Your records management strategy has to take into account the big picture. This involves understanding the context you operate in, the nature of the business you do and the risks and requirements associated with that business. The good news is that it’s possible to design systems and apply rules so that the records are made and kept properly – whether they are data, documents or even social media content – and result in a host of business-enhancing benefits.
We asked Cassie Findlay, the Project Leader of the working group that developed the standard (ISO/TC 46/SC 11/WG 13), to give us her lowdown on the new standard.
Why is records management so important?
The creation and management of records has always been important – from ancient times to today. The key reasons for keeping records have not changed: accountability, efficient business, protection of rights and entitlements and the ability to reconstruct the past. Now, the rapidly changing digital and online world has simply introduced additional reasons to create, capture and manage records well: the shift to data-driven business, open government initiatives, shared and collaborative services, greater emphasis on corporate responsibility and more. You only need to look at the frequency of information management, access and accountability issues being reported in the news to see that the job of managing records is more important than ever!
What has happened to justify the publication of the new ISO 15489-1?
It has been over ten years since the previous version of the standard was issued. As I mentioned, in this period, we have seen an increasingly rapid shift to digital forms of business. It therefore follows that records need to be made and kept in digital environments, and we needed to have a robust set of concepts and principles to underpin new approaches.
For example, changing models of business are extending responsibilities for records beyond traditional organizational and jurisdictional boundaries. This requires records professionals to understand and meet a diverse range of internal and external stakeholder needs. These can include increased expectations of transparency in decision making from business and government, the general public, customers, users of services, records’ subjects, and others with an interest in how records are created, captured and managed. Expectations for information security are also becoming increasingly significant to stakeholders within and outside of organizational boundaries. Indeed the very concept of a ‘record’ has changed. Once, we tended to equate records only with documents and files. However, today we make and keep records in so many forms! But whether they are data, documents or some other form of information, our job remains to properly contextualize and manage them over time.
So the concepts and principles described in the latest edition of ISO 15489-1 are designed to enable the creation, capture and management of records in these new environments through time. However, it has been carefully designed not to ignore the needs of paper-based or “hybrid” environments and applies equally to these by taking a technology-agnostic approach.
In a nutshell, what will implementing the new standard do and for whom?
ISO 15489-1 establishes the core concepts and principles for the design, implementation and management of policy, information systems and processes allowing people, organizations, governments, private enterprises and collaborative coalitions to:
- Create and capture records to meet requirements for evidence of business activity
- Take appropriate action to protect the authenticity, reliability, integrity and useability of records, as well as their business context, and to identify requirements for their management over time
By taking a principles-based approach, ISO 15489-1 allows for flexibility in implementation while retaining strong direction on what those implementations should be achieving. It sits at the centre of a range of other existing standards and advice on more specific aspects of managing records – from metadata for records to the analysis of work processes – and will be complemented by subsequent Parts to complete this guidance, focusing on appraisal and design of systems for records.
Is its significance restricted to one sector, or does it have broader business and societal relevance?
ISO 15489-1 has very wide relevance. Every part of society makes and keeps records. They underpin corporate activity, the delivery of government or NGO services and personal lives. Not only is the creation and management of records essential to the conduct of current business and affairs, but it will prove crucial into the future, in that without well-managed records there are no archives.
How we make and keep records today can have far-reaching consequences – think about records of our climate, or buildings and other infrastructure that depend on records to be maintained. There is no sector or part of society that cannot afford to pay attention to the making and keeping of records, especially in the age of digital disruption and change that we live in.
ISO 15489-1:2016 is available from your national ISO member or on the ISO Store.