Professional Documents
Culture Documents
Information and Documentation, Records Management, Concepts and Principles
Information and Documentation, Records Management, Concepts and Principles
Information and Documentation, Records Management, Concepts and Principles
ISO 15489
Concepts, principles and Guidelines
Prepared By
Moataz Belkhair
BPM Expert
International Standard ISO 15489-1-2016 Technical Report ISO 15489-2-2001
2
ISO brief history
• ISO stands for international organization for standardization
• ISO was derived from a Greek word “isos” meaning “equal”.
• Include 63 countries established to formulate and foster standardization.
• non-governmental international organization with a membership of 168
national standards bodies.
3
ISO brief history
4
ISO brief history
5
ISO brief history
6
ISO brief history
7
ISO brief history
8
ISO brief history
AN INTERNATIONAL FOCUS
9
ISO brief history
10
ISO 1 – ISO 99999
ISO 15489
Information and
1. ISO 1 – ISO 1999 documentation
– Records
2. ISO 2000 – ISO 2999 management
3. ISO 3000 – ISO 4999
4. ISO 5000 – ISO 7999
5. ISO 8000 – ISO 9999
• ISO 15489-1:2016 Part 1: Concepts and principles
6. ISO 10000 – ISO 11999 • ISO/TR 15489-2:2001 Part 2: Guidelines
7. ISO 12000 – ISO 13999
8. ISO 14000 – ISO 15999
9. ISO 16000 – ISO 17999
10. ISO 18000 – ISO 19999
11. ISO 20000 – ISO 21999
12. ISO 22000 – ISO 23999
13. ISO 24000 – ISO 25999
14. ISO 26000 – ISO 27999
15. ISO 28000 – ISO 29999
16. ISO 30000 – ISO 99999
11
ISO 15489 benefits
1) improved transparency and accountability;
2) effective policy formation;
3) informed decision-making;
4) management of business risks;
5) continuity in the event of disaster;
6) protection of rights and obligations of organizations and individuals;
7) compliance with legislation and regulations;
8) reduction of costs;
9) preserving the memory of the institution or department;
10) support research and development activities.
SECURITY
AUTHENTICITY
16
Records Lifecycle
Maintenance &
Use
Questions to consider:
1. Classification
2. Indexing
3. Access controls
4. Storage and media selection
5. Auditing and reporting
Questions to consider:
Questions to consider:
Records
Information
Business Activity
Assets
Work
Functions Activities Transactions
Processes
?What is Document للرجوع إليها مستقبال و ُيطلق مصطلح " "Recordعلى الوثائق التي ال
تزال تحت سيطرة الجهة اإلدارية المنشئة لها.
المراجع:
“Recorded information or object which can be treated "المعايير الدولية في مجال إدارة الوثائق والرقمنة واإلفادة منها في إجراء •
as a unit.” - ISO 15489-1, 2016 عمليات التحول الرقمي لألرصدة الوثائقية" ,يناير ,2021المجلة العلمية
للمكتبات والوثائق والمعلومات.
Authenticity Reliability
Usability Integrity
A record can be
located, retrieved, A record is complete
presented and and unaltered
interpreted
• Records are
vulnerable to loss
• Organizations tend to • Accessing records
fail if they lose records quickly
• E-storage may speed • Saving space
recovery from a • Reducing handling costs
disaster.
What is activity?
“major task performed by a business entity as part of a function.” - ISO 15489-1, 2016
What is agent?
“individual, workgroup or organization responsible for, or involved in, record
creation, capture and/or records management processes.” - ISO 15489-1, 2016
What is classification?
“systematic identification and/or arrangement of business activities and/or
records into categories according to logically structured conventions, methods,
and procedural rules.” - ISO 15489-1, 2016
What is conversion?
“process of changing records from one format to another.” - ISO 15489-1, 2016
What is function?
“group of activities that fulfils the major responsibilities for achieving the strategic
goals of a business entity.” - ISO 15489-1, 2016
What is transaction?
“smallest unit of a work process consisting of an exchange between two or more
participants or systems.” - ISO 15489-1, 2016
Reliable
Compliant
Secure
Systematic
Comprehensive
Training
39
Policies and Responsibilities
Responsibilities
• should be derived from business
Policies
Others
Staff
of responsibility implementation staff create and security, and keep
for ensuring a of ISO 15489-1. keep records as compliance, records as part
successful an integral part of designing and of their daily
records their work. implementing work
• establish the
management using
overall records
programme. technologies.
management • provide the
policies, resources
• promotes procedures, and necessary for the
compliance standards. management of
with records records and liaise
management with records
procedures. management
professionals
Policy Design
Standard Implementation
Step D
Assess
existing
system
Step H Step G
Conduct post Implement
implementati records
on review system
Primary
feedback
Policy Design
provide administrative
understanding and legal to
create and Standard Implementation
Step D
Assess
existing
system
Step H Step G
Conduct post Implement
implementati records
on review system
Primary
feedback
Information & Documentation
ISO 15489 - Concepts, principles and Guidelines
Business Process Management - LIMU 43
Design and Implementation of Records Systems (DIRS)
Policy Design
The products coming from step B may include:
Policy Design
Standard Implementation
a) document the requirements in a structured and
easily maintainable form.
Policy Design
Standard Implementation
Strategies content
Standard Implementation
a) adopting policies and procedures
b) developing Standards
c) designing new system
Step D d) implementing systems
Assess
existing Outcome
system 1. list of strategies that will satisfy the
Step H Step G organization’s requirements for records;
Conduct post Implement 2. model that maps strategies to
implementati records requirements;
on review system 3. report for senior management
recommending an overall design
Primary strategy.
feedback
Information & Documentation
ISO 15489 - Concepts, principles and Guidelines
Business Process Management - LIMU 47
Design and Implementation of Records Systems (DIRS)
51
Records Processes & Controls
1 Instruments
1.1 Principal The principal instruments are:
1.2 classification
1.3 Vocabulary a) a classification scheme: that is based on business activities;
1.4 disposition authority
b) a records disposition authority;
c) a security: access classification scheme.
1.5 Security
2 Records Management Processes
2.1 Capture Records-management-specific tools
2.2 Registration 1. a thesaurus of preferred terms;
2.3 Classification 2. a glossary of terms or other vocabulary controls
2.4 Access and security classification 3. a regulatory framework analysis;
2.5 Identification of disposition status 4. a business risk analysis;
2.6 Storage 5. an organizational delegations authority;
2.7 Use and tracking
6. a register of employees and system user permissions.
2.8 Implementation of disposition
1.5 Security 1. identify the transaction or business activity that the record documents;
2 Records Management Processes 2. locate the transaction or activity in the organization’s classification system;
2.1 Capture 3. examine the higher-level classes to which the transaction or activity is
2.2 Registration
linked, to
2.3 Classification
4. ensure that the identification of the classification is appropriate;
2.4 Access and security classification
5. check the activity classification against the organization’s structure, to
2.5 Identification of disposition status
ensure that it is appropriate to the business unit to which the record
2.6 Storage
belongs;
2.7 Use and tracking
6. allocate the identified classification to the record to the levels appropriate
2.8 Implementation of disposition
to the organization’s requirements.
7. link restrictions to instruments such as activity classification systems or
thesauruses that are used to describe records.
Information & Documentation
ISO 15489 - Concepts, principles and Guidelines
Business Process Management - LIMU 61
Records Processes & Controls
1 Instruments
1.1 Principal
1.2 classification The number of levels of classification and entry point of the
1.3 Vocabulary
classification process depends on the following factors:
1.3 Vocabulary
1.4 disposition authority
Factors that are important in selecting storage:
1.5 Security
2 Records Management Processes
a) Volume and growth rate of records.
2.1 Capture
b) Use of records.
2.2 Registration
2.3 Classification
c) Records security and sensitivity needs.
1.2 classification
1.3 Vocabulary
1. Backup • copying electronic records to prevent the
1.4 disposition authority systems loss through system failures.
1.5 Security
2 Records Management Processes
2.1 Capture
2. Maintenance • copy records to newer versions of the media
2.2 Registration
processes to prevent data erosion.
2.3 Classification
2.4 Access and security classification
2.5 Identification of disposition status
3. Hardware &
2.6 Storage • affect the readability of stored electronic
software
records.
2.7 Use and tracking obsolescence
2.8 Implementation of disposition
Implementation of
1.5 Security Continuing
Preservation strategies Retention
can include:
disposition
2 Records Management Processes
1. Copying is the production of an identical copy within the same or
2.1 Capture Physical Destruction
2.2 Registration different type of medium.
Implementation of
1.5 Security Continuing Retention
The organization may maintain an auditable trail documenting all
disposition
•
2 Records Management Processes
destruction of records.
2.1 Capture Physical Destruction
2.2 Registration • Records in electronic form can also be destroyed by reformatting or
rewriting if it can be guaranteed that the reformatting cannot be
2.3 Classification
reversed. Transfer Of Custody
2.4 Access and security classification
2.5 Identification of disposition status
2.6 Storage
2.7 Use and tracking
2.8 Implementation of disposition
Implementation of
1.5 Security Transfer of custody of Continuing Retention
records to another organization may include:
disposition
2 Records Management Processes
a) transfer to other organizations with responsibilities for the
2.1 Capture Physical Destruction
records,
2.2 Registration b) transfer to outsourced or contractor organizations,
2.3 Classification c) transfer to a storage facility,
Transfer Of Custody
d) transfer to an archive.
2.4 Access and security classification
2.5 Identification of disposition status
2.6 Storage
2.7 Use and tracking
2.8 Implementation of disposition
There are three reasons for monitoring and auditing records systems:
Monitoring Auditing
• Monitoring helps to ensure continued legal • understanding of the nature of its records,
accountability of the records system.
• care and security arrangements for the
• Monitoring processes are documented to records,
provide evidence of compliance with policies,
procedures and standards which the • business processes and technologies; and their
organization has adopted. proper implementation.
“A training programme should ensure that the functions and benefits of managing records are
widely understood in an organization.” - ISO 15489-2, 2001
Personnel to be trained:
76