SIST ISO/TS 16175-2:2021
(Main)Information and documentation - Processes and functional requirements for software for managing records - Part 2: Guidance for selecting, designing, implementing and maintaining software for managing records
Information and documentation - Processes and functional requirements for software for managing records - Part 2: Guidance for selecting, designing, implementing and maintaining software for managing records
This document provides guidance for decision making and processes associated with the selection, design, implementation and maintenance of software for managing records, according to the principles specified in ISO 15489-1.
This document is applicable to any kind of records system supported by software, including paper records managed by software, but is particularly focused on software for managing digital records.
This document provides guidance to records professionals charged with, or supporting the selection, design, implementation and maintenance of systems for managing records using a variety of software. It can also provide assistance to information technology professionals such as solution architects/designers, IT procurement decision makers, business analysts, business owners and software developers and testers seeking to understand records requirements.
Information et documentation -- Principes et exigences fonctionnelles pour les documents d'activité dans les environnements électroniques de bureau -- Partie 2: Lignes directrices et exigences fonctionnelles pour les systèmes de management des documents d'activité
Le présent document fournit des recommandations pour la prise de décision et les processus concernant le choix, la conception, la mise en œuvre et la maintenance de logiciels gérant des documents d'activité, conformément aux principes spécifiés dans l'ISO 15489-1.
Le présent document s'applique ŕ tout type de systčme documentaire soutenu par un logiciel, y compris les documents d'activité papier gérés par un logiciel, mais se concentre plus spécifiquement sur les logiciels gérant des documents d'activité numériques.
Le présent document fournit des recommandations ŕ l'attention des professionnels des documents d'activité responsables du choix, de la conception, de la mise en œuvre et de la maintenance des systčmes qui gčrent des documents d'activité ŕ l'aide de divers logiciels, ou qui y participent. Il peut également apporter une aide aux professionnels des technologies de l'information tels que les architectes/concepteurs de solutions, les décideurs responsables des achats de technologies de l'information, les analystes métiers, les propriétaires de processus métier et les développeurs et testeurs de logiciels cherchant ŕ appréhender les exigences relatives aux documents d'activité.
Informatika in dokumentacija - Procesi in funkcionalne zahteve za načrtovanje programske opreme za upravljanje zapisov - 2. del: Navodilo za izbiro, načrtovanje, uvedbo in vzdrževanje programske opreme za upravljanje zapisov
General Information
Relations
Buy Standard
Standards Content (Sample)
SLOVENSKI STANDARD
SIST ISO/TS 16175-2:2021
01-februar-2021
Nadomešča:
SIST ISO 16175-2:2013
SIST ISO 16175-3:2013
Informatika in dokumentacija - Procesi in funkcionalne zahteve za načrtovanje
programske opreme za upravljanje zapisov - 2. del: Navodilo za izbiro,
načrtovanje, uvedbo in vzdrževanje programske opreme za upravljanje zapisov
Information and documentation - Processes and functional requirements for software for
managing records - Part 2: Guidance for selecting, designing, implementing and
maintaining software for managing records
Information et documentation -- Principes et exigences fonctionnelles pour les
documents d'activité dans les environnements électroniques de bureau -- Partie 2:
Lignes directrices et exigences fonctionnelles pour les systèmes de management des
documents d'activité
Ta slovenski standard je istoveten z: ISO/TS 16175-2:2020
ICS:
01.140.20 Informacijske vede Information sciences
35.080 Programska oprema Software
SIST ISO/TS 16175-2:2021 en,fr
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
---------------------- Page: 1 ----------------------
SIST ISO/TS 16175-2:2021
---------------------- Page: 2 ----------------------
SIST ISO/TS 16175-2:2021
TECHNICAL ISO/TS
SPECIFICATION 16175-2
Second edition
2020-10
Information and documentation —
Processes and functional
requirements for software for
managing records —
Part 2:
Guidance for selecting, designing,
implementing and maintaining
software for managing records
Information et documentation — Processus et exigences
fonctionnelles applicables aux logiciels de gestion des documents
d'activité —
Partie 2: Recommandations pour le choix, la conception, la mise
en oeuvre et la tenue à jour des logiciels de gestion des documents
d’activité d'activité
Reference number
ISO/TS 16175-2:2020(E)
©
ISO 2020
---------------------- Page: 3 ----------------------
SIST ISO/TS 16175-2:2021
ISO/TS 16175-2:2020(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2020 – All rights reserved
---------------------- Page: 4 ----------------------
SIST ISO/TS 16175-2:2021
ISO/TS 16175-2:2020(E)
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Assessing the organizational framework and context . 1
4.1 General . 1
4.2 Organizational records maturity . 2
4.3 Records controls . 3
4.4 Technical environment. 3
4.4.1 General. 3
4.4.2 Paper environment . 3
4.4.3 Digital environment . 3
4.4.4 Hybrid environment . 5
4.5 Project scoping and resources . 5
5 Determining a project methodology . 7
5.1 General . 7
5.2 Defining stakeholders . 7
6 Determining and managing functional requirements . 8
6.1 Developing functional requirements . 8
6.2 Considerations for defining functional requirements . 8
6.3 Managing functional requirements . 9
7 Determining configuration . 9
7.1 General . 9
7.2 Importance of documentation of configuration decisions .10
7.3 Configuration decisions — Areas of configuration .10
7.3.1 General.10
7.3.2 Records aggregation .11
7.3.3 Agents (Users).12
7.3.4 Business process .12
7.3.5 Metadata schema for records .12
7.3.6 Business classification schemes .13
7.3.7 Access and permission rules .13
7.3.8 Disposition authorities .13
7.3.9 User interface . .13
7.3.10 Supported automation .13
7.3.11 Supported automation tools .14
7.3.12 Automated capture of records process metadata .14
7.3.13 Integration needed to other existing business software .14
7.3.14 Applicable records-specific rules .14
8 Determining requirements to migrate and convert records .15
9 Communication, training and change management .15
9.1 General .15
9.2 Communications .16
9.3 Training program requirements .16
9.4 Change management readiness .16
9.5 E valuation and review .17
10 Post-implementation review, monitoring and assessment .18
10.1 Post-implementation review .18
10.2 Monitoring .18
© ISO 2020 – All rights reserved iii
---------------------- Page: 5 ----------------------
SIST ISO/TS 16175-2:2021
ISO/TS 16175-2:2020(E)
10.3 Assessment .19
Annex A (informative) Considerations for a methodology for implementing software for
managing records .20
Bibliography .22
iv © ISO 2020 – All rights reserved
---------------------- Page: 6 ----------------------
SIST ISO/TS 16175-2:2021
ISO/TS 16175-2:2020(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/
iso/ foreword .html.
This document was prepared by Technical Committee ISO/TC 46, Information and documentation,
Subcommittee SC 11, Archives/records management.
This second edition of ISO/TS 16175-2 cancels and replaces ISO 16175-2:2011 and ISO 16175-3:2010,
which have been technically revised. The main changes compared to the previous editions are as
follows:
— functional requirements for software that were previously provided in ISO 16175-2:2011 and
ISO 16175-3:2010 have been updated and consolidated;
— guidance on implementing software for digital records that was previously provided in all three
parts of the previous edition of the ISO 16175 series has been updated and consolidated;
— in an updated form, some generic content on implementing records systems (both digital and
analogue), that was previously provided in the now withdrawn ISO/TR 15489-2:2001 have been
included.
A list of all parts in the ISO 16175 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user's national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
© ISO 2020 – All rights reserved v
---------------------- Page: 7 ----------------------
SIST ISO/TS 16175-2:2021
ISO/TS 16175-2:2020(E)
Introduction
All organizations have at least one records system. Records systems are information systems which
capture, manage and provide access to records over time. Records systems can consist of technical
elements such as software, and non-technical elements such as policy, procedures and agents. Records
systems as a whole include the policy, processes, software and people that use and manage records.
Records systems exist in many variations: in paper systems, in software specifically designed to meet
functionality for managing records, or as business software which capture and manage records. This
document is focused on management of records in the digital environment, using software, but the
general principles and considerations apply whatever the environment.
This document makes no distinction between software applications that are used for any business
purpose and those applications specifically intended and designed to manage records. Examples of
the former include Enterprise Content Management Systems and applications which create records
as one part of their functionality such as Contracts Management Systems, Case Management Systems
or transactional systems. The term used throughout is therefore “software for managing records”,
which is intended to encapsulate the totality of applications that manage records as part of their usual
functioning. It is assumed that almost all business applications generates data that is needed to serve as
evidence of business activity for future reference and as such, among other things, need to create, store
and manage records, whether within their own functionality or in combination with other applications.
Clauses 4 and 5 provide guidance on assessing the context of the organization and on scoping a project to
implement software for managing records. Clauses 6 to 8 provide guidance on identifying requirements
for the functionality of the software, including those for conversion and migration. Clause 9 provides
guidance on communication, training and change management. Clause 10 provides guidelines for post-
implementation review.
ISO 16175-1 provides a set of model functional requirements and associated guidance for software for
managing digital records.
vi © ISO 2020 – All rights reserved
---------------------- Page: 8 ----------------------
SIST ISO/TS 16175-2:2021
TECHNICAL SPECIFICATION ISO/TS 16175-2:2020(E)
Information and documentation — Processes and
functional requirements for software for managing
records —
Part 2:
Guidance for selecting, designing, implementing and
maintaining software for managing records
1 Scope
This document provides guidance for decision making and processes associated with the selection,
design, implementation and maintenance of software for managing records, according to the principles
specified in ISO 15489-1.
This document is applicable to any kind of records system supported by software, including paper
records managed by software, but is particularly focused on software for managing digital records.
This document provides guidance to records professionals charged with, or supporting the selection,
design, implementation and maintenance of systems for managing records using a variety of software.
It can also provide assistance to information technology professionals such as solution architects/
designers, IT procurement decision makers, business analysts, business owners and software
developers and testers seeking to understand records requirements.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For undated references, the latest edition of the referenced
document (including any amendments) applies.
ISO 30300, Information and documentation — Records management — Core concepts and vocabulary
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 30300 apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
4 Assessing the organizational framework and context
4.1 General
Organizations have distinct cultures which usually affect their approach to managing records. These
cultures are part of the organizational context. Factors that impact the information culture of an
organization include:
— the values, attitudes and behaviours of organizational users;
© ISO 2020 – All rights reserved 1
---------------------- Page: 9 ----------------------
SIST ISO/TS 16175-2:2021
ISO/TS 16175-2:2020(E)
— the technical environment; and
— the societal and organizational requirements, including legislation and/or regulation, standards
and related policy containing requirements for managing records and outline compliance.
The organizational culture affects decisions on selection and implementation of systems and software
for managing records. Where an organization has a defined information governance framework, the
system for managing records should be integrated with the information governance framework.
Where software for managing records supports processes shared by multiple organizations,
information culture factors should be considered for each organization. Selection and design of
software for managing records should be responsive to the needs of each organization. Responsibility
and ownership for managing cross-organizational systems and the rights in managing records created
in such shared software environment should be clearly assigned.
Selection and design of software for managing records should be undertaken within an organizational
framework that defines the policies and responsibilities to be implemented, and the records control
elements needed to scope the project. The following aspects should be considered during the planning
stages of any implementation:
— organizational records maturity;
— records controls;
— technical environment; and
— project scoping and resources.
4.2 Organizational records maturity
Assessing organizational records maturity helps guide the selection, design and implementation
of software for managing records. Undertaking an assessment of organizational maturity enables
benchmarking of progress over time, and assessment amongst similar organizations.
The following elements contribute to assessing organizational records maturity:
— whether strategic responsibilities for managing records are included in the senior management
responsibilities;
— whether records and their management are considered explicit components of information
governance;
— whether records functionality is included as a core component of the enterprise information
architecture supporting technology development and deployment;
— the level at which responsibility is assigned to resource, enforce and monitor conformance with
records principles;
— the availability of trained users and operational users in designing, implementing and maintaining
software for managing records;
— the organizational culture and the extent of awareness of responsibilities for creating and managing
records within the organization;
— what policies, standards and guidance outlining records responsibilities and obligations have been
developed for the organization, whether they are current and whether they are compliant to the
relevant jurisdiction;
— whether records requirements have been incorporated into information governance frameworks
and all relevant organizational policies, standards and guidelines (for example privacy, information
security, or disaster recovery);
2 © ISO 2020 – All rights reserved
---------------------- Page: 10 ----------------------
SIST ISO/TS 16175-2:2021
ISO/TS 16175-2:2020(E)
— whether records have been linked to organizational and/or functional risk assessments;
— whether the key records controls are up to date and are available for use;
— what existing records systems are in place;
— links between existing records systems; and
— what support is available to users in understanding their records responsibilities.
4.3 Records controls
Records systems can be designed in many ways to support business, and more than one records
system may exist within the organization as a whole. Records controls should be devised at an
organizational level whenever possible, so that they can be applied consistently to all records without
constraining the organization to using a single software application. These records controls identified
in ISO 15489-1:2016, Clause 8, should be developed prior to the implementation of a specific software
for managing records.
Records controls developed at organizational level can be used to develop more specific records controls
that can be supported by software to manage records which operate at a smaller level – for example,
controls applying to a part of the organization, or relating to a specific function. The organizational
records controls can form the design template from which the specific elements particularly suited to
the scope of the software implementation can be extracted, or developed in further detail if needed.
4.4 Technical environment
4.4.1 General
The following subclauses address common technical environments in which software for managing
records are deployed.
4.4.2 Paper environment
Paper records systems are often organized into files which physically group documents representing
organizational transactions together in ways that reflect their formation. Paper files are typically
managed and accessed through registers and indexes that are often automated using software.
4.4.3 Digital environment
4.4.3.1 General
Many organizations now operate in a digital environment. While some paper records can still be
created or received, these are converted to digital form using digitization processes and the digitized
records are incorporated into the records system for processing. For guidance on digitization, see
ISO/TR 13028.
In this environment, the main concern is to deploy software that supports the characteristics of
authoritative records (that is, authenticity, reliability, integrity and useability). It is also usually
important to enable the digital records (including their metadata) to persist beyond the lifetime of the
software application in which they were initially managed. At the same time, the resources to support
the management of digital records should be defined.
It is important that digital continuity be maintained. Software usually has a practical lifespan of about
5 to 10 years prior to major upgrade or replacement. Issues to be considered in addressing digital
continuity include:
— data which need to be considered as a record may no longer be stored and accessible in recognized
documentary form. Data fields in databases which provide evidence of transactions are records.
© ISO 2020 – All rights reserved 3
---------------------- Page: 11 ----------------------
SIST ISO/TS 16175-2:2021
ISO/TS 16175-2:2020(E)
Such systems are often business applications which need to consider how to maintain the evidence
of business. On some occasions, structured metadata defined for particular industries can inform
the configuration of metadata elements. Key to considering implementation of records requirements
in these environments is determining:
— what constitutes the evidence of the business;
— how to ensure that it is reproducible as presented to a user at a particular time;
— details of what changed; and
— when and who changed the data field contents.
This should be done using the process of appraisal. For further guidance on appraisal, see
ISO/TR 21946.
— some business applications enable storage of documents within their software boundaries.
Documents can be constantly changing, whereas records should be protected from unauthorised
changes to ensure their evidential integrity.
— documents can be composed of data, which can be stored separately and represented as a single
view (document) when required. The capacity to store data and disaggregated content separately,
and both separate to the media, requires implementing records controls.
— workflow tools may be used to support authorizations and approvals. Such tools often utilize links
and email notifications, and act as connectors between specific software. The workflow definitions
themselves can be required as records, as can the results of those workflows – particularly approvals
or authorizations.
All projects which seek to implement fundamental change from paper to digital should comprehensively
understand the legislation, regulation and any rulings on:
— mechanisms for asserting authenticity, such as electronic signatures;
— requirements to define adequate processes to ensure the legal admissibility of digital copies of
analogue records; and
— jurisdictional requirements to retain certain physical records after digitization.
4.4.3.2 Cloud computing environment
Cloud services are increasingly being used to provide storage and flexible access to software and
digital records. Multiple options exist for procurement and deployment of cloud services. Options
include software as a service, software with a browser-based user interface and storage of records in
the cloud. For records, this “as a service” approach usually involves storage of digital records on servers
external to the organization. As products emerge which are designed for the cloud environment,
records software functionality is increasingly being made available as a service. At present this is
typically access to a single proprietary set of functionality or software providing records functionality.
Over time, it is anticipated that smaller and smaller bundles of functionali
...
TECHNICAL ISO/TS
SPECIFICATION 16175-2
Second edition
2020-10
Information and documentation —
Processes and functional
requirements for software for
managing records —
Part 2:
Guidance for selecting, designing,
implementing and maintaining
software for managing records
Information et documentation — Processus et exigences
fonctionnelles applicables aux logiciels de gestion des documents
d'activité —
Partie 2: Recommandations pour le choix, la conception, la mise
en oeuvre et la tenue à jour des logiciels de gestion des documents
d’activité d'activité
Reference number
ISO/TS 16175-2:2020(E)
©
ISO 2020
---------------------- Page: 1 ----------------------
ISO/TS 16175-2:2020(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2020 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/TS 16175-2:2020(E)
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Assessing the organizational framework and context . 1
4.1 General . 1
4.2 Organizational records maturity . 2
4.3 Records controls . 3
4.4 Technical environment. 3
4.4.1 General. 3
4.4.2 Paper environment . 3
4.4.3 Digital environment . 3
4.4.4 Hybrid environment . 5
4.5 Project scoping and resources . 5
5 Determining a project methodology . 7
5.1 General . 7
5.2 Defining stakeholders . 7
6 Determining and managing functional requirements . 8
6.1 Developing functional requirements . 8
6.2 Considerations for defining functional requirements . 8
6.3 Managing functional requirements . 9
7 Determining configuration . 9
7.1 General . 9
7.2 Importance of documentation of configuration decisions .10
7.3 Configuration decisions — Areas of configuration .10
7.3.1 General.10
7.3.2 Records aggregation .11
7.3.3 Agents (Users).12
7.3.4 Business process .12
7.3.5 Metadata schema for records .12
7.3.6 Business classification schemes .13
7.3.7 Access and permission rules .13
7.3.8 Disposition authorities .13
7.3.9 User interface . .13
7.3.10 Supported automation .13
7.3.11 Supported automation tools .14
7.3.12 Automated capture of records process metadata .14
7.3.13 Integration needed to other existing business software .14
7.3.14 Applicable records-specific rules .14
8 Determining requirements to migrate and convert records .15
9 Communication, training and change management .15
9.1 General .15
9.2 Communications .16
9.3 Training program requirements .16
9.4 Change management readiness .16
9.5 E valuation and review .17
10 Post-implementation review, monitoring and assessment .18
10.1 Post-implementation review .18
10.2 Monitoring .18
© ISO 2020 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/TS 16175-2:2020(E)
10.3 Assessment .19
Annex A (informative) Considerations for a methodology for implementing software for
managing records .20
Bibliography .22
iv © ISO 2020 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/TS 16175-2:2020(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/
iso/ foreword .html.
This document was prepared by Technical Committee ISO/TC 46, Information and documentation,
Subcommittee SC 11, Archives/records management.
This second edition of ISO/TS 16175-2 cancels and replaces ISO 16175-2:2011 and ISO 16175-3:2010,
which have been technically revised. The main changes compared to the previous editions are as
follows:
— functional requirements for software that were previously provided in ISO 16175-2:2011 and
ISO 16175-3:2010 have been updated and consolidated;
— guidance on implementing software for digital records that was previously provided in all three
parts of the previous edition of the ISO 16175 series has been updated and consolidated;
— in an updated form, some generic content on implementing records systems (both digital and
analogue), that was previously provided in the now withdrawn ISO/TR 15489-2:2001 have been
included.
A list of all parts in the ISO 16175 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user's national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
© ISO 2020 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO/TS 16175-2:2020(E)
Introduction
All organizations have at least one records system. Records systems are information systems which
capture, manage and provide access to records over time. Records systems can consist of technical
elements such as software, and non-technical elements such as policy, procedures and agents. Records
systems as a whole include the policy, processes, software and people that use and manage records.
Records systems exist in many variations: in paper systems, in software specifically designed to meet
functionality for managing records, or as business software which capture and manage records. This
document is focused on management of records in the digital environment, using software, but the
general principles and considerations apply whatever the environment.
This document makes no distinction between software applications that are used for any business
purpose and those applications specifically intended and designed to manage records. Examples of
the former include Enterprise Content Management Systems and applications which create records
as one part of their functionality such as Contracts Management Systems, Case Management Systems
or transactional systems. The term used throughout is therefore “software for managing records”,
which is intended to encapsulate the totality of applications that manage records as part of their usual
functioning. It is assumed that almost all business applications generates data that is needed to serve as
evidence of business activity for future reference and as such, among other things, need to create, store
and manage records, whether within their own functionality or in combination with other applications.
Clauses 4 and 5 provide guidance on assessing the context of the organization and on scoping a project to
implement software for managing records. Clauses 6 to 8 provide guidance on identifying requirements
for the functionality of the software, including those for conversion and migration. Clause 9 provides
guidance on communication, training and change management. Clause 10 provides guidelines for post-
implementation review.
ISO 16175-1 provides a set of model functional requirements and associated guidance for software for
managing digital records.
vi © ISO 2020 – All rights reserved
---------------------- Page: 6 ----------------------
TECHNICAL SPECIFICATION ISO/TS 16175-2:2020(E)
Information and documentation — Processes and
functional requirements for software for managing
records —
Part 2:
Guidance for selecting, designing, implementing and
maintaining software for managing records
1 Scope
This document provides guidance for decision making and processes associated with the selection,
design, implementation and maintenance of software for managing records, according to the principles
specified in ISO 15489-1.
This document is applicable to any kind of records system supported by software, including paper
records managed by software, but is particularly focused on software for managing digital records.
This document provides guidance to records professionals charged with, or supporting the selection,
design, implementation and maintenance of systems for managing records using a variety of software.
It can also provide assistance to information technology professionals such as solution architects/
designers, IT procurement decision makers, business analysts, business owners and software
developers and testers seeking to understand records requirements.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For undated references, the latest edition of the referenced
document (including any amendments) applies.
ISO 30300, Information and documentation — Records management — Core concepts and vocabulary
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 30300 apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
4 Assessing the organizational framework and context
4.1 General
Organizations have distinct cultures which usually affect their approach to managing records. These
cultures are part of the organizational context. Factors that impact the information culture of an
organization include:
— the values, attitudes and behaviours of organizational users;
© ISO 2020 – All rights reserved 1
---------------------- Page: 7 ----------------------
ISO/TS 16175-2:2020(E)
— the technical environment; and
— the societal and organizational requirements, including legislation and/or regulation, standards
and related policy containing requirements for managing records and outline compliance.
The organizational culture affects decisions on selection and implementation of systems and software
for managing records. Where an organization has a defined information governance framework, the
system for managing records should be integrated with the information governance framework.
Where software for managing records supports processes shared by multiple organizations,
information culture factors should be considered for each organization. Selection and design of
software for managing records should be responsive to the needs of each organization. Responsibility
and ownership for managing cross-organizational systems and the rights in managing records created
in such shared software environment should be clearly assigned.
Selection and design of software for managing records should be undertaken within an organizational
framework that defines the policies and responsibilities to be implemented, and the records control
elements needed to scope the project. The following aspects should be considered during the planning
stages of any implementation:
— organizational records maturity;
— records controls;
— technical environment; and
— project scoping and resources.
4.2 Organizational records maturity
Assessing organizational records maturity helps guide the selection, design and implementation
of software for managing records. Undertaking an assessment of organizational maturity enables
benchmarking of progress over time, and assessment amongst similar organizations.
The following elements contribute to assessing organizational records maturity:
— whether strategic responsibilities for managing records are included in the senior management
responsibilities;
— whether records and their management are considered explicit components of information
governance;
— whether records functionality is included as a core component of the enterprise information
architecture supporting technology development and deployment;
— the level at which responsibility is assigned to resource, enforce and monitor conformance with
records principles;
— the availability of trained users and operational users in designing, implementing and maintaining
software for managing records;
— the organizational culture and the extent of awareness of responsibilities for creating and managing
records within the organization;
— what policies, standards and guidance outlining records responsibilities and obligations have been
developed for the organization, whether they are current and whether they are compliant to the
relevant jurisdiction;
— whether records requirements have been incorporated into information governance frameworks
and all relevant organizational policies, standards and guidelines (for example privacy, information
security, or disaster recovery);
2 © ISO 2020 – All rights reserved
---------------------- Page: 8 ----------------------
ISO/TS 16175-2:2020(E)
— whether records have been linked to organizational and/or functional risk assessments;
— whether the key records controls are up to date and are available for use;
— what existing records systems are in place;
— links between existing records systems; and
— what support is available to users in understanding their records responsibilities.
4.3 Records controls
Records systems can be designed in many ways to support business, and more than one records
system may exist within the organization as a whole. Records controls should be devised at an
organizational level whenever possible, so that they can be applied consistently to all records without
constraining the organization to using a single software application. These records controls identified
in ISO 15489-1:2016, Clause 8, should be developed prior to the implementation of a specific software
for managing records.
Records controls developed at organizational level can be used to develop more specific records controls
that can be supported by software to manage records which operate at a smaller level – for example,
controls applying to a part of the organization, or relating to a specific function. The organizational
records controls can form the design template from which the specific elements particularly suited to
the scope of the software implementation can be extracted, or developed in further detail if needed.
4.4 Technical environment
4.4.1 General
The following subclauses address common technical environments in which software for managing
records are deployed.
4.4.2 Paper environment
Paper records systems are often organized into files which physically group documents representing
organizational transactions together in ways that reflect their formation. Paper files are typically
managed and accessed through registers and indexes that are often automated using software.
4.4.3 Digital environment
4.4.3.1 General
Many organizations now operate in a digital environment. While some paper records can still be
created or received, these are converted to digital form using digitization processes and the digitized
records are incorporated into the records system for processing. For guidance on digitization, see
ISO/TR 13028.
In this environment, the main concern is to deploy software that supports the characteristics of
authoritative records (that is, authenticity, reliability, integrity and useability). It is also usually
important to enable the digital records (including their metadata) to persist beyond the lifetime of the
software application in which they were initially managed. At the same time, the resources to support
the management of digital records should be defined.
It is important that digital continuity be maintained. Software usually has a practical lifespan of about
5 to 10 years prior to major upgrade or replacement. Issues to be considered in addressing digital
continuity include:
— data which need to be considered as a record may no longer be stored and accessible in recognized
documentary form. Data fields in databases which provide evidence of transactions are records.
© ISO 2020 – All rights reserved 3
---------------------- Page: 9 ----------------------
ISO/TS 16175-2:2020(E)
Such systems are often business applications which need to consider how to maintain the evidence
of business. On some occasions, structured metadata defined for particular industries can inform
the configuration of metadata elements. Key to considering implementation of records requirements
in these environments is determining:
— what constitutes the evidence of the business;
— how to ensure that it is reproducible as presented to a user at a particular time;
— details of what changed; and
— when and who changed the data field contents.
This should be done using the process of appraisal. For further guidance on appraisal, see
ISO/TR 21946.
— some business applications enable storage of documents within their software boundaries.
Documents can be constantly changing, whereas records should be protected from unauthorised
changes to ensure their evidential integrity.
— documents can be composed of data, which can be stored separately and represented as a single
view (document) when required. The capacity to store data and disaggregated content separately,
and both separate to the media, requires implementing records controls.
— workflow tools may be used to support authorizations and approvals. Such tools often utilize links
and email notifications, and act as connectors between specific software. The workflow definitions
themselves can be required as records, as can the results of those workflows – particularly approvals
or authorizations.
All projects which seek to implement fundamental change from paper to digital should comprehensively
understand the legislation, regulation and any rulings on:
— mechanisms for asserting authenticity, such as electronic signatures;
— requirements to define adequate processes to ensure the legal admissibility of digital copies of
analogue records; and
— jurisdictional requirements to retain certain physical records after digitization.
4.4.3.2 Cloud computing environment
Cloud services are increasingly being used to provide storage and flexible access to software and
digital records. Multiple options exist for procurement and deployment of cloud services. Options
include software as a service, software with a browser-based user interface and storage of records in
the cloud. For records, this “as a service” approach usually involves storage of digital records on servers
external to the organization. As products emerge which are designed for the cloud environment,
records software functionality is increasingly being made available as a service. At present this is
typically access to a single proprietary set of functionality or software providing records functionality.
Over time, it is anticipated that smaller and smaller bundles of functionality will be made available as
services, allowing clever implementations to build the required records processes and functionality
from multiple different service applications.
In this environment, in addition to the issues of authenticity and sustainability, organizations need
to consider jurisdictional rules around data sovereignty, network security and developing adequate
contractual and technical frameworks to guarantee an adequate level of service. Requirements relating
to the end of the service and migration from one platform to another need to be addressed when
initiaiting service agreements. Risk assessment tools supporting decisions on adopting cloud-based
services are available in a number of jurisdictions.
4 © ISO 2020 – All rights reserved
---------------------- Page: 10 ----------------------
ISO/TS 16175-2:2020(E)
4.4.3.3 Web-based collaborative software
Software for managing records can be available as web-based software which organizations deploy
flexibly on demand as the organization size and requirements change. Such software can involve
multiple agents, including those external to the organization – for example, suppliers or providers
of services. Both parties use the same software to document transactions and communications.
Considerations for records in this technology environment include the following.
— Who is responsible for managing authoritative records?
— Who owns the record?
— Who is the designated custodian of the system, to manage
...
SPÉCIFICATION ISO/TS
TECHNIQUE 16175-2
Deuxième édition
2020-10
Information et documentation —
Processus et exigences fonctionnelles
applicables aux logiciels de gestion
des documents d'activité —
Partie 2:
Recommandations pour le choix, la
conception, la mise en oeuvre et la
maintenance des logiciels gérant des
documents d’activité
Information and documentation — Processes and functional
requirements for software for managing records —
Part 2: Guidance for selecting, designing, implementing and
maintaining software for managing records
Numéro de référence
ISO/TS 16175-2:2020(F)
©
ISO 2020
---------------------- Page: 1 ----------------------
ISO/TS 16175-2:2020(F)
DOCUMENT PROTÉGÉ PAR COPYRIGHT
© ISO 2020
Tous droits réservés. Sauf prescription différente ou nécessité dans le contexte de sa mise en œuvre, aucune partie de cette
publication ne peut être reproduite ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique,
y compris la photocopie, ou la diffusion sur l’internet ou sur un intranet, sans autorisation écrite préalable. Une autorisation peut
être demandée à l’ISO à l’adresse ci-après ou au comité membre de l’ISO dans le pays du demandeur.
ISO copyright office
Case postale 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Genève
Tél.: +41 22 749 01 11
E-mail: copyright@iso.org
Web: www.iso.org
Publié en Suisse
ii © ISO 2020 – Tous droits réservés
---------------------- Page: 2 ----------------------
ISO/TS 16175-2:2020(F)
Sommaire Page
Avant-propos .v
Introduction .vi
1 Domaine d'application . 1
2 Références normatives . 1
3 Termes et définitions . 1
4 Évaluation du cadre et du contexte organisationnels . 2
4.1 Généralités . 2
4.2 Maturité de l'organisme en matière de gestion des documents d'activité . 2
4.3 Mesures de contrôle pour la gestion des documents d'activité . 3
4.4 Environnement technique. 3
4.4.1 Généralités . 3
4.4.2 Environnement papier . 3
4.4.3 Environnement numérique . 4
4.4.4 Environnement hybride. 6
4.5 Définition du périmètre et des ressources du projet . 6
5 Détermination d'une méthodologie de projet . 8
5.1 Généralités . 8
5.2 Définition des parties prenantes . 8
6 Détermination et gestion des exigences fonctionnelles . 9
6.1 Élaboration des exigences fonctionnelles . 9
6.2 Facteurs à prendre en compte pour la définition des exigences fonctionnelles .10
6.3 Gestion des exigences fonctionnelles .10
7 Détermination de la configuration .11
7.1 Généralités .11
7.2 Importance de la documentation des décisions de configuration .11
7.3 Décisions en matière de configuration — Domaines de configuration.12
7.3.1 Généralités .12
7.3.2 Agrégation de documents d'activité .13
7.3.3 Agents (utilisateurs) .13
7.3.4 Processus métier.14
7.3.5 Référentiel de métadonnées pour la gestion des documents d'activité .14
7.3.6 Plans de classement fonctionnel .15
7.3.7 Règles d'accès et d'habilitation .15
7.3.8 Règles de conservation .15
7.3.9 Interface utilisateur .15
7.3.10 Degré d'automatisation qui sera pris en charge .16
7.3.11 Autres outils d'automatisation pouvant être utilisés .16
7.3.12 Métadonnées du processus documentaire pouvant être capturées
automatiquement .16
7.3.13 Intégration nécessaire avec d'autres logiciels métier existants .16
7.3.14 Règles spécifiques aux documents d'activité applicables .17
8 Détermination des exigences de migration et de conversion des documents d'activité .17
9 Communication, formation et gestion des changements .18
9.1 Généralités .18
9.2 Communication .18
9.3 Exigences du programme de formation .18
9.4 Préparation à la gestion des changements .19
9.5 Évaluation et examen .20
10 Examen, suivi et appréciation post-mise en œuvre .20
10.1 Examen post-mise en œuvre .20
© ISO 2020 – Tous droits réservés iii
---------------------- Page: 3 ----------------------
ISO/TS 16175-2:2020(F)
10.2 Surveillance.21
10.3 Évaluation .21
Annexe A (informative) Aspects à prendre en compte pour l'établissement d'une
méthodologie de mise en œuvre d'un logiciel gérant des documents d'activité .23
Bibliographie .25
iv © ISO 2020 – Tous droits réservés
---------------------- Page: 4 ----------------------
ISO/TS 16175-2:2020(F)
Avant-propos
L'ISO (Organisation internationale de normalisation) est une fédération mondiale d'organismes
nationaux de normalisation (comités membres de l'ISO). L'élaboration des Normes internationales est
en général confiée aux comités techniques de l'ISO. Chaque comité membre intéressé par une étude
a le droit de faire partie du comité technique créé à cet effet. Les organisations internationales,
gouvernementales et non gouvernementales, en liaison avec l'ISO participent également aux travaux.
L'ISO collabore étroitement avec la Commission électrotechnique internationale (IEC) en ce qui
concerne la normalisation électrotechnique.
Les procédures utilisées pour élaborer le présent document et celles destinées à sa mise à jour sont
décrites dans les Directives ISO/IEC, Partie 1. Il convient, en particulier de prendre note des différents
critères d'approbation requis pour les différents types de documents ISO. Le présent document a été
rédigé conformément aux règles de rédaction données dans les Directives ISO/IEC, Partie 2 (voir www
.iso .org/ directives).
L'attention est attirée sur le fait que certains des éléments du présent document peuvent faire l'objet de
droits de propriété intellectuelle ou de droits analogues. L'ISO ne saurait être tenue pour responsable
de ne pas avoir identifié de tels droits de propriété et averti de leur existence. Les détails concernant
les références aux droits de propriété intellectuelle ou autres droits analogues identifiés lors de
l'élaboration du document sont indiqués dans l'Introduction et/ou dans la liste des déclarations de
brevets reçues par l'ISO (voir www .iso .org/ brevets).
Les appellations commerciales éventuellement mentionnées dans le présent document sont données
pour information, par souci de commodité, à l’intention des utilisateurs et ne sauraient constituer un
engagement.
Pour une explication de la nature volontaire des normes, la signification des termes et expressions
spécifiques de l'ISO liés à l'évaluation de la conformité, ou pour toute information au sujet de l'adhésion
de l'ISO aux principes de l’Organisation mondiale du commerce (OMC) concernant les obstacles
techniques au commerce (OTC), voir le lien suivant: www .iso .org/ iso/ fr/ avant -propos.
Le présent document a été élaboré par le comité technique ISO/TC 46, Information et documentation,
sous-comité SC 11, Archives/Gestion des documents d'activité.
Cette seconde édition de l'ISO/TS 16175-2 annule et remplace l'ISO 16175-2:2011 et l'ISO 16175-3:2010,
qui ont fait l'objet d'une révision technique.
Les principales modifications par rapport à l'édition précédente sont les suivantes:
— les exigences fonctionnelles pour les logiciels qui étaient précédemment fournies dans
l'ISO 16175-2:2011 et l'ISO 16175-3:2010 ont été mises à jour et consolidées;
— les recommandations relatives à la mise en œuvre des logiciels pour les documents d'activité
numériques qui étaient précédemment fournies dans les trois parties de l'édition précédente de la
série ISO 16175 ont été mises à jour et consolidées;
— dans une version mise à jour, du contenu générique relatif à la mise en œuvre des systèmes
documentaires (à la fois numériques et analogiques), qui était précédemment fournis dans
l'ISO/TR 15489-2:2001 maintenant annulée, a été inclus.
Une liste de toutes les parties de la série ISO 16175 se trouve sur le site web de l'ISO.
Il convient que l’utilisateur adresse tout retour d’information ou toute question concernant le présent
document à l’organisme national de normalisation de son pays. Une liste exhaustive desdits organismes
se trouve à l’adresse www .iso .org/ fr/ members .html.
© ISO 2020 – Tous droits réservés v
---------------------- Page: 5 ----------------------
ISO/TS 16175-2:2020(F)
Introduction
Tous les organismes ont au moins un système documentaire. Les systèmes documentaires sont
des systèmes d'information qui capturent et gèrent des documents d'activité et qui en assurent
l'accessibilité dans le temps. Les systèmes documentaires peuvent contenir des éléments techniques,
tels que des logiciels, et des éléments non techniques tels que des politiques, procédures et agents.
Les systèmes documentaires, au sens général du terme, incluent les politiques, processus, logiciels et
personnes qui utilisent et gèrent des documents d'activité. Les systèmes documentaires se déclinent
en diverses variantes: dans des systèmes papier, dans des logiciels spécialement conçus pour remplir la
fonctionnalité de gestion des documents d'activité, ou sous la forme de logiciels métiers qui capturent
et gèrent des documents d'activité. Le présent document se concentre sur la gestion des documents
d'activité dans un environnement numérique, utilisant des logiciels, mais les principes et aspects
généraux qui y sont traités s'appliquent à tout type d'environnement.
La présente Norme internationale n'établit aucune distinction entre les applications logicielles utilisées
pour répondre à tout objectif organisationnel et les applications qui sont spécifiquement destinées
et conçues pour gérer des documents d'activité. Les premières englobent, par exemple, les systèmes
et applications de gestion de contenu d'entreprise qui, entre autres fonctionnalités, permettent la
création de documents d'activité, tels que les systèmes de gestion de contrats, les systèmes de gestion
de dossiers ou les systèmes transactionnels. Le terme «logiciel gérant des documents d'activité» est
donc ici employé afin de couvrir la totalité des applications qui gèrent des documents d'activité dans le
cadre de leur fonctionnement usuel. L'hypothèse retenue est que toutes les applications métier génèrent
des données qui devront servir de preuve d'activité opérationnelle à des fins de référence ultérieure et
qui, entre autres, devront créer, stocker et gérer des documents d'activité, soit à l'aide de leurs propres
fonctionnalités internes, soit dans le cadre d'une utilisation combinée avec d'autres applications.
Les Articles 4 et 5 donnent des recommandations relatives à l'évaluation du contexte de l'organisme
et sur la portée d'un projet de mise en œuvre d'un logiciel gérant des documents d'activité. Les
Articles 6 à 8 fournissent des recommandations relatives à l'identification des exigences relatives
aux fonctionnalités du logiciel y compris celles concernant la conversion et la migration. L'Article 9
fournit des recommandations relatives à la communication, la formation et la gestion des changements.
L'Article 10 fournit des lignes directrices relatives à l'examen postérieur à la mise en œuvre.
L'ISO 16175-1 fournit un ensemble d'exigences fonctionnelles et de recommandations associées relatives
aux logiciels gérant des documents d'activité.
vi © ISO 2020 – Tous droits réservés
---------------------- Page: 6 ----------------------
SPÉCIFICATION TECHNIQUE ISO/TS 16175-2:2020(F)
Information et documentation — Processus et exigences
fonctionnelles applicables aux logiciels de gestion des
documents d'activité —
Partie 2:
Recommandations pour le choix, la conception, la mise
en oeuvre et la maintenance des logiciels gérant des
documents d’activité
1 Domaine d'application
Le présent document fournit des recommandations pour la prise de décision et les processus concernant
le choix, la conception, la mise en œuvre et la maintenance de logiciels gérant des documents d'activité,
conformément aux principes spécifiés dans l'ISO 15489-1.
Le présent document s'applique à tout type de système documentaire soutenu par un logiciel, y compris
les documents d'activité papier gérés par un logiciel, mais se concentre plus spécifiquement sur les
logiciels gérant des documents d'activité numériques.
Le présent document fournit des recommandations à l'attention des professionnels des documents
d'activité responsables du choix, de la conception, de la mise en œuvre et de la maintenance des systèmes
qui gèrent des documents d'activité à l'aide de divers logiciels, ou qui y participent. Il peut également
apporter une aide aux professionnels des technologies de l'information tels que les architectes/
concepteurs de solutions, les décideurs responsables des achats de technologies de l'information, les
analystes métiers, les propriétaires de processus métier et les développeurs et testeurs de logiciels
cherchant à appréhender les exigences relatives aux documents d'activité.
2 Références normatives
Les documents suivants sont cités dans le texte de sorte qu’ils constituent, pour tout ou partie de leur
contenu, des exigences du présent document. Pour les références datées, seule l’édition citée s’applique.
Pour les références non datées, la dernière édition du document de référence s'applique (y compris les
éventuels amendements).
ISO 30300, Information et documentation — Systèmes de gestion des documents d'activité — Principes
essentiels et vocabulaire
3 Termes et définitions
Pour les besoins du présent document, les termes et les définitions de l'ISO 30300 s’appliquent.
L’ISO et l’IEC tiennent à jour des bases de données terminologiques destinées à être utilisées en
normalisation, consultables aux adresses suivantes:
— ISO Online browsing platform: disponible à l’adresse https:// www .iso .org/ obp
— IEC Electropedia: disponible à l’adresse http:// www .electropedia .org/
© ISO 2020 – Tous droits réservés 1
---------------------- Page: 7 ----------------------
ISO/TS 16175-2:2020(F)
4 Évaluation du cadre et du contexte organisationnels
4.1 Généralités
Les différents organismes ont leur propre culture, ce qui a généralement une incidence sur l'approche
qu'ils adoptent pour gérer des documents d'activité. Cette culture s'inscrit dans le contexte
organisationnel. Exemples de facteurs qui affectent la culture de l'information d'un organisme:
— les valeurs, attitudes et comportements des utilisateurs de l'organisme;
— l'environnement technique; et
— les exigences sociétales et organisationnelles, y compris la législation et/ou la règlementation, les
normes et les politiques associées contenant des exigences relatives à la gestion des documents
d'activité et à la conformité générale.
La culture organisationnelle influe sur les décisions relatives au choix et à la mise en œuvre des
systèmes et logiciels gérant des documents d'activité. Lorsqu'un organisme dispose d'un cadre défini
pour la gouvernance de l'information, il convient que le système de gestion des documents d'activité
soit intégré au cadre de gouvernance de l'information.
Si le logiciel gérant des documents d'activité prend en charge des processus partagés par plusieurs
organismes, il convient de tenir compte, pour chaque organisme des facteurs relatifs à la culture de
l'information. Il convient que le choix et la conception du logiciel gérant des documents d'activité
répondent aux besoins de chaque organisme. Il convient d'affecter clairement les responsabilités et
la propriété pour la gestion de systèmes multiorganisationnels et de définir d'un commun accord les
droits sur la gestion des documents d'activité créés dans ce logiciel partagé.
Il convient que le choix et la conception du logiciel gérant des documents d'activité dans un cadre
organisationnel qui définit les politiques et responsabilités à mettre en œuvre, et les éléments
d'outils de contrôle pour la gestion des documents d'activité nécessaires à la définition du périmètre
du projet. Il convient de tenir compte des aspects suivants au cours des phases de planification de
toute mise en œuvre:
— maturité de l'organisme en matière de gestion des documents d'activité;
— mesures de contrôle pour la gestion des documents d'activité;
— environnement technique; et
— définition du périmètre et des ressources du projet.
4.2 Maturité de l'organisme en matière de gestion des documents d'activité
L'évaluation de la maturité de l'organisme en matière de gestion des documents d'activité permet
d'orienter le choix, la conception et la mise en œuvre de logiciels gérant des documents d'activité.
L'exécution d'une telle évaluation permet de comparer les progrès accomplis au fil du temps et d'évaluer
les approches parmi des organismes similaires.
Les éléments suivants contribuent à évaluer la maturité d'un organisme en matière de gestion des
documents d'activité:
— si les responsabilités stratégiques de gestion des documents d'activité font partie des prérogatives
de la direction;
— si les documents d'activité et leur gestion sont considérés comme des composantes explicites de la
gouvernance de l'information;
— si une fonctionnalité documentaire est incluse comme composant de base de l'architecture
d'information d'entreprise soutenant le développement et le déploiement technologiques;
2 © ISO 2020 – Tous droits réservés
---------------------- Page: 8 ----------------------
ISO/TS 16175-2:2020(F)
— le niveau auquel revient la responsabilité de trouver des ressources, d'appliquer et de suivre la
conformité aux principes de gestion des documents d'activité;
— la disponibilité d'utilisateurs formés et d'utilisateurs opérationnels pour concevoir, mettre en
œuvre et assurer la maintenance des logiciels gérant des documents d'activité;
— la culture de l'organisme et l'étendue des connaissances relatives aux responsabilités de création et
de gestion des documents d'activité au sein de l'organisme;
— les politiques, normes et recommandations décrivant les responsabilités et obligations en matière
de documents d'activité qui ont été développées pour l'organisme, qu'elles soient ou non à jour et
conformes ou non aux exigences de la juridiction compétente;
— si les exigences relatives aux documents d'activité ont été incorporées dans les cadres de gouvernance
de l'information et dans toutes les politiques, normes et lignes directrices applicables de l'organisme
(par exemple, confidentialité, sécurité de l'information ou reprise après sinistre);
— si des documents d'activité ont été liés à des évaluations des risques organisationnels et/ou
fonctionnels;
— si les principaux contrôles pour la gestion des documents d'activité sont à jour et s'ils sont à la
disposition des utilisateurs;
— la nature des systèmes documentaires en place;
— les liens entre les systèmes documentaires existants; et
— le type d'assistance proposée aux utilisateurs afin de comprendre leurs responsabilités en matière
de documents d'activité.
4.3 Mesures de contrôle pour la gestion des documents d'activité
Les systèmes documentaires peuvent être conçus de différentes manières pour soutenir l'activité,
et plusieurs systèmes documentaires peuvent coexister au sein de l'organisme dans son ensemble.
Il convient, dans la mesure du possible, de concevoir les mesures de contrôle pour la gestion des
documents d'activité au niveau organisationnel afin qu'elles puissent être appliquées de façon homogène
à l'ensemble des documents d'activité sans imposer à l'organisme l'utilisation d'une application
logicielle unique. Il convient de développer les mesures de contrôle pour la gestion des documents
d'activité identifiées dans l'ISO 15489-1:2016, Article 8, avant toute mise en œuvre d'un logiciel gérant
des documents d'activité spécifique.
Les mesures de contrôle développées au niveau de l'organisme peuvent être utilisées pour développer
des mesures de contrôle plus spécifiques, qui peuvent prises en charge par un logiciel gérant des
documents d'activité à un niveau restreint, par exemple, pour les contrôles s'appliquant à une partie
de l'organisme, ou faisant référence à une fonction spécifique. Les mesures de contrôle au niveau de
l'organisme peuvent former un modèle de conception à partir duquel les éléments spécifiquement
adaptés au périmètre de la mise en œuvre du logiciel peuvent être extraits ou développés en détail si
nécessaire.
4.4 Environnement technique
4.4.1 Généralités
Les paragraphes suivants concernent des environnements techniques courants dans lesquels sont
déployés des logiciels gérant des documents d'activité.
4.4.2 Environnement papier
Les systèmes documentaires papier sont souvent organisés en fichiers qui regroupent physiquement
des documents représentant les transactions de l'organisme de façon collective, de manière à en refléter
© ISO 2020 – Tous droits réservés 3
---------------------- Page: 9 ----------------------
ISO/TS 16175-2:2020(F)
la formation. Les fichiers papier sont habituellement gérés et accessibles par des registres et des index
qui sont souvent automatisés à l'aide de logiciels.
4.4.3 Environnement numérique
4.4.3.1 Généralités
Nombre d'organismes évoluent aujourd'hui dans un environnement numérique. Bien que certains
documents d'activité papier puissent encore être créés ou reçus, ceux-ci sont convertis au format
numérique à l'aide de processus de numérisation, et les documents ainsi numérisés sont ensuite
incorporés dans le système documentaire en vue de leur traitement. Pour des recommandations sur la
numérisation, voir l'ISO/TR 13028.
Dans cet environnement, la principale préoccupation consiste à déployer un logiciel qui transpose à
des documents d'activité numériques les caractéristiques des documents d'activité probants (c'est-à-
dire authenticité, fiabilité, intégrité et utilisabilité). Il est aussi généralement important de permettre
d'étendre la durée des documents d'activité numériques concernés (y compris leurs métadonnées)
au-delà de la durée de vie d'un logiciel particulier. Dans le même temps, il convient d'identifier les
ressources permettant de soutenir la gestion des documents d'activité numériques.
Il est important que la continuité numérique soit maintenue. Un logiciel a, en général, une durée de
vie pratique d'environ 5 à 10 ans avant de subir une mise à niveau majeure ou un remplacement. La
question de la continuité numérique implique de tenir compte de différents aspects:
— les données qu'il est nécessaire de considérer comme un document d'activité peuvent ne plus être
stockées et accessibles dans une forme documentaire reconnue. Les champs de données apportant
la preuve des transactions constituent des documents d'activité. Ces systèmes sont souvent des
applications métier qui doivent évaluer la manière de préserver la preuve de l'activité. Il arrive
parfois que des métadonnées structurées, définies pour certains secteurs d'activité spécifiques,
puissent informer sur la configuration des éléments de métadonnées. Pour évaluer la mise en œuvre
des exigences relatives aux documents d'activité dans de tels environnements, il est essentiel de
déterminer:
— ce qui constitue la preuve de l'activité;
— de quelle manière s'assurer qu'elle reste reproductible lorsqu'elle est présentée à un utilisateur
à un moment donné;
— les détails relatifs aux modifications; et
— quand le contenu des champs de données a été modifié et par qui.
Il convient d'utiliser le processus d'évaluation pour évaluer ces aspects. Pour des recommandations
supplémentaires concernant l'évaluation, voir l'ISO/TR 21946.
— certaines applications métier
...
SLOVENSKI STANDARD
oSIST ISO/DIS 16175-2:2019
01-november-2019
Informatika in dokumentacija - Procesi in funkcionalne zahteve za načrtovanje
programske opreme za upravljanje zapisov - 2. del: Navodilo za izbiro,
načrtovanje, uvedbo in vzdrževanje programske opreme za upravljanje zapisov
Information and documentation - Processes and functional requirements for software for
managing records - Part 2: Guidance for selecting, designing, implementing and
maintaining software for managing records
Information et documentation -- Principes et exigences fonctionnelles pour les
documents d'activité dans les environnements électroniques de bureau -- Partie 2:
Lignes directrices et exigences fonctionnelles pour les systèmes de management des
documents d'activité
Ta slovenski standard je istoveten z: ISO/DIS 16175-2:2019
ICS:
01.140.20 Informacijske vede Information sciences
35.080 Programska oprema Software
oSIST ISO/DIS 16175-2:2019 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
---------------------- Page: 1 ----------------------
oSIST ISO/DIS 16175-2:2019
---------------------- Page: 2 ----------------------
oSIST ISO/DIS 16175-2:2019
DRAFT INTERNATIONAL STANDARD
ISO/DIS 16175-2
ISO/TC 46/SC 11 Secretariat: SA
Voting begins on: Voting terminates on:
2019-01-21 2019-04-15
Information and documentation - Processes and functional
requirements for software for managing records —
Part 2:
Guidance for selecting, designing, implementing and
maintaining software for managing records
Information et documentation — Principes et exigences fonctionnelles pour les documents d'activité dans
les environnements électroniques de bureau —
Partie 2: Lignes directrices et exigences fonctionnelles pour les systèmes de management des documents
d'activité
ICS: 01.140.20
THIS DOCUMENT IS A DRAFT CIRCULATED
FOR COMMENT AND APPROVAL. IT IS
THEREFORE SUBJECT TO CHANGE AND MAY
NOT BE REFERRED TO AS AN INTERNATIONAL
STANDARD UNTIL PUBLISHED AS SUCH.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL,
This document is circulated as received from the committee secretariat.
TECHNOLOGICAL, COMMERCIAL AND
USER PURPOSES, DRAFT INTERNATIONAL
STANDARDS MAY ON OCCASION HAVE TO
BE CONSIDERED IN THE LIGHT OF THEIR
POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN
Reference number
NATIONAL REGULATIONS.
ISO/DIS 16175-2:2019(E)
RECIPIENTS OF THIS DRAFT ARE INVITED
TO SUBMIT, WITH THEIR COMMENTS,
NOTIFICATION OF ANY RELEVANT PATENT
RIGHTS OF WHICH THEY ARE AWARE AND TO
©
PROVIDE SUPPORTING DOCUMENTATION. ISO 2019
---------------------- Page: 3 ----------------------
oSIST ISO/DIS 16175-2:2019
ISO/DIS 16175-2:2019(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2019
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2019 – All rights reserved
---------------------- Page: 4 ----------------------
oSIST ISO/DIS 16175-2:2019
ISO/DIS 16175-2:2019(E)
Contents Page
Foreword .iv
Introduction .v
1 1 .
Scope . 1
1.1 Audience . 1
2 Normative references . 1
3 Terms and definitions . 1
4 High level requirements for software managing digital records . 1
4.1 Assumptions . 1
4.2 General overview of requirements . 2
5 Assessing or ganizational readiness to implement records systems and scoping a project.3
5.1 General . 3
5.2 Organizational records maturity . 3
5.3 Records controls . 4
5.4 Technical environment. 4
5.4.1 Paper environment . 4
5.4.2 Hybrid environment . 5
5.4.3 Digital environment . 5
5.4.4 Cloud computing environment . 6
5.4.5 Web-based collaborative software . 6
5.5 Project scoping and resources . 7
6 Determining a project methodology . 8
6.1 General . 8
6.2 Defining stakeholders . 9
7 Determining and managing functional requirements for software for managing records .9
7.1 Developing functional requirements . 9
7.2 Considerations for defining functional requirements .10
7.3 Managing functional requirements .10
8 Determining configuration .11
8.1 General .11
8.2 Importance of documentation of configuration decisions .11
8.3 Configuration decisions .11
8.3.1 Areas of configuration .12
9 Determining requirements to migrate and convert records .16
10 Communication, training and change management .17
10.1 General .17
10.2 Communications .17
10.3 Training program requirements .17
10.4 Change management readiness .18
10.5 E valuation and review .19
11 Post implementation review, monitoring and assessment .19
11.1 General .19
11.2 Conducting a post implementation review for records systems .19
11.2.1 Review immediately after the implementation .20
11.2.2 Review after a period of operation .20
11.2.3 Action following reviews .20
11.3 Monitoring .21
11.4 Assessment .22
Bibliography .23
© ISO 2019 – All rights reserved iii
---------------------- Page: 5 ----------------------
oSIST ISO/DIS 16175-2:2019
ISO/DIS 16175-2:2019(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following
URL: www .iso .org/iso/foreword .html.
This document was prepared by Technical Committee ISO/TC 46, Documentation and Information,
Subcommittee SC11, Archives/Records Management.
This second edition cancels and replaces the first edition (ISO 16175-1:2010, ISO 16175-2:2011 and
ISO 16175-3:2010), which has been technically revised.
A list of all parts in the ISO 16175- series can be found on the ISO website.
iv © ISO 2019 – All rights reserved
---------------------- Page: 6 ----------------------
oSIST ISO/DIS 16175-2:2019
ISO/DIS 16175-2:2019(E)
Introduction
All organizations will have at least one, and generally more than one, records system. Records systems
are information systems which capture, manage and provide access to records over time. Records
systems can consist of technical elements such as software, and non-technical elements such as policy,
procedures and agents. Records systems as a whole include the policy, processes, software and people
1)
that use and manage records . Records systems exist in many variations: in paper systems, in software
specifically designed to meet functionality for managing records, or as business software which capture
and manage records. This document is focused on management of records in the digital environment,
using software, but the general principles and considerations apply whatever the environment.
Organizations make decisions on what type of software for managing records should support
particular business processes, business units or the organization as a whole and consider the risks
that are linked to business processes when making such decisions. The scope of software for managing
records will be affected by the social and regulatory framework within which an organization operates,
by the organizational readiness or maturity around records reflected in its policies and allocation of
responsibilities, and by the technologies that are appropriate for organizational use.
Organizations that already rely on digital records to conduct and document business, or that are
interested in eliminating paper records from their operations, are seeking solutions to the issues arising
from management of digital records. The decisions that organizations make today about the capability
of the software, and the organization and structure of information within the software will have a
significant impact on the long term sustainability of digital records. The capacity to sustain digital
records beyond the lifespan of a single instance of software is closely linked to the design, selection and
configuration of software, and should be considered carefully within an organization-wide information
governance context.
This international standard makes no distinction between software applications that are used for
any business purpose and those applications specifically intended and designed to manage records.
Examples of the former include Enterprise Content Management Systems and applications which create
records as one part of their functionality such as Contracts Management Systems, Case Management
Systems or transactional systems. The term used throughout is therefore ‘software for managing
records’, which is intended to encapsulate the totality of applications that manage records as part of
their usual functioning. It is assumed that almost all business applications will generate data that will
need to serve as evidence of business activity for future reference and as such will, inter alia, need to
create, store and manage records, whether within their own functionality or in combination with other
applications.
Organizations deploy software applications to automate business activities and transactions. The
digital information generated by an application may serve as the only evidence or record of the process
or transaction, despite the application not being designed specifically for the purpose of managing
records. Without evidence of these activities, organizations are exposed to risk and may be unable to
meet legislative, accountability, business and community expectations. Because of the dynamic and
manipulable nature of business applications, the capture of records and the ongoing management of
their fixity, authenticity, reliability, usability and integrity can be challenging.
Many business applications generate and store data that may be subject to constant updating (dynamic),
able to be transformed (manipulable) and only contain current data (non-redundant). While business
requirements for dynamic, manipulable and non-redundant data may be entirely legitimate, if records
are to serve as reliable evidence of business activity they need to be fixed and inviolable. That is,
systems and processes need to be able to guarantee the reliability and authenticity of the records as
evidence of past business activity.
1) ‘Records system’ Information system which captures, manages and provides access to records over time. Note:
records system can consist of technical elements such as software, which may be designed specifically for managing
records or for some other business purpose, and non-technical elements including policy, procedures, people and
other agents, and assigned responsibilities. ISO 15489-1:2016, Definition 3.16
© ISO 2019 – All rights reserved v
---------------------- Page: 7 ----------------------
oSIST ISO/DIS 16175-2:2019
ISO/DIS 16175-2:2019(E)
For the purposes of this document the characteristics of records (as defined in ISO 15489-1:2016, Clause
5.2.2) can be applied to any and all of data, documents or information. A records approach enables
the traceability of actions documenting business to be maintained for as long as needed to support
assertions of authenticity, reliability and integrity. This approach can be applied to data, documents,
information and records.
vi © ISO 2019 – All rights reserved
---------------------- Page: 8 ----------------------
oSIST ISO/DIS 16175-2:2019
DRAFT INTERNATIONAL STANDARD ISO/DIS 16175-2:2019(E)
Information and documentation - Processes and functional
requirements for software for managing records —
Part 2:
Guidance for selecting, designing, implementing and
maintaining software for managing records
1 1 Scope
This international standard provides guidelines for the decision making around selection, design,
implementation and maintenance of software for managing records, according to the principles
specified in ISO 15489-1.
This document is applicable to any kind of records system supported by software but is particularly
focussed on software for managing digital records.
1.1 Audience
This international standard provides guidance to records professionals charged with designing,
implementing and maintaining systems for managing records using a variety of software. It may
also provide assistance to information technology professionals and software vendors seeking to
understand records requirements.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For undated references, the latest edition of the referenced
document (including any amendments) applies.
ISO 15489-1, Information and documentation — Records management — Part 1: Concepts and principles
ISO 23081-2, Information and documentation — Managing metadata for records — Part 2: Conceptual and
implementation issues
ISO 30300, Information and documentation — Management systems for records — Fundamentals and
vocabulary
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 30300 apply.
4 High level requirements for software managing digital records
4.1 Assumptions
This standard assumes
— That records controls (particularly those identified ISO 15489-1:2016, clause 8) are already
developed within the organization;
— That projects to implement records requirements in software will be continuous; and
© ISO 2019 – All rights reserved 1
---------------------- Page: 9 ----------------------
oSIST ISO/DIS 16175-2:2019
ISO/DIS 16175-2:2019(E)
— That all new software implementation projects require implementation of defined records
requirements.
Designing, implementing and maintaining software for managing records is an ongoing and continual
part of managing records within organizations, to reflect constantly changing technological
environments, new business software, and changes to business processes.
4.2 General overview of requirements
The high level requirements included here are consistent with the principles for managing records
outlined in ISO 15489-1:2016, Clause 4. Part 1 of this Standard (ISO 16175-1:2018) provides more
detailed functional requirements for software that creates or manages digital records.
1. Software should support the management of digital records as a core component of the
business process.
When automating a business process, records requirements should be met by software.
2. Software managing digital records shall maintain persistent links to the business context.
An understanding of the business context of records is required to enable accurate interpretation of
their content. Software should persistently link to the specific business context in which records are
created and maintain that linkage over time.
3. Software managing digital records should be able to capture metadata, automatically
generated to the greatest extent possible.
Software should be designed and implemented in a manner that allows maximum automatic assignment
of point of capture records metadata, enabling end-user overwrite capability prior to capture, where
needed. Records process metadata should be automatically generated and captured as the system is used.
4. Software should be user-friendly and allow easy records creation and capture.
Software that automates management of records should be designed in a way that makes such activity
largely ‘invisible’ to the end-users . Techniques for this may include automatic logging of events
occurring on records at all levels of aggregation and minimizing end-user requirements to interact with
complex functionality specific to requirements of records professionals.
5. Software should support interoperability over time and across platforms and domains.
Digital records often have operational or legal requirements for retention over periods of time that
may exceed the lifespan of the hardware or software that created it. Software should be able to present
records in a manner that maintains its metadata, useability and enables it to be converted to new
formats and/or migrated to other technology platforms.
6. Software should have the capacity for bulk import and export.
Records often need to last longer than the system in which they are initially created, captured and
managed. Records software should incorporate capabilities for bulk re-formatting as part of import
(ingest) or export capability or, at a minimum, via non-proprietary encoding of record metadata.
7. Software should maintain records in a secure environment.
Software should not allow unauthorised access or modifications to any records or to records metadata.
Where authorised modifications are performed, they should be fully documented. Information which is
confidential or which contains personal information should be identified and mechanisms deployed to
ensure appropriate access and use protections.
8. Software should support the disposition of records in a managed, systematic and
auditable way.
2 © ISO 2019 – All rights reserved
---------------------- Page: 10 ----------------------
oSIST ISO/DIS 16175-2:2019
ISO/DIS 16175-2:2019(E)
Software needs to be able to dispose of records in a systematic and auditable way in line with business
or legal requirements and societal and community expectations.
9. Software should rely as much as possible on open, robust and technology neutral standards.
Many software products that create or manage records are developed using proprietary code.
Hardware or software dependencies can have adverse effects on access and preservation of records in
the long term. Open, robust and technology neutral standards should be used.
5 Assessing or ganizational readiness to implement records systems and scoping
a project
5.1 General
Organizations have distinct cultures which affect their approach to managing records. These cultures
are part of the organizational context. The factors that impact the information culture of an organization
include:
— The values, attitudes and behaviours of organizational users;
— The technical environment; and
— The societal and organizational requirements, including legislation, standards and related policy
containing requirements for managing records and outline compliance.
The organizational culture affects decisions on selection and implementation of systems and software
for managing records. Where an organization has a defined information governance framework, the
system for managing records should be integrated with the information governance framework.
Where software for managing records supports processes shared by multiple organizations,
information culture factors should be considered for each organization. Selection and design of
software for managing records should be responsive to the needs of each organization. Responsibility
should be clearly assigned for managing cross-organizational systems and the rights in managing
records created in such shared software agreed.
Implementing software for managing records should be undertaken within an organisational
framework that defines the policies and responsibilities to be implemented, the records control tools
and the elements needed to scope the project. The following aspects should be considered during the
planning stages of any implementation:
— Organizational maturity or readiness;
— Records controls;
— Technical environment; and
— Project scoping and resources.
5.2 Organizational records maturity
Assessing an organization’s maturity for managing records will assist in selecting a software approach
suited to the organization. Undertaking an assessment of organizational maturity will enable
benchmarking of progress over time, and assessment amongst similar organizations.
The following elements contribute to assessing organizational records maturity:
— Whether strategic responsibilities for managing records are included in the senior management
responsibilities;
© ISO 2019 – All rights reserved 3
---------------------- Page: 11 ----------------------
oSIST ISO/DIS 16175-2:2019
ISO/DIS 16175-2:2019(E)
— Whether records and their management are considered explicit components of information
governance;
— Whether records functionality is included as a core component of the enterprise information
architecture supporting technology development and deployment;
— The level at which responsibility is assigned to resource, enforce and monitor compliance with
records principles;
— The availability of trained users to assist operational users in designing, implementing and
maintaining software for managing records;
— The organizational culture and the extent of awareness of responsibilities for creating and managing
records within the organization;
— What policies, standards and guidance outlining records responsibilities and obligations
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.