More often, clients are asking for best practices. Specific to Records Management, the ISO has a Records Management Best Practices Standard available for download on their site. It provides a starting point for developing your Records Management program.
So why look at ISO best practice records management? The standards promote:
- Identification of responsibilities for records creation and control
- Adoption of computerized and automated means of creating and managing records
- Integration of records creation and control with business processes
- Incorporation of records into organizations’ information framework to enhance their value and encourage their use
Keep in mind that tools alone don’t get the job done. Organizational change, user adoption and populating the Records System with your actual records is 80% of the work.
What should you be thinking about? Retention for as long as the records are needed, data protection and timely destruction in accordance with legal requirements and society’s expectations. ISO and national standards meet documentation requirements contained in quality and risk management, compliance and security practice standards. They ensure that authoritative and reliable information about, and evidence of, business activities are created, managed, and made accessible to those who need them, for as long as they need them.
ISO 15489 – 2001 identifies the standard principles for managing records. These principles apply to all records irrespective of the format or medium in which they are created or of the organization or individual which creates them.
They are as follows:
- An organization should have a policy, with defined roles and responsibilities, for creating, capturing, managing and using records, as evidence of business, for as long as they are needed.
- The proper management of records should be integrated into business processes and systems.
- The techniques, processes and systems used to create and manage records must align with the organization’s specific business requirements.
- The requirements for records, their management and ongoing use should be incorporated into the design and implementation of an organization’s overall information framework.
- Business rules should be developed for designing and implementing systems which hold records, and for managing, using and disposing of records.
- The resources allocated to managing records generated by business should be commensurate with the assessment of risk, the nature of the activities and the size and type of organization.
- Business systems and processes should be designed so that records are secure from unauthorized use or modification and can be relied on as accurate, authoritative, accessible and acceptable as evidence for as long as they are needed.
Download the document here http://www.iso.org/iso/catalogue_detail?csnumber=31908