ISO 15489 Records Management wird überarbeitet
25. Juli 2014 15:00 Uhr | Dr. Ulrich Kampffmeyer | Permalink
Die bekannte ISO-Norm 15489 "Records Management" (im Deutschen "Schriftgutverwaltung" – leider nicht treffend übertragen) wurde komplett überarbeitet. Nunmehr liegt der Entwurf "Draft ISO/DIS 15489-1 Ver.7" des Kommitee ISO TC 46/SC 11/WG 13 vor.
Neue Ansätze und neue Konzepte machen die ISO 15489 praktikabler. Aktuell läuft das interne Review der neuen Version. Details zur neuen ISO gibt es dann auf der Records Management Konferenz am 25.11.2014 in Frankfurt: http://bit.ly/RMK_2014
Inhaltsverzeichnis der überarbeiteten ISO 15489 Records Management.
2 Normative references
3 Terms and definitions
4 Principles for managing records
5 Authoritative records and records systems
5.1 Authoritative records
5.1.1 Metadata for records
5.1.2 Characteristics of authoritative records
5.2 Records systems
5.2.1 Characteristics of records systems
6 Policies and responsibilities
6.4 Monitoring/performance evaluation
6.5 Competence and training .
7.2 Scope of appraisal
7.3 Understanding the business
7.3.1 Understanding the business setting
7.3.2 Analysing functions and work processes
7.3.3 Identifying agents
7.4 Determining records requirements
7.4.1 Business requirements for records
7.4.2 Legal/regulatory requirements for records
7.4.3 Societal requirements for records
7.4.4 Linking records requirements to business functions and work processes
7.4.5 Assessing risks associated with the implementation of records requirements
7.4.6 Documenting records requirements
7.4.7 Implementing records requirements
8 Records controls
8.2 Metadata schema for records
8.3 Business classification schemes
8.4 Access and permissions rules
8.5 Disposition authorities
9 Processes for creating and managing records
9.2 Creating records
9.3 Capturing records
9.4 Classification and indexing
9.5 Access control
9.6 Use and reuse
9.8 Migrating or converting records
9.9 Storing records
5 Kommentare zu “ISO 15489 Records Management wird überarbeitet”
Wann kommt der Wortlaut?
Das Inhaltsverzeichnis ist vielversprechend und macht neugierig auf den konkreten Wortlaut.
Was wird sich wohl genau hinter “authoriative” verbergen, wie wird genau mit dem Thema Bewertung (Appraisal) verfahren, wo liegen genau die Unterschiede zum Vorgänger, wie offen sind die Punkte formuliert, und, und, und …
Freue mich auf die nähere Auseinandersetzung mit diesem für meine Arbeit zentralen Dokument.
Wann wird es soweit sein?
ISO 15489 Records Management DIS ballot
Der Verabschiedungsprozess wurde am 23.1.2015 gestartet. Jetzt heißt es fünf Monate warten.
Die Diskussionsversion ist von Januar bis März auf dem Server der ISO abrufbar: https://www.iso.org/obp/ui/#iso:std:iso:15489:-1:dis:ed-2:v1:en
Überarbeitung ISO 15489 Records Management
Es geht langsamer voran als ursprünglich geplant, aber das Treffen in Beijing war recht erfolgreich. So berichtet zumindest Heather Jack in ihrem Beitrag "ISO Working Group agree next steps for ISO 15489 parts 1 & 2 revision" auf Linkedin: https://www.linkedin.com/grp/post/8243525-6014340796617146371
Der aktuelle Stand der ISO 15489 ist nicht mehr online abrufbar. Nur die ersten einführenden Kapitel stehen noch öffentlich zur Verfügung. Die Verabschiedung erfolgt nunmehr im Rahmen der nationalen ISO-Gremien. Interessenten in Deutschland wenden sich bitte an den entsprechenden DIN Arbeitskreis nabd NA (Frau Thiel).
Teil 1 "Concepts and Principles" mit der eigentlichen, derzeit rund 100seitigen Norm wird voraussichtlich im August als FDIS den Gremien zur Verabschiedung zugeleitet. Mit der Veröffentlichung von Part 1 ist dann Mitte 2016 zu rechnen. Mit der Bereitstellung von Teil 2 mit mehreren "Guidance Documents" ist ab April 2016 zu rechnen. Das Verfahren der Verabschiedung dieser Dokumente ist noch nicht abschließend geklärt.
Der aktuelle Stand der einführenden Kapitel der ISO 15489 in Englisch:
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2. http://www.iso.org/directives
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received. http://www.iso.org/patents
Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISO's adherence to the WTO principles in the Technical Barriers to Trade (TBT), see the following URL: Foreword – Supplementary information
The committee responsible for this document is ISO/TC 46, Information and documentation, Subcommittee SC 11, Archives/records management.
ISO 15489 consists of the following parts, under the general title Information and documentation — Records management:
— Part 1: Concepts and principles
— Part 2: Guidelines
This International Standard establishes the core concepts and principles for the creation, capture and management of records. It sits at the heart of a number of international standards and technical reports that provide further guidance and instruction on concepts, techniques and practices for creating, capturing and managing records.
About records and management of records
Records are both evidence of business activity and information assets. They can be distinguished from other information assets by their transactional nature, and their reliance on metadata, which is used to indicate and preserve context, and apply appropriate rules for managing records.
The management of records ensures that they are:
a) created and captured to meet requirements for evidence of business activity; and
b) managed appropriately over time to meet changing requirements.
Increasingly, records are made and kept in digital environments. Free from the constraints of paper, digital records offer a range of opportunities for new kinds of use and re-use, and more powerful implementations of records controls across and between the systems that manage records.
Continuously evolving models of business can extend responsibilities for records beyond traditional organizational and jurisdictional boundaries. This requires records professionals to understand and meet a diverse range of internal and external stakeholder needs. These can include increased expectations of transparency of decision-making from business and government, the general public, customers, users of government services, records’ subjects, and others with an interest in how records are created and managed.
With these environmental factors in mind, this International Standard has been developed with an acknowledgement of:
a) the role of records as both enablers of business activity and information assets;
b) increased opportunities for records use and reuse in the digital environment;
c) systems and rules for the creation, capture and management of records that need to extend beyond traditional organizational boundaries, such as collaborative and multi-jurisdictional work environments;
d) records controls that can be independent of other components of records systems;
e) the importance of recurrent analysis of business activity and context to identify what records need to be created and captured, and how they should be managed over time; and
f) the importance of risk management in devising strategies for managing records, and the management of records as a risk management strategy in itself.
While the concepts and principles of this International Standard apply across varied business and technological environments, these environments can demand different approaches to the implementation of records controls, processes and systems. Part 1 of this International Standard is not intended to provide detailed implementation advice for specific environments in which records are created, captured and managed. Rather, it defines key concepts and establishes high-level principles from which systems and processes for managing records in any environment may be developed.
Advice on the design and implementation of controls, systems and processes for records in these different environments will be addressed in subsequent Part(s).
Approaches to the creation, capture and management of records based on the concepts and principles in this International Standard ensure that authoritative and reliable evidence of business is created, captured, managed and made accessible to those who need it, for as long as it is required. This enables:
a) improved transparency and accountability;
b) effective policy formation;
c) informed decision-making;
d) the management of business risks;
e) the protection of rights and obligations of organizations and individuals;
f) continuity in the event of disaster;
g) compliance with legislation and regulations;
h) reduction of costs through greater business efficiency;
i) improved ability to demonstrate corporate responsibility, including meeting sustainability goals;
j) the protection of intellectual property;
k) protection and support in litigation;
l) the conduct of evidence-based research and development activities;
m) the formation of business, personal and/or cultural identity; and
n) the protection of corporate, personal and/or collective memory.
Policies, assigned responsibilities and procedures for the creation, capture and management of records can support organizational information governance programmes.
Relationship to other standards
This International Standard has been designed as a self-contained resource. However, it is also part of a family of standards and technical reports on a range of aspects relating to the creation, capture and management of records. These are listed in the Bibliography and may be consulted for more detailed advice on particular aspects of managing records.
The management of records in line with this International Standard is fundamental to a successful Management system for Records (MSR), the management system defined by the ISO 30300- series of International Standards. A MSR links the management of records to organizational success and accountability by establishing a framework comprising policy, objectives and directives with regard to records. It establishes requirements for:
a) defined roles and responsibilities;
b) systematic processes;
c) monitoring, measurement and evaluation; and
d) review and improvement.
Managers and others seeking to implement, operate and improve a MSR should use this International Standard in conjunction with the ISO 30300- series of International Standards.
This International Standard defines the concepts and principles from which approaches to the creation, capture and management of records are developed. The Standard describes concepts and principles relating to:
a) records, metadata for records and records systems;
b) policies, assigned responsibilities, and monitoring and training in supporting the effective management of records;
c) ongoing analysis of business context and the identification of records requirements;
d) records controls; and
e) processes for creating, capturing and managing records.
This International Standard applies to the creation, capture and management of records regardless of structure or form, in all types of business and technological environments, over time.
2 Normative references
No normative references are cited. This clause is included in order to retain clause numbering.
3 Terms and definitions
opportunity, means of finding, using or retrieving information
major task performed by a business entity as part of a function
individual, workgroup or organization responsible for, or involved in, record creation, capture and/or records management processes
[SOURCE: ISO 23081‑1:2006, definition 3.1]
Note 1 to entry: Technologies such as software applications can be considered agents if they routinely perform records creation/capture processes.
systematic identification and/or arrangement of business activities and/or records into categories according to logically structured conventions, methods, and procedural rules
process of changing records from one format to another
[SOURCE: ISO 30300:2011, definition 3.3.3]
process of eliminating or deleting a record, beyond any reconstruction
range of processes associated with implementing records retention, destruction or transfer decisions which are documented in disposition authorities or other instruments
[SOURCE: ISO 30300:2011, definition 3.3.5]
3.8 disposition authority
an instrument that defines disposition actions that are authorized for records described in the authority
documentation of a transaction
Note 1 to entry: This is proof of a business transaction which can be shown to have been created in the normal course of business and which is inviolate and complete. It is not limited to the legal sense of the term.
[SOURCE: ISO 30300, definition 3.1.5]
a group of activities that fulfils the major responsibilities for achieving the strategic goals of a business entity
3.11 metadata for records
data describing context, content and structure of records and their management through time
process of moving records from one hardware or software configuration to another without changing the format
[SOURCE: ISO 30300:2011, definition 3.3.8]
information created, received and maintained as evidence and as an asset by an organization or person, in pursuit of legal obligations or in the transaction of business
[SOURCE: ISO 30300:2011, definition 3.1.7]
3.14 records management
field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use and disposition of records, including processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records
[SOURCE: ISO 30300:2011, definition 3.3.8]
3.15 records system
information system which captures, manages and provides access to records over time
[SOURCE: ISO 30300:2011, definition 3.4.4]
Note 1 to entry: A records system can consist of technical elements such as software, which may be designed specifically for managing records or for some other business purpose, and non-technical elements including policy, procedures, people and other agents, and assigned responsibilities.
3.16 metadata schema
logical plan showing the relationships between metadata elements
[SOURCE: Adapted from ISO 23081‑1:2006, definition 3.3]
smallest unit of a work process consisting of an exchange between two or more participants or systems
[SOURCE: ISO/TR 26122:2008, definition 3.5]
3.18 work process
one or more sequences of actions required to produce an outcome that complies with governing rules
[SOURCE: Adapted from ISO/TR 26122:2008, definition 3.6]
Only informative sections of standards are publicly available. To view the full content, you will need to purchase the standard by clicking on the "Buy" button.
 ISO 13008:2012, Information and documentation — Digital records conversion and migration process
 ISO 30300:2011, Information and documentation — Management systems for records — Fundamentals and vocabulary
 ISO 30301:2011, Information and documentation — Management systems for records — Requirements
 ISO 23081-2:2009, Information and documentation — Managing metadata for records — Part 2: Conceptual and implementation issues
 ISO 23081-1:2006, Information and documentation — Records management processes — Metadata for records — Part 1: Principles
 ISO/TR 18128:2014, Information and documentation — Risk assessment for records processes and systems
 ISO/IEC 27001:2013, Information technology — Security techniques — Information security management systems — Requirements
 ISO/TR 26122:2008, Information and documentation — Work process analysis for records
Überarbeitung der ISO 15489: ein Einblick aus Australien
Während alle darauf warten, dass endlich die neue Version der ISO 15489, die schon für 2015 geplant war, erscheint, bringt es Barbara Reed, die Leiterin der Australischen Delegation, auf den Punkt. Es gibt zahlreiche generelle Änderungen, die einen längeren Abstimmungs- und Überarbeitungsprozess erfordern. In Ihrem Artikel "Navigating the shoals of ISO standards" vom 10.07.2015 beschreibt sie die wesentlichen Neuerungen: http://bit.ly/iso15489
Es wird also noch mindestens 12 Monate dauern, bis die neue Norm international verabschiedet ist. Und dementsprechend wird man auch auf die Version des DIN noch einige Zeit warten dürfen.
Überarbeitung der ISO 15489: Larry Medina
Am 12. July hat Larry Medina einen Kommentar zum oben verlinkten Beitrag "Navigating the shoals of ISO Standards" auf RECMGMT-L Listserv veröffentlicht. Er glaubt nicht, dass die neue Version des ISO Standards 15489 in den USA etwas bewegen kann. Die in den USA relevante NARA hat außer einem Verwies auf die ISO-Norm nie etwas getan, um sie zu implementieren, sondern auf ihre eigenen Vorgaben gesetzt. Bleibt also die Frage, ob die ISO 15489 nur etwas für Australier, Neuseeländer, Engländer und vielleicht Europäer ist?
Hier der Beitrag von Larry Medina im Wortlaut:
"As one of the reviewers who submitted copious comments regarding the lack of consistency and completeness of 15489, I'm quite glads to see it's going through another round of editing and approval was delayed. I'm actually surprised the committee really felt it wasn't going to have to go around again. There were a number of us who 'fine tooth comb' reviewed this, some finding the same things and others focusing on other areas… but suffice to say, it was far from "ready for prime time". I doubt the standard will ever get a lot of traction in the US, even with a re-write and new revision; unless ANSI adopts and publishes a version, few in the business community see any value to citing and adopting an International Standard for business practices that doesn't add to the bottom line. Unless there are requirements from the EU or other sources that demand compliance in order to do business (like with ISO 9001 and 14001), the benefits of adding additional requirements into processes seem tough to gain support for in the US. Oddly, on their last revision to 36CFR, NARA felt compelled to cite where each Part of Subchapter B was "in conformance with ISO 15489-1:2001, Information and documentation– Records management" but it didn't bother to list any specific section or anything else… and the odd thing about this, well, at least ONE ODD thing is the revision to 36CFR was done in 2009, and the ISO Standard was out of date as of 2006. I (and others in the Federal RM arena) attempted to discourage NARA from adding this meaningless citation, especially since NO FEDERAL RM Programs utilize or comply with ISO 15489, but they felt a need to add it."