ISO/TR 15489-2:2001
(Main)Information and documentation - Records management - Part 2: Guidelines
Information and documentation - Records management - Part 2: Guidelines
This part of ISO 15489 is an implementation guide to ISO 15489-1 for use by record management professionals and those charged with managing records in their organizations. It provides one methodology that will facilitate the implementation of ISO 15489-1 in all organizations that have a need to manage their records. It gives an overview of the processes and factors to consider in organizations wishing to comply with ISO 15489-1.
Information et documentation — << Records Management >> — Partie 2: Guide pratique
La présente partie de l'ISO 15489 est un guide de mise en oeuvre pour l'ISO 15489-1 à destination des professionnels du «Records management» et de ceux qui ont en charge la gestion des documents d'archives dans leurs organismes. Il fournit une méthodologie qui facilitera la mise en oeuvre de l'ISO 15489-1 dans tous les organismes qui ont besoin d'organiser et de gérer leurs documents d'archives. Il donne une vision générale des processus et des facteurs à prendre en considération dans les organismes qui souhaitent se conformer à l'ISO 15489-1.
Informatika in dokumentacija – Upravljanje zapisov – 2. del: Smernice
General Information
Related Packages
Frequently Asked Questions
ISO/TR 15489-2:2001 is a technical report published by the International Organization for Standardization (ISO). Its full title is "Information and documentation - Records management - Part 2: Guidelines". This standard covers: This part of ISO 15489 is an implementation guide to ISO 15489-1 for use by record management professionals and those charged with managing records in their organizations. It provides one methodology that will facilitate the implementation of ISO 15489-1 in all organizations that have a need to manage their records. It gives an overview of the processes and factors to consider in organizations wishing to comply with ISO 15489-1.
This part of ISO 15489 is an implementation guide to ISO 15489-1 for use by record management professionals and those charged with managing records in their organizations. It provides one methodology that will facilitate the implementation of ISO 15489-1 in all organizations that have a need to manage their records. It gives an overview of the processes and factors to consider in organizations wishing to comply with ISO 15489-1.
ISO/TR 15489-2:2001 is classified under the following ICS (International Classification for Standards) categories: 01.140.20 - Information sciences. The ICS classification helps identify the subject area and facilitates finding related standards.
You can purchase ISO/TR 15489-2:2001 directly from iTeh Standards. The document is available in PDF format and is delivered instantly after payment. Add the standard to your cart and complete the secure checkout process. iTeh Standards is an authorized distributor of ISO standards.
Standards Content (Sample)
TECHNICAL ISO/TR
REPORT 15489-2
First edition
2001-09-15
Information and documentation — Records
management —
Part 2:
Guidelines
Information et documentation — «Records management» —
Partie 2: Guide pratique
Reference number
©
ISO 2001
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but shall not
be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this
file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat accepts no liability in this
area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters
were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event
that a problem relating to it is found, please inform the Central Secretariat at the address given below.
© ISO 2001
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic
or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISO's member body
in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.ch
Web www.iso.ch
Printed in Switzerland
ii © ISO 2001 – All rights reserved
Contents
Foreword.v
Introduction.vi
1 Scope .1
2 Policies and responsibilities .1
2.1 Introduction.1
2.2 Records management policy statements.1
2.3 Responsibilities .1
2.3.1 Objectives of defining responsibilities and authorities.1
2.3.2 Authorities and responsibilities within the organization .2
3 Strategies, design and implementation.2
3.1 Introduction.2
3.2 Design and implementation of a records system .2
3.2.1 General.2
3.2.2 Step A: Preliminary investigation .3
3.2.3 Step B: Analysis of business activity.3
3.2.4 Step C: Identification of requirements for records .4
3.2.5 Step D: Assessment of existing systems .4
3.2.6 Step E: Identification of strategies for satisfying records requirements .5
3.2.7 Step F: Design of a records system .5
3.2.8 Step G: Implementation of a records system .6
3.2.9 Step H: Post-implementation review .7
4 Records processes and controls.7
4.1 Introduction.7
4.2 Instruments .8
4.2.1 Principal instruments.8
4.2.2 Business activity classification .8
4.2.3 Vocabulary .10
4.2.4 Records disposition authority.10
4.2.5 Security and access classification scheme.12
4.3 Records management processes .13
4.3.1 Introduction.13
4.3.2 Capture .14
4.3.3 Registration.15
4.3.4 Classification .16
4.3.5 Access and security classification .17
4.3.6 Identification of disposition status .17
4.3.7 Storage.18
4.3.8 Use and tracking.19
4.3.9 Implementation of disposition .20
5 Monitoring and auditing.22
5.1 General.22
5.2 Compliance auditing .22
5.3 Evidential weight .22
5.4 Performance monitoring.23
6 Training.23
6.1 Introduction.23
6.2 Training programme requirements.23
6.3 Personnel to be trained.23
6.4 Training for records management professionals.23
6.4.1 General.23
6.4.2 Methods of training.24
6.5 Evaluation and review of training .24
Annex A Reference tables to compare ISO 15489-1 and its accompanying Guidelines ISO/TR 15489-2 .25
Annex B Comparison of ISO/TR 15489-2 Guidelines and ISO 15489-1.32
Bibliography .37
Index.38
iv © ISO 2001 – All rights reserved
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO
member bodies). The work of preparing International Standards is normally carried out through ISO technical
committees. Each member body interested in a subject for which a technical committee has been established has
the right to be represented on that committee. International organizations, governmental and non-governmental, in
liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical
Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 3.
The main task of technical committees is to prepare International Standards. Draft International Standards adopted
by the technical committees are circulated to the member bodies for voting. Publication as an International
Standard requires approval by at least 75 % of the member bodies casting a vote.
In exceptional circumstances, when a technical committee has collected data of a different kind from that which is
normally published as an International Standard ("state of the art", for example), it may decide by a simple majority
vote of its participating members to publish a Technical Report. A Technical Report is entirely informative in nature
and does not have to be reviewed until the data it provides are considered to be no longer valid or useful.
Attention is drawn to the possibility that some of the elements of this part of ISO 15489 may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO/TR 15489-2 was prepared by Technical Committee ISO/TC 46, Information and documentation, Subcommittee
SC 11, Archives/records management.
ISO/TR 15489 consists of the following parts, under the general title Information and documentation — Records
management:
Part 1: General
Part 2: Guidelines [Technical Report]
Introduction
This part of ISO 15489 provides guidelines that are supplementary to ISO 15489-1. Both ISO 15489-1 and this part
of ISO 15489 apply to records in any format or media, created or received by any public or private organization
during the course of its activities. Thus, in this part of ISO 15489, unless otherwise noted, systems may be
interpreted as paper/manual or electronic, and a document may be either paper, microform or electronic.
ISO 15489-1 specifies the elements of records management and defines the necessary results or outcomes to be
achieved. This part of ISO 15489 provides one methodology for implementation. However, it should be noted that
national standards and legislation and regulation may dictate other factors and requirements for legal compliance.
In addition to using this part of ISO 15489, those seeking to implement the standard should consult requirements
and guidance of national standards and legislation and regulation that apply in their jurisdictions. In addition, a
variety of professional societies and associations have resources available to assist in the implementation of
ISO 15489-1.
vi © ISO 2001 – All rights reserved
TECHNICAL REPORT ISO/TR 15489-2:2001(E)
Information and documentation — Records management —
Part 2:
Guidelines
1 Scope
This part of ISO 15489 is an implementation guide to ISO 15489-1 for use by record management professionals
and those charged with managing records in their organizations. It provides one methodology that will facilitate the
implementation of ISO 15489-1 in all organizations that have a need to manage their records. It gives an overview
of the processes and factors to consider in organizations wishing to comply with ISO 15489-1.
2 Policies and responsibilities
2.1 Introduction
ISO 15489-1:2001, clause 6 sets out, in general terms, the need for organizations seeking to comply with it to have
a records management policy in place and to define and assign records-related responsibilities to individuals. This
part of ISO 15489 provides additional guidance on records management policies and expands on the types of
responsibilities to be defined and assigned.
2.2 Records management policy statements
Organizations should define and document policies for records management and should ensure that the policies
are implemented and maintained at all levels in the organization.
A records management policy statement is a statement of intentions. It sets out what the organization intends to do
and, sometimes, includes an outline of the programme and procedures that will achieve those intentions. However,
a policy statement on its own will not guarantee good records management: critical to its success are endorsement
and active and visible support by senior management and the allocation of the resources necessary for
implementation. An effective policy statement will, therefore, identify a senior member of staff with lead
responsibility for records management and for overseeing policy and programme implementation.
The policy statement should refer to other policies relating to information, for example, on information systems
policy, information security or asset management, but should not seek to duplicate them. It should be supported by
procedures and guidelines, planning and strategy statements, disposition authorities and other documents that
together make up the records management regime.
Support and endorsement of the policy by all employees should be encouraged at all times. It is particularly
important that the policy obliges all employees to create and maintain records that meet the legal, regulatory, fiscal,
operational, and archival/historical needs of the organization. Monitoring of compliance with the policy is also
important.
2.3 Responsibilities
2.3.1 Objectives of defining responsibilities and authorities
The overriding objective of defining responsibilities, authorities and inter-relationships is to establish and maintain a
records management regime that meets the needs of internal and external stakeholders.
More specifically, the definition of responsibilities, authorities and inter-relationships should put in place standard
practices or business rules that:
a) require employees to create records according to the business needs and business processes that adequately
document the business activities in which they take part;
b) ensure that information and processing systems that support business activities create appropriate records as
part of supporting those activities;
c) ensure the transparency of record processes and the adequacy of records systems throughout the active life of
the records (records that are needed to perform current operations and that are subject to frequent use are
usually located near the user, if it is a physical record, or online via a computer system);
d) ensure that records are maintained, stored and preserved for the period of their usefulness to the organization
and, if appropriate, to external stakeholders such as archival institutions, researchers and auditors; and
e) ensure that records are disposed of only in accordance with a defined approval process.
2.3.2 Authorities and responsibilities within the organization
An organization should define the authorities and responsibilities of all employees involved in records
management. These are likely to include the following categories.
a) Senior management should be assigned the highest level of responsibility for ensuring a successful records
management programme. Senior management support is translated into the allocation of resources at a lower
level. It promotes compliance with records management procedures throughout the organization.
b) Records management professionals have primary responsibility for the implementation of ISO 15489-1. In
particular, they establish the overall records management policies, procedures, and standards for the
organization and implement the processes outlined in ISO 15489-1:2001, clause 4.
c) Managers of business units or organizational groupings are responsible for ensuring that their staff create and
keep records as an integral part of their work and in accordance with established policies, procedures and
standards. They provide the resources necessary for the management of records and liaise with records
management professionals on all aspects set out in ISO 15489-1:2001, clause 4.
d) Others in the organization have specific records-related duties. They include, in particular, staff responsible for
security, staff responsible for designing and implementing systems using information and communication
technologies, and staff responsible for compliance.
e) All staff create, receive and keep records as part of their daily work, and should do so in accordance with
established policies, procedure and standards. This includes disposing of records only in accordance with
authorized disposition instruments.
Where contractors carry out the organization’s records management programme, it is important to ensure that they
meet the standards laid down in the organization’s policies.
3 Strategies, design and implementation
3.1 Introduction
ISO 15489-1:2001, clause 8 describes the essential characteristics of records systems and provides a framework
for their implementation. This clause amplifies ISO 15489-1:2001, subclause 8.4 only. It provides some guidance
on designing and implementing systems for managing records.
3.2 Design and implementation of a records system
3.2.1 General
It should be noted that the steps in this process are expansions of the general descriptions provided in
ISO 15489-1:2001, subclause 8.4 and that Step A is linked to item a), Step B to item b) and so on.
2 © ISO 2001 – All rights reserved
(Source: National Archives of Australia and State Records New South Wales.)
Figure 1 — Design and Implementation of Records Systems (DIRS)
3.2.2 Step A: Preliminary investigation
The purpose of Step A is to provide the organization with an understanding of the administrative, legal, business
and social contexts in which it operates so that it can identify the major factors that influence its need to create and
maintain records.
Step A will also provide a general appreciation of an organization’s strengths and weaknesses in managing its
records. It represents a sound basis for defining the scope of a records project and presenting a business case for
managerial support.
The preliminary investigation is needed to make effective decisions about an organization’s records systems. It will
help define records problems within an organization, and assess the feasibility and risks of various potential
responses.
Step A is an important precursor to the compilation of a business classification scheme and the development of
functions-based processes for deciding what records need to be captured and how long they should be retained. In
conjunction with the two subsequent steps, B and C, the preliminary investigation will also help assess the
organization’s responsibility for records and its compliance with external requirements to create and keep records.
It is also a useful basis for assessing existing systems.
3.2.3 Step B: Analysis of business activity
The purpose of this step is to develop a conceptual model of what an organization does and how it does it. It will
demonstrate how records relate to both the organization’s business and its business processes. It will contribute to
decisions in subsequent steps about the creation, capture, control, storage and disposition of records, and about
access to them. This is particularly important in an electronic business environment where adequate records will
not be captured and retained unless the system is properly designed. This step provides the tools to undertake and
document the business analysis in a systematic way and to make best use of its results.
An analysis of business activity and processes will provide an understanding of the relationship between the
organization’s business and its records.
The products coming from this step may include
a) documentation describing the organization’s business and business processes,
b) a business classification scheme that shows the organization’s functions, activities and transactions in a
hierarchical relationship, and
c) a map of the organization’s business processes that shows the points at which records are produced or
received as products of business activity.
The analysis provides the basis for developing records management tools, which may include
a) a thesaurus of terms to control the language for titling and indexing records in a specific business context, and
b) a disposition authority that defines the retention periods and consequent disposition actions for records.
The analysis will also help in identifying and implementing appropriate metadata strategies and in formally
assigning responsibilities for keeping records.
3.2.4 Step C: Identification of requirements for records
The purpose of this step is to identify an organization’s requirements to create, receive and keep records of its
business activities, and to document the requirements in a structured and easily maintainable form. Keeping the
appropriate records facilitates the proper conduct of business. It ensures that individuals and organizations are
accountable for their actions in matters of law and administration. It also ensures that they are accountable to
business and related interest groups, internal and external, and sensitive to their needs and expectations.
These requirements for records are identified through a systematic analysis of business needs, legal and regulatory
obligations and any broader responsibilities to the community. An assessment of an organization’s exposure to risk,
if records are not created and kept, will also help identify requirements. The step also provides the rationale for the
creation, maintenance and disposition of records, the basis for designing systems that will capture and maintain
records, and the benchmark for measuring the performance of existing systems.
Some of the products that may emerge from the completion of this step include
a) a list of all sources containing records requirements relevant to the organization,
b) a list of the regulatory, business and any more general community requirements to keep records,
c) a risk assessment report endorsed by management, and
d) a formal document for management and staff that sets out the organization’s requirements to keep records.
3.2.5 Step D: Assessment of existing systems
The purpose of this step is to survey an organization’s existing systems for records and any other information
systems to measure the extent to which they capture and maintain records of business activities. The assessment
will help to reveal any gaps between an organization’s agreed requirements for records and the performance and
capabilities of its existing systems. This will provide the basis for developing new systems or redesigning existing
systems to meet the need for records that have been identified and agreed in previous steps.
Products from this step may include
a) an inventory of the organization’s existing business systems, and
b) a report outlining the extent to which they address the organization’s agreed requirements for records.
4 © ISO 2001 – All rights reserved
3.2.6 Step E: Identification of strategies for satisfying records requirements
The purpose of this step is to determine the most appropriate policies, procedures, standards, tools and other
tactics that an organization should adopt to ensure that it makes and keeps the necessary records of its business
activity. The choice of strategies may take into account
a) the nature of an organization including its goals and history,
b) the type of business activities it carries out,
c) the way it conducts business activities,
d) its supporting technological environment,
e) the prevailing corporate culture, and
f) any external constraints.
Selection will also be influenced by the potential of each strategy to achieve its desired result and the risk to the
organization if the approach fails.
In some cases, archival authorities may help to develop record strategies.
Strategies might include
a) adopting policies and procedures,
b) developing standards,
c) designing new system components, or
d) implementing systems,
in a way that satisfies the identified requirements to keep and maintain records.
When this step is complete, there will be a planned, systematic and appropriate approach to the creation, capture,
maintenance, use and preservation of records that will provide the basis for the design or redesign of the records
system.
Products coming from this step are likely to include
a) a list of strategies that will satisfy the organization’s requirements for records while meeting its other business
needs,
b) a model that maps strategies to requirements, and
c) a report for senior management recommending an overall design strategy.
3.2.7 Step F: Design of a records system
This step involves converting the strategies and tactics selected in Step E into a plan for a records system that
fulfils the requirements identified and documented during Step C and remedies any organizational records
management deficiencies identified during Step D.
Step F, like the other steps in this methodology, adopts a broad definition of systems, encompassing people and
processes as well as tools and technology. Therefore, this step is likely to involve
a) designing changes to current systems, processes and practices,
b) adapting or integrating technological solutions, and
c) determining how best to incorporate these changes to improve the management of records across an
organization.
It is sometimes difficult in practice to see where determining strategies for records systems ends (Step E) and
designing systems to incorporate those strategies begins (Step F). It is, however, useful to focus on strategies
separately to ensure that requirements to create and maintain records are feasible, consistent and properly
incorporated into the system design.
This step involves record management professionals and other experts working with users to produce
specifications that best meet the requirements for records. This ensures that users develop a sense of system
ownership, understand the system and use it as intended.
Products coming from Step F may include
a) design project plans, showing tasks, responsibilities and timelines,
b) reports detailing the outcomes of periodic design reviews,
c) documentation of changes to requirements, signed off by both user and project team representatives,
d) design descriptions,
e) system business rules,
f) system specifications,
g) diagrams representing system architectures and components,
h) models representing different system views, such as processes, data flows and data entities,
i) detailed specifications to build or acquire technological components such as software and hardware,
j) file plans,
k) plans showing how the design will integrate with existing systems and processes,
l) initial training and testing plans, and
m) a system implementation plan.
3.2.8 Step G: Implementation of a records system
The purpose of Step G is to systematically identify and put in place an appropriate mix of strategies to implement
the plan designed in Step F. That plan provided an overview of how the various system components (processes,
procedures, people and technology) should fit together.
The integration of new or improved records systems with office communication systems and business processes
can be a complex undertaking with high accountability and financial stakes. Such risks can be minimized through
careful planning and documentation of the implementation process.
After completing this step, an organization should have integrated improved records management practices into the
organization with minimum disruption to business activities; contributed to organizational requirements for quality
accreditation; and capitalized on the long-term investment made in Steps A to F.
Documentation produced by completing this step may include
a) a detailed project plan outlining the mix of strategies selected,
b) documented policies, procedures and standards,
c) training materials,
d) documentation of the conversion process and ongoing migration procedures,
e) documentation required for “quality systems” accreditation,
f) performance reports, and
g) report(s) to management.
6 © ISO 2001 – All rights reserved
3.2.9 Step H: Post-implementation review
The purpose of Step H is to measure the effectiveness of the records system, to evaluate the system development
process so that deficiencies can be remedied, and to establish a monitoring regime for the duration of the system.
Step H involves
a) analysing whether records have been created and organized according to the necessities of the business
activities and are appropriately interrelated to the business processes they are part of,
b) interviewing management, staff and other stakeholders,
c) conducting surveys,
d) examining documentation developed during the earlier phases of the systems development project, and
e) observing and randomly checking operations.
By completing the initial post-implementation review and by conducting periodic checks, an organization will help
guarantee a continuing return on its investment in the records system. It should also have objective information to
demonstrate that it is creating and managing appropriate records of its business. The post-implementation review
will minimize the organization’s exposure to risk through system failure, and, over time, will anticipate significant
changes in the requirements for records and organizational needs that necessitate a new developmental cycle.
At the end of Step H, an organization will have
a) developed and applied a methodology to objectively assess its records system,
b) documented the performance of the system and the developmental process, and
c) submitted a report to management, documenting findings and recommendations.
Because business processes and records systems are not static, Steps C through H should be carried out
periodically as shown in Figure 1.
4 Records processes and controls
4.1 Introduction
ISO 15489-1 formulates guidance for records management operations. The operations are described in a linear
sequence. In practice, records management operations do not take place in such a sequence. Several specific
operations may take place simultaneously. Certain operations depend on the existence of instruments created by
processes described later in the sequence.
A linear sequence has traditionally been used to describe records management processes affecting paper records
because the processes can be, and often are, separated in time with varying intervals between them. In electronic
records systems, the decisions about capture and classification, access and disposition status are usually made at
the point of creation of the record, so the processes are both more explicit and usually simultaneous. This may of
course also be the case in paper-based systems.
Paper-based systems contain metadata about the records that are often implicit and can be deduced by anyone
using the records. In paper-based systems, the structure of the record does not need to be specified, as it is
immediately apparent to a user. The content of the record may need to be highlighted through additional indexing.
The context of the record is defined through a number of complex factors, including the implementation of system
controls, but it is also implicit through physical location and placement with other documents. Electronic systems do
not have the same implicit metadata and methods for capturing records need to make this metadata explicit.
Electronic systems supporting records capture need to be configured to prompt the completion of required
metadata fields, or may be configured to generate such metadata automatically. The extent of the metadata
attributed to electronic records is greater than that required for paper records, as there is very little that can be
implied in electronic systems and all the metadata implicit in paper-based records are made explicit. This depends
on the prior existence of rules identifying the records that should be captured and classification systems for both
identification and access status.
Rather than follow the order of operations in ISO 15489-1, this clause seeks to guide implementation by identifying
a) the instruments needed for a number of different records management operations, and their development,
b) a number of factors that will affect, or determine the nature of, records management operations in various
organizations and jurisdictions, and
c) the processes that use the instruments.
4.2 Instruments
4.2.1 Principal instruments
The principal instruments used in records management operations are
a) a classification scheme that is based on business activities,
b) a records disposition authority, and
c) a security and access classification scheme.
Organizations may employ additional records-management-specific tools, such as
a) a thesaurus of preferred terms, and
b) a glossary of terms or other vocabulary controls.
In addition, there are other tools that are not specific to records management but that may apply to records
management operations:
a) a regulatory framework analysis;
b) a business risk analysis;
c) an organizational delegations authority;
d) a register of employees and system user permissions.
Development of the last set of instruments is outside the scope of this part of ISO 15489.
4.2.2 Business activity classification
4.2.2.1 Introduction
A classification system that is related to business functions may provide a systematic framework for records
management. Analysis for the purpose of developing the business activity classification identifies all of an
organization’s activities and locates them in the framework of its stated or mandated mission or purpose.
In fully developed form, the classification produces a representation of the organization’s business functions,
activities and transactions. That representation can be used to develop a records classification scheme and
thesaurus, titling and indexing rules, identification of records disposition classes and access classifications.
Classification systems provide an organization with a tool to
a) organize, describe and link its records,
b) link and share interdisciplinary records, either internally or externally to the organization, and
c) provide improved access, retrieval, use and dissemination of its records as appropriate.
Supported by instruments such as vocabulary controls, classification systems promote consistency of titling and
description to facilitate retrieval and use. Classification systems can be used to support a variety of records
management processes in addition to facilitating access and use, for example, storage and protection, and
retention and disposition.
Classification systems may reflect the simplicity or complexity of the organization from which they derive.
Organizations need to determine the degree of classification control they require for their business purposes, based
on the organizational structures, nature of their business, accountabilities and technology deployed.
8 © ISO 2001 – All rights reserved
4.2.2.2 Development of business activity classification
The business activity classification can be developed from work using the methodology outlined in 3.2.2 and 3.2.3.
The development of a business activity analysis involves identifying and analysing
a) the goals and strategies of the organization,
b) the functions of the organization that support the pursuit of these goals and strategies,
c) the activities of the organization that constitute the functions,
d) the work processes performed to carry out specific activities and transactions,
e) all constituent steps that make up the activity,
f) all the transactions that make up each constituent step,
g) the groups of recurring transactions within each activity, and
h) existing records of the organization.
The findings from the analysis can be represented as a hierarchy of the business activities, supplemented as
required by sequential representations of business processes.
Classification systems may be derived from analysis of business processes to ensure that the records and their
metadata descriptions accurately represent the business processes that created them.
The structure of a classification system is usually hierarchical and reflects the analytical process as follows.
a) The first level usually reflects the business function.
b) The second level is based on the activities constituting the function.
c) The third and subsequent levels are further refinements of the activities or groups of transactions that take
place within each activity.
The degree of refinement of a classification system is at the discretion of the organization and reflects the
complexity of the function undertaken within the organization. For example, the hierarchy for personnel might be
set out as follows.
1. Managing Human Resources
1.1 Determining Allowances
1.2 Establishing Conditions of Employment
1.2.1 Appointments
1.2.2 Apprenticeships
1.2.3 Childcare
1.2.4 Flexible work arrangements
1.3 Calculating Leave
1.3.1 Accrual
1.3.2 Entitlements
1.3.3 Holidays
1.4 Recruiting Employees
1.5 Determining Salaries
1.5.1 Deductions
1.5.2 Overtime
1.5.3 Remuneration
1.5.4 Superannuation
Classification systems provide an articulation of the functions and activities of the organization. They cannot always
specify every known variable, but they can indicate appropriate groupings. For example, prompts such as [Specify
by Time Period] or [Specify by Client] can be used within classification guidelines to require users to be more
specific. Further instruments (for example, indexes) are necessary to list each individual variable used by the
organization.
Developers of classification systems may ensure that the following points are observed.
a) The systems derive their terminology from the business functions and activities, not from names of
organizational units.
b) They are specific to each organization and provide a consistent and standard way of communicating across
organizational units sharing the same information for interrelated functions.
c) They are hierarchical, moving from the most general to the most specific concept, that is, from high-level
function to specific transaction, for example, Finance – Audit – External.
d) They consist of unambiguous terms reflecting organizational usage.
e) They consist of sufficient groupings and sub-groupings to include all of the business functions and activities
being documented.
f) They consist of discrete groupings.
g) They are devised in consultation with the records creators.
h) They are maintained to reflect changing business needs and to ensure that the scheme is up to date and
reflects changes in the functions and activities of the organization.
4.2.3 Vocabulary
4.2.3.1 Vocabulary controls – list of authorized headings
A list of authorized subject headings is a simple listing of terms derived from terms in the classification scheme.
The meaning of a term is not prescribed and relationships between terms are not shown. The list allows control of
the terminology used to name records by establishing the terms acceptable to the organization and used in its
natural language, controlling the use of synonyms, homonyms, abbreviations and acronyms.
4.2.3.2 Thesaurus
A thesaurus is constructed using the conventions and procedures documented in ISO 2788.
A thesaurus is a controlled list of terms linked together by semantic, hierarchical, associative or equivalence
relationships. Such a tool acts as a guide to allocating classification terms to individual records.
In a thesaurus, the meaning of the term is specified and hierarchical relationships to other terms are shown. A
thesaurus provides sufficient entry points to allow users to navigate from terms that are not to be used to the
preferred terminology adopted by the organization. Additionally, a thesaurus can be linked to other records
management instruments, such as disposition authorizations or access classification schemes, to enable the
automation of other records management processes.
4.2.4 Records disposition authority
4.2.4.1 General
Determining what records should be captured and how long they shoul
...
SLOVENSKI STANDARD
01-november-2005
Informatika in dokumentacija – Upravljanje zapisov – 2. del: Smernice
Information and documentation -- Records management -- Part 2: Guidelines
Information et documentation -- << Records Management >> -- Partie 2: Guide pratique
Ta slovenski standard je istoveten z: ISO/TR 15489-2:2001
ICS:
01.140.20 Informacijske vede Information sciences
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
TECHNICAL ISO/TR
REPORT 15489-2
First edition
2001-09-15
Information and documentation — Records
management —
Part 2:
Guidelines
Information et documentation — «Records management» —
Partie 2: Guide pratique
Reference number
©
ISO 2001
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but shall not
be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this
file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat accepts no liability in this
area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters
were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event
that a problem relating to it is found, please inform the Central Secretariat at the address given below.
© ISO 2001
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic
or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISO's member body
in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.ch
Web www.iso.ch
Printed in Switzerland
ii © ISO 2001 – All rights reserved
Contents
Foreword.v
Introduction.vi
1 Scope .1
2 Policies and responsibilities .1
2.1 Introduction.1
2.2 Records management policy statements.1
2.3 Responsibilities .1
2.3.1 Objectives of defining responsibilities and authorities.1
2.3.2 Authorities and responsibilities within the organization .2
3 Strategies, design and implementation.2
3.1 Introduction.2
3.2 Design and implementation of a records system .2
3.2.1 General.2
3.2.2 Step A: Preliminary investigation .3
3.2.3 Step B: Analysis of business activity.3
3.2.4 Step C: Identification of requirements for records .4
3.2.5 Step D: Assessment of existing systems .4
3.2.6 Step E: Identification of strategies for satisfying records requirements .5
3.2.7 Step F: Design of a records system .5
3.2.8 Step G: Implementation of a records system .6
3.2.9 Step H: Post-implementation review .7
4 Records processes and controls.7
4.1 Introduction.7
4.2 Instruments .8
4.2.1 Principal instruments.8
4.2.2 Business activity classification .8
4.2.3 Vocabulary .10
4.2.4 Records disposition authority.10
4.2.5 Security and access classification scheme.12
4.3 Records management processes .13
4.3.1 Introduction.13
4.3.2 Capture .14
4.3.3 Registration.15
4.3.4 Classification .16
4.3.5 Access and security classification .17
4.3.6 Identification of disposition status .17
4.3.7 Storage.18
4.3.8 Use and tracking.19
4.3.9 Implementation of disposition .20
5 Monitoring and auditing.22
5.1 General.22
5.2 Compliance auditing .22
5.3 Evidential weight .22
5.4 Performance monitoring.23
6 Training.23
6.1 Introduction.23
6.2 Training programme requirements.23
6.3 Personnel to be trained.23
6.4 Training for records management professionals.23
6.4.1 General.23
6.4.2 Methods of training.24
6.5 Evaluation and review of training .24
Annex A Reference tables to compare ISO 15489-1 and its accompanying Guidelines ISO/TR 15489-2 .25
Annex B Comparison of ISO/TR 15489-2 Guidelines and ISO 15489-1.32
Bibliography .37
Index.38
iv © ISO 2001 – All rights reserved
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO
member bodies). The work of preparing International Standards is normally carried out through ISO technical
committees. Each member body interested in a subject for which a technical committee has been established has
the right to be represented on that committee. International organizations, governmental and non-governmental, in
liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical
Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 3.
The main task of technical committees is to prepare International Standards. Draft International Standards adopted
by the technical committees are circulated to the member bodies for voting. Publication as an International
Standard requires approval by at least 75 % of the member bodies casting a vote.
In exceptional circumstances, when a technical committee has collected data of a different kind from that which is
normally published as an International Standard ("state of the art", for example), it may decide by a simple majority
vote of its participating members to publish a Technical Report. A Technical Report is entirely informative in nature
and does not have to be reviewed until the data it provides are considered to be no longer valid or useful.
Attention is drawn to the possibility that some of the elements of this part of ISO 15489 may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO/TR 15489-2 was prepared by Technical Committee ISO/TC 46, Information and documentation, Subcommittee
SC 11, Archives/records management.
ISO/TR 15489 consists of the following parts, under the general title Information and documentation — Records
management:
Part 1: General
Part 2: Guidelines [Technical Report]
Introduction
This part of ISO 15489 provides guidelines that are supplementary to ISO 15489-1. Both ISO 15489-1 and this part
of ISO 15489 apply to records in any format or media, created or received by any public or private organization
during the course of its activities. Thus, in this part of ISO 15489, unless otherwise noted, systems may be
interpreted as paper/manual or electronic, and a document may be either paper, microform or electronic.
ISO 15489-1 specifies the elements of records management and defines the necessary results or outcomes to be
achieved. This part of ISO 15489 provides one methodology for implementation. However, it should be noted that
national standards and legislation and regulation may dictate other factors and requirements for legal compliance.
In addition to using this part of ISO 15489, those seeking to implement the standard should consult requirements
and guidance of national standards and legislation and regulation that apply in their jurisdictions. In addition, a
variety of professional societies and associations have resources available to assist in the implementation of
ISO 15489-1.
vi © ISO 2001 – All rights reserved
TECHNICAL REPORT ISO/TR 15489-2:2001(E)
Information and documentation — Records management —
Part 2:
Guidelines
1 Scope
This part of ISO 15489 is an implementation guide to ISO 15489-1 for use by record management professionals
and those charged with managing records in their organizations. It provides one methodology that will facilitate the
implementation of ISO 15489-1 in all organizations that have a need to manage their records. It gives an overview
of the processes and factors to consider in organizations wishing to comply with ISO 15489-1.
2 Policies and responsibilities
2.1 Introduction
ISO 15489-1:2001, clause 6 sets out, in general terms, the need for organizations seeking to comply with it to have
a records management policy in place and to define and assign records-related responsibilities to individuals. This
part of ISO 15489 provides additional guidance on records management policies and expands on the types of
responsibilities to be defined and assigned.
2.2 Records management policy statements
Organizations should define and document policies for records management and should ensure that the policies
are implemented and maintained at all levels in the organization.
A records management policy statement is a statement of intentions. It sets out what the organization intends to do
and, sometimes, includes an outline of the programme and procedures that will achieve those intentions. However,
a policy statement on its own will not guarantee good records management: critical to its success are endorsement
and active and visible support by senior management and the allocation of the resources necessary for
implementation. An effective policy statement will, therefore, identify a senior member of staff with lead
responsibility for records management and for overseeing policy and programme implementation.
The policy statement should refer to other policies relating to information, for example, on information systems
policy, information security or asset management, but should not seek to duplicate them. It should be supported by
procedures and guidelines, planning and strategy statements, disposition authorities and other documents that
together make up the records management regime.
Support and endorsement of the policy by all employees should be encouraged at all times. It is particularly
important that the policy obliges all employees to create and maintain records that meet the legal, regulatory, fiscal,
operational, and archival/historical needs of the organization. Monitoring of compliance with the policy is also
important.
2.3 Responsibilities
2.3.1 Objectives of defining responsibilities and authorities
The overriding objective of defining responsibilities, authorities and inter-relationships is to establish and maintain a
records management regime that meets the needs of internal and external stakeholders.
More specifically, the definition of responsibilities, authorities and inter-relationships should put in place standard
practices or business rules that:
a) require employees to create records according to the business needs and business processes that adequately
document the business activities in which they take part;
b) ensure that information and processing systems that support business activities create appropriate records as
part of supporting those activities;
c) ensure the transparency of record processes and the adequacy of records systems throughout the active life of
the records (records that are needed to perform current operations and that are subject to frequent use are
usually located near the user, if it is a physical record, or online via a computer system);
d) ensure that records are maintained, stored and preserved for the period of their usefulness to the organization
and, if appropriate, to external stakeholders such as archival institutions, researchers and auditors; and
e) ensure that records are disposed of only in accordance with a defined approval process.
2.3.2 Authorities and responsibilities within the organization
An organization should define the authorities and responsibilities of all employees involved in records
management. These are likely to include the following categories.
a) Senior management should be assigned the highest level of responsibility for ensuring a successful records
management programme. Senior management support is translated into the allocation of resources at a lower
level. It promotes compliance with records management procedures throughout the organization.
b) Records management professionals have primary responsibility for the implementation of ISO 15489-1. In
particular, they establish the overall records management policies, procedures, and standards for the
organization and implement the processes outlined in ISO 15489-1:2001, clause 4.
c) Managers of business units or organizational groupings are responsible for ensuring that their staff create and
keep records as an integral part of their work and in accordance with established policies, procedures and
standards. They provide the resources necessary for the management of records and liaise with records
management professionals on all aspects set out in ISO 15489-1:2001, clause 4.
d) Others in the organization have specific records-related duties. They include, in particular, staff responsible for
security, staff responsible for designing and implementing systems using information and communication
technologies, and staff responsible for compliance.
e) All staff create, receive and keep records as part of their daily work, and should do so in accordance with
established policies, procedure and standards. This includes disposing of records only in accordance with
authorized disposition instruments.
Where contractors carry out the organization’s records management programme, it is important to ensure that they
meet the standards laid down in the organization’s policies.
3 Strategies, design and implementation
3.1 Introduction
ISO 15489-1:2001, clause 8 describes the essential characteristics of records systems and provides a framework
for their implementation. This clause amplifies ISO 15489-1:2001, subclause 8.4 only. It provides some guidance
on designing and implementing systems for managing records.
3.2 Design and implementation of a records system
3.2.1 General
It should be noted that the steps in this process are expansions of the general descriptions provided in
ISO 15489-1:2001, subclause 8.4 and that Step A is linked to item a), Step B to item b) and so on.
2 © ISO 2001 – All rights reserved
(Source: National Archives of Australia and State Records New South Wales.)
Figure 1 — Design and Implementation of Records Systems (DIRS)
3.2.2 Step A: Preliminary investigation
The purpose of Step A is to provide the organization with an understanding of the administrative, legal, business
and social contexts in which it operates so that it can identify the major factors that influence its need to create and
maintain records.
Step A will also provide a general appreciation of an organization’s strengths and weaknesses in managing its
records. It represents a sound basis for defining the scope of a records project and presenting a business case for
managerial support.
The preliminary investigation is needed to make effective decisions about an organization’s records systems. It will
help define records problems within an organization, and assess the feasibility and risks of various potential
responses.
Step A is an important precursor to the compilation of a business classification scheme and the development of
functions-based processes for deciding what records need to be captured and how long they should be retained. In
conjunction with the two subsequent steps, B and C, the preliminary investigation will also help assess the
organization’s responsibility for records and its compliance with external requirements to create and keep records.
It is also a useful basis for assessing existing systems.
3.2.3 Step B: Analysis of business activity
The purpose of this step is to develop a conceptual model of what an organization does and how it does it. It will
demonstrate how records relate to both the organization’s business and its business processes. It will contribute to
decisions in subsequent steps about the creation, capture, control, storage and disposition of records, and about
access to them. This is particularly important in an electronic business environment where adequate records will
not be captured and retained unless the system is properly designed. This step provides the tools to undertake and
document the business analysis in a systematic way and to make best use of its results.
An analysis of business activity and processes will provide an understanding of the relationship between the
organization’s business and its records.
The products coming from this step may include
a) documentation describing the organization’s business and business processes,
b) a business classification scheme that shows the organization’s functions, activities and transactions in a
hierarchical relationship, and
c) a map of the organization’s business processes that shows the points at which records are produced or
received as products of business activity.
The analysis provides the basis for developing records management tools, which may include
a) a thesaurus of terms to control the language for titling and indexing records in a specific business context, and
b) a disposition authority that defines the retention periods and consequent disposition actions for records.
The analysis will also help in identifying and implementing appropriate metadata strategies and in formally
assigning responsibilities for keeping records.
3.2.4 Step C: Identification of requirements for records
The purpose of this step is to identify an organization’s requirements to create, receive and keep records of its
business activities, and to document the requirements in a structured and easily maintainable form. Keeping the
appropriate records facilitates the proper conduct of business. It ensures that individuals and organizations are
accountable for their actions in matters of law and administration. It also ensures that they are accountable to
business and related interest groups, internal and external, and sensitive to their needs and expectations.
These requirements for records are identified through a systematic analysis of business needs, legal and regulatory
obligations and any broader responsibilities to the community. An assessment of an organization’s exposure to risk,
if records are not created and kept, will also help identify requirements. The step also provides the rationale for the
creation, maintenance and disposition of records, the basis for designing systems that will capture and maintain
records, and the benchmark for measuring the performance of existing systems.
Some of the products that may emerge from the completion of this step include
a) a list of all sources containing records requirements relevant to the organization,
b) a list of the regulatory, business and any more general community requirements to keep records,
c) a risk assessment report endorsed by management, and
d) a formal document for management and staff that sets out the organization’s requirements to keep records.
3.2.5 Step D: Assessment of existing systems
The purpose of this step is to survey an organization’s existing systems for records and any other information
systems to measure the extent to which they capture and maintain records of business activities. The assessment
will help to reveal any gaps between an organization’s agreed requirements for records and the performance and
capabilities of its existing systems. This will provide the basis for developing new systems or redesigning existing
systems to meet the need for records that have been identified and agreed in previous steps.
Products from this step may include
a) an inventory of the organization’s existing business systems, and
b) a report outlining the extent to which they address the organization’s agreed requirements for records.
4 © ISO 2001 – All rights reserved
3.2.6 Step E: Identification of strategies for satisfying records requirements
The purpose of this step is to determine the most appropriate policies, procedures, standards, tools and other
tactics that an organization should adopt to ensure that it makes and keeps the necessary records of its business
activity. The choice of strategies may take into account
a) the nature of an organization including its goals and history,
b) the type of business activities it carries out,
c) the way it conducts business activities,
d) its supporting technological environment,
e) the prevailing corporate culture, and
f) any external constraints.
Selection will also be influenced by the potential of each strategy to achieve its desired result and the risk to the
organization if the approach fails.
In some cases, archival authorities may help to develop record strategies.
Strategies might include
a) adopting policies and procedures,
b) developing standards,
c) designing new system components, or
d) implementing systems,
in a way that satisfies the identified requirements to keep and maintain records.
When this step is complete, there will be a planned, systematic and appropriate approach to the creation, capture,
maintenance, use and preservation of records that will provide the basis for the design or redesign of the records
system.
Products coming from this step are likely to include
a) a list of strategies that will satisfy the organization’s requirements for records while meeting its other business
needs,
b) a model that maps strategies to requirements, and
c) a report for senior management recommending an overall design strategy.
3.2.7 Step F: Design of a records system
This step involves converting the strategies and tactics selected in Step E into a plan for a records system that
fulfils the requirements identified and documented during Step C and remedies any organizational records
management deficiencies identified during Step D.
Step F, like the other steps in this methodology, adopts a broad definition of systems, encompassing people and
processes as well as tools and technology. Therefore, this step is likely to involve
a) designing changes to current systems, processes and practices,
b) adapting or integrating technological solutions, and
c) determining how best to incorporate these changes to improve the management of records across an
organization.
It is sometimes difficult in practice to see where determining strategies for records systems ends (Step E) and
designing systems to incorporate those strategies begins (Step F). It is, however, useful to focus on strategies
separately to ensure that requirements to create and maintain records are feasible, consistent and properly
incorporated into the system design.
This step involves record management professionals and other experts working with users to produce
specifications that best meet the requirements for records. This ensures that users develop a sense of system
ownership, understand the system and use it as intended.
Products coming from Step F may include
a) design project plans, showing tasks, responsibilities and timelines,
b) reports detailing the outcomes of periodic design reviews,
c) documentation of changes to requirements, signed off by both user and project team representatives,
d) design descriptions,
e) system business rules,
f) system specifications,
g) diagrams representing system architectures and components,
h) models representing different system views, such as processes, data flows and data entities,
i) detailed specifications to build or acquire technological components such as software and hardware,
j) file plans,
k) plans showing how the design will integrate with existing systems and processes,
l) initial training and testing plans, and
m) a system implementation plan.
3.2.8 Step G: Implementation of a records system
The purpose of Step G is to systematically identify and put in place an appropriate mix of strategies to implement
the plan designed in Step F. That plan provided an overview of how the various system components (processes,
procedures, people and technology) should fit together.
The integration of new or improved records systems with office communication systems and business processes
can be a complex undertaking with high accountability and financial stakes. Such risks can be minimized through
careful planning and documentation of the implementation process.
After completing this step, an organization should have integrated improved records management practices into the
organization with minimum disruption to business activities; contributed to organizational requirements for quality
accreditation; and capitalized on the long-term investment made in Steps A to F.
Documentation produced by completing this step may include
a) a detailed project plan outlining the mix of strategies selected,
b) documented policies, procedures and standards,
c) training materials,
d) documentation of the conversion process and ongoing migration procedures,
e) documentation required for “quality systems” accreditation,
f) performance reports, and
g) report(s) to management.
6 © ISO 2001 – All rights reserved
3.2.9 Step H: Post-implementation review
The purpose of Step H is to measure the effectiveness of the records system, to evaluate the system development
process so that deficiencies can be remedied, and to establish a monitoring regime for the duration of the system.
Step H involves
a) analysing whether records have been created and organized according to the necessities of the business
activities and are appropriately interrelated to the business processes they are part of,
b) interviewing management, staff and other stakeholders,
c) conducting surveys,
d) examining documentation developed during the earlier phases of the systems development project, and
e) observing and randomly checking operations.
By completing the initial post-implementation review and by conducting periodic checks, an organization will help
guarantee a continuing return on its investment in the records system. It should also have objective information to
demonstrate that it is creating and managing appropriate records of its business. The post-implementation review
will minimize the organization’s exposure to risk through system failure, and, over time, will anticipate significant
changes in the requirements for records and organizational needs that necessitate a new developmental cycle.
At the end of Step H, an organization will have
a) developed and applied a methodology to objectively assess its records system,
b) documented the performance of the system and the developmental process, and
c) submitted a report to management, documenting findings and recommendations.
Because business processes and records systems are not static, Steps C through H should be carried out
periodically as shown in Figure 1.
4 Records processes and controls
4.1 Introduction
ISO 15489-1 formulates guidance for records management operations. The operations are described in a linear
sequence. In practice, records management operations do not take place in such a sequence. Several specific
operations may take place simultaneously. Certain operations depend on the existence of instruments created by
processes described later in the sequence.
A linear sequence has traditionally been used to describe records management processes affecting paper records
because the processes can be, and often are, separated in time with varying intervals between them. In electronic
records systems, the decisions about capture and classification, access and disposition status are usually made at
the point of creation of the record, so the processes are both more explicit and usually simultaneous. This may of
course also be the case in paper-based systems.
Paper-based systems contain metadata about the records that are often implicit and can be deduced by anyone
using the records. In paper-based systems, the structure of the record does not need to be specified, as it is
immediately apparent to a user. The content of the record may need to be highlighted through additional indexing.
The context of the record is defined through a number of complex factors, including the implementation of system
controls, but it is also implicit through physical location and placement with other documents. Electronic systems do
not have the same implicit metadata and methods for capturing records need to make this metadata explicit.
Electronic systems supporting records capture need to be configured to prompt the completion of required
metadata fields, or may be configured to generate such metadata automatically. The extent of the metadata
attributed to electronic records is greater than that required for paper records, as there is very little that can be
implied in electronic systems and all the metadata implicit in paper-based records are made explicit. This depends
on the prior existence of rules identifying the records that should be captured and classification systems for both
identification and access status.
Rather than follow the order of operations in ISO 15489-1, this clause seeks to guide implementation by identifying
a) the instruments needed for a number of different records management operations, and their development,
b) a number of factors that will affect, or determine the nature of, records management operations in various
organizations and jurisdictions, and
c) the processes that use the instruments.
4.2 Instruments
4.2.1 Principal instruments
The principal instruments used in records management operations are
a) a classification scheme that is based on business activities,
b) a records disposition authority, and
c) a security and access classification scheme.
Organizations may employ additional records-management-specific tools, such as
a) a thesaurus of preferred terms, and
b) a glossary of terms or other vocabulary controls.
In addition, there are other tools that are not specific to records management but that may apply to records
management operations:
a) a regulatory framework analysis;
b) a business risk analysis;
c) an organizational delegations authority;
d) a register of employees and system user permissions.
Development of the last set of instruments is outside the scope of this part of ISO 15489.
4.2.2 Business activity classification
4.2.2.1 Introduction
A classification system that is related to business functions may provide a systematic framework for records
management. Analysis for the purpose of developing the business activity classification identifies all of an
organization’s activities and locates them in the framework of its stated or mandated mission or purpose.
In fully developed form, the classification produces a representation of the organization’s business functions,
activities and transactions. That representation can be used to develop a records classification scheme and
thesaurus, titling and indexing rules, identification of records disposition classes and access classifications.
Classification systems provide an organization with a tool to
a) organize, describe and link its records,
b) link and share interdisciplinary records, either internally or externally to the organization, and
c) provide improved access, retrieval, use and dissemination of its records as appropriate.
Supported by instruments such as vocabulary controls, classification systems promote consistency of titling and
description to facilitate retrieval and use. Classification systems can be used to support a variety of records
management processes in addition to facilitating access and use, for example, storage and protection, and
retention and disposition.
Classification systems may reflect the simplicity or complexity of the organization from which they derive.
Organizations need to determine the degree of classification control they require for their business purposes, based
on the organizational structures, nature of their business, accountabilities and technology deployed.
8 © ISO 2001 – All rights reserved
4.2.2.2 Development of business activity classification
The business activity classification can be developed from work using the methodology outlined in 3.2.2 and 3.2.3.
The development of a business activity analysis involves identifying and analysing
a) the goals and strategies of the organization,
b) the functions of the organization that support the pursuit of these goals and strategies,
c) the activities of the organization that constitute the functions,
d) the work processes performed to carry out specific activities and transactions,
e) all constituent steps that make up the activity,
f) all the transactions that make up each constituent step,
g) the groups of recurring transactions within each activity, and
h) existing records of the organization.
The findings from the analysis can be represented as a hierarchy of the business activities, supplemented as
required by sequential representations of business processes.
Classification systems may be derived from analysis of business processes to ensure that the records and their
metadata descriptions accurately represent the business processes that created them.
The structure of a classification system is usually hierarchical and reflects the analytical process as follows.
a) The first level usually reflects the business function.
b) The second level is based on the activities constituting the function.
c) The third and subsequent levels are further refinements of the activities or groups of transactions that take
place within each activity.
The degree of refinement of a classification system is at the discretion of the organization and reflects the
complexity of the function undertaken within the organization. For example, the hierarchy for personnel might be
set out as follows.
1. Managing Human Resources
1.1 Determining Allowances
1.2 Establishing Conditions of Employment
1.2.1 Appointments
1.2.2 Apprenticeships
1.2.3 Childcare
1.2.4 Flexible work arrangements
1.3 Calculating Leave
1.3.1 Accrual
1.3.2 Entitlements
1.3.3 Holidays
1.4 Recruiting Employees
1.5 Determining Salaries
1.5.1 Deductions
1.5.2 Overtime
1.5.3 Remuneration
1.5.4 Superannuation
Classification systems provide an articulation of the functions and activities of the organization. They cannot always
specify every known variable, but they can indicate appropriate groupings. For example, prompts such as [Specify
by Time Period] or [Specify by Client] can be used within classification guidelines to require users to be more
specific. Further instruments (for example, indexes) are necessary to list each individual variable used by the
organization.
Developers of classification systems may ensure that the following points are observed.
a) The systems derive their terminology from the business functions and activities, not from names of
organizational units.
b) They are specific to each organization and provide a consistent and standard way of communicating across
organizational units sharing the same information for interrelated functions.
c) They are hierarchical, moving from the most general to the most specific concept, that is, from high-level
function to specific transaction, for example, Finance – Audit – External.
d) They consist of unambiguous terms reflecting organizational usage.
e) They consist of sufficient groupings and sub-groupings to include all of the business functions and activities
being documented.
f) They consist of discrete groupings.
g) They are devised in consultation with the records creators.
h) They are maintained to reflect changing business needs and to ensure that the scheme is up to date and
reflects changes in the functions and activities of the organization.
4.2.3 Vocabulary
4.2.3.1 Vocabulary controls – list of authorized headings
A list of authorized subject headings is a simple listing of terms derived from terms in the classification scheme.
The meaning of a term is not prescribed and relationships between terms are not
...
RAPPORT ISO/TR
TECHNIQUE 15489-2
Première édition
2001-09-15
Information et documentation — «Records
management» —
Partie 2:
Guide pratique
Information and documentation — Records management —
Part 2: Guidelines
Numéro de référence
©
ISO 2001
PDF – Exonération de responsabilité
Le présent fichier PDF peut contenir des polices de caractères intégrées. Conformément aux conditions de licence d'Adobe, ce fichier peut
être imprimé ou visualisé, mais ne doit pas être modifié à moins que l'ordinateur employé à cet effet ne bénéficie d'une licence autorisant
l'utilisation de ces polices et que celles-ci y soient installées. Lors du téléchargement de ce fichier, les parties concernées acceptent de fait la
responsabilité de ne pas enfreindre les conditions de licence d'Adobe. Le Secrétariat central de l'ISO décline toute responsabilité en la
matière.
Adobe est une marque déposée d'Adobe Systems Incorporated.
Les détails relatifs aux produits logiciels utilisés pour la création du présent fichier PDF sont disponibles dans la rubrique General Info du
fichier; les paramètres de création PDF ont été optimisés pour l'impression. Toutes les mesures ont été prises pour garantir l'exploitation de
ce fichier par les comités membres de l'ISO. Dans le cas peu probable où surviendrait un problème d'utilisation, veuillez en informer le
Secrétariat central à l'adresse donnée ci-dessous.
© ISO 2001
Droits de reproduction réservés. Sauf prescription différente, aucune partie de cette publication ne peut être reproduite ni utilisée sous quelque
forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie et les microfilms, sans l'accord écrit de l’ISO à
l’adresse ci-après ou du comité membre de l’ISO dans le pays du demandeur.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax. + 41 22 749 09 47
E-mail copyright@iso.ch
Web www.iso.ch
Imprimé en Suisse
ii © ISO 2001 – Tous droits réservés
Sommaire Page
Avant-propos .v
Introduction.vi
1 Domaine d'application.1
2 Politiques et responsabilités.1
2.1 Introduction.1
2.2 Déclaration d’une politique de «Records management» .1
2.3 Responsabilités.2
2.3.1 Objectifs en matière de responsabilité et d’autorité.2
2.3.2 Autorité et responsabilité au sein de l’organisme .2
3 Stratégie, conception et mise en œuvre .3
3.1 Introduction.3
3.2 Conception et mise en œuvre d’un système d’archivage.3
3.2.1 Généralités.3
3.2.2 Étape A: Enquête préliminaire.4
3.2.3 Étape B: Analyse des activités.4
3.2.4 Étape C: Identification des exigences archivistiques.4
3.2.5 Étape D: Évaluation des systèmes existants .5
3.2.6 Étape E: Identification de la stratégie pour la satisfaction des exigences archivistiques .5
3.2.7 Étape F: Conception d’un système d’archivage .6
3.2.8 Étape G: Mise en œuvre d’un système d’archivage .7
3.2.9 Étape H: Contrôle a posteriori.7
4 Méthodes d’archivage et contrôles .8
4.1 Introduction.8
4.2 Instruments de travail .8
4.2.1 Principaux instruments de travail.8
4.2.2 Plan de classement des activités.9
4.2.3 Vocabulaire.11
4.2.4 Référentiel de conservation.11
4.2.5 Sécurité, droits d’accès, classification .13
4.3 Processus de «Records management».14
4.3.1 Introduction.14
4.3.2 Intégration des documents.15
4.3.3 Enregistrement.16
4.3.4 Classement.17
4.3.5 Classification pour l’accès et la sécurité .19
4.3.6 Identification du sort final.19
4.3.7 Stockage.19
4.3.8 Utilisation et traçabilité .21
4.3.9 Application du sort final.22
5 Contrôle et audit .24
5.1 Généralités.24
5.2 Audit de conformité.24
5.3 Force probante du système.24
5.4 Mesure de la performance .25
6 Formation.25
6.1 Introduction.25
6.2 Exigences d’un programme de formation.25
6.3 Personnel à former.25
6.4 Formation pour les professionnels du «Records management» .26
6.4.1 Généralités.26
6.4.2 Méthodes de formation .26
6.5 Évaluation et révision de la formation.26
Annexe A Tableaux de concordance entre l’ISO 15489-1 et l’ISO/TR 15489-2 (guide pratique
d’accompagnement).27
Annexe B Comparaison entre le guide pratique ISO/TR 15489-2 et l’ISO 15489-1 .34
Bibliographie .39
iv © ISO 2001 – Tous droits réservés
Avant-propos
L'ISO (Organisation internationale de normalisation) est une fédération mondiale d'organismes nationaux de
normalisation (comités membres de l'ISO). L'élaboration des Normes internationales est en général confiée aux
comités techniques de l'ISO. Chaque comité membre intéressé par une étude a le droit de faire partie du comité
technique créé à cet effet. Les organisations internationales, gouvernementales et non gouvernementales, en
liaison avec l'ISO participent également aux travaux. L'ISO collabore étroitement avec la Commission
électrotechnique internationale (CEI) en ce qui concerne la normalisation électrotechnique.
Les Normes internationales sont rédigées conformément aux règles données dans les Directives ISO/CEI,
Partie 3.
La tâche principale des comités techniques est d'élaborer les Normes internationales. Les projets de Normes
internationales adoptés par les comités techniques sont soumis aux comités membres pour vote. Leur publication
comme Normes internationales requiert l'approbation de 75 % au moins des comités membres votants.
Exceptionnellement, lorsqu'un comité technique a réuni des données de nature différente de celles qui sont
normalement publiées comme Normes internationales (ceci pouvant comprendre des informations sur l'état de la
technique par exemple), il peut décider, à la majorité simple de ses membres, de publier un Rapport technique.
Les Rapports techniques sont de nature purement informative et ne doivent pas nécessairement être révisés avant
que les données fournies ne soient plus jugées valables ou utiles.
L'attention est appelée sur le fait que certains des éléments de la présente partie de l'ISO 15489 peuvent faire
l'objet de droits de propriété intellectuelle ou de droits analogues. L'ISO ne saurait être tenue pour responsable de
ne pas avoir identifié de tels droits de propriété et averti de leur existence.
L'ISO/TR 15489-2 a été élaboré par le comité technique ISO/TC 46, Information et documentation, sous-comité
SC 11, Gestion des archives courantes et intermédiaires.
L'ISO 15489 comprend les parties suivantes, présentées sous le titre général Information et documentation —
«Records management»:
Partie 1: Principes directeurs
Partie 2: Guide pratique [Rapport technique]
Introduction
La présente partie de l'ISO 15489 est complémentaire de l’ISO 15489-1. L’ISO 15489-1 et la présente partie de
l'ISO 15489 s’appliquent l’une et l’autre à tous les documents d’archives, quels que soient leurs formats ou leurs
supports, créés ou reçus par tout organisme public ou privé dans l’exercice de ses activités. Par conséquent, dans
la présente partie de l'ISO 15489 et sauf mention particulière, les systèmes peuvent être interprétés comme
manuel (papier) ou électronique, et un document peut être soit papier, soit une microforme, soit électronique.
L’ISO 15489-1 précise les composantes du «Records management» et définit les résultats à atteindre pour y
satisfaire. La présente partie de l'ISO 15489 fournit une méthodologie pour la mise en œuvre de la norme. Quoi
qu’il en soit, il est recommandé de noter que les normes nationales, la législation et la réglementation peuvent
imposer d’autres critères et d’autres exigences légales.
En complément à l’utilisation de la présente partie de l'ISO 15489, il est recommandé aux personnes désireuses de
mettre en œuvre la norme, de se reporter aux exigences et recommandations des normes nationales, de la
législation et de la réglementation qui leur sont applicables. En outre, il existe différentes organisations ou
associations professionnelles à même d’aider à la mise en œuvre de l’ISO 15489-1.
vi © ISO 2001 – Tous droits réservés
RAPPORT TECHNIQUE ISO/TR 15489-2:2001(F)
Information et documentation — «Records management» —
Partie 2:
Guide pratique
1 Domaine d'application
La présente partie de l'ISO 15489 est un guide de mise en œuvre pour l’ISO 15489-1 à destination des
professionnels du «Records management» et de ceux qui ont en charge la gestion des documents d’archives dans
leurs organismes. Il fournit une méthodologie qui facilitera la mise en œuvre de l’ISO 15489-1 dans tous les
organismes qui ont besoin d’organiser et de gérer leurs documents d’archives. Il donne une vision générale des
processus et des facteurs à prendre en considération dans les organismes qui souhaitent se conformer à
l’ISO 15489-1.
2 Politiques et responsabilités
2.1 Introduction
L’article 6 de l’ISO 15489-1:2001 expose en termes généraux le besoin, pour les organismes qui souhaitent se
conformer à la norme, de se doter d’une politique de «Records management» et de définir et d’attribuer à chacun
des responsabilités en matière d’archivage. La présente partie de l'ISO 15489 fournit des indications
supplémentaires en matière de politique de «Records management» et développe les types de responsabilité qui
peuvent être définis et attribués.
2.2 Déclaration d’une politique de «Records management»
Il est recommandé que les organismes définissent et documentent des politiques de «Records management» et
s’assurent que ces politiques sont mises en œuvre et suivies à tous les niveaux de l’organisme.
Une déclaration de politique de «Records management» est une déclaration d’intentions. Elle expose les grandes
lignes de ce que l’organisme entend faire et, quelquefois, elle inclut le sommaire du programme d’action et des
procédures qui seront mises en place pour concrétiser ces intentions. Il va de soi qu’une déclaration de ce type ne
peut garantir à elle seule un bon «Records management»: son succès dépend de l’engagement et de l’appui
effectif et visible de la direction de l’organisme et de l’attribution des ressources nécessaires à sa mise en œuvre.
C’est pourquoi, une déclaration de politique générale efficace désignera un cadre de direction comme responsable
du «Records management», de la surveillance de la mise en œuvre de la politique et du programme.
Il est recommandé que cette déclaration de politique se réfère aux autres politiques relatives à l’information, par
exemple à la politique de systèmes d’information, à la sécurité de l’information ou à la gestion d’actifs mais sans
chercher à les reproduire. Il convient qu’elle soit confortée par des procédures et des guides, un planning et un
plan stratégique, la référence à des autorités compétentes en matière de sort final, et tout autre document
permettant d’asseoir un système de «Records management».
Il est recommandé d’encourager en permanence l’adhésion et l’appui de tout le personnel à cette politique. Il est
particulièrement important que cette déclaration oblige tout le personnel à créer et à conserver des documents
d’archives qui satisfassent aux besoins légaux, réglementaires, fiscaux opérationnels et historiques de l’organisme.
Il est important d’assurer un contrôle de conformité avec la politique définie.
2.3 Responsabilités
2.3.1 Objectifs en matière de responsabilité et d’autorité
L’objectif primordial de la définition des responsabilités, des autorités de référence et de leurs relations est de
mettre en place et de maintenir un système de «Records management» qui réponde aux besoins des utilisateurs
internes et externes.
Plus précisément, il est recommandé que la définition des responsabilités, des autorités de référence et de leurs
relations instaure des pratiques normalisées et des règles de travail propres à
a) exiger du personnel la création de documents qui répondent aux besoins et aux procédures de l’organisme et
qui, de ce fait, documentent correctement les activités dont ils relèvent;
b) assurer que les systèmes d’information et les processus de travail produisent des documents appropriés qui
constituent bien le support de ces activités;
c) assurer la transparence des processus archivistiques et la validité du système d’archivage tout au long de la
vie active des documents (les documents nécessaires à la conduite des tâches courantes et qui sont sujets à
de fréquentes consultations sont habituellement situés près de l’utilisateur, s’il s’agit de documents physiques,
ou en ligne via un système informatique);
d) assurer la maintenance, le stockage et la conservation des documents pendant la durée de leur utilité pour
l’organisme et, le cas échéant, pour des utilisateurs externes tels que: archives historiques, chercheurs,
contrôleurs; et
e) assurer que les documents ne sont supprimés qu’en accord avec un processus défini et approuvé.
2.3.2 Autorité et responsabilité au sein de l’organisme
Il convient qu’un organisme définisse les responsabilités de tous les membres du personnel impliqués dans le
«Records management». Elles sont susceptibles d’inclure les catégories suivantes.
a) Il est recommandé que la direction se voie attribuer le plus haut niveau de responsabilité pour garantir le
succès du programme de «Records management». Le soutien de la direction se traduit par l’attribution de
ressources jusqu’au niveau le plus bas. Il incite à se conformer aux procédures de «Records management»
dans tout l’organisme.
b) Les professionnels du «Records management» sont responsables au premier chef de la mise en œuvre de
l’ISO 15489-1. Ce sont eux en particulier qui établissent les politiques générales de «Records management»,
les procédures et les normes pour l’organisation et la mise en œuvre des processus présentés à l’article 4 de
l’ISO 15489-1:2001.
c) Les cadres des unités opérationnelles et des services ont la responsabilité de s’assurer que leurs équipes
créent et gardent les documents comme une part intégrante de leur travail et en accord avec les politiques, les
procédures et les normes en vigueur. Ils fournissent les ressources nécessaires à l’organisation et à la gestion
des documents d’archives et sont en relation avec les professionnels du «Records management» pour tous
les points évoqués dans l’article 4 de l’ISO 15489-1:2001.
d) D’autres personnes dans l’organisme assurent des tâches liées à l’archivage. Il s’agit notamment des équipes
responsables de la sécurité, des équipes responsables de la conception et la mise en œuvre des systèmes
informatiques et des équipes responsables de la qualité.
e) Tout le personnel crée, reçoit et conserve des documents comme part de son travail quotidien: il est
recommandé qu’il le fasse en accord avec les procédures et normes en vigueur. Cela inclut l’interdiction de
détruire ou de disposer des documents sans autorisation.
Lorsque des organismes confient leur programme de «Records management» à des sous-traitants, il est important
de s’assurer que ces derniers observent les normes énoncées dans les politiques de l’organisme.
2 © ISO 2001 – Tous droits réservés
3 Stratégie, conception et mise en œuvre
3.1 Introduction
L’article 8 de l’ISO 15489-1:2001 décrit les caractéristiques essentielles d’un système d’archivage et fournit un
cadre à leur mise en œuvre. La présente section du guide pratique développe seulement le paragraphe 8.4 de
l’ISO 15489-1:2001. Il fournit des conseils pour la conception et la mise en œuvre d’un système d’organisation des
documents.
3.2 Conception et mise en œuvre d’un système d’archivage
3.2.1 Généralités
Il convient de noter que les étapes de ce processus sont des développements des descriptions générales fournies
en 8.4 de l’ISO 15489-1:2001, et que l’étape A est liée à l’alinéa a), l’étape B à l’alinéa b), et ainsi de suite.
(Source: National Archives of Australia and State Records New South Wales.)
Figure 1 — Conception et mise en œuvre d’un système d’archivage
3.2.2 Étape A: Enquête préliminaire
Le but de cette étape est de fournir à l’organisme une bonne compréhension des contextes administratif, légal,
économique et social, de sorte qu’il lui soit facile d’identifier les facteurs majeurs qui influent sur ses besoins de
création et de conservation de documents.
Cette étape fournira également une appréciation générale des points forts et des points faibles de l’organisme
dans l’organisation et la gestion de ses documents d’archives. Elle constitue une base pour définir le domaine
d’application d’un projet de «Records management» et pour constituer un dossier de travail à l’attention de la
direction.
L’enquête préliminaire est nécessaire pour prendre des décisions efficaces en matière de système d’archivage
d’un organisme. Elle aidera à cerner les problèmes d’archivage au sein d’un organisme et à évaluer la faisabilité et
les risques des différentes solutions possibles.
Cette étape est un préalable important à la constitution d’un plan de classement des activités et au développement
de processus opérationnels en vue de la sélection des documents à archiver et de la définition de leur durée de
conservation. En lien avec les deux étapes suivantes B et C, l’enquête préliminaire aidera également à évaluer la
responsabilité de l’organisme vis-à-vis des documents et son degré de conformité avec les exigences externes de
création et de conservation des archives. Elle constituera aussi une base pour l’évaluation des systèmes existants.
3.2.3 Étape B: Analyse des activités
La finalité de cette étape est de développer un modèle conceptuel de ce que fait un organisme et de comment il le
fait. Elle montrera comment les documents se rattachent à la fois aux activités de l’organisme et à ses méthodes
de travail. Elle contribuera aux décisions des étapes ultérieures concernant la création, l’archivage, le contrôle, le
stockage, le sort final des documents ainsi que l’accès à ces documents. Cela est particulièrement important dans
un environnement électronique où les documents ne seront pas archivés ni conservés si le système ne l’a pas
spécifiquement prévu. Cette étape fournit les outils pour entreprendre et documenter une analyse des activités
d’une façon systématique et faire le meilleur usage de ses résultats.
Une analyse des activités et des méthodes de travail permettra une bonne compréhension des relations entre les
activités de l’organisme et ses documents d’archives.
Cette étape peut donner lieu aux résultats suivants:
a) une documentation descriptive des activités de l’organisme et des méthodes de travail,
b) un plan de classement des activités qui présente les relations hiérarchiques entre les fonctions, les actions et
les opérations au sein de l’organisme, et
c) une cartographie des méthodes de travail qui montre à quels moments du processus les documents sont
créés ou reçus en tant que produits d’une activité.
L’analyse constitue une base pour le développement d’outils de «Records management», qui peuvent inclure
a) un thésaurus des termes à utiliser pour la désignation et l’indexation des documents dans un contexte
d’activité donné, et
b) un référentiel des délais de conservation des différents documents et de leur sort final à l’issue de ces délais.
L’analyse facilite également l’identification et la mise en œuvre de stratégies appropriées en matière de
métadonnées et l’attribution formelle des responsabilités en matière de conservation des archives.
3.2.4 Étape C: Identification des exigences archivistiques
La finalité de cette étape est d’identifier les besoins d’un organisme en matière de création, réception et
conservation d’archives et de documenter ces exigences d’une manière structurée et facile à gérer. La
conservation des documents pertinents facilite la conduite des affaires. Elle garantit que les individus et les
organismes sont les uns et les autres comptables de leurs actes au plan légal et administratif. Elle garantit
également qu’ils sont responsables vis-à-vis de leurs partenaires et d’autres groupes d’intérêts, internes et
externes, et qu’ils sont sensibles à leurs besoins et à leurs attentes.
4 © ISO 2001 – Tous droits réservés
Ces exigences archivistiques sont identifiées par le biais d’une analyse systématique des besoins économiques,
des contraintes légales et réglementaires et, plus largement, de toutes les responsabilités vis-à-vis de la société.
Une évaluation des risques auxquels s’expose l’organisme si les documents ne sont pas créés et conservés aidera
également à identifier ces exigences. Cette étape fournit également un argumentaire pour la création, la
conservation et le sort final des documents, une base pour la conception des systèmes qui archiveront et
conserveront les documents, et un repère pour mesurer la performance des systèmes existants.
Les résultats qui peuvent découler de l’accomplissement de cette étape sont notamment
a) une liste de toutes les sources comportant des exigences archivistiques applicables à l’organisme,
b) une liste des exigences réglementaires, économiques ou autres en matière de conservation de documents,
c) un rapport d’évaluation des risques validé par la direction,
d) une note interne à l’usage des cadres et du personnel qui présente les exigences de l’organisme en matière
de conservation de documents.
3.2.5 Étape D: Évaluation des systèmes existants
La finalité de cette étape est d’analyser les systèmes documentaires existants dans l’organisme ainsi que tous les
autres systèmes d’information, afin de voir dans quelle mesure ils archivent et conservent les documents
procédant des activités de l’organisme. L’étude aidera à mettre en évidence les décalages entre les exigences
archivistiques validées par un organisme et les fonctionnalités et performances des systèmes existant dans cet
organisme. Ceci fournira la base du développement de nouveaux systèmes ou de la révision des systèmes
existants afin de satisfaire aux besoins identifiés et validés au cours des étapes précédentes.
Les résultats de cette étape peuvent être
a) un inventaire des systèmes fonctionnels existants de l’organisme, et
b) un rapport soulignant dans quelle mesure les systèmes existants répondent aux exigences archivistiques de
l’organisme.
3.2.6 Étape E: Identification de la stratégie pour la satisfaction des exigences archivistiques
Le but de cette étape est de déterminer la politique, les pratiques, les normes, les outils et autres mesures les plus
appropriées qu’il est recommandé à un organisme d’adopter, pour garantir qu’il crée et conserve les documents
nécessaires à son activité. Le choix d’une stratégie peut prendre en compte
a) la nature de l’organisme, y compris ses buts et son histoire,
b) le type d’activité qu’il exerce,
c) la manière dont il conduit ses activités,
d) son environnement technologique,
e) la culture d’entreprise dominante, et
f) toute contrainte externe.
Le choix sera également influencé par la probabilité pour chaque stratégie d’atteindre le but fixé et les risques pour
l’organisme en cas d’échec.
Dans certains cas, les autorités archivistiques peuvent aider à développer des stratégies d’archivage.
Ces stratégies peuvent inclure
a) l’adoption de politiques et de procédures,
b) l’élaboration de normes,
c) la conception de nouvelles composantes des systèmes, ou
d) la mise en œuvre de systèmes,
d’une manière qui satisfasse aux exigences identifiées d’une bonne conservation des documents.
L’achèvement de cette étape donnera lieu à une approche planifiée, systématique et appropriée de la création, de
l’archivage, de la conservation, de l’utilisation et de la préservation des documents qui constituera la base pour la
conception ou la révision du système d’archivage.
Les résultats de cette étape sont susceptibles d’être les suivants:
a) une liste des stratégies propres à répondre aux exigences archivistiques et compatibles avec les autres
besoins de l’organisme,
b) une modélisation des relations entre les stratégies et les exigences, et
c) un rapport à l’attention de la direction préconisant une stratégie globale.
3.2.7 Étape F: Conception d’un système d’archivage
Cette étape consiste à transformer les stratégies et mesures choisies à l’étape E en un plan pour un système
d’archivage qui remplisse les exigences identifiées et documentées au cours de l’étape C, et qui dissipe les
dysfonctionnements identifiés au cours de l’étape D dans l’organisation du «Records management».
L’étape F, comme les autres étapes de cette méthodologie, retient une acception large des systèmes, incluant les
personnes et les processus aussi bien que les outils et la technologie. Dès lors, cette étape est susceptible de
conduire à
a) concevoir des changements dans les systèmes, processus et pratiques existants,
b) adapter ou à incorporer des solutions technologiques, et
c) déterminer l’opportunité d’introduire ces changements pour améliorer l’organisation et la gestion des
documents dans un organisme.
Il est quelquefois difficile de voir pratiquement où s’arrête la définition d’une stratégie de «Records management»
(étape E) et où commence la conception des systèmes de mise en œuvre de cette stratégie (étape F). Il est
toutefois utile d’étudier ces stratégies séparément pour s’assurer que les exigences de création et de conservation
des documents sont réalistes, logiques et bien intégrées au système considéré.
Cette étape impose que les professionnels du «Records management» et les autres experts qui travaillent avec les
utilisateurs élaborent des spécifications au plus près possible des exigences archivistiques. Ceci est de nature à
développer chez les utilisateurs une appropriation du système, une bonne compréhension et une bonne utilisation.
Les résultats de l’étape F peuvent être
a) le plan du projet, présentant les tâches, les responsabilités et le calendrier,
b) les rapports précisant les résultats des révisions périodiques du projet,
c) la documentation liée aux changements induits par les exigences du système, validée à la fois par un
représentant des utilisateurs et le chef de projet,
d) la description conceptuelle,
e) les règles de fonctionnement du système,
f) les spécifications du système,
g) une représentation de l’architecture du système et de ses composantes,
h) des modèles des différents volets du système, tels que processus, flux et caractéristiques des données,
i) les spécifications détaillées pour la construction ou l’acquisition des composants technologiques tels que les
logiciels et les matériels,
j) les plans des dossiers,
k) des plans montrant comment le projet intègre les systèmes et processus existants,
l) un plan initial de formation et de test, et
m) un plan de mise en œuvre du système.
6 © ISO 2001 – Tous droits réservés
3.2.8 Étape G: Mise en œuvre d’un système d’archivage
La finalité de l’étape G est d’identifier systématiquement une série de mesures stratégiques pour la mise en œuvre
du plan conçu au cours de l’étape F et de les appliquer. Ce plan fournit une vue d’ensemble de la variété des
composantes du système (processus, procédures, individus et technologie) et de leur articulation.
L’intégration d’un système d’archivage nouveau ou rénové aux systèmes d’information internes et aux méthodes
de travail de l’organisme peut se révéler une entreprise complexe, avec des enjeux élevés en termes d’obligations
légales et de financement. De tels risques peuvent être minimisés à l’aide d’un planning précis et d’une
documentation détaillée du processus de mise en œuvre.
Il convient qu’à la fin de cette étape un organisme se soit approprié des pratiques améliorées de «Records
management» avec le minimum de solution de continuité dans ses activités; qu’il ait contribué à répondre aux
exigences organisationnelles en vue d’une certification qualité, et qu’il ait capitalisé les investissements à long
terme réalisés au cours des étapes A à F.
La documentation générée par cette étape peut inclure
a) un plan détaillé du projet listant la série de mesures stratégiques choisies,
b) des politiques, procédures et normes bien documentées,
c) des supports de formation,
d) une documentation sur les processus de conversion et les procédures de migration,
e) la documentation requise pour la certification d’un «système qualité»,
f) des études de performance, et
g) des comptes rendus à l’attention de la direction.
3.2.9 Étape H: Contrôle a posteriori
La finalité de l’étape H est de mesurer l’efficacité du système d’archivage et d’évaluer le processus de
développement du système, afin de préconiser et d’entreprendre toute action correctrice des dysfonctionnements
observés, et d’établir un plan de contrôle pour toute la durée du système.
L’étape H implique
a) l’analyse des documents créés et classés pour voir s’ils correspondent bien aux besoins de l’activité et s’ils sont
correctement reliés aux processus dont ils procèdent,
b) des entretiens avec la direction, le personnel et les autres utilisateurs,
c) la réalisation d’études,
d) l’examen critique de la documentation élaborée au cours des phase précédentes du projet, et
e) le suivi et la vérification par sondage des opérations.
En effectuant un bilan à la fin de la mise en œuvre et des vérifications périodiques, l’organisme facilitera la garantie
d’un retour sur investissement permanent du système d’archivage. Il convient également de pouvoir démontrer
objectivement que le système produit et gère de manière appropriée les documents d’archives procédant des
activités de l’organisme. Le contrôle a posteriori en œuvre permettra de minimiser les risques de l’organisme face à
une déficience du système et, sur le long terme, d’anticiper les évolutions notables des exigences archivistiques et
des besoins organisationnels qui nécessiteraient un nouveau cycle de développement.
À la fin de l’étape H, un organisme aura
a) développé et appliqué une méthodologie d’évaluation objective de son système d’archivage,
b) documenté les performances du système et les processus de développement, et
c) soumis à la direction un rapport présentant ses conclusions et ses préconisations.
Compte tenu du fait que les processus d’activité et les systèmes d’archivage ne sont pas statiques, il est
recommandé de mettre en œuvre les étapes C à H périodiquement, comme le montre la Figure 1.
4 Méthodes d’archivage et contrôles
4.1 Introduction
L’ISO 15489-1 formule les principes pour les opérations de «Records management». Ces opérations sont décrites
de manière linéaire. Dans la pratique, elles ne se présentent pas avec cette linéarité. Différentes opérations
spécifiques peuvent avoir lieu simultanément. Certaines opérations dépendent de l’existence d’outils créés par un
processus décrit plus tard.
La présentation linéaire est traditionnellement utilisée pour décrire les processus de «Records management» pour
des documents papier car les processus peuvent être, et sont souvent, séparés dans le temps par des intervalles
variables. Dans un environnement électronique, les décisions relatives à l’archivage et au classement, à l’accès et
au sort final doivent être prises au moment de la création du document, de sorte que les processus sont plus
explicites et souvent simultanés. Ceci peut également être le cas dans un environnement papier.
Les systèmes basés sur le papier comportent des métadonnées qui sont le plus souvent implicites et qui peuvent
être déduites par tout utilisateur des documents. Dans un système papier, la structure des documents n’a pas
besoin d’être indiquée, dans la mesure où elle est évidente pour l’utilisateur. Le contenu d’un document en
revanche peut nécessiter la précision d’une indexation. Le contexte de création du document est défini par une
série de facteurs complexes incluant la mise en œuvre d’un système de contrôle, mais il est aussi implicite du fait
de la localisation physique du document au milieu d’autres documents. Dans un système électronique, les
métadonnées n’ont pas ce caractère implicite et les méthodes d’archivage des documents exigent une explicitation
de ces métadonnées.
Les systèmes électroniques d’archivage des documents ont besoin d’être configurés pour permettre la saisie des
métadonnées requises, ou peuvent être configurés de manière à générer automatiquement ces métadonnées. Les
métadonnées attachées aux documents électroniques ont plus d’importance que les métadonnées requises pour
les documents papier car très peu de choses sont sous-entendues dans les systèmes électroniques et toutes les
métadonnées implicites des documents papier doivent être explicitées. Ceci dépend de l’existence préalable ou
non de règles d’identification des documents à archiver et du système de classement à la fois pour la description et
l’accessibilité des documents.
Plutôt que de présenter les opérations dans l’ordre de l’ISO 15489-1, ce paragraphe vise à guider la mise en
œuvre par l’identification des éléments suivants:
a) les instruments de travail nécessaires pour les différentes opérations de «Records management» et leur
développement;
b) un certain nombre de facteurs qui vont affecter ou déterminer la nature des opérations de «Records
management» dans les divers organismes et juridictions; et
c) des processus qui utilisent ces instruments de travail.
4.2 Instruments de travail
4.2.1 Principaux instruments de travail
Les principaux instruments de travail utilisés au cours des opérations de «Records management» sont
a) un plan de classement basé sur les activités de l’organisme,
b) un référentiel des délais de conservation et du sort final, et
c) une classification pour la sécurité et l’accès.
Les organismes peuvent utiliser d’autres outils de «Records management», plus spécifiques, tels que
a) un thésaurus, et
b) un glossaire des termes employés ou des vocabulaires contrôlés.
8 © ISO 2001 – Tous droits réservés
En outre, il existe des outils qui ne sont pas spécifiques au «Records management» mais qui peuvent aussi
s’appliquer aux opérations de «Records management»:
a) une analyse du cadre réglementaire,
b) une analyse des risques économiques,
c) un référentiel des délégations de pouvoir, et
d) un registre du personnel et des habilitations.
L’élaboration de ces derniers outils dépasse le cadre de la présente partie de l’ISO 15489.
4.2.2 Plan de classement des activités
4.2.2.1 Introduction
Un système de classement relié aux activités fonctionnelles de l’organisme peut fournir un cadre logique pour le
«Records management». La démarche analytique qui vise à l’élaboration d’un classement des activités recense
toutes les activités d’un organisme et les situe dans le cadre défini par les missions ou les objectifs qu’il assure
directement ou par délégation.
Dans sa forme la plus complète, ce classement consiste en une représentation des fonctions, activités et
opérations de l’organisme. Cette représentation peut être utilisée pour élaborer un plan de classement des
documents ainsi qu’un thésaurus, des règles de désignation et d’indexation, une identification des catégories de
documents en fonction du sort final et une classification des accès.
Le système de classement fournit à un organisme un outil pour
a) organiser, décrire et articuler les documents,
b) relier et partager les documents communs à plusieurs entités, en interne comme à l’extérieur de l’organisme, et
c) améliorer l’accès, la recherche, l’utilisation et la diffusion des documents de la manière la plus appropriée.
En s’appuyant sur des instruments de travail tels que des vocabulaires contrôlés, le système de classement
introduit une plus grande cohérence dans la désignation et la description, et facilite la recherche et l’utilisation des
documents. Le système de classement peut être utilisé pour aider à toute une série de processus de «Records
management», au-delà de l’accès et de l’utilisation, par exemple pour le stockage et la sauvegarde, ou pour la
gestion du délai de conservation et du sort final.
Le système de classement peut refléter la simplicité ou, le cas échéant, la complexité de l’organisme dont il
émane. Il appartient aux organismes de déterminer le degré de contrôle du classement dont ils ont besoin pour la
conduite de leurs affaires, en s’appuyant sur les structures organisationnelles, la nature des activités, les
responsabilités en cause et le recours plus ou moins grand à la technologie.
4.2.2.2 Élaboration d’un classement des activités
Le classement des activités peut être élaboré à partir de la méthodologie décrite en 3.2.2 et 3.2.3.
L’élaboration d’un plan de classement des activités requiert d’identifier et d’analyser
a) les buts et stratégies de l’organisme,
b) les fonctions de l’organisme sur lesquelles s’appuie la poursuite de ces buts et de ces stratégies,
c) les activités de l’organisme que regroupent ces fonctions,
d) les processus de travail mis en place pour des activités et des affaires spécifiques,
e) toutes les étapes constitutives de l’activité,
f) toutes les actions concrètes constitutives de chaque étape,
g) les ensembles d’actions récurrentes pour chaque activité, et
h) les documents existants dans l’organisme.
----
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.
Loading comments...