shall be documented. Proof shall be provided that the requirements relating to the signature processes formulated in assessment area 2 are satisfied by the procedures used.

Signatures have to be verifiable consistently.

3.3.14 Signature generation and verification components

The components used to generate and verify signatures shall be described.

The descriptions correspond to the documentation of the named software components (see section 3.3.9 LTA software and customizing) and indicate the type of signature technology used and basic principles of this technology. If required, the certificates used shall be included and the issuing body named.

3.3.15 Conditions for migration

The conditions for migration from the point of view of the manufacturer and with regard to the migration capability of the system solution shall be described.

The further development, long-term use of information and migration of all types shall be provided for and documented beyond the respective realization and production phases.

3.4 Assessment area 4: IT Security

Every company that operates an LTA solution shall establish and utilize a general IT security concept (e. g. a disaster recovery plan according to ISO 27001).

The general security concept comprises rules and practices that specify how sensitive operating resources and information are protected. It describes

• threats and risks • security measures

(17)

• the operational structuring of the measures • the technical components used

The protection requirements and specific threats to the components of the LTA solution shall be identified and the measures needed to address these threats shall be described. This also includes the logging of all sensitive operations and transactions that involve the archive according to VDA 4958-2.

3.4.1 Threats and measures

The protection requirements and specific threats to the components of the LTA solution shall be identified. The protection requirements relating to the individual components are determined by the extent to which they merit protection and an analysis of the threats. The measures needed to address these threats shall be described on the basis of organizational and technical solutions.

3.4.2 Disaster recovery planning

Disaster recovery planning for the LTA solution shall be described. It ensures that the content information and administrative data, as well as all the AIPs stored in the archive, can be recovered in the event of a disaster or other breakdown.

3.4.3 LTA-specific data protection concept

The specific data protection measures for the LTA solution shall be described.

The description, including the appropriate and easily understood rationale behind the measures, shows how data loss can be reliably avoided .

3.4.4 User administration and authorization concept

The various types of access and access rights shall be described according to the roles in the LTA process (see VDA 4958-2). Due to the security risks (3.4.1) and sensitivity of the LTA data, the differences with regard to the general IT user administration and authorization concept in particular shall be documented for the LTA solution.

Measures for access protection can be implemented directly at operating system level or in the application level of the LTA solution.

3.4.5 Transaction and data consistency protection

As part of the LTA system solution, especially with regard to the interfaces to third-party systems from which documents are received, the mechanisms and concepts for transaction and data consistency protection shall be documented.

3.4.6 Logging

All procedures and transactions in the LTA solution that are relevant to logging are identified in VDA 4958-2. The requisite logging depth shall be specified and documented as required for each use case and the company in question. It shall be possible to present the logs at any time for the purpose of transparency and providing proof of the correctness of the procedures in the LTA environment.

3.4.7 System stability

Measures to ensure the stability of LTA solution shall be documented, and the reasons for these measures shall be given.

(18)

Copyright: VDA

3.4.8 Access control

LTA solutions require special measures for access control. These measures shall be described according to the role in question. Access control includes, for example, access to buildings, departments, individual rooms and the archive itself as well as access control relating to the entry, editing and reading of information (see also 3.4.4).

3.4.9 Data privacy laws and control system

Proof shall be provided that the requirements relating to control measures in accordance with current data protection regulations are fulfilled. In addition to data protection legislation, attention shall also be given to other regulations such as, for example, employee data protection based on the Works Constitution Act, depending on the usage involved.

The requisite control measures arise from the data protection regulations and have normally already been taken into consideration by the general IT security concept or access protection.

3.5 Assessment area 5: Technical operation

A description of the measures taken to ensure the proper operation of the LTA solution (operating conditions, operating requirements and operating processes) and their implementation shall be provided.

The organizational structure of the organizational units responsible for operation and their interaction with regard to the implementation of the defined measures shall be described. The following sections examine the general constructional and organizational prerequisites for proper LTA operation. Technical operation is subdivided into general organizational conditions, operational processes during normal operation and operational processes in emergency scenarios.

During standard operation, focus is placed on the handling of the LTA system components and the data storage media as well as on monitoring. In emergency scenarios, on the other hand, focus is placed on ensuring fast recovery of the system, the content information and the administrative data without any losses.

3.5.1 Responsibilities

Responsibilities relating to operation of the LTA solution shall be regulated and documented accordingly. This documentation shall include, at a minimum, the responsibilities and a description of the roles. It is recommended that a distinction be made between internal and external persons and organizational units in the description of the roles involved and their respective responsibilities. A detailed description of the responsibilities supplements the information provided in the assessment area 1 (3.1).

3.5.2 Building –Related prerequisites

Proof shall be provided that the site used for operating the LTA solution satisfies the contractual prerequisites, so that the requirements of other assessment areas (e. g. 3.4.8) are met.

The special test and certification program “Trusted Site Infrastructure” from TÜViT can, for example, be used to perform a detailed examination of the availability of the IT infrastructure – also from a physical point of view – in order to assess the aspects relating to site structure and supply systems.

(19)

3.5.3 Operating conditions for the hardware components of the LTA solution

The operating conditions (such as, for example, air-conditioned rooms) are determined by the requirements specified for the hardware components by the manufacturer, and these requirements shall be fulfilled.

3.5.4 Operating conditions for the software components of the LTA solution

The operating conditions (such as, for example, certain operating systems) are determined by the requirements specified for the software components by the manufacturer, and these requirements shall be fulfilled.

3.5.5 Occupational health and safety

It shall be ensured that the requisite occupational health and safety measures, e. g. workstation design and arrangement, are implemented and complied with.

3.5.6 Operating procedures

The operating procedures for LTA operation relate to working with the LTA solution and are normally based on the general procedures for IT operation. It includes procedures for normal operation (including maintenance) and for emergency scenarios.

3.5.7 Data protection concept

The data protection concept and the description of its contents are part of the IT security concept (3.4). It shall be ensured that the concept is implemented in day-to-day operation by authorized persons.

3.5.8 Handling of data storage media

Rules regarding the handling of the data storage media (e. g. labelling, storage, removal from a jukebox, monitoring data redundancy) shall be established by means of operating procedures. Backup copies that have been generated shall be stored in a safe place (in a different building or somewhere equivalent).

The procedural documentation shall provide proof of how the content on the data storage media came about. A description shall be provided, for example, of who (person or process) stored or transferred which data to a certain data storage medium and when.

3.5.9 System maintenance

Adequate maintenance of the LTA solution shall be ensured by authorized persons (see also 3.3.9).

3.5.10 Monitoring of proper operation

It shall be ensured that a defined process role (represented by a person or an organizational unit) monitors operation of the LTA solution according to the recommendations of the manufacturer or system integrator.

3.5.11 Hardware upgrades

It shall be ensured that someone at the LTA operator’s end be designated as responsible for upgrading the system. A procedure that has been coordinated with the hardware manufacturer and the person responsible for LTA and which outlines the upgrading or modification of hardware shall be provided.

3.5.12 Software updates

It shall be ensured that a person at the LTA operator’s end be designated as responsible for updating the software. The LTA software is normally updated or modified by the LTA solution provider. A procedure that has been coordinated with the person responsible for

(20)

Copyright: VDA

LTA at the LTA operator’s end and which outlines the updating or modification of software shall be provided. It shall include or give due consideration to the specific supplementary programs, modules and/or scripts with which the solution provider is not normally familiar due to the fact that they have been created by the user, for example, by customizing.

3.5.13 Restart

A restart is taken to mean the restart of the LTA solution after a disruption of operations. A process role responsible for initiating a system restart shall be defined, and an operating procedure shall be provided.

It is recommended that restarting the system be practiced at regular intervals using a test system.

3.5.14 Recovery

A process role responsible for initiating a recovery of the LTA solution shall be defined, and an operating procedure or a disaster recovery plan shall be provided.

It is recommended that recovery be practiced at regular intervals using a test system.

3.6 Assessment area 6: Processes

All the processes associated with the LTA solution that are relevant to the handling and processing of content information and administrative data are described in VDA 4958-2. Only the processes not attributed to the ongoing technical and organizational operation of an archive according to section 3.5 are described in this section.

The main assessment criteria of the LTA processes are listed in the following sections.

3.6.1 Ingest of content information

The consistency of the content of the data to be archived (SIP) and, optionally, storage of presentation information for this data shall be ensured during the ingest process (AIP), and proof shall be provided.

The technical requirements are determined by the use cases for future data usage (VDA 4958-3).

3.6.2 Handling digital content information and administrative data

The digital content information and administrative data shall be handled in accordance with the recommendations in VDA 4958-2 including any company-specific process customizing. This includes the design of the processes used to prepare the data for long-term archival, the archiving of the data itself and the steps required to access and reprocess the archived data in order to assure an adequate level of quality for the data and documents.

Operating procedures and process specifications for the roles defined in VDA 4958-2 shall be created and submitted.

The handling of the digital content information and administrative data shall also be taken into consideration by IT security (3.4), including the authorization concept.

3.6.3 Quality assurance measures

The measures taken to safeguard the assessment aspects (2.1) by means of validation mechanisms (VDA 4958-2) shall be described, and proof of their error-free functioning shall be provided. This proof can be provided by suitable procedures (e. g. checksum procedures, random checks, plausibility checks), as well as by technical and organizational measures.

(21)

3.6.4 Access and processing of content information and administrative data

Regulations and functions regarding access to and processing of data that apply to IT solutions (e. g. check-in/check-out mechanisms, locking mechanisms, write permissions, logging) also apply to the LTA solution. They shall be described and their correct functioning shall be validated by spot checks, e. g. in the audit.

3.6.5 Version control for content information

Changes to content information are subject to version control. A description of how versioning is performed and what nomenclature is used shall be included.

3.6.6 Logging

Changes to administrative data shall be logged for a complete change history. Changes to index information and documents shall be indicated. A description of how logging is performed and what nomenclature is used shall be included. If, as the case may be, logging of any changes made is only to be performed for a subset of the administrative data, this shall be specified and described as it pertains to the company in question.

3.6.7 Data transfer of content information and administrative data

Significant data transfer steps (forwarding) of content information and administrative data shall be logged. This includes, at a minimum, data transfer involving the process roles data creator, preparer, archive and consumer.

3.6.8 Granting and logging authorizations

Organizational stipulations for the granting of authorizations by authorized persons shall be made, and appropriate procedures shall ensure compliance with these stipulations. These types of authorizations can, for example, be granted for

• dissemination of content information to consumers • access to information that has a security rating • the deleting of documents in the archive

The stipulations relating to the granting of authorizations are normally reflected in the guidelines governing IT security (3.4).

It shall be possible at all times to determine which authorized person granted which authorization at what point in time.

3.6.9 Immutability

The LTA process (VDA 4958-2) shall ensure that the content information cannot be changed and this shall be verified by means of certification.

3.6.10 Logging archiving operations

To ensure transparency, every archiving operation (Archival Storage process step in VDA 4958-2) shall be logged.

3.6.11 Retrieval time for archived data

It shall be ensured, from both a technical and organizational point of view, that the archived data can be located and retrieved quickly enough.

The retrieval of information from the archive refers to complete documentation pursuant to mandatory archiving and applies, at a minimum, to all the documents relevant for (product) approval. Spot checks should be performed at regular intervals to ensure retrieval.

(22)

Copyright: VDA

3.6.12 History of content information and administrative data

It shall be possible to examine the processing history of the content information (e. g. validation, changes to the formats) and the change history of administrative data.

3.6.13 Retrieving content information

The consistency of the content of the archived data (AIP) and, optionally, the accurate reproduction of this data shall be ensured during the dissemination process (DIP), and proof shall be provided.

This is a result of the technical requirements for the use cases for data usage (VDA 4958-3).

Random samplings should be used to prove that the content information and/or documents can be made available at any time and after appropriate editing if applicable.

3.6.14 Proof relating to associated product documentation

Proof shall be provided of the correlation between product documentation and the relevant product or part. Proof shall be provided, for example, that the product documentation provided can be used to manufacture the product or part in question.

3.7 Assessment area 7: Employee qualifications

The qualifications required for employees to use and properly operate the LTA solution shall be described. Proof shall be provided of the pertinent qualifications of the respective employees and appropriate qualification measures shall be documented.

The operator of the LTA solution shall ensure that all employees involved with operation have the requisite know-how and skills. At the very least, the roles according to VDA 4958-2 shall be specified and their corresponding activities, as well as any resulting requirements regarding the level of know-how, shall be described.

3.7.1 Roles

The roles shall be described in accordance with VDA 4958-2, and the employees involved shall be familiar with their role(s) in the LTA process.

3.7.2 Required know-how

The know-how required for each role shall be defined, e. g.

• technical know-how regarding the LTA processes and utilization of the LTA solution • knowledge of the LTA system components used and their administration, as well as

knowledge of the administrative processes

The requirements profile for the respective tasks shall be adapted to current needs at regular intervals.

3.7.3 Responsibilities

The operator of the LTA solution shall name one or more persons who are then responsible for employee qualifications. This could, for example, be the IT manager who is responsible for the qualifications of system administrators or a person who is responsible for the qualifications of the people generating the data and using the data in the individual departments.

3.7.4 Qualification measures

The responsible persons initiate and document the concrete measures for employee qualification as determined by the requirements of the roles on the one hand (3.7.2) and

(23)

the existing qualifications of the employees (persons assuming the roles) on the other hand.

Qualification shall be performed as needed.

3.7.5 Documentation of qualifications and measures

The existing qualifications of the individual employees and the qualification measures shall be documented by means of, for example, certificates indicating participation in training courses or contracts with service providers.

3.8 Assessment area 8: Tests

Tests are used to document the functionality of the LTA solution with regard to the assessment aspects (2.1).

A complete and consistent test concept as well as the corresponding test records shall be provided. The tests are used to verify that the functionality provided by the LTA solution is consistent with the procedural documentation and is correctly described therein.

The tests performed when the LTA solution was accepted are recorded in the test and acceptance documentation.

3.8.1 Test concept

A fully documented and consistent test concept shall be provided. It serves as verification that the LTA solution complies with the assessment aspects. The test concept includes the respective test types, methods, tools used, test data and information on how the execution of the tests is organized.

3.8.2 Test plans and test specifications

Test plans and test specifications shall be drawn up and submitted. They describe the test scenarios that allow the assessment aspects (2.1) of the archived data to be examined. It is recommended that parts of the tests or entire test scenarios be repeated or, if necessary, be modified if, for example, changes take place that involve the following:

• system components (hardware, software) of the LTA solution • LTA process (cf. VDA4958-2)

• scope of the information (cf. VDA4958-3) • data quality requirements

The test scenarios should also give due consideration to possible breakdowns or failures, including restart and recovery of the entire system (or parts of the system).

3.8.3 Execution of tests

The tests verify the entire LTA process (VDA 4958-2) as described in the procedural documentation, as well as the behaviour of the components of the LTA solution.

3.8.4 Test records

The execution of the tests shall be documented by means of test records. The test records document

• proper execution of the contents as stipulated in the corresponding test plans • the expected results and the actual results

(24)

Copyright: VDA

Formal acceptance assumes that the actual results correspond to the expected results.

3.9 Assessment area 9: Maintenance

To realize the quality standard of the LTA solution, hardware and software maintenance measures are required to sustain the status established for the system and to ensure availability and operability by means of preventative maintenance. The responsibilities related to the execution of these measures are clearly assigned to the appropriate external or internal organizational units. All maintenance work performed shall be documented. A plan for troubleshooting and a maintenance concept shall be provided. They describe the measures carried out by the responsible organizational units and service providers.

3.9.1 Responsibility for maintenance and troubleshooting

The responsibilities and the tasks to be performed with regard to maintenance and troubleshooting shall be described. These include, for example,

• coordination of maintenance and troubleshooting

• administration of the documentation and service agreements

• development and coordination of measures for maintenance and troubleshooting • escalation processes

• monitoring processes

The maintenance work includes regular function checks such as, for example, checks regarding database consistency and the readability of storage media.

3.9.2 Maintenance

Plans for maintenance shall be submitted and proof of their practicability provided. The maintenance plans shall give due consideration to manufacturer guidelines and, if necessary, shall be coordinated with the external service providers and system integrators.

3.9.3 Troubleshooting

An action plan for handling fault reports and performing troubleshooting, including a contact person, shall be provided. Responsibilities shall be described and an escalation process shall be defined. An action plan for restart and recovery shall also be included.

3.9.4 Documentation

The maintenance processes shall be documented according to the assessment aspects.

3.10 Assessment area 10: Integration of organizational and technical

measures

The integration of the organizational and technical measures provides the foundation for a functioning LTA solution. The individual measures and descriptions have already been provided in the assessment areas 1 through 9 of this recommendation; they are merely referenced in assessment area 10. When examining integration, focus is placed on the links and dependencies between the individual measures, as well as the relationships between the measures and responsibilities. What is more important here are the relationships and interaction between the measures rather than a detailed description.

(25)

Figure 2: Integration of organizational and technical measures

The methods according to the GoBS can, for example, be used to monitor the integration of organizational and technical measures (see Figure 2):

• Internal control system • Internal revision

• External, neutral qualification

• Model of an enterprise-wide monitoring system

The following sections provide a description of the assessment criteria for the links and dependencies between the individual measures.

3.10.1 Documentation of organizational measures

The organizational measures for verifying the LTA solution shall be fully documented. The separation of duties (SoD), assigning duties regarding log reviews, defining escalation paths and regular checks defined by operating procedures are examples of organizational measures.

3.10.2 Documentation of change processes for the LTA solution

Change processes for the LTA solution shall be described in full and shall be continuously adapted to current circumstances. The adaptations can result from changes to the workflow or technical enhancements. Any changes made shall be added to the procedural documentation.

3.10.3 Documentation of technical measures

The technical measures for verifying the LTA solution shall be fully documented. These have normally already been included in the operating and system documentation and taken into consideration in the previous assessment areas.

3.10.4 Internal revision

Compliance with the organizational and technical specifications shall be also be examined. This is normally done by means of an internal audit or measures undertaken by management.

3.10.5 Areas of responsibility

The organisational units responsible for the examination shall be described together with their rights and their obligations.

General description of the area of application

Factually logical system solution Technical system solution and migration Technical operation Processes Employee qualifications IT security Test Maintenance

(26)

Copyright: VDA

The description of the responsibilities relating to the LTA process and the LTA solution also include the rights and obligations of the persons assuming responsibility and their escalation options and processes.

(27)

4 Testing and certification

Compliance with the assessment criteria (3) cannot be achieved by selecting suitable hardware and software components or creating procedural documentation alone. Proof that the LTA solution is being used in accordance with the technical and legal requirements and that the documentation is appropriate to its purpose can be provided by the examination, testing and certification of the LTA solution and its associated documentation by a neutral third party.

Certification is always performed on the basis of ISO 9001 at a minimum. Certification according to the PK-DML test criteria and in consideration of the supplementary recommendations provided in VDA 4958-4 is recommended with regard to the specific needs relating to the LTA of 3D product data.

Certification is dependent on time and the object involved. New or partial certification is required if changes or extensions have been made to the LTA solution.

4.1 Procedural

documentation

The examination of an LTA solution is primarily a formal examination of the procedural documentation as the test object. It evaluates the presented contents of the procedural documentation on the basis of the available criteria and test results.

Proof shall be provided that the document procedures are subjected to a regular quality check.

4.2 Technical LTA solutions

A practical test involving the LTA solution verifies that the procedural documentation matches the technical implementation in the LTA solution. Spot checks should be performed for the process phases Data Preparation, Ingest, Archival Storage and Retrieval. The results shall match the procedural documentation.

Special attention should be paid to ensuring that the LTA solution is sufficiently safeguarded against, for example, breakdowns, unauthorized access, falsification of documents and incorrect operation. An additional aspect that is examined is how the LTA solution behaves during restart and recovery. Content information shall not be lost, its content changed or content information be unlocatable.

4.3 Responsibilities in an audit intensions

Responsibilities within the framework of an assessment or certification are oriented towards ISO 9001, as well as the PK-DML test criteria if they are used. The following sections provide a description of the main roles to be assigned and the tasks to be performed for the respective roles.

4.3.1 Operator

The operator is the organization or company, including its (business) management that operates the LTA solution or has the LTA solution operated completely or in part by a service provider. On the basis of the current legal situation and in the procedure described here, the operator assumes sole responsibility for the entire LTA solution.

The operator orders the examination and certification. If the examination proves successful, the operator receives a certificate that serves as proof of a neutral third party that the LTA processes and solution are in order.

(28)

Copyright: VDA

Because certification can only be a kind of snapshot due to the fact that IT systems, by nature, are subject to rapid change, the validity of a certificate is limited. The operator can renew his certificate by means of follow-up certification.

As a rule, the certificate loses its validity every time a change is made to the LTA solution. Changes relating to the operation of an LTA solution (e. g. adding new users) are an exception to this rule. Changes to the components of an LTA solution (e. g. a release change) are also of no significance to the validity of a certificate, provided that none of the VDA 4958 recommendations valid at the time of certification are contravened. The operator is obligated to document every change made to the LTA solution during the period leading up to a follow-up certification.

The examination comprises an examination of the procedural documentation and a subsequent audit of the technical implementation on the basis of the existing assessment criteria (3).

4.3.2 Certification body

The auditors are accredited by a certification body independent of the operator. The declaration of certification is performed by the certification body on the basis of the test report. The certification body issues the certificate and is responsible for publication. It notifies the operator in good time of the expiration of the validity of a certificate.

4.3.3 Audit management team

The certification body provides the audit management team. The audit management team or the certification body itself coordinates the timing of certification. The audit management team makes the audit plan available to both the operator of the LTA solution and the audit team in good time prior to the examination.

4.3.4 Audit team

The formal examination of the procedural documentation and the practical test (audit) involving the LTA solution is performed by auditors, who are authorized by the certification body. The auditors can also be employees of a different organization.

The audit is always performed on the basis of the currently valid version of the assessment criteria. After the formal examination and practical test have been completed, the audit team compiles the test report and makes the report available to the certification body and the operator.

_______

(29)

Annex A

Correlation between VDA 4958-4 and DIN EN ISO 9001

1 Preface

In Annex A, the aspect of identifying assessment areas and test criteria for conformity testing addressed in VDA 4958-4 is correlated with ISO 9001, thus establishing a consensus with other quality procedures.

(30)

Copyright: VDA

2 Correlation between VDA 4958-4 and ISO 9001

ISO 9001 has proven its worth and within a short period of time has established itself as a universally applicable, product-independent model for quality management systems; it has become the most widely used ISO standard worldwide.

A trilingual version, with a process-oriented structure, is available as DIN EN ISO9001. Based on ISO 9001, the IT association Verband Organisations- und Informationssysteme e.V. (VOI) and TÜViT have already developed test criteria for document management solutions (PK-DML) that allow for a proper certification procedure.

Due to the applicability of ISO 9001 and based on PK-DML, the criteria catalog for VDA 4958-4 is correlated with ISO 9001.

ISO 9001: 2000 VDA 4958-4

Element Contents Assessment

area

Contents

Chapter 5 Management responsibility Area 1 General description of the area of application

Chapter 5 Management responsibility Area 2 Factually logical solution

Chapters 5 + 8 Management responsibility and measurement, analysis and improvement

Area 3 Technical system solution

Chapters 7 + 6 Product realization and resource management

Area 4 IT security

Chapters 5 + 6 Management responsibility and resource management

Area 5 Technical operation

Chapter 7 Product realization Area 6 Processes

Chapter 6 Resource management Area 7 Employee qualifications

Chapter 8 Measurement, analysis and improvement

Area 8 Tests

Chapters 7 + 8 Product realization and measurement, analysis and improvement

Area 9 Maintenance

Chapters 5 + 6 + 8 Management responsibility, resource management and measurement, analysis and improvement

Area 10 Internal control system