Information and Documentation, Records Management, Concepts and Principles

Libyan International Medical University
Business Process Management
Information and Documentation
ISO 15489
Concepts, principles and Guidelines
Prepared By
Moataz Belkhair
BPM Expert
International Standard ISO 15489-1-2016 Technical Report ISO 15489-2-2001
2
ISO brief history
• ISO stands for international organization for standardization
• ISO was derived from a Greek word “isos” meaning “equal”.
• Include 63 countries established to formulate and foster standardization.
• non-governmental international organization with a membership of 168
national standards bodies.
Main Goals of ISO

www.iso.org
1. Enhanced product quality;
2. Improved health, safety and environmental protection;
3. Greater compatibility (goods and services);
4. Reduction in costs;
5. Increased distribution efficiency;
6. Ease of maintenance;
7. Simplification for improved usability.
3
ISO brief history
ISO'S FIRST OFFICES
In 1949, ISO moves into offices in a small,

private house in Geneva, has 5 members of
staff.
4
ISO brief history
ISO'S FIRST STANDARD
In 1951, the first ISO standard ISO/R 1:1951

Standard reference temperature for industrial
length measurements, is published.
5
ISO brief history
THE ISO JOURNAL
In 1952, ISO has published monthly information

about its technical committees in New York.
6
ISO brief history
ISO AND DEVELOPING COUNTRIES
In 1960S , ISO works to include more developing

countries in its International Standardization work,
established DEVCO.
7
ISO brief history
ENVIRONMENT ON THE AGENDA
In 1971, ISO creates its first two technical

committees in the environmental field: Air quality
and Water quality, (Renewable Energy).
8
ISO brief history
AN INTERNATIONAL FOCUS
In 1970s, turning ISO into a truly international

organization, such as Japan and China
9
ISO brief history
ISO 9000 FAMILY
In 1987, ISO publishes its first Quality Management

Standard. .
10
ISO 1 – ISO 99999
ISO 15489
Information and
1. ISO 1 – ISO 1999 documentation
– Records
2. ISO 2000 – ISO 2999 management
3. ISO 3000 – ISO 4999
4. ISO 5000 – ISO 7999
5. ISO 8000 – ISO 9999
• ISO 15489-1:2016 Part 1: Concepts and principles
6. ISO 10000 – ISO 11999 • ISO/TR 15489-2:2001 Part 2: Guidelines
7. ISO 12000 – ISO 13999
8. ISO 14000 – ISO 15999
9. ISO 16000 – ISO 17999
10. ISO 18000 – ISO 19999
11. ISO 20000 – ISO 21999
12. ISO 22000 – ISO 23999
13. ISO 24000 – ISO 25999
14. ISO 26000 – ISO 27999
15. ISO 28000 – ISO 29999
16. ISO 30000 – ISO 99999
11
ISO 15489 benefits
1) improved transparency and accountability;
2) effective policy formation;
3) informed decision-making;
4) management of business risks;
5) continuity in the event of disaster;
6) protection of rights and obligations of organizations and individuals;
7) compliance with legislation and regulations;
8) reduction of costs;
9) preserving the memory of the institution or department;
10) support research and development activities.
Information & Documentation

ISO 15489 - Concepts, principles and Guidelines
Business Process Management - LIMU 12
Electronic records are not STORAGE
widely different from paper ORGANIZATION

records. OWNERSHIP
RETENTION & DISPOSITION
SECURITY
AUTHENTICITY

TYPES OF DOCUMENTS
DATABASES SCANNED WEBSITES SOCIAL PRESENTATIONS

IMAGES MEDIA
ELECTRONIC CAD VIDEOS AUDIO GIS

PUPLICATION RECORDING
SPREADSHEETS PDF EMAILING WORD DIGITAL

PROCESSING PHOTOGRAPH

THEIR LOCATIONS
DESKTOPs LAPTOPS NETWORK REMOVABLE

SERVERS MEDIA
SMART TABLETS BACKUP

CLOUD
PHONES TAPES

If a record is born digital, it
should die digital
16
Records Lifecycle
Retention & Create &

Disposition Capture
Maintenance &
Use

Records Lifecycle: creation and capture
• Most records are created routinely as a result of work processes.
• Capturing records means keeping the records created or received so that they will be
there when needed.
Questions to consider:
• Where do we create the record?

• Is it born digital?
• How is it captured in a records system
• Do we need to scan the record if it’s a
paper copy?

Records Lifecycle: maintenance and use
1. Classification
2. Indexing
3. Access controls
4. Storage and media selection
5. Auditing and reporting
• How do we organize my records?

• Can they be searched easily?
• Do they right people have access to them?
• Do we need to have access to records offline?
• How to we maintain versions?

Records Lifecycle: retention and disposition
• Records should be managed according to their value to the organization
• Records should be retained according to a records program
• Records should be disposed of at the end of the lifecycle
• Documents that are not records must still be managed appropriately.
• How long should we keep the record?

• What do we do with the record when it
meets its retention period?
• What are the destruction processes?
• How do we prepare records for archiving?

What is ISO 15489-1?
“It defines the concepts and principles from which
approaches to the creation, capture and management of
records are developed.”
a) records, metadata for records and records systems;

b) policies, assigned responsibilities, monitoring and training supporting the effective management of
records;
c) recurrent analysis of business context and the identification of records requirements;
d) records controls;
e) processes for creating, capturing and managing records.

What does record contains?
Records
Information
Business Activity
Assets
Work
Functions Activities Transactions
Processes

‫?‪What is Record‬‬ ‫المحرر (‪ )Document‬وسيط مادي يحمل بيانات ومعلومات له‬
‫طبيعة رسمية أو قانونية لم يوثق بعد؛ حيث يمثل المحرر الوثيقة في‬
‫‪“information created, received and maintained as‬‬ ‫طور اإلنشاء وهي تخطو نحو استكمال إجراءاتها‪ ،‬وبانتهائها يمكن‬
‫‪evidence and as an asset by an organization or person,‬‬ ‫االعتماد عليها كدليل مثبت بإرادة المنشئ وعندئذ تصبح وثيقة‬
‫‪in pursuit of legal obligations or in the transaction of‬‬ ‫(‪.)record‬‬
‫‪business.” - ISO 15489-1, 2016‬‬ ‫مصطلح "مستند" كترجمة لكلمة ‪ Document‬لكنها غير دقيقة‪ ،‬ألن‬
‫كلمة مستند في العربية من مرادفات كلمة وثيقة وتعني االعتماد‬
‫(االستناد) عليها كأدلة إثبات وهو ما ال يتحقق إال باكتمال عملية التوثيق‬
‫•‬ ‫‪The term “record” does not always translate well.‬‬ ‫للمحرر‪.‬‬
‫•‬ ‫‪Organizations often develop their own definition of‬‬
‫‪record.‬‬ ‫الوثيقة (‪ )Record‬هي المحررات التي انتهت مرحلة إنشائها باكتمال‬
‫إجراءات توثيقها وصارت وثيقة قانونية يعتد بها كأدلة إثبات يتم حفظها‬
‫?‪What is Document‬‬ ‫للرجوع إليها مستقبال و ُيطلق مصطلح "‪ "Record‬على الوثائق التي ال‬
‫تزال تحت سيطرة الجهة اإلدارية المنشئة لها‪.‬‬
‫المراجع‪:‬‬
‫‪“Recorded information or object which can be treated‬‬ ‫"المعايير الدولية في مجال إدارة الوثائق والرقمنة واإلفادة منها في إجراء‬ ‫•‬
‫‪as a unit.” - ISO 15489-1, 2016‬‬ ‫عمليات التحول الرقمي لألرصدة الوثائقية"‪ ,‬يناير ‪ ,2021‬المجلة العلمية‬
‫للمكتبات والوثائق والمعلومات‪.‬‬
‫كتاب ‪- Glossary of Archival And Records Terminology‬‬ ‫•‬

‫‪January 2005 , Richard Pearce-Moses‬‬
‫‪Information & Documentation‬‬

‫‪ISO 15489 - Concepts, principles and Guidelines‬‬
‫‪Business Process Management - LIMU‬‬ ‫‪23‬‬
Characteristics of Records
A record can be
A record is proven to trusted as a full and
be what it purports accurate
to be representation of
activities or facts
Authenticity Reliability
Usability Integrity
A record can be
located, retrieved, A record is complete
presented and and unaltered
interpreted

The Importance Of Records
• Most of today’s records start out in electronic form:

o Documents
o Spreadsheets
o Images
o Emails
• Growing awareness of records management
• Failures of governance
• Increasing government requirements for retention
and disposition.

What is records management?
“field of management responsible for the efficient and systematic control of the
creation, receipt, maintenance, use and disposition of records, including
processes for capturing and maintaining evidence of and information about
business activities and transactions in the form of records.” - ISO 15489-1, 2016
What is records system?

“information system which captures, manages and provides access to records
over time.” - ISO 15489-1, 2016

Drivers Of Records Management
• Not losing records
• Laws
• Sharing records
• Regulations
• Finding records easily
• Policies
• Getting the complete picture
• Standards
• High evidential weight
• Good practice
• Faster information retrieval
• 24/7 availability
• Disaster recovery and backups
• Records are
vulnerable to loss
• Organizations tend to • Accessing records
fail if they lose records quickly
• E-storage may speed • Saving space
recovery from a • Reducing handling costs
disaster.

What is access?
“right, opportunity, means of finding, using or retrieving information.” - ISO 15489-1,
2016
What is activity?
“major task performed by a business entity as part of a function.” - ISO 15489-1, 2016
What is agent?
“individual, workgroup or organization responsible for, or involved in, record
creation, capture and/or records management processes.” - ISO 15489-1, 2016

What is business classification scheme?
“tool for linking records to the context of their creation.” - ISO 15489-1, 2016
What is classification?
“systematic identification and/or arrangement of business activities and/or
records into categories according to logically structured conventions, methods,
and procedural rules.” - ISO 15489-1, 2016
What is conversion?
“process of changing records from one format to another.” - ISO 15489-1, 2016

What is destruction?
“process of eliminating or deleting a record, beyond any possible reconstruction.”
- ISO 15489-1, 2016

What is evidence?
“documentation of a transaction.” - ISO 15489-1, 2016
What is function?
“group of activities that fulfils the major responsibilities for achieving the strategic
goals of a business entity.” - ISO 15489-1, 2016

What is metadata?
“structured or semi-structured information, which enables the creation, management, and use
of records through time and within and across domains.” - ISO 15489-1, 2016

Types of metadata?
Descriptive Administrative Structural Business Social
(information) (privacy & security) (information) (organization- (user interactions

specific details) surrounding)
• title, author, and • contains • useful in • what • chat logs, user

subject matter of information about warehousing and what a piece of notes, comments,
the document. the copyright, machine learning. information means bookmarks, etc
permissions,
• helps users locate restrictions, • how
and identify license how the organization
documents. agreements. uses it.
• identify who can

access a
document

What is schema?
“process of moving records from one hardware or software configuration to
another without changing the format.” - ISO 15489-1, 2016
What is work process?

“one or more sequences of actions required to produce an outcome that
complies with governing rules.” - ISO 15489-1, 2016

What is migration?
“logical plan showing the relationships between metadata elements, normally
through establishing rules for the use and management of metadata specifically
as regards the semantics, the syntax and the optionality (obligation level) of
values.” - ISO 15489-1, 2016
What is transaction?
“smallest unit of a work process consisting of an exchange between two or more
participants or systems.” - ISO 15489-1, 2016

Records systems
Records systems comprise a number of elements that are combined so that
identified records requirements can be met within a given business environment.
a) apply records controls.

b) carry out processes for creating, capturing and managing records.
c) support the creation and maintenance of logical relationships between
records content and metadata for records.

The design and implementation of records systems
a) conformance with the characteristics of records systems

b) interoperability to support interaction with other systems and a flexible approach to the
use of records controls;
c) ease of records use and reuse;
d) readiness for technological or business change, such as system upgrades or
administrative restructuring;
e) Readiness for business interruptions and business continuity in the event of unexpected
disruptions.

Characteristics Of Records Systems
Reliable
Compliant
Secure
Systematic
Comprehensive

PART 2
Policies and responsibilities
Design and implementation of a records system
Records processes and controls
Monitoring and auditing
Training
39
Policies and Responsibilities
• should be designated to all personnel who
Responsibilities
• should be derived from business
Policies
objectives; create and use records as part of their

• supported by business rules, procedures work.
and guidelines, planning and strategy • may be assigned by law;
statements. • ensure that records are maintained, stored
• should include a statement about scope; and preserved for the period of their
• should define legislation, regulations and usefulness to the organization;
standards; • ensure that records are disposed of only in
• should be authorized an appropriate accordance with a defined approval
decision-making level; process.
• should be frequently reviewed to ensure
they reflect current business needs.

Policies and Responsibilities
Responsibility categories of all employees within organization:
• responsible for • create, receive

Senior Management
• the highest level • primary role for • ensuring that their
Records Management Professional
Managers / organizational groupings
Others
Staff
of responsibility implementation staff create and security, and keep
for ensuring a of ISO 15489-1. keep records as compliance, records as part
successful an integral part of designing and of their daily
records their work. implementing work
• establish the
management using
overall records
programme. technologies.
management • provide the
policies, resources
• promotes procedures, and necessary for the
compliance standards. management of
with records records and liaise
management with records
procedures. management
professionals

Design and Implementation of Records Systems (DIRS)
Step E Step F
Step A Step B Step C
Identify Desing
Conduct Analyze Identify
strategies to records
preliminary business requirements
satisfy system
investigation activity for records
requirements
Policy Design
Standard Implementation
Step D
Assess
existing
system
Step H Step G
Conduct post Implement
implementati records
on review system
Primary
feedback

Step A Step C Step E Step F

Conduct Step B Identify
Identify Desing
preliminary Analyze strategies to
requirement records
investigation business satisfy
s for records system
activity requirements
Policy Design
provide administrative
understanding and legal to
create and Standard Implementation
Step D
Assess
existing
system
Step H Step G
on review system
Primary
feedback
Step B Step C Step E Step F

Step A Analyze Identify
Identify Desing
Conduct business strategies to
requirement records
preliminary activity satisfy
investigation requirements
Policy Design
The products coming from step B may include:
a) documentation: organization’s business and processes. Standard Implementation

b) business classification scheme: organization’s functions,
activities and transactions in a hierarchical relationship.
Step D
Assess
The analysis provides records management tools, may include:
existing
a) thesaurus of terms to control the language for titling and
system
indexing records in a specific business context.
Step H Step G
b) disposition authority defines the retention periods and Conduct post Implement
consequent disposition actions for records. implementati records
on review system
Primary
feedback
Step C Step E Step F

Step A Step B Identify Identify Desing
Conduct Analyze requirement strategies to records
preliminary business s for records satisfy system
investigation activity requirements
Policy Design
a) document the requirements in a structured and
easily maintainable form.
Step D b) Keep appropriate records facilitates the proper

Assess conduct of business.
existing
system
c) ensure that individuals and organizations are
Stepaccountable
H Stepactions
for their G in matters of law and
Conduct post
administration. Implement
on review system
Primary
feedback

Step A Step B Identify
Identify Desing
Conduct Analyze strategies to
requirement records
preliminary business satisfy
Policy Design
Products from this step may include:

Step D
a) an inventory of the organization’s Assess
existing business systems. existing
system
b) a report outlining address the
organization’s agreed requirements for
Step H Step G
records.
on review system
Primary
feedback
Step C Step E Strategies selection

Step F
Step A Step B Identify
Identify Desing a) nature of an organization including its
Conduct Analyze strategies to
requirement records goals and history;
preliminary business satisfy
s for records system b) type of business activities;
investigation activity requirement
c) its supporting technological
s
environment;
d) prevailing corporate culture;
Policy Design
e) external constraints.
Strategies content
a) adopting policies and procedures
b) developing Standards
c) designing new system
Step D d) implementing systems
Assess
existing Outcome
system 1. list of strategies that will satisfy the
Step H Step G organization’s requirements for records;
Conduct post Implement 2. model that maps strategies to
implementati records requirements;
on review system 3. report for senior management
recommending an overall design
Primary strategy.
feedback

Step A Step B Identify Desing
Identify content
Conduct Analyze strategies to records
requirement a) designing changes to current processes.
preliminary business satisfy system
s for records b) integrating technological solutions.
Outcome
Policy Design 1. design project plans: tasks,
responsibilities and timelines;
2. Documentation: changes to
Implementation requirements;
Standard
3. design descriptions;
4. system business rules;
5. system specifications;
Step D 6. Diagrams: architectures and
Assess components;
existing 7. Models: processes, data flows and data
system entities;
8. Plans: integration with existing systems
Step H Step G
and processes;
9. initial training and testing plans
10. system implementation plan.
on review system
Primary
feedback


Identify
requirement
s for records
a) detailed project plan outlining of

Policy Design
strategies selected;
b) documented policies, procedures and
Standard Implementation standards;
c) training materials;
d) documentation of the conversion
Step D
Assess process and ongoing migration
existing procedures;
system
e) documentation required for “quality
Step H Step G
Implement systems”;
Conduct post
implementati records f) performance reports;
on review system
g) report(s) to management.
Primary
feedback


Identify
requirement
s for records
a) Analyzing: whether records have

Policy Design
been created and organized
according to the necessities of the
Standard Implementation business activities.
b) Interviewing: management, staff and
other stakeholders.
Step D
Assess c) conducting surveys.
existing d) Observing: randomly checking
system
operations..
Step H Step G
Conduct Implement
post records
implementa system
tion review
Primary
feedback

Records Processes & Controls
51
1 Instruments
1.1 Principal The principal instruments are:
1.2 classification
1.3 Vocabulary a) a classification scheme: that is based on business activities;
1.4 disposition authority
b) a records disposition authority;
c) a security: access classification scheme.
1.5 Security
2 Records Management Processes
2.1 Capture Records-management-specific tools
2.2 Registration 1. a thesaurus of preferred terms;
2.3 Classification 2. a glossary of terms or other vocabulary controls
2.4 Access and security classification 3. a regulatory framework analysis;
2.5 Identification of disposition status 4. a business risk analysis;
2.6 Storage 5. an organizational delegations authority;
2.7 Use and tracking
6. a register of employees and system user permissions.
2.8 Implementation of disposition

1 Instruments
1.1 Principal “Systematic identification and arrangement of business activities and
or records into categories according to logically structured
1.2 classification
conventions methods and procedural rules represented in a
1.3 Vocabulary classification system”. - ISO 15489 -2 - 2001
1.5 Security
2.1 Capture
2.2 Registration
2.3 Classification
2.4 Access and security classification
2.5 Identification of disposition status
2.6 Storage

1 Instruments
1.1 Principal “A thesaurus is a controlled list of terms linked together by
1.2 classification semantic, hierarchical, associative or equivalence relationships.”-
1.3 Vocabulary
ISO 15489-2 - 2001

1.5 Security
2 Records Management Processes List of authorized headings:
2.1 Capture
a) derived from terms;
2.2 Registration
b) allows control of the terminology;
2.3 Classification c) controlling the use of synonyms, homonyms, abbreviations
2.4 Access and security classification and acronyms.
2.6 Storage

1 Instruments Disposition
1.1 Principal
1.2 classification “Range of processes associated with implementing records retention,
destruction or transfer decisions which are documented in disposition
1.3 Vocabulary
authorities or other instruments.” - ISO 15489-2, 2001
1.5 Security
2 Records Management Processes Disposition Authority
2.1 Capture
2.2 Registration “Instrument that defines the disposition actions that are authorized for
specified records.” - ISO 15489-2, 2001
2.3 Classification
2.5 Identification of disposition status Disposition can include:
2.6 Storage
• Destruction
• Shredding
2.8 Implementation of disposition • Deletion
• Secure destruction or deletion
• Transfer for archival review

1 Instruments Disposition Authority
1.1 Principal
Determining documents to be captured into a records system
1.2 classification
1.3 Vocabulary 1. identify the broad level of records that needs to be created to
1.4 disposition authority administer;
2. identify the parts of the organization in which the records of the activity
1.5 Security
are captured;
2 Records Management Processes 3. analyze the business activity to identify all essential steps that make up
2.1 Capture the activity;
2.2 Registration 4. identify all transactions that include each step in the business activity;
5. identify the data required to process the transaction;
2.3 Classification
6. determine the need to capture evidence of each transaction;
2.4 Access and security classification 7. determine the appropriate point at which the record is to be captured.
2.6 Storage Determining how long to retain records
2.7 Use and tracking 1. Determine the uses of record within the system.
2.8 Implementation of disposition 2. Determine links to other systems.
3. Consider the broad range of uses of the record.
4. Allocate retention periods to the records on the basis of the total system
evaluation.
1 Instruments Security
1.1 Principal
1.2 classification “Reasonable security and access will depend on both the nature and
1.3 Vocabulary size of the organization, as well as the content and value of the
information requiring security.” - ISO 15489-2, 2001
1.5 Security
Access to records may be restricted to protect
2.1 Capture
2.2 Registration 1. personal information and privacy;
2.3 Classification 2. intellectual property rights and commercial confidentiality;
3. security of property (physical, financial);
4. state security;
2.5 Identification of disposition status 5. legal and other professional privilege.
2.6 Storage

1 Instruments
1.1 Principal Capture
1.2 classification
1.3 Vocabulary Implementation
Registration
of disposition
1.5 Security
2.1 Capture RMP
Use &
Classification
2.2 Registration tracking
Lifecycle
2.3 Classification
2.6 Storage Storage
Access &
security
2.8 Implementation of disposition Identification

1 Instruments
“Capture is the process of determining that a record should be made
1.1 Principal and kept.” - ISO 15489-2, 2001
1.2 classification
1.3 Vocabulary Examples of documents that may not require formal capture as
1.4 disposition authority records are those that do not
1.5 Security
1. commit an organization or individual to an action,
2.1 Capture 2. document any obligation or responsibility, or

2.2 Registration 3. comprise information connected to the accountable business of
2.3 Classification the organization.
2.5 Identification of disposition status Electronic records systems that capture records also need to
capture metadata associated with the record in a way that
2.6 Storage
1. describe the record both for what it contains and the context of
the business taking place,
2. enable that record to be a fixed representation of action, and

3. enable the record to be retrieved and rendered meaningful.
1 Instruments
“Registration to provide evidence that a record has been created or
1.1 Principal captured in a records system.” - ISO 15489-2, 2001
1.2 classification
1.3 Vocabulary
1.4 disposition authority Registration specifies the following metadata as a minimum:
1.5 Security
2 Records Management Processes a) a unique identifier assigned from the system;
2.1 Capture b) the date and time of registration;
2.2 Registration c) a title or abbreviated description;
2.3 Classification d) the author (person or corporate body), sender or recipient.
2.6 Storage

1 Instruments
“Classification is the process of identifying the category or categories
1.1 Principal of business activity and the records they generate and of grouping
1.2 classification them.” - ISO 15489-2, 2001
1.3 Vocabulary
1.4 disposition authority The process consists of the following steps:
1.5 Security 1. identify the transaction or business activity that the record documents;
2 Records Management Processes 2. locate the transaction or activity in the organization’s classification system;
2.1 Capture 3. examine the higher-level classes to which the transaction or activity is
2.2 Registration
linked, to
2.3 Classification
4. ensure that the identification of the classification is appropriate;
5. check the activity classification against the organization’s structure, to
ensure that it is appropriate to the business unit to which the record
2.6 Storage
belongs;
6. allocate the identified classification to the record to the levels appropriate
to the organization’s requirements.
7. link restrictions to instruments such as activity classification systems or
thesauruses that are used to describe records.
1 Instruments
1.1 Principal
1.2 classification The number of levels of classification and entry point of the
1.3 Vocabulary
classification process depends on the following factors:

a) accountabilities of the organization;
1.5 Security
b) nature of the business;
2.1 Capture c) size of the organization;

2.2 Registration d) complexity of the structure of the organization;
2.3 Classification e) risk assessment of criticality for speed and accuracy in
2.4 Access and security classification control and retrieval of records;
f) technology deployed.
2.6 Storage

1 Instruments
• list of authorized headings or a thesaurus;
1.1 Principal Vocabulary • accuracy and speed in locating individual
controls records;
1.2 classification
1.3 Vocabulary
• Helps in retrieval of records across
1.5 Security Indexing
classifications, categories and media;
2 Records Management Processes • can be done manually or be automatically.
2.1 Capture
2.2 Registration Indexing terms are commonly derived from
2.3 Classification
a) format or nature of the record,
b) title or main heading of the record,
c) subject content of the record,
2.6 Storage
d) abstract of a record,
e) dates associated with transactions,
f) names of clients or organizations,
g) processing requirements,
h) attached documentation not otherwise identified.
1 Instruments
“Access to records is restricted only where specifically required by
1.1 Principal business need or by law, and it may be assigned in consultation
1.2 classification with the business unit.” - ISO 15489-2, 2001
1.3 Vocabulary
1.5 Security 1. identify the transaction or business activity that the record
2 Records Management Processes documents;
2.1 Capture 2. identify the business unit to which the records belong;
2.2 Registration 3. check the access and security classifications to establish
2.3 Classification
whether the activity and the business area are identified as
areas of risk;
4. allocate the appropriate level of access or restriction to the
2.6 Storage
record
2.8 Implementation of disposition 5. specify appropriate control mechanisms for handling;
6. record the access or security status of the record in the records
system to signal the need for additional control measures.
1 Instruments
1.1 Principal It involves the following steps:
1.2 classification
1.3 Vocabulary 1. identifying the transaction or business activity documented by
1.4 disposition authority the record;
1.5 Security 2. locating the transaction and records in the appropriate records
class in the disposition authority;
2.1 Capture
3. allocating the relevant retention period and identifying the
2.2 Registration
anticipated disposition action;
2.3 Classification
4. recording the retention period and future disposition action in
2.5 Identification of disposition status the records system;
2.6 Storage 5. determining the extent to which it is necessary to retain
2.7 Use and tracking metadata about records.

1 Instruments
“Appropriate storage conditions ensure that records are protected,
1.1 Principal accessible and managed in a cost-effective manner.” - ISO 15489-2,
1.2 classification 2001
1.3 Vocabulary
Factors that are important in selecting storage:
1.5 Security
a) Volume and growth rate of records.
2.1 Capture
b) Use of records.
2.2 Registration
2.3 Classification
c) Records security and sensitivity needs.
2.4 Access and security classification d) Physical characteristics.

2.5 Identification of disposition status e) Records use as reflected in retrieval requirements.
2.6 Storage f) Relative cost of record storage options.
2.7 Use and tracking g) Access needs.

1 Instruments
1.1 Principal
Digital storage
1.2 classification
1.3 Vocabulary
1. Backup • copying electronic records to prevent the
1.4 disposition authority systems loss through system failures.
1.5 Security
2.1 Capture
2. Maintenance • copy records to newer versions of the media
2.2 Registration
processes to prevent data erosion.
2.3 Classification
3. Hardware &
2.6 Storage • affect the readability of stored electronic
software
records.
2.7 Use and tracking obsolescence

1 Instruments
“Use of the record is a records management transaction that may need
1.1 Principal to be captured by the system to form part of the metadata.”
1.2 classification
“Tracking of records usage within records systems is a security measure
1.3 Vocabulary
for organizations. It ensures that only those users with appropriate
1.4 disposition authority permissions are performing records tasks.” - ISO 15489-2, 2001
1.5 Security
2 Records Management Processes Managing the use and tracking of records as follows:
2.1 Capture
1. identifying the records system user permissions associated with individuals and their
2.2 Registration positions within the organization,
2.3 Classification 2. identifying the access and security status of records,
2.4 Access and security classification 3. identifying the access rights for people external to the organization,
2.5 Identification of disposition status 4. ensuring that only individuals with the appropriate user classification or security rights
2.6 Storage have access to records with restricted status,
2.7 Use and tracking 5. tracking the movement of the record to identify those who have custody of it,
2.8 Implementation of disposition 6. ensuring that all use of the records is recorded to an appropriate level of detail,
7. reviewing the access classifications of records to ensure that they are current and still
applicable.

1 Instruments
“Records with similar disposition dates and triggering actions should be
1.1 Principal readily identifiable from the records system. .” - ISO 15489-2, 2001
1.2 classification
1.3 Vocabulary
1.4 disposition authority The use history of records due for disposition action needs to
1.5 Security
be reviewed to confirm or amend the disposition status:

1. checking triggers for disposition action;
2.1 Capture
2. confirming as completed action;
2.2 Registration
2.3 Classification
3. maintaining an auditable record of disposition action.

2.6 Storage

1 Instruments
1.1 Principal
1.2 classification
Records removed from current systems have to be accessible and
1.3 Vocabulary
retrievable for the entire period of their retention.
Implementation of
1.5 Security Continuing
Preservation strategies Retention
can include:
disposition
1. Copying is the production of an identical copy within the same or
2.1 Capture Physical Destruction
2.2 Registration different type of medium.
2.3 Classification 2. Conversion involves a changeOf

ofCustody
the format of the record but
Transfer
ensures that the record retains the identical primary information
(content).
2.6 Storage
3. Migration involves a set of organized tasks designed to
frequently transfer digital material from one hardware/software
configuration to another.

1 Instruments
1.1 Principal
1.2 classification
1.3 Vocabulary
• Physical destruction of records is carried out by methods
1.4 disposition authority appropriate to their level of confidentiality.
Implementation of
1.5 Security Continuing Retention
The organization may maintain an auditable trail documenting all
disposition
•
destruction of records.
2.2 Registration • Records in electronic form can also be destroyed by reformatting or
rewriting if it can be guaranteed that the reformatting cannot be
2.3 Classification
reversed. Transfer Of Custody
2.6 Storage

1 Instruments
1.1 Principal
1.2 classification
1.3 Vocabulary Records are transferred out of the custody or ownership of the
organization or business unit that created them.
Implementation of
1.5 Security Transfer of custody of Continuing Retention
records to another organization may include:
disposition
a) transfer to other organizations with responsibilities for the
records,
2.2 Registration b) transfer to outsourced or contractor organizations,
2.3 Classification c) transfer to a storage facility,
Transfer Of Custody
d) transfer to an archive.
2.6 Storage

Monitoring and Auditing
There are three reasons for monitoring and auditing records systems:
a) to ensure compliance with the organization’s established standards;

b) to ensure that records will be accepted as evidence in a court of law;
c) to improve an organization’s performance.
Monitoring Auditing
• Monitoring helps to ensure continued legal • understanding of the nature of its records,
accountability of the records system.
• care and security arrangements for the
• Monitoring processes are documented to records,
provide evidence of compliance with policies,
procedures and standards which the • business processes and technologies; and their
organization has adopted. proper implementation.

Training
“A training programme should ensure that the functions and benefits of managing records are
widely understood in an organization.” - ISO 15489-2, 2001
Personnel to be trained:
a) managers, including senior managers,

b) employees,
c) contractors,
d) volunteers,
e) any other personnel who have a
responsibility to create or use records.

Training
Methods of training:
a) organization’s employee orientation programmes and documentation;

b) training for new employees at times of system change;
c) on-the-job training by knowledgeable supervisors;
d) leaflets and booklets providing short “how-to” guides describing aspects of the organization’s record;
e) computer-based presentations;
f) training courses provided by educational institutions or professional organizations.

References:
1.International Standard ISO 15489-1-2016

2.Technical Report ISO 15489-2-2001
3. www.iso.org
76

Information and Documentation, Records Management, Concepts and Principles

Uploaded by

Copyright:

Available Formats

You might also like

Information and Documentation, Records Management, Concepts and Principles

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Information and Documentation, Records Management, Concepts and Principles

Uploaded by

Copyright:

Available Formats

Libyan International Medical University

Business Process Management

Information and Documentation

Main Goals of ISO

ISO'S FIRST OFFICES

In 1949, ISO moves into offices in a small,

ISO'S FIRST STANDARD

In 1951, the first ISO standard ISO/R 1:1951

THE ISO JOURNAL

In 1952, ISO has published monthly information

ISO AND DEVELOPING COUNTRIES

In 1960S , ISO works to include more developing

ENVIRONMENT ON THE AGENDA

In 1971, ISO creates its first two technical

In 1970s, turning ISO into a truly international

ISO 9000 FAMILY

In 1987, ISO publishes its first Quality Management

Information & Documentation

widely different from paper ORGANIZATION

RETENTION & DISPOSITION

Information & Documentation

DATABASES SCANNED WEBSITES SOCIAL PRESENTATIONS

ELECTRONIC CAD VIDEOS AUDIO GIS

SPREADSHEETS PDF EMAILING WORD DIGITAL

Information & Documentation

DESKTOPs LAPTOPS NETWORK REMOVABLE

SMART TABLETS BACKUP

Information & Documentation

Retention & Create &

Information & Documentation

• Where do we create the record?

Information & Documentation

• How do we organize my records?

Information & Documentation

• How long should we keep the record?

Information & Documentation

a) records, metadata for records and records systems;

Information & Documentation

Information & Documentation

‫كتاب ‪- Glossary of Archival And Records Terminology‬‬ ‫•‬

‫‪Information & Documentation‬‬

Information & Documentation

• Most of today’s records start out in electronic form:

Information & Documentation

What is records system?

Information & Documentation

Information & Documentation

Information & Documentation

Information & Documentation

Information & Documentation

Information & Documentation

Information & Documentation

Descriptive Administrative Structural Business Social

(information) (privacy & security) (information) (organization- (user interactions

• title, author, and • contains • useful in • what • chat logs, user

• identify who can

Information & Documentation

What is work process?