ISO/TC 46/SC 11 - Archives/records management

This document gives guidance for the implementation of an MSR in accordance with ISO 30301. This document is intended to be used in conjunction with ISO 30301. It describes the activities to be undertaken when designing, implementing and monitoring an MSR. This document is intended to be used by any organization, or across organizations, implementing an MSR. It is applicable to all types of organization (e.g. commercial enterprises, government agencies, non-profit organizations) of all sizes. This document is intended to be used by those responsible for leading the implementation and maintenance of the MSR. It can also help top management in making decisions on the establishment, scope and implementation of management systems in their organization.

This document specifies the competence requirements for personnel involved in the audit and certification process for management systems for records (MSR). It complements the existing requirements of ISO/IEC 17021-1. NOTE This document is applicable for auditing and certification of MSR based on ISO 30301. It can also be used for other MSR applications.

This document establishes a framework for defining metadata elements consistent with the principles and implementation considerations outlined in ISO 23081-1. The purpose of this framework is to: a) enable standardized description of records and critical contextual entities for records; b) provide common understanding of fixed points of aggregation to enable interoperability of records and information relevant to records between organizational systems; and c) enable reuse and standardization of metadata for managing records over time, space and across applications. It further identifies some of the critical decision points that need to be addressed and documented to enable implementation of metadata for managing records. It aims to: — identify the issues that need to be addressed in implementing metadata for managing records; — identify and explain the various options for addressing the issues; and — identify various paths for making decisions and choosing options in implementing metadata for managing records.

This document describes a method for analysing imaging systems quality in the area of cultural heritage imaging. The method described analyses multiple imaging systems quality characteristics from a single image of a specified test target. The specification states which characteristics are measured, how they are measured, and how the results of the analysis need to be presented. This specification applies to scanners and digital cameras used for digitization of cultural heritage material. NOTE This document addresses imaging of reflective originals, a future part two will address imaging of transparent originals.

This document provides guidance for decision making and processes associated with the selection, design, implementation and maintenance of software for managing records, according to the principles specified in ISO 15489-1. This document is applicable to any kind of records system supported by software, including paper records managed by software, but is particularly focused on software for managing digital records. This document provides guidance to records professionals charged with, or supporting the selection, design, implementation and maintenance of systems for managing records using a variety of software. It can also provide assistance to information technology professionals such as solution architects/designers, IT procurement decision makers, business analysts, business owners and software developers and testers seeking to understand records requirements.

This document presents a model for cloud records management and outlines the risks and issues that are considered by records managers before adopting cloud services for records management. The model for cloud records management includes a stakeholder model, processes, metadata, architecture, and use cases. Risks and issues are classified into those originating from cloud services internally and those originating from cloud services externally. Internal risks are associated with cloud services, systems and stakeholders. External risks and issues can occur in the social and legal context in which cloud services operate. The target audience of this document includes: — records, information, knowledge, and governance professionals; — cloud service architects; — archivists using cloud services for managing records; — developers of cloud-deployed records management software; — ICT staff; and — providers of cloud-based records management services.

This document provides model, high-level functional requirements and associated guidance for software applications that are intended to manage digital records (including digital copies of analogue source records), either as the main purpose of the application or as a part of an application that is primarily intended to enable other business functions and processes. It does not include: — functional requirements for applications that manage analogue records; — generic design requirements such as reporting, application administration and performance; — requirements for the long-term preservation of digital records in a dedicated preservation environment; NOTE The model requirements are intended to encourage the deployment of applications that do not hinder long-term preservation of records. As such, some of the requirements support long-term digital preservation outcomes. — implementation guidance for applications that manages analogue and/or digital records. Such guidance can be found in ISO/TS 16175-2:—[1]. [1] Under development. Stage at the time of publication: ISO/DTS 16175-2:2020.

This document contains terms and definitions that are relevant to the core concepts of the records management domain. It does not limit the definition of new terms in ISO/TC 46/SC 11 standards.

The document creates a common language that embeds records management concerns and requirements into enterprise architecture with the twin goals of building consensus — among records managers, enterprise architects and solution architects, and — across the domains of records management, enterprise architecture and solution architecture. NOTE This common understanding of Records Management enables Enterprise Architects to understand the motivations, concerns and goals of Records Managers, recognize them as influential key business stakeholders during organizational transformation, and use this understanding to influence systems planning and design. As a result, Records Management becomes an organizational capability at governance, strategic and operational levels. This document provides a records management viewpoint, with architecture principles and corresponding architectural views of records. It explains records management for enterprise architects and other related professionals, so that they can achieve the competency needed to support collaborative initiatives. This document provides support to enterprise architects in areas including: — understanding and identifying records management principles, goals and requirements significant for the architectural representation, — facilitating consultations with records managers during the project lifecycle, — identifying opportunities to reuse existing records management analyses and tools. This document provides scenarios and models for solution architects and those who have responsibility for infrastructure overview. This document also provides a common language to records managers for collaboration with enterprise architects to position records management requirements in the architecture development process.

This document specifies requirements to be met by a management system for records (MSR) in order to support an organization in the achievement of its mandate, mission, strategy and goals. It addresses the development and implementation of a records policy and objectives and gives information on measuring and monitoring performance. An MSR can be established by an organization or across organizations that share business activities. Throughout this document, the term "organization" is not limited to one organization but also includes other organizational structures. This document is applicable to any organization that wishes to: — establish, implement, maintain and improve an MSR to support its business; — ensure itself of conformity with its stated records policy; — demonstrate conformity with this document by undertaking a self-assessment and self-declaration, or seeking confirmation of its self-declaration by a party external to the organization, or seeking certification of its MSR by an external party.

This document provides guidance on how to carry out appraisal for managing records. It describes some of the products and outcomes that can be delivered using the results of appraisal. As such, this document describes a practical application of the concept of appraisal outlined in ISO 15489-1. This document: a) lists some of the main purposes for appraisal; b) describes the importance of establishing scope for appraisal; c) explains how to analyse business functions and develop an understanding of their context; d) explains how to identify records requirements; e) describes the relationships between records requirements, business functions and work processes; f) explains how to use risk assessment for making decisions related to records; g) lists options for documenting the results of appraisal; h) describes possible uses for the results of appraisal; and i) explains the importance of monitoring and review of the execution of appraisal decisions. This document can be used by all organizations regardless of size, nature of their business activities, or the complexity of their functions and structure.

ISO 23081-1:2017 covers the principles that underpin and govern records management metadata. These principles are applicable to: - records and their metadata; - all processes that affect them; - any system in which they reside; - any organization that is responsible for their management.

ISO 17068:2017 specifies requirements for a trusted third party repository (TTPR) to support the authorized custody service in order to safeguard provable integrity and authenticity of clients' digital records and serve as a source of reliable evidence. ISO 17068:2017 is applicable to retention or repository services for digital records as a source of evidence during the retention periods of legal obligation in both the private and the public sectors. ISO 17068:2017 has the limitation that the authorized custody of the stored records is between only the TTPR and the client.

ISO 15489-1:2016 defines the concepts and principles from which approaches to the creation, capture and management of records are developed. This part of ISO 15489 describes concepts and principles relating to the following: a) records, metadata for records and records systems; b) policies, assigned responsibilities, monitoring and training supporting the effective management of records; c) recurrent analysis of business context and the identification of records requirements; d) records controls; e) processes for creating, capturing and managing records. ISO 15489-1:2016 applies to the creation, capture and management of records regardless of structure or form, in all types of business and technological environments, over time.

ISO/TR 18128:2014 intends to assist organizations in assessing risks to records processes and systems so they can ensure records continue to meet identified business needs as long as required. ISO/TR 18128:2014: a) establishes a method of analysis for identifying risks related to records processes and systems, b) provides a method of analysing the potential effects of adverse events on records processes and systems, c) provides guidelines for conducting an assessment of risks related to records processes and systems, and d) provides guidelines for documenting identified and assessed risks in preparation for mitigation. ISO/TR 18128:2014 can be used by all organizations regardless of size, nature of their activities, or complexity of their functions and structure. These factors, and the regulatory regime in which the organization operates which prescribes the creation and control of its records, are taken into account when identifying and assessing risk related to records and records systems. ISO/TR 18128:2014 can be used by records professionals or people who have responsibility for records in their organizations and by auditors or managers who have responsibility for risk management programs in their organizations.

This International Standard specifies the planning issues, requirements and procedures for the conversion and/or migration of digital records (which includes digital objects plus metadata) in order to preserve the authenticity, reliability, integrity and usability of such records as evidence of business transactions. These digital records can be active or residing in a repository. These procedures do not comprehensively cover: — backup systems; — preservation of digital records; — functionality of trusted digital repositories; — the process of converting analogue formats to digital formats and vice versa.

ISO/TR 23081-3:2011 provides guidance on conducting a self-assessment on records metadata in relation to the creation, capture and control of records. The self-assessment helps to: identify the current state of metadata capture and management in or across organizations; identify priorities of what to work on and when; identify key requirements from ISO 23081-1:2006 and ISO 23081-2:2009; evaluate progress in the development of a metadata framework for the implementation of specific systems and projects; evaluate system and project readiness (move to the next phase in a system or project) when including records metadata functionality in a system. A records metadata readiness evaluation is provided for key steps from project inception through to the implementation/maintenance phase.

ISO/TR 13028:2010: establishes guidelines for creating and maintaining records in digital format only, where the original paper, or other non-digital source record, has been copied by digitizing; establishes best practice guidelines for digitization to ensure the trustworthiness and reliability of records and enable consideration of disposal of the non-digital source records; establishes best practice guidelines for the trustworthiness of the digitized records which may impact on the legal admissibility and evidential weight of such records; establishes best practice guidelines for the accessibility of digitized records for as long as they are required; specifies strategies to assist in creating digitized records fit for long-term retention; and establishes best practice guidelines for the management of non-digital source records following digitization. ISO/TR 13028:2010 is applicable for use in the design and conduct of responsible digitization by all organizations undertaking digitization, either business process digitization or back capture digitization projects for records management purposes, as outlined in ISO 15489-1:2001 and ISO/TR 15801:2009. ISO/TR 13028:2010 is not applicable to: capture and management of born-digital records; technical specifications for the digital capture of records; procedures for making decisions about records' eventual disposition; technical specifications for the long-term preservation of digital records; or digitization of existing archival holdings for preservation purposes.

ISO/TR 26122:2008 provides guidance on work process analysis from the perspective of the creation, capture and control of records. It identifies two types of analyses, namely functional analysis (decomposition of functions into processes), and sequential analysis (investigation of the flow of transactions). Each analysis entails a preliminary review of context (i.e. mandate and regulatory environment) appropriate for the analysis. The components of the analysis can be undertaken in various combinations and in a different order from that described here, depending on the nature of the task, the scale of the project, and the purpose of the analysis. Guidance provided in the form of lists of questions/matters to be considered under each element of the analysis is also included. ISO/TR 26122:2008 describes a practical application of the theory outlined in ISO 15489. As such, it is independent of technology (i.e. can be applied regardless of the technological environment), although it can be used to assess the adequacy of technical tools that support an organization's work processes. ISO/TR 26122:2008 focuses on existing work processes rather than on facilitating "workflow" (i.e. the automation of a business process in whole or part, during which documents, information or tasks are passed from one participant to another for action, according to a set of procedural rules).

ISO 22310:2006 allows the appropriate incorporation of records requirements, according to ISO 15489-1, ISO/TR 15489-2 and 23081-1, which are applicable to all standards that require the creation and retention of records, into other standards. It also highlights the different elements that need to be considered as components of a comprehensive records management framework. This guidance is in addition to the procedures for technical work and the methodology for the development of International Standards established by the ISO/IEC Directives. ISO 22310:2006 is intended for use by all ISO bodies involved in the development of records management or documentation requirements in standards. It can also be used by non-ISO standards development organizations at the international, regional or national level, which are considering or are in the process of developing records management requirements in standards and/or comparable documents.

ISO 30302:2015 gives guidance for the implementation of a MSR in accordance with ISO 30301. This International Standard is intended to be used in conjunction with ISO 30300 and ISO 30301. This International Standard does not modify and/or reduce the requirements specified in ISO 30301. It describes the activities to be undertaken when designing and implementing a MSR. ISO 30302:2015 is intended to be used by any organization implementing a MSR. It is applicable to all types of organization (e.g. commercial enterprises, government agencies, non-profit organizations) of all sizes.

ISO/TR 17068:2012 details the authorized custody services of a Trusted Third Party Repository (TTPR) in order to ensure provable integrity and authenticity of the clients' digital records and serve as a source of reliable evidence. It describes the services and processes to be provided by a TTPR for the clients' digital records during the retention period, to ensure trust. It also details the criteria of "trustworthiness" and the particular requirements of TTPR services, hardware and software systems, and management. ISO/TR 17068:2012 has the limitation that the authorized custody of the stored records is between only the third party and the client.

ISO 30300:2011 defines terms and definitions applicable to the standards on management systems for records (MSR) prepared by ISO/TC 46/SC 11. It also establishes the objectives for using a MSR, provides principles for a MSR, describes a process approach and specifies roles for top management. ISO 30300:2011 is applicable to any type of organization that wishes to: · establish, implement, maintain and improve a MSR to support its business; · assure itself of conformity with its stated records policy; · demonstrate conformity with this International Standard.

ISO 30301:2011 specifies requirements to be met by a management system for records (MSR) in order to support an organization in the achievement of its mandate, mission, strategy and goals. It addresses the development and implementation of a records policy and objectives and gives information on measuring and monitoring performance. ISO 30301:2011 can be implemented with other Management System Standards (MSS). It is especially useful to demonstrate compliance with the documentation and records requirements of other MSS.

ISO 16175-2:2011 is applicable to products that are often termed "electronic records management systems" or "enterprise content management systems". ISO 16175-2:2011 uses the term digital records management systems for those software applications whose primary function is records management. It does not seek to set requirements for records still in use and held within business systems. Digital objects created by email, word processing, spreadsheet and imaging applications (such as text documents, and still or moving images), where they are identified to be of business value, are managed within digital records management systems which meet the functional requirements established in ISO 16175-2:2011. Records managed by a digital records management system can be stored on a variety of different media formats, and can be managed in hybrid record aggregations that include both digital and non-digital elements. ISO 16175-2:2011 does not attempt to include requirements that are not specific to, or necessary for, records management, for example, general system management and design requirements. Nor does it include requirements common to all software applications, such as performance, scalability and usability. Given the target audience of ISO 16175-2:2011, it also assumes a level of knowledge about developing design specifications, procurement and evaluation processes, and therefore these issues are not covered in ISO 16175-2:2011. Nonetheless, the importance of non-records management functional requirements for records management systems is recognized through their inclusion is given in the high-level model for structure and overview of functional requirements. ISO 16175-2:2011 does not give specifications for the long-term preservation of digital records; this issue needs to be addressed separately within a dedicated framework for digital preservation or "digital archiving" at the strategic level. These digital preservation considerations transcend the life of systems and are system independent; they need to be assessed in a specific migration and conversion plan at the tactical level. However, recognition of the need to maintain records for as long as they are required is addressed in ISO 16175-2:2011, and potential format obsolescence issues need to be considered when applying the functional requirements. ISO 16175-2:2011 articulates a set of functional requirements for digital records management systems. These requirements apply to records irrespective of the media in which they were created and/or stored. The requirements are intended to: define the processes and requirements for identifying and managing records in digital records management systems; define the records management functionality to be included in a design specification when building, upgrading or purchasing digital records management systems software; inform records management functional requirements in the selection of commercially available digital records management systems; and review the records management functionality of, or assess the compliance of, an existing digital records management system.

ISO 16175-1 establishes fundamental principles and functional requirements for software used to create and manage digital records in office environments. It is intended to be used in conjunction with ISO 16175-2 and ISO 16175-3. ISO 16175-1 establishes the principles of good practice, guiding principles, implementation guidelines and lists risks and mitigations for the purpose of enabling better management of records in organisations; supporting the business needs of an organisation by enabling greater effectiveness and efficiency of the operations; providing, through wider deployment of automated records functionality, enhanced abilities to support auditing activities; improving capabilities to comply with statutory mandates specified in various information-related legislation (for example, data protection and privacy); ensuring good governance (for example, accountability, transparency and enhanced service delivery) through good management of records; increasing general awareness of automated records management capabilities via the dissemination of key principles; and maximizing cross-jurisdictional consistency regarding the articulation of functional requirements for managing records and to enable the global archives, records and information management community to speak with one voice to the software vendor community.

ISO 16175-3:2010 specifies general requirements and guidelines for records management and gives guidelines for the appropriate identification and management of evidence (records) of business activities transacted through business systems. It gives guidelines to understand processes and requirements for identifying and managing records in business systems; to develop requirements for functionality for records to be included in a design specification when building, upgrading or purchasing business system software; to evaluate the records management capability of proposed customized or commercial off-the-shelf business system software; to review the functionality for records or assess compliance of existing business systems. ISO 16175-3:2010 specifies requirements for export supports preservation by allowing the export of records to a system that is capable of long-term preservation activities, or for the ongoing migration of records into new systems. It does not specify requirements for the long-term preservation of digital records. ISO 16175-3:2010 is not applicable to records management in highly integrated software environments based on service-oriented architectures. ISO 16175-3:2010 does not specify a general system management, nor the design requirements such as usability, reporting, searching, system administration and performance. It also does not specify developing design specifications, procurement and evaluation processes in any detail.

ISO/TS 23081-2:2009 establishes a framework for defining metadata elements consistent with the principles and implementation considerations outlined in ISO 23081-1:2006. The purpose of this framework is to: to enable standardized description of records and critical contextual entities for records, to provide common understanding of fixed points of aggregation to enable interoperability of records, and information relevant to records, between organizational systems, to enable re-use and standardization of metadata for managing records over time, space and across applications. It further identifies some of the critical decision points that need to be addressed and documented to enable implementation of metadata for managing records. It aims to identify the issues that need to be addressed in implementing metadata for managing records, to identify and explain the various options for addressing the issues, and to identify various paths for making decisions and choosing options in implementing metadata for managing records.

ISO/TS 23081-2:2007 establishes a framework for defining metadata elements consistent with the principles and implementation considerations outlined in ISO 23081-1:2006. The purpose of this framework is to: enable standardized description of records and critical contextual entities for records, provide common understanding of fixed points of aggregation to enable interoperability of records, and information relevant to records, between organizational systems, enable re-use and standardization of metadata for managing records over time, space and applications. It further identifies some of the critical decision points that need to be addressed and documented to enable implementation of metadata for managing records. It aims to: identify the issues that need to be addressed in implementing metadata for managing records, identify and explain the various options for addressing the issues, and identify various paths for making decisions and choosing options in implementing metadata for managing records.

ISO 23081-1:2006 covers the principles that underpin and govern records management metadata. These principles apply through time to: records and their metadata; all processes that affect them; any system in which they reside; any organization that is responsible for their management.

ISO/TS 23081-1:2004 covers the principles that underpin and govern records management metadata.

This part of ISO 15489 is an implementation guide to ISO 15489-1 for use by record management professionals and those charged with managing records in their organizations. It provides one methodology that will facilitate the implementation of ISO 15489-1 in all organizations that have a need to manage their records. It gives an overview of the processes and factors to consider in organizations wishing to comply with ISO 15489-1.