Friday, June 05, 2015

ISO 30301 Information and documentation -- management systems for records -- requirements



  • The second part of this standard
  • Lots of repetition from the previous standard..
  • Scope: the standard "specifies requirements to be met by a MSR in order to support an organization in the achievement of its mandate, mission, strategy and goals."
  • We have a the basic steps:
    • Context of organization
    • Leadership
    • Planning
    • Support
    • Operation
    • Performance evaluation
    • Improvement
  • Understand the context of the organization:
    • External context:
      • Social and cultural, legal, financial, technological, economic, natural, and competitive environment
      • Drivers and trends that have an impact on the organization
      • Relationships with, perceptions, values, and expectations of external stake holders
    • Internal context:
      • Governance, org structure, roles and accountabilities
      • Policies, objectives, and strategies in place
      • Capabilities, resources, and knowledge (capital, time, people, processes, systems, and technologies)
      • Information systems, information flows, decision making processes (formal and informal)
      • Relationships with, perceptions, values, and expectations of internal stake holders
      • Standards, guidelines, and models
      • Form and extent of contractual relationships
    • Business and legal requirements:
      • Statue and case law, sector-specific
      • Laws and regs relating to evidence, records and archives, access, privacy, data and info protection, electronic commerce
      • Constitutional rules of orgs, charters, or agreements
      • Treatises or instruments org is legally bound to
      • Voluntary codes of best practice
      • Voluntary codes of conduct and ethics
      • Expectations of the community about what is acceptable
  • Management commitment:
    • Ensure MSR is compatible with direction of org
    • Integrate MSR reqs into business processes
    • Provide resources to establish, implement, maintain, and improve
    • Communicate importance of MSR
    • Ensure MSR achieves intended outcomes
    • Continual improvement
  • Policy:
    • Appropriate to the purpose of the organization
    • Provide framework for setting objectives
    • Commitment to satisfy requirements
    • Commitment to CI
    • Communicated within the org
    • Be available to parties as appropriate
  • Records objectives:
    • Who is responsible
    • What will be done
    • What resources will be required
    • When it will be complete
    • How the results will be evaluated
  • Training. Personnel aware of:
    • Relevance and importance of individual activities and how they contribute to achievement of MSR objectives
    • Importance of conformance with policy and procedures
    • Issues and potential impacts of non-compliance
    • Benefits of compliance
    • Their responsiblities
  • Documentation:
    • Scope of MSR
    • Policy and objectives
    • Interdependence between MSR and other management systems
    • Documented procedures
    • Documentation for planning, operation, and control of processes
  • Control of documentation:
    • Approve for adequacy prior to issue
    • Review, update, and re-approve
    • Changes and current version status are identified
    • Documentation is legible and identifiable
    • Documentation of external origin is identified and controlled
    • Prevent use of obsolete documentation
  • Records process design:
    • Analyze work processes as per ISO/TR 26122
    • Assess risks and ensure that they are acceptable
    • Specify processes:
      • Creation:
        • What, when, and how records shall be captured
        • Content, context, and control information (metadata) that will be included
        • Decide in what form and structure the records shall be created and captured
        • Determine appropriate technology for record creation and control
      • Control:
        • Determine what metadata is required and how it will be linked
        • Establish rules and conditions for use of records over time
        • Maintain usability of records
        • Establish authorized disposition
        • Establish conditions for admin and maintenance of records systems
  • There is also some guidance on performance management:
    • Assess effectiveness:
      • It reflects current business needs
      • Records objectives are consistent with policy, achievable, valid, and support CI
      • Changes in business, legal, etc.
      • Availability and adequacy of resources
      • Adequacy or roles, responsibilities, and authorities
      • Performance of individuals with responsibility for implementation, reporting, and promotion
      • Performance of records processes and systems against objectives
      • Adequacy of documentation
      • Effectiveness of records systems to achieve strategic, managerial, and financial objectives
      • Effectiveness of training and awareness programs
      • User and stakeholder satisfaction


  • Overall, this standard is pretty awesome. It could form the basis of an effective blue print for information management.

posted by George Goodall at 2:13 PM

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home