relationship between the iso 30300 series of...
TRANSCRIPT
RELATIONSHIP BETWEEN THE ISO 30300 SERIES OF STANDARDS AND OTHER PRODUCTS OF ISO/TC 46/SC 11: 1. Records processes and controls 2012
RELATIONSHIP BETWEEN THE ISO 30300 SERIES OF STANDARDS AND OTHER PRODUCTS
OF ISO/TC 46/SC 11: Records processes and controls
White paper written by ISO TC46/SC11- Archives/records management
Date: March 2012
1 PURPOSE
This paper explains the relationship between the first two management systems for records
(MSR) standards and the related standards and technical reports produced by ISO TC46/SC11 –
Archives/Records Management.
The first two products are:
ISO 30300:2011. Information and documentation – Management systems for records -
Fundamentals and vocabulary
ISO 30301:2011. Information and documentation – Management systems for records –
Requirements
This paper clarifies how the related technical products can be used to support/implement the
MSR standard/s, and attempts to show the interrelationship between the two with regard to
records processes and controls.
2 BACKGROUND
On November 2011 the two first products of the ISO Standards series 30300 - Management
systems for records were published.
The ISO 30300 series offers the methodology to implement an MSR based on a systematic
approach to the creation and management of records, aligned with organizational objectives
and strategies.
ISO 30300:2011 MSR - Fundamentals and vocabulary explains the rationale behind the
creation of an MSR, the guiding principles for its successful implementation, and provides the
terminology which ensures that it is compatible with other management systems standards.
ISO 30301:2011 MSR - Requirements specifies the requirements necessary to develop a
records policy. It also sets objectives and targets for an organization to implement systemic
improvements. This is achieved through designing records processes and systems, estimating
the appropriate allocation of resources, and establishing benchmarks to monitor, measure and
evaluate outcomes. These steps help to ensure that corrective action can be taken and
RELATIONSHIP BETWEEN THE ISO 30300 SERIES OF STANDARDS AND OTHER PRODUCTS OF ISO/TC 46/SC 11: 1. Records processes and controls 2012
continuous improvements are built into the system in order to support an organization in
achieving its mandate, mission, strategy and goals.
Many questions were raised about the relationship, similarities and differences between ISO
15489-2001 and other Standards and Technical Reports developed by ISO TC46/SC11 during
the development process and since its publication. The previously published products are
aimed at the records professional community, whereas the ISO 30300 series has been
developed primarily for a management audience.
3 MAIN CONCEPTS
3.1 MANAGEMENT SYSTEMS FOR RECORDS
In general, the word “system” is used to describe different concepts and ideas and requires
interpretation to be placed in the context in which it is being used. In the records domain,
“system” is also used for a set of three related, but different concepts. The first clarification
needed is what is a “Management system for records”? The following table provides the
meaning of “system” within the MSR framework, shows the three different levels in which the
word “system” could be used, and indicates how the concept is identified at the three levels in
ISO 30300 and ISO 15489.
System levels in records domain System level in a MSR
Named in ISO
30300 series as:
Named in ISO
15489 as:
Set of interrelated or interacting elements of an organization to establish policies and objectives, and processes to achieve those objectives related to records
MSR Not named. Out of scope
System/programme that regulates the creation, reception, maintenance, use and disposition of records
Records processes and controls
Records programme
Information system which captures, manages and provides access to records over time
Records system Records system
Illustration 1
RELATIONSHIP BETWEEN THE ISO 30300 SERIES OF STANDARDS AND OTHER PRODUCTS OF ISO/TC 46/SC 11: 1. Records processes and controls 2012
3.2 STRATEGIC AND OPERATIONAL LEVEL
Management systems for records (MSR) are based on a continuous improvement approach
which is common to other management systems such as ISO 9000, ISO 14000. MSR is intended
to build a framework to manage records at the strategic level.
Management system for records( (ISO 30300 & ISO 30301)
Records management ( ISO 15489 1 & 2)Records system
(ISO 16175 1-3)
Strategic level
Operational level
Relationships of ISO MSR series products and ISO 15489 series products( Source: Xiaomi An, November 12, 2011 The Second National Forum on Electronic Records Management, Beijing, China )
Records processes(ISO 26122 Work process analysisISO 13028 DigitizationISO 23081 1-3 Metadata)
Illustration 2
The “operational” elements of a MSR are described as Records Processes and Controls in the
normative Annex A of ISO 30301. This Annex is strongly linked to ISO 15489 (the foundation
standard of ISO TC46/SC11) and the best practices described in ISO 15489 have been
converted into requirements for the Operation section (section 8 + Annex A). In a MSR
framework, the design of records processes and controls is based on the records policy and
objectives, after the assessment of risks. The Operation section of ISO 30301 establishes
requirements for the implementation of records processes and controls in records systems.
RELATIONSHIP BETWEEN THE ISO 30300 SERIES OF STANDARDS AND OTHER PRODUCTS OF ISO/TC 46/SC 11: 1. Records processes and controls 2012
TC46/SC11. Archives/records management
Carlota Bustelo. Convenor of WG9- Management systems for records. Requirements e-mail:[email protected]
Judith Ellis . Convenor of WG08. Management systems for records. Fundamentals and vocabulary e-mail: [email protected]
Implementation of records processes in records systems
Policy Objectives Risks Processes Controls
Design of record processes in an MSR environment
Best practices of 15489 converted to
requirements: Annex A 30301
Records systems mainly IT systems for both paper/electronic
records
Source: Carlota Bustelo and Judith Ellis. What is ISO 30300? Who, when, where, why and how to implement. Innova.doc. Barcelona (Spain), October 2011
Illustration 3
3.3 Terms and Definitions
ISO 30300 defines terms and definitions applicable to the MSR standards. It contains some
terms that are identical to or adapted from ISO 15489-1 plus other terms.
A separate white paper will be available on the terminology used specifically in the MSR series
of standards.
RELATIONSHIP BETWEEN THE ISO 30300 SERIES OF STANDARDS AND OTHER PRODUCTS OF ISO/TC 46/SC 11: 1. Records processes and controls 2012
4 RELATIONSHIPS ISO 30301 ANNEX A / OTHER STANDARDS AND TECHNICAL REPORTS
Controls in Annex A of 30301 are directly related to the technical information provided in the related standards. For a complete understanding a full reading of these technical standards is recommended. The following table is a guidance tool that links the MSR ‘Control’ requirements from ISO 30301 to the most relevant clauses where technical information can be found in each related standards and technical reports. Other information related to a particular requirement can be found within other clauses that are not specifically highlighted here, as records processes and controls are often interrelated. The technical information can be used to implement the operational elements necessary to meet the MSR requirements.
ISO TC46/SC11 standards and technical reports referred in the following table
ISO 15489-1: 2001. Information and documentation — Records management —General
ISO/TR 15489-2: 2001. Information and documentation — Records management — Guidelines
ISO/TR 26122: 2008. Information and documentation -- Work process analysis for records
ISO 23081-1: 2006. Information and documentation – Records management processes – Metadata for records
ISO 23081-2: 2009. Information and documentation – Records management processes – Metadata for records—Conceptual and implementation issues
ISO/TR 13028: 2010. Information and documentation – Implementation guidelines for digitization of records
ISO 16175-1:2010. Information and documentation – Principles and functional requirements for records in electronic office environments -- Part 1: Overview and statement of principles
ISO 16175-2: 2011. Information and documentation – Principles and functional requirements for records in electronic office environments -- Part 2: Guidelines and functional requirements for digital records management systems
ISO 16175-3:2010. Information and documentation – Principles and functional requirements for records in electronic office environments -- Part 3: Guidelines and functional requirements for records in business systems
RELATIONSHIP BETWEEN THE ISO 30300 SERIES OF STANDARDS AND OTHER PRODUCTS OF ISO/TC 46/SC 11: 1. Records processes and controls 2012
Code Control Technical information in…
A.1.1.1 All operational, reporting, audit and other stakeholders' needs for information (captured as records with appropriate
metadata) about the organization's processes shall be identified and documented systematically.
- ISO 15489-1.
Cl. 9.1 Determining documents to be captured into a records system
- ISO 15489-2.
Cl. 4.2.4.2 Determining documents to be captured into a records system
- ISO/TR 26122
Cl. 4.2 Records dimension of work process analysis
- ISO 23081-1
Cl. 5.1 Records management metadata that should be applied in the organization
- ISO 16175-1
Cl. 3.1 Records related principles
- ISO 16175-2
Cl. 4.3.1 Create
-ISO 16175-3
Cl. 2.3 Determining needs for evidence of events, transactions and decisions in business
systems
A.1.1.2 Requirements for creating, capturing and managing records, and decisions not to capture records for specific
processes, shall be determined based on business, legal and other requirements, documented and authorized.
- ISO 15489-1.
Cl. 9.1 Determining documents to be captured into a records system
Cl. 5 Regulatory environment,
- ISO/TR 15489-2.
Cl. 4.2.4.2 Determining documents to be captured into a records system
Cl. 3.2 Design and implementation of a records system
- ISO 23081-1
Cl. 5.1 Records management metadata that should be applied in the organization
- ISO/TR 13028
Cl. 6.3 Digitization process management
A.1.1.3 Records shall be created at the time of (or soon after) the
transaction or incident to which they relate by individuals who have direct knowledge of the facts or by instruments
routinely used by the organization to conduct the transaction.
- ISO 15489-1.
Cl. 9.1 Determining documents to be captured into a records system
- ISO/TR 15489-2.
Cl. 4.2.4.2 Determining documents to be captured into a records system
-ISO 23081-1
RELATIONSHIP BETWEEN THE ISO 30300 SERIES OF STANDARDS AND OTHER PRODUCTS OF ISO/TC 46/SC 11: 1. Records processes and controls 2012
Code Control Technical information in… Cl. 5.3.1 Metadata at the point of record capture
-ISO 23081-2
Cl. 11.3 Metadata capture
A.1.1.4 A procedure shall be established to determine retention periods for records according to the requirements of each
work process.
- ISO 15489-1.
Cl. 9.2 Determining how long to retain records
-ISO/TR 15489-2
Cl. 4.2.4.3 Determining how long to retain records
A.1.1.5 Decisions about retention and disposition of records based
on business, legal and other identified requirements shall be documented in a disposition schedule.
- ISO 15489-1.
Cl. 9.2 Determining how long to retain records
-ISO/TR 15489-2
Cl. 4.2.4Records disposition authority
Cl. 4.2.4.3 Determining how long to retain records
A.1.1.6 Methods of integrating the capture of records with business processes shall be decided upon and documented.
- ISO 15489-1.
Cl. 7.1 Principles of records management programmes
- ISO 16175-2
Cl. 4.3.1 Create
-ISO 16175-3
Cl. 3.1 Creating records in context
A 1.2.1 The information needed to identify the records of each work process, including identifying the section of the
organization responsible for those records and the work process, shall be determined and documented as part of
the records requirements.
- ISO 15489-1
CI. 8.4 Design and implementation methodology
CI. 9.10 Documenting records management processes
- ISO/TR 15489-2.
Cl. 3.2 Design and implementation of a records system
- ISO/TR 26122
Cl. All
A 1.2.2 The points at which the information is captured in or added
to the records and from what sources shall be identified in the procedures for each work process.
- ISO 15489-1
Cl. 9.3 Records capture
- ISO/TR 15489-2
4.3.2 Capture
-ISO 23081-1
RELATIONSHIP BETWEEN THE ISO 30300 SERIES OF STANDARDS AND OTHER PRODUCTS OF ISO/TC 46/SC 11: 1. Records processes and controls 2012
Code Control Technical information in… Cl. 5.3.1 Metadata at the point of record capture
Cl. 5.3.2 Metadata after record capture
-ISO 23081-2
Cl. 11.3 Metadata capture
A 1.3.1 The information, and the form and structure of the
information, required as records for each work process, shall be identified and documented.
- ISO 15489-1
Cl. 7.2 Characteristics of a record
- ISO/TR 15489-2
Cl. 3.2.4 Identification of requirements for records
- ISO 23081-1
Cl. 8 Metadata model for managing records
-ISO 23081-2
Cl. 11.10.2 Storage in specified formats
A 1.4.1 Technologies for creating and capturing records shall be selected for each work process (whether automated or
manual). The selection and any change of technologies shall be documented.
- ISO 15489-1
Cl. 8.3 Designing and implementing records systems
8.5 Discontinuing records systems
- ISO/TR 15489-2
Cl. 3.2.7 Design of a records system
- ISO 16175-2
Cl. 4.3.1 Create
- ISO 16175-3
Cl. 3.1 Creating records in context
A 2.1.1 For work processes which require evidence of capture, a procedure for registering records by attaching a unique
identifier at the time of capture shall be implemented. The procedure shall ensure that no transactions involving the
record can take place before registration is completed.
- ISO 15489-1
CI. 9.4 Registration
- ISO/TR 15489-2
Cl. 4.3.3 Register
- ISO 23081-2
Cl. 11.5 Registration
ISO 16175-2
Cl. 4.3.1.5 Identification - unique identifiers
A 2.1.2 The records shall be grouped (classified) according to the - ISO 15489-1
RELATIONSHIP BETWEEN THE ISO 30300 SERIES OF STANDARDS AND OTHER PRODUCTS OF ISO/TC 46/SC 11: 1. Records processes and controls 2012
Code Control Technical information in… work processes to which they are related.
Cl. 9.5 Classification
- ISO/TR 15489-2
Cl. 4.2.2 Business activity classification
Cl. 4.3.4 Classification
- ISO 23081-1
Cl. 8.4 Metadata structures
- ISO 23081-2
Cl. 7.1 Aggregations
-ISO 16175-2
Cl. 4.3.1.3 Records aggregations
Cl. 4.3.1.6 Classification
-ISO 16175-3
Cl. 3.1.4 Records classification
A 2.1.3 The scheme for grouping (classifying) the records reflecting
the nature, number and complexity of the work processes of the organization shall be documented (including changes
over time) and implemented as part of the procedures of those work processes.
- ISO 15489-1
Cl. 9.5 Classification
- ISO/TR 15489-2
Cl. 4.2.2 Business activity classification
-ISO 16175-2
Cl. 4.3.1.7 Business classification scheme
A.2.1.4 The descriptive and control information (metadata
elements) required to create and control the records for each work process shall be identified and documented.
- ISO 15489-1
Cl. 9.3 Records capture
Cl. 9.4 Registration
Cl. 9.5 Classification
Cl. 9.8Tracking
-ISO /TR 15489-2
Cl. 4.3.2 Capture
Cl. 4.3.3 Registration
Cl. 4.3.5 Access and security classification
Cl. 4.3.8 Use and tracking
-ISO/TR 26122
RELATIONSHIP BETWEEN THE ISO 30300 SERIES OF STANDARDS AND OTHER PRODUCTS OF ISO/TC 46/SC 11: 1. Records processes and controls 2012
Code Control Technical information in… Cl. 4.2 Records dimension of work process analysis
Cl. 7.1.2 General
Cl. 7.3.2 Outcomes of the analysis of the sequence of transactions in a process
Cl. 7.9 Outcomes of the analysis of the links to other processes
-ISO 23081-1
Cl. All
-ISO 23081-2
Cl. All
-ISO/TR 13028
Cl. 6.3.4 Metadata
A.2.1.5 Records processes which need to be recorded in metadata
linked to the record event history shall be defined. Procedures shall be established to link the event history to
the records and to maintain it for as long as the records themselves.
- ISO 15489-1
Cl. 9.8 Tracking
-ISO/TR 15489-2
Cl. 4.3.8 Use and tracking
-ISO 23081-1
Cl. 5.2.3 Metadata after record capture
Cl. 8.3 Points throughout the existence of records when metadata should be created and
applied
- ISO 23081-2
Cl. 9.4 Event plan metadata
Cl. 9.5 Event history metadata
-ISO 16175-2
Cl. 5.4.7 Records management process metadata
A.2.1.6 Decisions about what metadata are required to identify, manage and control records throughout the organization,
and externally, shall be documented and implemented.
- ISO 15489-1
Cl. 9.3 Records capture
Cl. 9.4 Registration
Cl. 9.5 Classification
Cl. 9.8 Tracking
-ISO/TR 15489-2
Cl. 4.2.3 Vocabulary
Cl. 4.2.5.2 Development of security and access classification
RELATIONSHIP BETWEEN THE ISO 30300 SERIES OF STANDARDS AND OTHER PRODUCTS OF ISO/TC 46/SC 11: 1. Records processes and controls 2012
Code Control Technical information in… Cl. 4.3.2 Capture
Cl. 4.3.3 Registration
Cl. 4.3.5 Access and security classification
Cl. 4.3.8 Use and tracking
-ISO 23081-1
Cl. All
-ISO 23081-2
Cl. All
-ISO/TR 13028
Cl. 6.2.2 All digitised images should be assigned metadata to document digitising processes and to support ongoing business processes
A.2.2.1 Rules shall be established for regulating access to records based on work process requirements, relevant legislation
and, if appropriate, commercial considerations. These shall be documented and maintained for as long as the records
are required.
- ISO 15489-1
Cl. 8.2.3 Integrity
Cl. 8.3.6 Access, retrieval and use
-ISO/TR 15489-2
Cl. 4.2.1 Principal instruments
Cl. 4.2.5 Security and access classification scheme
Cl. 4.3.5 Access and security classification
-ISO/TR 26122
Cl. 4.2 Records dimension of work process analysis
A.2.2.2 The access rules shall be implemented in the records systems by assigning access status to both records and
individuals.
- ISO 15489-1
Cl. 8.3.6 Access, retrieval and use
-ISO/TR 15489-2
Cl. 4.2.1 Principal instruments
Cl. 4.2.5 Security and access classification scheme
Cl. 4.3.5 Access and security classification
- ISO 23081-1
Cl. 9.2.4 Metadata supporting the security of records
-ISO 16175-2
Cl. 5.4.1 Maintain
RELATIONSHIP BETWEEN THE ISO 30300 SERIES OF STANDARDS AND OTHER PRODUCTS OF ISO/TC 46/SC 11: 1. Records processes and controls 2012
Code Control Technical information in…
A.2.3.1 Procedures shall be implemented to ensure the integrity/security of the records and to prevent unauthorized
use, modification, removal, concealment and/or destruction.
- ISO 15489-1
Cl. 7.2.2 Authenticity
Cl. 7.2.4 Integrity
Cl. 8.3.6 Access, retrieval and use
-ISO/TR 15489-2
Cl. 4.3.9.2 Continuing retention
Cl. 4.2.5 Security and access classification scheme
Cl. 4.3.5 Access and security classification
Cl. 4.3.7.1 Records storage decisions
Cl. 4.3.8 Use and tracking
-ISO 23081-1
Cl. 5 Purpose of records management metadata
Cl. 8.3.9.2 Authenticity and fixity of metadata
- ISO 23081-2
Cl. 4.1. Purposes of metadata for managing records
-ISO TR 13028
Cl. 6.2.2 All digitised images should be assigned metadata to document digitising processes
and to support ongoing business processes
-ISO 16175-2
Cl. 5.4.1 Maintain
-ISO 16175-3
Cl. 3.2.4 Online security processes
A.2.3.2 The means of maintaining/storing the records shall meet
the relevant standards for the medium and technology used in order to ensure they remain useable for as long as
required.
- ISO 15489-1
Cl. 8.3.4 Distributed management
Cl. 9.6 Storage and handling
-ISO 15489-2
Cl. 4.3.7.1Records storage decisions
Cl. 4.3.7.3 Digital storage
Cl. 4.3.9.2 Continuing retention
Cl. 4.3.9.4 Transfer of custody or ownership of records
-ISO TR 13028
RELATIONSHIP BETWEEN THE ISO 30300 SERIES OF STANDARDS AND OTHER PRODUCTS OF ISO/TC 46/SC 11: 1. Records processes and controls 2012
Code Control Technical information in… CI. 6.2.4 Storage media and procedures should be defined, documented and implemented
A.2.3.3 Procedures shall be established and implemented to
ensure that digital records remain accessible and meaningful over time, also outside the context of their
creation.
- ISO 15489-1.
Cl. 8.2.5 Usability
Cl. 8.3.5 Conversion and migration
-ISO/TR 15489-2
Cl. 4.3.9.2 Continuing retention
-ISO 23081-2
Cl. 11 Implementing metadata for managing records
-ISO TR 13028
Cl. 6.4.3 Digitised records should be managed in a way that allows their continued existence for as long as they are required
-ISO 16175-2
Cl. 5.6.2 Migration, export and destruction
ISO 16175-3
Cl. 3.3 Supporting import, export and interoperability
A.2.3.4 Restrictions, including use of encryption, shall be removed
after a stated period
- ISO 15489-1.
Cl. 9.7 Access
-ISO/TR 15489-2
Cl. 4.2.5 Security and access classification scheme
- ISO 23081-1
Cl. 9.2.4 Metadata supporting the security of records
-ISO 16175-2
Cl. 4.3.2 Maintain
A.2.4.1 Procedures shall be established for reviewing, authorizing and implementing decisions on retention and disposition of
the records of each work process.
- ISO 15489-1
Cl. 8.3.7 Retention and disposition
Cl. 9.2 Determining how long to retain records
Cl. 9.9 Implementing disposition
- ISO 15489-2
Cl. 4.2.4 Records disposition authority
- ISO/TR 26122
RELATIONSHIP BETWEEN THE ISO 30300 SERIES OF STANDARDS AND OTHER PRODUCTS OF ISO/TC 46/SC 11: 1. Records processes and controls 2012
Code Control Technical information in… Cl. All
- ISO 23081-1
Cl. 9.6 Metadata about records management processes
- ISO 23081-2
Cl. 9.4 Event plan metadata
Cl. 11.3 Creating metadata for managing records
Cl. 11.5 Metadata as control tools for managing records
Cl. 11.7 Appraisal
- ISO/TR 13028
Cl. 6.5 Records disposition
- ISO 16175-1
Cl. 3 Guiding principles
- ISO 16175-2
Cl. 5.6 Retention and disposition
- ISO 16175-3
Cl. 3.4 Retaining and disposing of records as required
A.2.4.2 Decisions about the transfer, removal or destruction of records shall be authorized and documented.
- ISO 15489-1
Cl. 9.9 Implementing disposition
- ISO/TR 15489-2
Cl. 4.3.9 Implementation of disposition
- ISO/TR 13028
Cl. 6.5 Records disposition
- ISO 16175-1
Cl. 3 Guiding principles
- ISO 16175-2
Cl. 5.6 Retention and disposition
- ISO 16175-3
Cl. 3.3 Supporting import, export and interoperability
Cl. 3.4 Retaining and disposing of records as required
A.2.4.3 Procedures for authorized and controlled transfer of records to another organization or system shall be
- ISO 15489-1
RELATIONSHIP BETWEEN THE ISO 30300 SERIES OF STANDARDS AND OTHER PRODUCTS OF ISO/TC 46/SC 11: 1. Records processes and controls 2012
Code Control Technical information in… established and implemented. Cl. 9.9 Implementing disposition
- ISO/TR 15489-2
Cl. 4.3.9 Implementation of disposition
-ISO 23081-1
Cl. 5.2.3 Metadata after record capture
- ISO 23081-2
Cl. 11.7 Appraisal
Cl. 11.8 Transferring records
- ISO/TR 13028
Cl. 6.5 Records disposition
- ISO 16175-1
Cl. 3 Guiding principles
- ISO 16175-2
Cl. 5.6 Retention and disposition
- ISO 16175-3
Cl. 3.4 Retaining and disposing of records as required
- ISO 13008 (to be published)
Cl. all
A.2.4.4 Procedures for authorized, regular removal of records which are no longer required, including removal to off-site
or off-line storage, shall be established and implemented.
- ISO 15489-1
Cl. 8.5 Discontinuing records Systems
Cl. 9.6 Storage and handling
Cl. 9.9 Implementing disposition
- ISO/TR 15489-2
Cl. 4.3.9 Implementation of disposition
- ISO/TR 13028
Cl. 6.5 Records disposition
- ISO 16175-1
Cl. 3 Guiding principles
- ISO 16175-2
Cl. 5.6 Retention and disposition
RELATIONSHIP BETWEEN THE ISO 30300 SERIES OF STANDARDS AND OTHER PRODUCTS OF ISO/TC 46/SC 11: 1. Records processes and controls 2012
Code Control Technical information in… - ISO 16175-3
Cl. 3.4 Retaining and disposing of records as required
A.2.4.5 Records authorized for destruction shall be destroyed under appropriate supervision. The destruction shall be
documented.
- ISO 15489-1
Cl. 9.9 Implementing disposition
- ISO/TR 15489-2
Cl. 4.3.9 Implementation of disposition
- ISO 16175-1
Cl. 3 Guiding principles
- ISO 16175-2
Cl. 5.6 Retention and disposition
- ISO 16175-3
Cl. 3.4 Retaining and disposing of records as required
A.2.4.6 Where the nature and complexity of the business and
formal accountabilities require it, control information (registration, identification and history metadata) about
records which have been destroyed shall be retained.
- ISO 15489-1
Cl. 9.9 Implementing disposition
- ISO 15489-2
Cl. 4.3.9 Implementation of disposition
- ISO 23081-1
Cl. 5.2.3 Metadata after record capture
- ISO 23081-2
Cl. 11.7 Appraisal
ISO 16175-1
Cl. 3 Guiding principles
- ISO 16175-2
Cl. 5.6 Retention and disposition
- ISO 16175-3
Cl. 3.4 Retaining and disposing of records as required
Cl. 3.1.2 Record metadata
A.2.5.1 All records systems (including business systems which
keep records) shall be clearly identified, assigned to a responsible owner and documented in an inventory which
is regularly updated.
-ISO 15489-2
Cl. 3.2.5 Step D: Assessment of existing systems
-ISO 16175-1
RELATIONSHIP BETWEEN THE ISO 30300 SERIES OF STANDARDS AND OTHER PRODUCTS OF ISO/TC 46/SC 11: 1. Records processes and controls 2012
Code Control Technical information in… Cl. 2 Good practice: digital records and the role of software
A.2.5.2 Implementation decisions on records systems shall be
documented, maintained and made available to all users who need them.
-ISO 15489-2
Cl. 3.2.8 Step G: Implementation of a records system
-ISO/TR 13028
Cl. 6.4 Management systems
-ISO 16175-1
Cl. 4 Implementation issues
A.2.5.3 Rules shall be established, documented and maintained for regulating access to records systems in order to undertake
system administration tasks.
-ISO 16175-2
Cl. 5.4.3 Access controls
Cl. 5.4.4 Establishing security control
Cl. 5.4.5 Assigning security levels
-ISO 16175-3
Cl. 3.2.4 Online security processes
A.2.5.4 Procedures for operational maintenance shall be
established to ensure records systems' availability.
-ISO 16175-3
- Appendices B. Integrating records considerations into the systems development life cycle
A.2.5.5 Regular monitoring of the performance of records systems
against business requirements and records objectives shall be implemented and documented.
-ISO 15489-2
Cl. 3.2.9 Step H: Post-implementation review
A.2.5.6 Procedures shall be provided to ensure and demonstrate
that any system malfunction, upgrade or regular maintenance does not affect records integrity.
- ISO 15489-1
Cl. 8.2 Records systems characteristics
ISO 16175-2
Cl. 5.8.5 Back-up and recovery
- ISO 16175-3 5 Implementation
A.2.5.7 Changes in records systems, particularly exceptional
operations (such as migration, integration of new requirements, computer technology change or
discontinuation), shall be analysed, planned and implemented. Decisions made shall be documented.
- ISO 15489-1
Cl. 8.5 Discontinuing records systems
-ISO 13008 (to be published).
Cl. all