Standards and Requirements for Electronic Records Management

ISO 15489 Records Management

ISO 15489 is the international standard for records management. It derives from the Australian Standard AS 4390: 1996 and was published in two parts in 2001. The standard applies to the management of records in all formats and provides a framework for organisations establishing a records management system or auditing existing policies and procedures. Other standards for electronic records management reference it.

ISO 15489 describes the characteristics of electronic records and the systems needed to manage them, but it does not constitute a set of requirements for an electronic records management system.

ISO 15489-1:2001, Part 1: General, describes at high level a best practice framework for records management.

ISO 15489-2:2001, Part 2: Guidelines, provides practical guidance for the design and implementation of the framework described in Part 1, based on the DIRKS methodology.

ISO 30300 Management Systems for Records – Fundamentals and Vocabulary

ISO 30301 Management Systems for Records – Requirements
The ISO 30300 series standards apply to management systems for records (MSR). A MSR is a management system used to direct and control how records are managed within an organisation at a strategic level. The standards are aimed at any organisation which wants to implement and maintain a MSR to support its business. They set out the objectives for using a MSR and describe a process approach, specifying roles for senior management. The standards do not alter the operational records management processes defined in ISO 15489, but upgrade the approach that senior management should take to the management of records at a policy and risk assessment level by managing procedures and technology, conducting routine audits and utilising continual improvement processes.

ISO 23081-1:2006 Metadata for records – Part 1: Principles

ISO 23081-2:2009 Managing metadata for records – Part 2: Conceptual and implementation issues

ISO 23081-3:2011 Managing metadata for records – Part 3: Self assessment method
ISO 23081 provides a guide to understanding, implementing and using the metadata needed to manage records within the framework of ISO 15489. It focuses on the relevance of records management metadata to business processes. The standard establishes a framework for defining metadata elements and provides guidance on conducting a self-assessment on records metadata in relation to the creation, capture and control of records. It does not define a mandatory set of records management metadata, but instead assesses the main existing metadata sets (including Dublin Core, ISAD(G) EAD, ISAAR) against the requirements of ISO 15489 and considers their ability to support business and records management processes.

ISO 16175 Principles and functional requirements for records in electronic office environments
ISO 16175 is an international standard of principles and functional requirements for software used to create and manage electronic records in office environments. It was published in three parts in 2010-11 and derives from the International Council on Archives (ICA) ‘Principles and functional requirements for records in electronic office environments’. It is based on the records functionality outlined in ISO 15489 and can be used to identify and evaluate records management functionality in systems. Although ISO 16175 is an international standard it will not be implemented as a British Standard.

ISO 16175-1:2010, Part 1: Overview and statement of principles, provides a high level overview of background information and fundamental principles.

ISO 16175-2:2011, Part 2: Guidelines and functional requirements for digital records management systems, describes requirements for software systems used to manage records.

ISO 16175-3:2010, Part 3: Guidelines and functional requirements for records in business systems, sets out requirements for the management of records held in business systems (e.g. case management, financial management, etc.). It provides a starting point rather than a complete specification. Organisations will need to factor in their own business, technical and regulatory requirements.

The ICA Principles and functional requirements for records in electronic office environments are available on the website of the co-sponsor, the Australasian Digital Recordkeeping Initiative (ADRI).

MoReq2010 (Modular Requirements for Records Systems)
MoReq2010 is the most recent European specification of requirements for electronic records management systems. The MoReq2010 specification has been developed by the DLM Forum (a community of public archives and other parties interested in archives, records and information management throughout the European Union), with the support of the European Commission. It builds on MoReq2 to deliver a more adaptable and scalable set of requirements for an electronic records management system, which can be adopted by all types of organisation in both the public and private sectors. The Core Services and Plug-in Modules were published in 2011 and further modules, dealing with specific types of record formats, are currently being written. Modules specific to records functionality in single sectors may also be forthcoming.
Whereas MoReq2 specifies for a single record system that will embrace all the records an organisation creates, MoReq2010 accepts that records are generally created in many different systems within an organisation and instead seeks to specify the minimum requirements for a single application to manage its records and the common set of core services that are shared by many different types of records system. MoReq2010 introduces several new concepts including entities, aggregations, and event histories.

2012 will see the development of test scripts and the establishment of a testing regime. As MoReq2010 is a new specification it will take time before suppliers produce compliant products.

DoD 5015.2-STD US Department of Defense: Design Criteria Standard for Electronic Records Management Applications
Although DoD 5015.2 is an American standard, it has been included here because many suppliers have achieved certification of their solutions against its requirements. DoD 5015.2 was first published in 1997 and last revised in 2007. It describes the basic mandatory functional requirements for records management application software used by the US Department of Defense. The standard defines required system interfaces and search criteria to be supported by an Electronic Records Management System and describes the minimum records management requirements that must be met, based on the US National Archives and Records Administration (NARA) regulations. It also identifies other non-mandatory features that are considered desirable. In the United States DoD 5015.2 has been widely adopted outside of the defence industry, in both the private and public sectors, as defining best practices in electronic records management.

BS 10008:2008 Evidential weight and legal admissibility of electronic information. Specification
BS 10008 specifies the requirements for the implementation and operation of electronic information management systems, encompassing data processing and the exchange of data between computers and electronic storage. It addresses issues relating to the authenticity and integrity of records, which will help organisations to meet standards of legal admissibility. The standard also covers the process of electronic identity verification, including electronic signatures and electronic copyright. It provides best practice guidelines, which will help organisations manage electronic information and data security over time and through technology changes. The standard covers policies, security, procedures, technology requirements and the auditability of electronic document management (EDM) systems.

BIP 0008-1:2008 Evidential Weight and Legal Admissibility of Information Stored Electronically.
BIP 0008 is a code of practice for the implementation of BS 10008. It focuses on the authenticity, integrity and availability of electronically stored information and is of particular relevance where stored information may be required as evidence in legal proceedings or other disputes. The Code provides a framework and guidelines for the implementation and operation of electronic storage systems and identifies critical compliance points that need to be taken into account. It covers planning, policy, security, risk assessment, data capture and handling, monitoring, reviewing and auditing, and the maintenance and continual improvement of systems.

BS 10008 is also supported by two other codes of practice and a compliance workbook:

BIP 0008-2:2008 Evidential Weight and Legal Admissibility of Information Transferred Electronically. Code of Practice for the Implementation of BS 10008

BIP 0008-3:2008 Evidential Weight and Legal Admissibility of Linking Electronic Identity to Documents. Code of Practice for the Implementation of BS 10008

BIP 0009:2008 Evidential Weight and Legal Admissibility of Electronic Information. Compliance Workbook for Use with BS 10008

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s