Monday, May 11, 2015

ISO 15489-1

We talk a lot about it. Here it is:



  • Based on AS 4390, Records management
  • Applies to records… but not archives. Particularly relevant is ISO 9001 and ISO 14001
  • Records management includes:
    • Setting policies and standards
    • Assigning responsibilities and authorities
    • Establishing and promulgating procedures and guidelines
    • Providing a range of services relating to the management and use of records
    • Designing, implementing and administering specialized systems for managing records
    • Integrating records management into business systems and processes
  • It lists some of the benefits for RM
  • Regulatory environment includes:
    • Statues, case laws, regulations, particularly for records, archives, access, privacy, evidence, ecommerce, data protection, information
    • Mandatory standards of practice
    • Voluntary codes of best practice
    • Voluntary codes of conduct and ethics
    • Identifiable expectations of the community about what is acceptable
  • You need effective policies; should be derived from analysis of business activities
  • Responsibilities should be listed.
  • Some decent sample policy language.
  • Records a created and used as part of business activities
  • An RM programme should include:
    • Determining which records should be created in each process and what info needs to be included
    • Determining the form and structure of created/captured records
    • Determining reqs for retrieving, using and transmitting records between process and users
    • Determining retention
    • Deciding how to organize recrods
    • Assess risks of failure to retain authoritative records
    • Preserving records and ensuring their availability
    • Complying with legal and regulatory requirements
    • Ensuring records are safe and secure
    • Ensuring records are retained for only as long as necessary
    • Identifying and evaluating opportunities for improvements
    • Creating rules for capturing records and metadata
    • Ensuring business continuity for records
  • Characteristics of a records: "A record should correctly refelct what was communicated or decided and what action was taken. It should be able to support the needs of the business to which it relates and be used for accountability purposes."
  • Records should also have sufficient metadata to retain relationships between records elements, identify the business context of the records, necessary links between records.
  • An authentic record:
    • Is what it purports to be
    • Created/sent by the person purported to create or send it
    • Created/sent at the time purported
  • "A reliable record is one whose contents can be trusted  as a full and accurate representation of the transactions, activities or facts to which they attest."
  • "The integrity of a record refers to its being complete and unaltered."
  • "A useable record is one that can be located, retrieved, presented, and interpreted."
  • A records system could consider: records system design, system documentation, training, record conversion, standards and compliance, setting retention periods.
  • Documentation should be in an "Information management strategic plan"
  • A records system should:
    • Routinely capture all records within the business scope
    • Organize records in a way that reflects the business processes of the creator
    • Protect records from unauthorized alteration or disposition
    • Function as the primary source of information about activities
    • Provide ready access to all records and related metadata
  • Implementation methodology:
    1. Preliminary investigation. Documentary sources and interviews.
    2. Analysis of business activities. Create a Business Classification System (BCS).
    3. Identification of requirements for records.
    4. Assessment of existing systems.
    5. Identification of strategies for satisfying records requirements.
    6. Design of records system.
    7. Implementation of a records system.
    8. Post-implementation review.
  • Records retention requirements:
    • Meet current/future needs:
      • Retain information concerning decisions and activities
      • Retain evidence for accountability obligations
      • Eliminate records that are no longer required
      • Retain sufficient context to judge authenticity and reliability
    • Comply with legal requirements
    • Meet current and future needs of stakeholders
      • Identify interests that stakeholders might have in preserving records beyond retention period
      • Identifying legal, financial, political, social, or other gains from preserving records
      • Following regulations
  • Techniques for capture:
    • Classification and indexing
    • Arrangement in a logical structure
    • Registration to provide evidence of existence
  • "Registration" provides evidence of capture
  • Classification provides links between records, ensures consistent naming, assists retrieval, determines security protection, provides permissions, distributes management responsibility, indicates need for action, determines retention and disposition.
  • We can get guidance from ISO 5963 Documentation -- Methods for examining documents, determining their subjects, and selecting index terms.
  • We could use codes… but we don't get guidance.
  • There are guidelines for access, tracking, action tracking, location tracking, and disposition.
  • Disposition may include: physical destruction, retention within business unit, transfer to storage area, transfer to another org, transfer to managed service, transfer to a different authority, transfer to an archive, transfer to an external archives authority.
  • Destruction should be authorized, retain confidentiality, include all copies.

posted by George Goodall at 12:49 PM

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home