This document defines a CCSDS Recommended Practice (and ISO standard) on which to base the operations of the organization(s) which assess the trustworthiness of digital repositories using the latest version of CCSDS 652.0/ISO 16363 (reference [1]) and provide the appropriate certification. This document specifies requirements for bodies providing audit and certification of digital repositories, based on the metrics contained within ISO/IEC 17021-1 (reference [4]) and reference [1]. It is primarily intended to support the accreditation of bodies providing such certification.

ISO/IEC 17021-1 provides the bulk of the requirements on bodies offering audit and certification for general types of management systems. However, for each specific type of system, specific additional requirements will be needed, for example, to specify the standard against which the audit is to be made and the qualifications which auditors require.

This document provides the (small number of) specific additions required for bodies providing audit and certification of candidate trustworthy digital repositories. Trustworthy here means that they can be trusted to maintain, over the long-term, the understandability and usability of digitally encoded information placed into their safekeeping.

In order improve readability the section numbers are kept consistent with those of ISO/IEC 17021-1. Some subsections are applicable as they stand, and these are simply enumerated; otherwise additions to subsections are explicitly given. In the former case the sections may consist of just a few sentences. As a result this document must be read in conjunction with ISO/IEC 17021-1.

The requirements contained in this CCSDS Recommended Practice need to be demonstrated in terms of competence and reliability by any organization or body providing certification of digital repositories.