RELATIONSHIP BETWEEN THE ISO SERIES OF STANDARDS AND OTHER PRODUCTS OF ISO/TC 46/SC 11: 1. Records processes and controls 2012

Similar documents
ISO TC46/SC11 Archives/records management

ISO INTERNATIONAL STANDARD. Information and documentation Records management Part 1: General

Australian Standard. Records Management. Part 1: General AS ISO ISO

A S ISO Records Management Part 1: General

Australian Standard. Records Management. Part 2: Guidelines AS ISO ISO TR

This document is a preview generated by EVS

ISO Information and documentation Digital records conversion and migration process

SOUTH AFRICAN NATIONAL STANDARD

Chain of Preservation Model Diagrams and Definitions

ISO/TR TECHNICAL REPORT. Information and documentation Implementation guidelines for digitization of records

PRINCIPLES AND FUNCTIONAL REQUIREMENTS

Terms in the glossary are listed alphabetically. Words highlighted in bold are defined in the Glossary.

ISO INTERNATIONAL STANDARD. Information and documentation Managing metadata for records Part 2: Conceptual and implementation issues

ISO INTERNATIONAL STANDARD. Information and documentation Records management processes Metadata for records Part 1: Principles

ISO & ISO & ISO Cloud Documentation Toolkit

SYSTEMKARAN ADVISER & INFORMATION CENTER. Information technology- security techniques information security management systems-requirement

Advent IM Ltd ISO/IEC 27001:2013 vs

EDRMS Document Migration Guideline

DIRECTIVE ON RECORDS AND INFORMATION MANAGEMENT (RIM) January 12, 2018

Position Description IT Auditor

SOUTH AFRICAN NATIONAL STANDARD

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

EU GDPR & ISO Integrated Documentation Toolkit integrated-documentation-toolkit

Records Management Standard for the New Zealand Public Sector: requirements mapping document

ELECTRONIC RECORDS MANAGEMENT SYSTEMS - SYSTEM SPECIFICATIONS FOR PUBLIC OFFICES

This document is a preview generated by EVS

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management

Data Processing Clauses

Approved 10/15/2015. IDEF Baseline Functional Requirements v1.0

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Management: A Guide For Harvard Administrators

Information and documentation Records management. Part 1: Concepts and principles AS ISO :2017 ISO :2016

Recordkeeping Standards Analysis of HealthConnect

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

Information technology Service management. Part 10: Concepts and vocabulary

BCS Practitioner Certificate in Information Risk Management Syllabus

_isms_27001_fnd_en_sample_set01_v2, Group A

ETSI TR V1.1.1 ( )

Introduction to ISO/IEC 27001:2005

Information Technology Branch Organization of Cyber Security Technical Standard

Software Requirements Specification (SRS) Software Requirements Specification for <Name of Project>

Use of data processor (external business unit)

LESSONS LEARNED FROM THE INDIANA UNIVERSITY ELECTRONIC RECORDS PROJECT. How to Implement an Electronic Records Strategy

SPECIFIC PROVISIONS FOR THE ACCREDITATION OF CERTIFICATION BODIES IN THE FIELD OF INFOR- MATION SECURITY MANAGEMENT SYSTEMS (ISO/IEC 27001)

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Reviewed by ADM(RS) in accordance with the Access to Information Act. Information UNCLASSIFIED.

Agenda. Bibliography

Southington Public Schools

Records Management and Retention

BCS EXIN ITAMOrg Software Asset Management Specialist Syllabus Version 1.1 December 2016

Metadata Framework for Resource Discovery

PART 5: INFORMATION TECHNOLOGY RECORDS

Electronic Records Management the role of TNA. Richard Blake Head of the Records Management Advisory Service

Standard CIP 007 4a Cyber Security Systems Security Management

When Recognition Matters WHITEPAPER ISO SUPPLY CHAIN SECURITY MANAGEMENT SYSTEMS.

Sparta Systems Stratas Solution

ISO 22301: An Overview of BCM Implementation Process. Presenter: Dejan Kosutic

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

MALAYSIAN STANDARD INFORMATION AND DOCUMENTATION - RECORDS MANAGEMENT - PART 1: GENERAL (ISO :2001, IDT)

Version 1/2018. GDPR Processor Security Controls

Key definitions. May Part of the Department of Internal Affairs

Summary of Changes in ISO 9001:2008

ISO RM standards. Hans Hofman DLM Forum Budapest, 6 October 2005

Report. Conceptual Framework for the DIAMONDS Project. SINTEF ICT Networked Systems and Services SINTEF A Unrestricted

Common approaches to management. Presented at the annual conference of the Archives Association of British Columbia, Victoria, B.C.

Standard CIP 007 3a Cyber Security Systems Security Management

ISO/IEC Information technology Security techniques Code of practice for information security controls

Sparta Systems TrackWise Digital Solution

IT MANAGEMENT AND THE GDPR: THE VMWARE PERSPECTIVE

Managing Official Electronic Records Guidelines

Conformity assessment Requirements for bodies providing audit and certification of management systems. Part 6:

Predstavenie štandardu ISO/IEC 27005

Security and Architecture SUZANNE GRAHAM

Survey of Research Data Management Practices at the University of Pretoria

Standard Development Timeline

RI AND RF CRITERIA AND FORMATS

UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY October 25, 2017

,!1.,,,. Uni^rig. Document Migration Guideline. ECM Document Migration Guideline 23 December 2016 I.O. Approved by Approval date.

Description Cross-domain Task Force Research Design Statement

ISO/IEC INTERNATIONAL STANDARD. Information technology Software asset management Part 1: Processes and tiered assessment of conformance

An Overview of ISO/IEC family of Information Security Management System Standards

Category: Data/Information Keywords: Records Management, Digitization, Imaging, Image capture, Scanning, Process

IAF Mandatory Document KNOWLEDGE REQUIREMENTS FOR ACCREDITATION BODY PERSONNEL FOR INFORMATION SECURITY MANAGEMENT SYSTEMS (ISO/IEC 27001)

General Framework for Secure IoT Systems

Google Cloud & the General Data Protection Regulation (GDPR)

Information Security Policy

ISO/IEC TR TECHNICAL REPORT

Section Qualifications of Audit teams Qualifications of Auditors Maintenance and Improvement of Competence...

4.2 Electronic Mail Policy

Information technology Guidelines for the application of ISO 9001:2008 to IT service management and its integration with ISO/IEC :2011

Swedish National Data Service, SND Checklist Data Management Plan Checklist for Data Management Plan

Executive Order 13556

EMC Centera CentraStar/SDK Compatibility with Centera ISV Applications

FRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013. Visit us online at Flank.org to learn more.

Checklist: Credit Union Information Security and Privacy Policies

Framework for building information modelling (BIM) guidance

Higher National Unit specification: general information. Graded Unit 2

Understanding my data and getting value from it

Higher National Unit specification: general information. Graded Unit title: Computer Science: Graded Unit 2

EDPB Certification Guidelines

Transcription:

RELATIONSHIP BETWEEN THE ISO 30300 SERIES OF STANDARDS AND OTHER PRODUCTS OF ISO/TC 46/SC 11: Records processes and controls White paper written by ISO TC46/SC11- Archives/records management Date: March 2012 1 PURPOSE This paper explains the relationship between the first two management systems for records (MSR) standards and the related standards and technical reports produced by ISO TC46/SC11 Archives/Records Management. The first two products are: ISO 30300:2011. Information and documentation Management systems for records - Fundamentals and vocabulary ISO 30301:2011. Information and documentation Management systems for records Requirements This paper clarifies how the related technical products can be used to support/implement the MSR standard/s, and attempts to show the interrelationship between the two with regard to records processes and controls. 2 BACKGROUND On November 2011 the two first products of the ISO Standards series 30300 - Management systems for records were published. The ISO 30300 series offers the methodology to implement an MSR based on a systematic approach to the creation and management of records, aligned with organizational objectives and strategies. ISO 30300:2011 MSR - Fundamentals and vocabulary explains the rationale behind the creation of an MSR, the guiding principles for its successful implementation, and provides the terminology which ensures that it is compatible with other management systems standards. ISO 30301:2011 MSR - Requirements specifies the requirements necessary to develop a records policy. It also sets objectives and targets for an organization to implement systemic improvements. This is achieved through designing records processes and systems, estimating the appropriate allocation of resources, and establishing benchmarks to monitor, measure and evaluate outcomes. These steps help to ensure that corrective action can be taken and

continuous improvements are built into the system in order to support an organization in achieving its mandate, mission, strategy and goals. Many questions were raised about the relationship, similarities and differences between ISO 15489-2001 and other Standards and Technical Reports developed by ISO TC46/SC11 during the development process and since its publication. The previously published products are aimed at the records professional community, whereas the ISO 30300 series has been developed primarily for a management audience. 3 MAIN CONCEPTS 3.1 MANAGEMENT SYSTEMS FOR RECORDS In general, the word system is used to describe different concepts and ideas and requires interpretation to be placed in the context in which it is being used. In the records domain, system is also used for a set of three related, but different concepts. The first clarification needed is what is a Management system for records? The following table provides the meaning of system within the MSR framework, shows the three different levels in which the word system could be used, and indicates how the concept is identified at the three levels in ISO 30300 and ISO 15489. System levels in records domain System level in a MSR Named in ISO 30300 series as: Named in ISO 15489 as: Set of interrelated or interacting elements of an organization to establish policies and objectives, and processes to achieve those objectives related to records MSR Not named. Out of scope System/programme that regulates the creation, reception, maintenance, use and disposition of records Records processes controls and Records programme Information system which captures, manages and provides access to records over time Records system Records system Illustration 1

3.2 STRATEGIC AND OPERATIONAL LEVEL Management systems for records (MSR) are based on a continuous improvement approach which is common to other management systems such as ISO 9000, ISO 14000. MSR is intended to build a framework to manage records at the strategic level. Strategic level Management system for records ( (ISO 30300 & ISO 30301) Records management ( ISO 15489 1 & 2) Records processes (ISO 26122 Work process analysis ISO 13028 Digitization ISO 23081 1-3 Metadata) Records system (ISO 16175 1-3) Operational level Relationships of ISO MSR series products and ISO 15489 series products ( Source: Xiaomi An, November 12, 2011 The Second National Forum on Electronic Records Management, Beijing, China ) Illustration 2 The operational elements of a MSR are described as Records Processes and Controls in the normative Annex A of ISO 30301. This Annex is strongly linked to ISO 15489 (the foundation standard of ISO TC46/SC11) and the best practices described in ISO 15489 have been converted into requirements for the Operation section (section 8 + Annex A). In a MSR framework, the design of records processes and controls is based on the records policy and objectives, after the assessment of risks. The Operation section of ISO 30301 establishes requirements for the implementation of records processes and controls in records systems.

TC46/SC11. Archives/records management Implementation of records processes in records systems Best practices of 15489 converted to requirements: Annex A 30301 Records systems mainly IT systems for both paper/electronic records Design of record processes in an MSR environment Policy Objectives Risks Processes Controls Carlota Bustelo. Convenor of WG9- Management systems for records. Requirements e-mail:carlota@carlotabustelo.com Source: Carlota Bustelo and Judith Ellis. What is ISO 30300? Who, when, where, why and how Judith Ellis. Convenor of WG08. Management systems for records. Fundamentals and vocabulary e-mail: judithellis@enterpriseknowledge.com.au to implement. Innova.doc. Barcelona (Spain), October 2011 3.3 Terms and Definitions Illustration 3 ISO 30300 defines terms and definitions applicable to the MSR standards. It contains some terms that are identical to or adapted from ISO 15489-1 plus other terms. A separate white paper will be available on the terminology used specifically in the MSR series of standards.

4 RELATIONSHIPS ISO 30301 ANNEX A / OTHER STANDARDS AND TECHNICAL REPORTS Controls in Annex A of 30301 are directly related to the technical information provided in the related standards. For a complete understanding a full reading of these technical standards is recommended. The following table is a guidance tool that links the MSR Control requirements from ISO 30301 to the most relevant clauses where technical information can be found in each related standards and technical reports. Other information related to a particular requirement can be found within other clauses that are not specifically highlighted here, as records processes and controls are often interrelated. The technical information can be used to implement the operational elements necessary to meet the MSR requirements. ISO TC46/SC11 standards and technical reports referred in the following table ISO 15489-1: 2001. Information and documentation Records management General ISO/TR 15489-2: 2001. Information and documentation Records management Guidelines ISO/TR 26122: 2008. Information and documentation -- Work process analysis for records ISO 23081-1: 2006. Information and documentation Records management processes Metadata for records ISO 23081-2: 2009. Information and documentation Records management processes Metadata for records Conceptual and implementation issues ISO/TR 13028: 2010. Information and documentation Implementation guidelines for digitization of records ISO 16175-1:2010. Information and documentation Principles and functional requirements for records in electronic office environments -- Part 1: Overview and statement of principles ISO 16175-2: 2011. Information and documentation Principles and functional requirements for records in electronic office environments -- Part 2: Guidelines and functional requirements for digital records management systems ISO 16175-3:2010. Information and documentation Principles and functional requirements for records in electronic office environments -- Part 3: Guidelines and functional requirements for records in business systems

A.1.1.1 All operational, reporting, audit and other stakeholders' needs for information (captured as records with appropriate metadata) about the organization's processes shall be identified and documented systematically.. Cl. 9.1 Determining documents to be captured into a records system - ISO 15489-2. Cl. 4.2.4.2 Determining documents to be captured into a records system - ISO/TR 26122 Cl. 4.2 Records dimension of work process analysis - ISO 23081-1 Cl. 5.1 Records management metadata that should be applied in the organization - ISO 16175-1 Cl. 3.1 Records related principles Cl. 4.3.1 Create -ISO 16175-3 Cl. 2.3 Determining needs for evidence of events, transactions and decisions in business systems A.1.1.2 A.1.1.3 Requirements for creating, capturing and managing records, and decisions not to capture records for specific processes, shall be determined based on business, legal and other requirements, documented and authorized. Records shall be created at the time of (or soon after) the transaction or incident to which they relate by individuals who have direct knowledge of the facts or by instruments routinely used by the organization to conduct the transaction.. Cl. 9.1 Determining documents to be captured into a records system Cl. 5 Regulatory environment,. Cl. 4.2.4.2 Determining documents to be captured into a records system Cl. 3.2 Design and implementation of a records system - ISO 23081-1 Cl. 5.1 Records management metadata that should be applied in the organization - ISO/TR 13028 Cl. 6.3 Digitization process management. Cl. 9.1 Determining documents to be captured into a records system. Cl. 4.2.4.2 Determining documents to be captured into a records system -ISO 23081-1

Cl. 5.3.1 Metadata at the point of record capture -ISO 23081-2 Cl. 11.3 Metadata capture A.1.1.4 A.1.1.5 A.1.1.6 A 1.2.1 A 1.2.2 A procedure shall be established to determine retention periods for records according to the requirements of each work process. Decisions about retention and disposition of records based on business, legal and other identified requirements shall be documented in a disposition schedule. Methods of integrating the capture of records with business processes shall be decided upon and documented. The information needed to identify the records of each work process, including identifying the section of the organization responsible for those records and the work process, shall be determined and documented as part of the records requirements. The points at which the information is captured in or added to the records and from what sources shall be identified in the procedures for each work process.. Cl. 9.2 Determining how long to retain records Cl. 4.2.4.3 Determining how long to retain records. Cl. 9.2 Determining how long to retain records Cl. 4.2.4Records disposition authority Cl. 4.2.4.3 Determining how long to retain records. Cl. 7.1 Principles of records management programmes Cl. 4.3.1 Create -ISO 16175-3 Cl. 3.1 Creating records in context CI. 8.4 Design and implementation methodology CI. 9.10 Documenting records management processes. Cl. 3.2 Design and implementation of a records system - ISO/TR 26122 Cl. All Cl. 9.3 Records capture 4.3.2 Capture -ISO 23081-1

Cl. 5.3.1 Metadata at the point of record capture Cl. 5.3.2 Metadata after record capture -ISO 23081-2 Cl. 11.3 Metadata capture A 1.3.1 A 1.4.1 A 2.1.1 The information, and the form and structure of the information, required as records for each work process, shall be identified and documented. Technologies for creating and capturing records shall be selected for each work process (whether automated or manual). The selection and any change of technologies shall be documented. For work processes which require evidence of capture, a procedure for registering records by attaching a unique identifier at the time of capture shall be implemented. The procedure shall ensure that no transactions involving the record can take place before registration is completed. A 2.1.2 The records shall be grouped (classified) according to the Cl. 7.2 Characteristics of a record Cl. 3.2.4 Identification of requirements for records - ISO 23081-1 Cl. 8 Metadata model for managing records -ISO 23081-2 Cl. 11.10.2 Storage in specified formats Cl. 8.3 Designing and implementing records systems 8.5 Discontinuing records systems Cl. 3.2.7 Design of a records system Cl. 4.3.1 Create - ISO 16175-3 Cl. 3.1 Creating records in context CI. 9.4 Registration Cl. 4.3.3 Register - ISO 23081-2 Cl. 11.5 Registration ISO 16175-2 Cl. 4.3.1.5 Identification - unique identifiers

work processes to which they are related. Cl. 9.5 Classification Cl. 4.2.2 Business activity classification Cl. 4.3.4 Classification - ISO 23081-1 Cl. 8.4 Metadata structures - ISO 23081-2 Cl. 7.1 Aggregations -ISO 16175-2 Cl. 4.3.1.3 Records aggregations Cl. 4.3.1.6 Classification -ISO 16175-3 Cl. 3.1.4 Records classification A 2.1.3 The scheme for grouping (classifying) the records reflecting the nature, number and complexity of the work processes of the organization shall be documented (including changes over time) and implemented as part of the procedures of those work processes. Cl. 9.5 Classification Cl. 4.2.2 Business activity classification -ISO 16175-2 Cl. 4.3.1.7 Business classification scheme A.2.1.4 The descriptive and control information (metadata elements) required to create and control the records for each work process shall be identified and documented. Cl. 9.3 Records capture Cl. 9.4 Registration Cl. 9.5 Classification Cl. 9.8Tracking -ISO /TR 15489-2 Cl. 4.3.2 Capture Cl. 4.3.3 Registration Cl. 4.3.5 Access and security classification Cl. 4.3.8 Use and tracking -ISO/TR 26122

Cl. 4.2 Records dimension of work process analysis Cl. 7.1.2 General Cl. 7.3.2 Outcomes of the analysis of the sequence of transactions in a process Cl. 7.9 Outcomes of the analysis of the links to other processes -ISO 23081-1 Cl. All -ISO 23081-2 Cl. All -ISO/TR 13028 Cl. 6.3.4 Metadata A.2.1.5 A.2.1.6 Records processes which need to be recorded in metadata linked to the record event history shall be defined. Procedures shall be established to link the event history to the records and to maintain it for as long as the records themselves. Decisions about what metadata are required to identify, manage and control records throughout the organization, and externally, shall be documented and implemented. Cl. 9.8 Tracking Cl. 4.3.8 Use and tracking -ISO 23081-1 Cl. 5.2.3 Metadata after record capture Cl. 8.3 Points throughout the existence of records when metadata should be created and applied - ISO 23081-2 Cl. 9.4 Event plan metadata Cl. 9.5 Event history metadata -ISO 16175-2 Cl. 5.4.7 Records management process metadata Cl. 9.3 Records capture Cl. 9.4 Registration Cl. 9.5 Classification Cl. 9.8 Tracking Cl. 4.2.3 Vocabulary Cl. 4.2.5.2 Development of security and access classification

Cl. 4.3.2 Capture Cl. 4.3.3 Registration Cl. 4.3.5 Access and security classification Cl. 4.3.8 Use and tracking -ISO 23081-1 Cl. All -ISO 23081-2 Cl. All -ISO/TR 13028 Cl. 6.2.2 All digitised images should be assigned metadata to document digitising processes and to support ongoing business processes A.2.2.1 A.2.2.2 Rules shall be established for regulating access to records based on work process requirements, relevant legislation and, if appropriate, commercial considerations. These shall be documented and maintained for as long as the records are required. The access rules shall be implemented in the records systems by assigning access status to both records and individuals. Cl. 8.2.3 Integrity Cl. 8.3.6 Access, retrieval and use Cl. 4.2.1 Principal instruments Cl. 4.2.5 Security and access classification scheme Cl. 4.3.5 Access and security classification -ISO/TR 26122 Cl. 4.2 Records dimension of work process analysis Cl. 8.3.6 Access, retrieval and use Cl. 4.2.1 Principal instruments Cl. 4.2.5 Security and access classification scheme Cl. 4.3.5 Access and security classification - ISO 23081-1 Cl. 9.2.4 Metadata supporting the security of records -ISO 16175-2 Cl. 5.4.1 Maintain

A.2.3.1 Procedures shall be implemented to ensure the integrity/security of the records and to prevent unauthorized use, modification, removal, concealment and/or destruction. Cl. 7.2.2 Authenticity Cl. 7.2.4 Integrity Cl. 8.3.6 Access, retrieval and use Cl. 4.3.9.2 Continuing retention Cl. 4.2.5 Security and access classification scheme Cl. 4.3.5 Access and security classification Cl. 4.3.7.1 Records storage decisions Cl. 4.3.8 Use and tracking -ISO 23081-1 Cl. 5 Purpose of records management metadata Cl. 8.3.9.2 Authenticity and fixity of metadata - ISO 23081-2 Cl. 4.1. Purposes of metadata for managing records -ISO TR 13028 Cl. 6.2.2 All digitised images should be assigned metadata to document digitising processes and to support ongoing business processes -ISO 16175-2 Cl. 5.4.1 Maintain -ISO 16175-3 Cl. 3.2.4 Online security processes A.2.3.2 The means of maintaining/storing the records shall meet the relevant standards for the medium and technology used in order to ensure they remain useable for as long as required. Cl. 8.3.4 Distributed management Cl. 9.6 Storage and handling -ISO 15489-2 Cl. 4.3.7.1Records storage decisions Cl. 4.3.7.3 Digital storage Cl. 4.3.9.2 Continuing retention Cl. 4.3.9.4 Transfer of custody or ownership of records -ISO TR 13028

CI. 6.2.4 Storage media and procedures should be defined, documented and implemented A.2.3.3 A.2.3.4 A.2.4.1 Procedures shall be established and implemented to ensure that digital records remain accessible and meaningful over time, also outside the context of their creation. Restrictions, including use of encryption, shall be removed after a stated period Procedures shall be established for reviewing, authorizing and implementing decisions on retention and disposition of the records of each work process.. Cl. 8.2.5 Usability Cl. 8.3.5 Conversion and migration Cl. 4.3.9.2 Continuing retention -ISO 23081-2 Cl. 11 Implementing metadata for managing records -ISO TR 13028 Cl. 6.4.3 Digitised records should be managed in a way that allows their continued existence for as long as they are required -ISO 16175-2 Cl. 5.6.2 Migration, export and destruction ISO 16175-3 Cl. 3.3 Supporting import, export and interoperability. Cl. 9.7 Access Cl. 4.2.5 Security and access classification scheme - ISO 23081-1 Cl. 9.2.4 Metadata supporting the security of records -ISO 16175-2 Cl. 4.3.2 Maintain Cl. 8.3.7 Retention and disposition Cl. 9.2 Determining how long to retain records Cl. 9.9 Implementing disposition - ISO 15489-2 Cl. 4.2.4 Records disposition authority - ISO/TR 26122

Cl. All - ISO 23081-1 Cl. 9.6 Metadata about records management processes - ISO 23081-2 Cl. 9.4 Event plan metadata Cl. 11.3 Creating metadata for managing records Cl. 11.5 Metadata as control tools for managing records Cl. 11.7 Appraisal - ISO/TR 13028 Cl. 6.5 Records disposition - ISO 16175-1 Cl. 3 Guiding principles Cl. 5.6 Retention and disposition - ISO 16175-3 Cl. 3.4 Retaining and disposing of records as required A.2.4.2 A.2.4.3 Decisions about the transfer, removal or destruction of records shall be authorized and documented. Procedures for authorized and controlled transfer of records to another organization or system shall be Cl. 9.9 Implementing disposition Cl. 4.3.9 Implementation of disposition - ISO/TR 13028 Cl. 6.5 Records disposition - ISO 16175-1 Cl. 3 Guiding principles Cl. 5.6 Retention and disposition - ISO 16175-3 Cl. 3.3 Supporting import, export and interoperability Cl. 3.4 Retaining and disposing of records as required

established and implemented. Cl. 9.9 Implementing disposition Cl. 4.3.9 Implementation of disposition -ISO 23081-1 Cl. 5.2.3 Metadata after record capture - ISO 23081-2 Cl. 11.7 Appraisal Cl. 11.8 Transferring records - ISO/TR 13028 Cl. 6.5 Records disposition - ISO 16175-1 Cl. 3 Guiding principles Cl. 5.6 Retention and disposition - ISO 16175-3 Cl. 3.4 Retaining and disposing of records as required - ISO 13008 (to be published) Cl. all A.2.4.4 Procedures for authorized, regular removal of records which are no longer required, including removal to off-site or off-line storage, shall be established and implemented. Cl. 8.5 Discontinuing records Systems Cl. 9.6 Storage and handling Cl. 9.9 Implementing disposition Cl. 4.3.9 Implementation of disposition - ISO/TR 13028 Cl. 6.5 Records disposition - ISO 16175-1 Cl. 3 Guiding principles Cl. 5.6 Retention and disposition

- ISO 16175-3 Cl. 3.4 Retaining and disposing of records as required A.2.4.5 A.2.4.6 A.2.5.1 Records authorized for destruction shall be destroyed under appropriate supervision. The destruction shall be documented. Where the nature and complexity of the business and formal accountabilities require it, control information (registration, identification and history metadata) about records which have been destroyed shall be retained. All records systems (including business systems which keep records) shall be clearly identified, assigned to a responsible owner and documented in an inventory which is regularly updated. Cl. 9.9 Implementing disposition Cl. 4.3.9 Implementation of disposition - ISO 16175-1 Cl. 3 Guiding principles Cl. 5.6 Retention and disposition - ISO 16175-3 Cl. 3.4 Retaining and disposing of records as required Cl. 9.9 Implementing disposition - ISO 15489-2 Cl. 4.3.9 Implementation of disposition - ISO 23081-1 Cl. 5.2.3 Metadata after record capture - ISO 23081-2 Cl. 11.7 Appraisal ISO 16175-1 Cl. 3 Guiding principles Cl. 5.6 Retention and disposition - ISO 16175-3 Cl. 3.4 Retaining and disposing of records as required Cl. 3.1.2 Record metadata -ISO 15489-2 Cl. 3.2.5 Step D: Assessment of existing systems -ISO 16175-1

Cl. 2 Good practice: digital records and the role of software A.2.5.2 A.2.5.3 Implementation decisions on records systems shall be documented, maintained and made available to all users who need them. Rules shall be established, documented and maintained for regulating access to records systems in order to undertake system administration tasks. -ISO 15489-2 Cl. 3.2.8 Step G: Implementation of a records system -ISO/TR 13028 Cl. 6.4 Management systems -ISO 16175-1 Cl. 4 Implementation issues -ISO 16175-2 Cl. 5.4.3 Access controls Cl. 5.4.4 Establishing security control Cl. 5.4.5 Assigning security levels -ISO 16175-3 Cl. 3.2.4 Online security processes A.2.5.4 Procedures for operational maintenance shall be established to ensure records systems' availability. -ISO 16175-3 - Appendices B. Integrating records considerations into the systems development life cycle A.2.5.5 A.2.5.6 A.2.5.7 Regular monitoring of the performance of records systems against business requirements and records objectives shall be implemented and documented. Procedures shall be provided to ensure and demonstrate that any system malfunction, upgrade or regular maintenance does not affect records integrity. Changes in records systems, particularly exceptional operations (such as migration, integration of new requirements, computer technology change or discontinuation), shall be analysed, planned and implemented. Decisions made shall be documented. -ISO 15489-2 Cl. 3.2.9 Step H: Post-implementation review Cl. 8.2 Records systems characteristics ISO 16175-2 Cl. 5.8.5 Back-up and recovery - ISO 16175-3 5 Implementation Cl. 8.5 Discontinuing records systems -ISO 13008 (to be published). Cl. all

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback