iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO 18128:2024

(Main)

Information and documentation — Records risks — Risk assessment for records management

Information and documentation — Records risks — Risk assessment for records management

The document: a) provides methods for identifying and documenting risks related to records, records processes, controls and systems (records risks); b) provides techniques for analysing records risks; c) provides guidelines for conducting an evaluation of records risks. This document intends to assist organizations in assessing records risks so they can ensure records continue to meet identified business needs as long as required. This document can be used by all organizations regardless of size, nature of their activities, or complexity of their functions and structure. This document does not directly address the mitigation of risks, as methods for these vary from organization to organization. It can be used by records professionals or people who have responsibility for records and records processes, controls and/or systems in their organizations, and by auditors or managers who have responsibility for risk management programs in their organizations.

Information et documentation — Risques liés aux documents d’activité — Appréciation du risque pour la gestion des documents d’activité

Le présent document fournit: a) des méthodes visant à identifier et à documenter les risques liés aux documents d’activité ainsi qu’aux processus, moyens de maîtrise et systèmes documentaires; b) des techniques d’analyse des risques liés aux documents d’activité; c) des lignes directrices pour effectuer une évaluation des risques liés aux documents d’activité. Le présent document a pour objet d’aider les organismes à apprécier les risques liés aux documents d’activité de manière qu’ils puissent s’assurer que les documents d’activité répondent toujours aux besoins professionnels identifiés aussi longtemps que nécessaire. Le présent document peut être utilisé par tous les organismes, quelles que soient leur taille, la nature de leurs activités ou la complexité de leurs fonctions et de leur structure. Le présent document ne traite pas directement de l’atténuation des risques, les méthodes en la matière différant d’un organisme à l’autre. Il peut être utilisé par des professionnels de la gestion des documents d’activité ou par des responsables de documents d’activité ainsi que de processus, moyens de maîtrise et systèmes documentaires liés aux documents d’activité au sein d’un organisme, ainsi que par des auditeurs ou des dirigeants responsables des programmes de management du risque de leur organisme.

General Information

Status
Published
Publication Date
24-Mar-2024
ICS
01.140.20 - Information sciences
03.100.01 - Company organization and management in general
Technical Committee
ISO/TC 46/SC 11 - Archives/records management
Drafting Committee
ISO/TC 46/SC 11 - Archives/records management
Current Stage
6060 - International Standard published
Start Date
25-Mar-2024
Due Date
04-Dec-2024
Completion Date
25-Mar-2024
Ref Project

Relations

Revises
ISO/TR 18128:2014 - Information and documentation — Risk assessment for records processes and systems
Effective Date
10-Dec-2022

Buy Standard

ISO 18128:2024 - Information and documentation — Records risks — Risk assessment for records management Released:25. 03. 2024ISO 18128:2024 - Information and documentation — Records risks — Risk assessment for records management Released:25. 03. 2024
PreviousNext
Standard
ISO 18128:2024 - Information and documentation — Records risks — Risk assessment for records management Released:25. 03. 2024
English language
27 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


International
Standard
ISO 18128
First edition
Information and documentation —
2024-03
Records risks — Risk assessment
for records management
Reference number
© ISO 2024
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
3.1 Terms specific to risk . .2
3.2 Terms specific to records .2
4 Core concepts . . 3
4.1 Issues and concerns about uncertainty .3
5 Determining scope, context and criteria . 4
5.1 General .4
5.2 Defining the scope .4
5.3 External and internal context .5
5.3.1 General .5
5.3.2 External context .5
5.3.3 Internal context .5
5.4 Definition of records risk criteria.5
5.5 Risk description .6
6 Uses of risk assessment techniques . 7
7 Risk identification . 7
7.1 General .7
7.2 Techniques for identifying risks .8
7.2.1 General .8
7.2.2 Checklist analysis for risk identification .9
8 Risk analysis . 9
8.1 General .9
8.2 Techniques for analysing risks .10
8.2.1 General .10
8.2.2 Business impact analysis (BIA) .10
8.2.3 Human reliability analysis (HRA) .11
8.2.4 Bow tie analysis . 12
9 Risk evaluation .13
9.1 General . 13
9.2 Techniques for evaluating risk . 13
9.2.1 As low as reasonably practicable (ALARP). 13
9.2.2 Reliability-centred maintenance (RCM) .14
9.2.3 Risk indices .16
9.2.4 Cost/benefit analysis.18
Annex A (informative) Categorization of techniques following IEC 31010 .20
Annex B (informative) Checklist of uncertainties .22
Bibliography .26

iii
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out through
ISO technical committees. Each member body interested in a subject for which a technical committee
has been established has the right to be represented on that committee. International organizations,
governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely
with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of ISO document should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
ISO draws attention to the possibility that the implementation of this document may involve the use of (a)
patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed patent
rights in respect thereof. As of the date of publication of this document, ISO had not received notice of (a)
patent(s) which may be required to implement this document. However, implementers are cautioned that
this may not represent the latest information, which may be obtained from the patent database available at
www.iso.org/patents. ISO shall not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 46, Information and documentation,
Subcommittee SC 11, Archives/records management.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.

iv
Introduction
Successful organizations identify and manage all their business risks. Identifying and managing the risks to
records processes, controls and systems (records risks) is the responsibility of the organization’s records
professionals.
This document is intended to help records professionals and people who have responsibility for records in
their organization to assess records risks.
This is distinct from the task of identifying and assessing the organization’s business risks to which creating
and keeping adequate records is one strategic response. The decisions to create records or not in response to
general business risks are business decisions, which should be informed by the analysis of the organization’s
records requirements undertaken by records professionals together with business managers. The premise
of this document is that the organization has created records of its business activities to meet operational
and other purposes and has established at least minimal mechanisms for the systematic management of the
records.
The consequence of records risk events can be the loss of, or damage to, records, which are therefore no
longer useable, reliable, authentic, complete, or unaltered, and therefore can fail to meet the organization’s
purposes.
The document provides guidance and examples based on the general risk management process established
in ISO 31000 (see Figure 1) to apply to records risks, including information on relevant risk assessment tools
and techniques. It covers the risk assessment components:
a) risk identification,
b) risk analysis, and
c) risk evaluation.
This document introduces and explains selected techniques from IEC 31010 that are applicable in a records
management environment (see Table A.2 for the list of techniques).
The results of the assessment of records risk should be incorporated into the organization’s general risk
management framework. Consequently, the organization will have better control of its records and their
quality for business purposes.
This document does not deal with risk treatment. Once the assessment of records risks has been completed,
the assessed risks are documented and communicated to the organization’s risk management section.
Response to the assessed risks should be undertaken as part of the organization’s overall risk management
program. The priority assigned by the records professional to the assessed risks is provided to inform the
organization’s decisions about managing those risks.

v
NOTE Source ISO 31000:2018, Figure 4
Figure 1 — Risk management process

vi
International Standard ISO
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO 374-5:2024(Main)
Protective gloves against dangerous chemicals and micro-organisms — Part 5: Terminology and performance requirements for micro-organisms risks

This document specifies the requirements and test methods for protective gloves intended to protect the user against micro-organisms. NOTE If other protection features are needed, e.g. chemical risks, mechanical risks, thermal risks, electrostatic dissipation etc., the appropriate specific performance standard is used in addition. Further information on protective gloves standards can be found in the ISO 21420:2020+Amd 1:2022

  • Standard
    5 pages
    English language
    sale 15% off
  • Standard
    5 pages
    French language
    sale 15% off
ISO
ISO 18676:2024(Main)
Space systems — Requirements and guidelines for the management of systems engineering

This document presents the requirements and recommendations for the management of systems engineering for space systems. This document addresses the systems engineering activities and provides guidelines for interfacing with specific major management subjects (e.g. configuration management, data management, interface management, risk management, requirements management, and integrated logistics support). This document establishes a common reference for all customers and suppliers in the space sector to work with management of systems engineering for all space products and projects. This document does not describe in detail the standard systems engineering process or project management process for all types of space systems.

  • Standard
    16 pages
    English language
    sale 15% off
ISO
ISO/TS 20517:2024(Main)
Space systems — Cybersecurity management requirements and recommendations

This document defines requirements and recommendations to be used for the management of cybersecurity in space systems. Space systems include manned and unmanned spacecraft, launcher, payload, experiment, ground equipment and any other space facilities. This document describes the processes, techniques, and responsibilities for managing the cybersecurity, ways to prevent and mitigate accidents and incidents. This document addresses systems engineering activities and provides requirements and recommendations for security engineering. This document establishes a common reference for the space sector to work to manage the systems engineering issues related to cybersecurity for all space products, services and projects. This document doesn't describe in detail the systems engineering processes or related project management processes, or detailed requirements or processes for cybersecurity.

  • Technical specification
    8 pages
    English language
    sale 15% off
ISO
ISO 23138:2024(Main)
Biological equipment for treating air and other gases — General requirements

This document specifies the technology of biological exhaust air purification. The relevant requirements for a possible application are specified. The different variants of this technique are also presented. NOTE The process principles of this method are described in Clause 4.

  • Standard
    20 pages
    English language
    sale 15% off
ISO
ISO 10075-2:2024(Main)
Ergonomic principles related to mental workload — Part 2: Design principles

This document gives guidance on design principles and on design of work systems, including task and equipment design (comprising robotics and intelligent autonomous systems) and design of the workplace, as well as working conditions with the inclusion of social and organisational factors, emphasising mental workload and its effects as specified in ISO 10075-1. It applies to the design of work and use of human capacities, with the intention of providing optimal working conditions with respect to health and safety, well-being, performance and effectiveness, preventing overload as well as underload, in order to avoid impairing effects and fostering the facilitating effects described in ISO 10075-1. This document includes the design of technical, organisational and social factors only and does not apply to problems of selection or training. This document does not address problems of measurement of mental workload or its effects. This document refers to all kinds of human work activities (see ISO 10075-1), not only to those which can be described as cognitive or mental tasks in a restricted sense but also to those with a primarily physical workload. This document is applicable to all those engaged in the design and use of work systems, for example system and equipment designers, employers and workers and their representatives, where they exist. This document is applicable to the design of new work systems as well as to the redesign of existing ones undergoing substantial revision.

  • Standard
    24 pages
    English language
    sale 15% off
  • Standard
    26 pages
    French language
    sale 15% off
ISO
ISO 19152-3:2024(Main)
Geographic information — Land Administration Domain Model (LADM) — Part 3: Marine georegulation

This document specifies the concepts and structure for standardization for georegulation in the marine space. This document addresses the information structures related to management of legal spaces (such as the international maritime limits and boundaries, marine living and non-living resources management areas, marine conservation areas, etc.) and their related rights and obligations. This document establishes the common elements and basic schema to structure marine georegulation information system. It builds upon the common components defined in ISO 19152-1.

  • Standard
    54 pages
    English language
    sale 15% off
  • Standard
    58 pages
    French language
    sale 15% off
ISO
ISO 2424:2024(Main)
Textile floor coverings — Vocabulary

This document defines terms relating to textile floor coverings and categories of these products.

  • Standard
    34 pages
    English language
    sale 15% off
  • Standard
    36 pages
    French language
    sale 15% off
ISO
ISO/TS 55010:2024(Main)
Asset management — Guidance on the alignment of financial and non-financial functions in asset management
SIST-TS ISO/TS 55010:2024

This document gives guidance on the alignment between financial and non-financial asset management functions, to improve internal controls as part of an organization’s management system. This document is applicable to all types of assets and by all types and sizes of organizations.

  • Technical specification
    58 pages
    English language
    sale 15% off
  • Technical specification
    62 pages
    French language
    sale 15% off
  • Draft
    66 pages
    English language
    sale 10% off
    e-Library read for
    1 day
ISO
ISO 14127:2024(Main)
Carbon-fibre-reinforced composites — Determination of the resin, fibre and void contents

This document specifies methods for calculating the resin, fibre and void contents of a carbon-fibre-reinforced composite from the densities of the resin, the fibre and the composite and the mass of fibre in the composite (using method A), for calculating the fibre content from the thickness of the composite (using method B), and for calculating the fibre content by volume and areal void content through microscopic analysis (using method C). Method A specifies three different resin removal procedures for the determination of the mass of fibre in the composite (viz a combustion procedure, a procedure by digestion in nitric acid and a procedure by digestion in a mixture of sulfuric acid and hydrogen peroxide). The selection of the procedure to be used is made by considering the combustibility of the resin used in the composite, its ability to decompose and the type of resin concerned. Method A is only of limited applicability when filled resins are present that can prevent complete dissolution and/or combustibility of the resin. Method B (thickness measurement method) is only applicable to composites moulded from prepregs of known fibre mass per unit area. Method C (microscopic method) is only applicable to carbon-fibre-reinforced composites with unidirectional, orthogonal and multidirectional laminates. It can also be used as reference for determination of the areal void content and fibre volume content of aramid- or glass-fibre-reinforced plastics, but is not applicable to fabric reinforced composites.

  • Standard
    16 pages
    English language
    sale 15% off
ISO
ISO/IEC 23773-3:2024(Main)
Information technology — User interfaces for automatic simultaneous interpretation systems — Part 3: System architecture

This document provides a description of a system architecture for real-time automatic simultaneous interpretation systems for spontaneous speech designed to interoperate among different natural languages. While traditional speech-to-speech translation addresses the functional equivalent of consecutive interpretation, this document focuses on the functional equivalent of simultaneous interpretation. This document does not cover sign language interpretation.

  • Standard
    12 pages
    English language
    sale 15% off