What is this standard about?
Many organizations are currently undertaking initiatives to improve information governance systems and practice across the business. Good records management is a fundamental element of good information governance and good business. BS ISO 15489-1:2016 sets best practice for records management. All organizations will benefit from reviewing their record management activities against this standard.
Who is this standard for?
- Information risk and governance officers
- Records managers
- Information managers
- IT managers
- Information security managers
- Enterprise architects
- Chief information officers
- Archivists, special librarians
- Knowledge management professionals
- Business administrators
- Legal advisors
- All individuals within organizations who are responsible for the oversight of record management and information governance practices
Why should you use this standard?
BS ISO 15489-1:2016 will help cross-sector organizations to comply with data protection legislation and in particular will help them meet the enhanced information governance obligations arising from the new General Data Protection Regulation. The standard establishes core concepts and principles for the creation, capture and management of records. It provides guidance on managing records of originating organizations, public or private, for internal and external clients. It defines the concepts and principles relating to:
- Records, metadata for records and records systems
- Policies, assigned responsibilities, monitoring and training in support of the effective management of records
- Recurrent analysis of business context and the identification of records requirements
- Records controls
- Processes for creating, capturing and managing records
What’s changed since the last update?
The standard was revised to ensure that it meets market requirements, keeps pace with the increasingly complex records management requirements demanded by evolving digital environments and takes account of the wide range of related standards that have been issued since it was first published in 2001. It includes the following principal changes:
- Focusses only on principles and concepts and no longer provides a prescribed implementation methodology
- Re-interprets the traditional term “appraisal” as a core activity for determining records requirements
- Greater emphasis on the importance of metadata as an essential part of managing records and on the need for independence of records metadata from specific systems and environments
- Broadened definition of the role of records as both enablers of business activity and information assets
- Highlights increased opportunities for records use and reuse in the digital environment
- Greater focus on the need to extend systems and rules for the creation, capture and management of records beyond traditional organizational boundaries, such as collaborative and multi-jurisdictional work
- Greater emphasis on the importance of risk management in devising strategies for managing records, and the management of records as a risk management strategy in itself