Information and documentation -- Management systems for records -- Requirements

This document specifies requirements to be met by a management system for records (MSR) in order
to support an organization in the achievement of its mandate, mission, strategy and goals. It addresses
the development and implementation of a records policy and objectives and gives information on
measuring and monitoring performance.
An MSR can be established by an organization or across organizations that share business activities.
Throughout this document, the term “organization” is not limited to one organization but also includes
other organizational structures.
This document is applicable to any organization that wishes to:
— establish, implement, maintain and improve an MSR to support its business;
— ensure itself of conformity with its stated records policy;
— demonstrate conformity with this document by
a) undertaking a self-assessment and self-declaration, or
b) seeking confirmation of its self-declaration by a party external to the organization, or
c) seeking certification of its MSR by an external party.

Information et documentation -- Systèmes de gestion des documents d'activité -- Exigences

Le pr�sent document sp�cifie les exigences relatives � un syst�me de gestion des documents d'activit� (SGDA) visant � soutenir un organisme dans la r�alisation de son mandat, de sa mission, de sa strat�gie et de ses objectifs. Il traite du d�veloppement et de la mise en œuvre d'une politique et de finalit�s relatives aux documents d'activit� et donne des informations sur le mesurage et la surveillance des performances.
Un SGDA peut �tre �tabli par un organisme ou plusieurs organismes lorsque ceux-ci partagent des activit�s. Tout au long du pr�sent document, le terme � organisme � ne se limite pas � un seul organisme, mais inclut �galement d'autres structures organisationnelles.
Le pr�sent document s'applique � tout organisme souhaitant:
— �tablir, mettre en œuvre, tenir � jour et am�liorer un SGDA venant en support de ses activit�s;
— s'assurer lui-m�me de la conformit� � sa politique d�clar�e en mati�re de documents d'activit�;
— d�montrer sa conformit� au pr�sent document en:  
r�alisant une auto-�valuation et une auto-d�claration; ou
demandant une confirmation de son auto-d�claration par une partie externe � l'organisme; ou
demandant une certification de son SGDA par une partie externe.

Informatika in dokumentacija - Sistemi upravljanja zapisov - Zahteve

Ta dokument določa zahteve, ki jih mora izpolnjevati sistem za upravljanje zapisov (MSR),
da lahko podpira organizacijo pri izvajanju njenih pooblastil, poslanstva, strategije in ciljev. Obravnava
pripravo in uvedbo pravilnika o zapisih in ciljev ter podaja informacije
o merjenju in nadzoru delovanja.
Sistem upravljanja zapisov lahko oblikuje organizacija ali skupina organizacij, ki si delijo poslovne dejavnosti.
V tem dokumentu izraz »organizacija« ni omejen na eno organizacijo, ampak vključuje tudi
druge organizacijske strukture.
Ta dokument lahko uporabi vsaka organizacija, ki želi:
– vzpostaviti, izvajati, vzdrževati in izboljševati sistem upravljanja zapisov za podporo poslovanja;
– zagotoviti skladnost s pravilnikom upravljanja zapisov, za katerega se je opredelila;
– izkazati skladnost s tem dokumentom, tako da:
a) sprejme samooceno in izda lastno izjavo; ali
b) pridobi potrditev lastne izjave pri zunanji stranki; ali
c) pridobi potrdilo o sistemu upravljanja zapisov pri zunanji stranki.

General Information

Status
Published
Publication Date
03-Sep-2019
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
05-Aug-2019
Due Date
10-Oct-2019
Completion Date
04-Sep-2019

Relations

Buy Standard

Standard
ISO 30301:2019 - BARVE
English language
23 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day
Standard
ISO 30301:2019 - Information and documentation -- Management systems for records -- Requirements
English language
16 pages
sale 15% off
Preview
sale 15% off
Preview
Standard
ISO 30301:2019 - Information et documentation -- Systemes de gestion des documents d'activité -- Exigences
French language
18 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

SLOVENSKI STANDARD
SIST ISO 30301:2019
01-oktober-2019
Nadomešča:
SIST ISO 30301:2013
Informatika in dokumentacija - Sistemi upravljanja zapisov - Zahteve
Information and documentation -- Management systems for records -- Requirements
Information et documentation -- Systèmes de gestion des documents d'activité --
Exigences
Ta slovenski standard je istoveten z: ISO 30301:2019
ICS:
01.140.20 Informacijske vede Information sciences
03.100.70 Sistemi vodenja Management systems
SIST ISO 30301:2019 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST ISO 30301:2019

---------------------- Page: 2 ----------------------
SIST ISO 30301:2019
INTERNATIONAL ISO
STANDARD 30301
Second edition
2019-02
Information and documentation —
Management systems for records —
Requirements
Information et documentation — Systèmes de gestion des documents
d'activité — Exigences
Reference number
ISO 30301:2019(E)
©
ISO 2019

---------------------- Page: 3 ----------------------
SIST ISO 30301:2019
ISO 30301:2019(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO 2019
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2019 – All rights reserved

---------------------- Page: 4 ----------------------
SIST ISO 30301:2019
ISO 30301:2019(E)

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Context of the organization . 4
4.1 Understanding the organization and its context . 4
4.1.1 General. 4
4.1.2 Records requirements . 5
4.2 Understanding the needs and expectations of interested parties . 5
4.3 Determining the scope of the MSR . 6
4.4 Management system for records . 6
5 Leadership . 6
5.1 Leadership and commitment . 6
5.2 Policy . 6
5.3 Organization roles, responsibilities and authorities . 7
6 Planning . 7
6.1 Actions to address risks and opportunities . 7
6.2 Records objectives and planning to achieve them . 8
7 Support . 8
7.1 Resources . 8
7.2 Competence . 9
7.3 Awareness . 9
7.4 Communication . 9
7.5 Documented information . 9
7.5.1 General. 9
7.5.2 Creating and updating .10
7.5.3 Control of documented information .10
8 Operation .10
8.1 Operational planning and control .10
8.2 Determining records to be created .11
8.3 Designing and implementing records processes, controls and systems .11
9 Performance evaluation .11
9.1 Monitoring, measurement, analysis and evaluation .11
9.2 Internal audit .11
9.3 Management review .12
10 Improvement .12
10.1 Nonconformity and corrective actions .12
10.2 Continual improvement .13
Annex A (normative) Operational requirements for records processes, control and systems .14
Bibliography .16
© ISO 2019 – All rights reserved iii

---------------------- Page: 5 ----------------------
SIST ISO 30301:2019
ISO 30301:2019(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso
.org/iso/foreword .html.
This document was prepared by Technical Committee ISO/TC 46, Information and documentation,
Subcommittee SC 11, Archives/records management.
This second edition cancels and replaces the first edition (ISO 30301:2011), which has been technically
revised to fully follow the common text of the high level structure (HLS) for all ISO management
systems standards (MSS), and to align operational requirements with the guidelines in ISO 15489.
The main changes compared to the previous edition are as follows:
— a new subclause, 4.1.2 Records requirements, has been added;
— subclauses 8.2 and 8.3 have been redrafted;
— the requirements in Annex A have been renamed and reordered. Requirements numbered A.1.1.1
and A.1.1.2 are now included in 8.2, A.2.5.7 has been deleted from Annex A.
ISO 30301 is part of a family of International Standards on management systems for records.
A list of all products in the ISO 30300 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/members .html.
iv © ISO 2019 – All rights reserved

---------------------- Page: 6 ----------------------
SIST ISO 30301:2019
ISO 30301:2019(E)

Introduction
0.1  General
Organizational success largely depends upon implementing and maintaining a management system that
is designed to continually improve performance while addressing the needs of all interested parties.
Management systems offer methodologies to make decisions and manage resources in order to achieve
the organization's goals.
Creation and management of records are integral to any organization's activities, processes and
systems. They enable business efficiency, accountability, risk management and business continuity.
They also enable organizations to capitalize on the value of their information resources as strategic
assets, and to contribute to the preservation of collective memory, in response to the challenges of the
global and digital environment.
0.2  Management system
Management system standards (MSS) provide tools for top management to implement a systematic
and verifiable approach to organizational control in an environment that encourages good business
practices.
The standards on management systems for records are designed to assist organizations of all types and
sizes, or groups of organizations with shared business activities, to implement, operate and improve an
effective management system for records (MSR). The MSR directs and controls an organization for the
purposes of establishing a policy and objectives with regard to records and achieving those objectives.
This is done through the use of:
— defined roles and responsibilities;
— systematic processes;
— measurement and evaluation;
— review and improvement.
Implementation of a records policy and objectives soundly based on the organization's requirements
will ensure that authoritative and reliable information about, and evidence of, business activities
is created, managed and made accessible to those who need it for as long as required. Successful
implementation of good records policy and objectives results in records and records systems adequate
for all of an organization's purposes.
Implementing an MSR in an organization also guarantees the transparency and traceability of decisions
made by responsible management and the recognition of public interest.
0.3  Relationship with other records standards
The standards on MSR are developed within the MSS framework to be compatible and to share
elements and methodology with other MSS. ISO 15489-1, together with other International Standards
and Technical Reports, are the principal tools for designing, implementing, monitoring and improving
records processes and controls, which operate under the governance of the MSR where organizations
decide to implement MSS methodology.
NOTE ISO 15489 is the foundation standard which codifies best practice for records management operations.
The structure of standards on MSR and the most relevant products for implementing records processes
and controls, either published or under preparation, is shown in Figure 1.
© ISO 2019 – All rights reserved v

---------------------- Page: 7 ----------------------
SIST ISO 30301:2019
ISO 30301:2019(E)

NOTE Titles of some products and technical reports are susceptible to change when they are revised. Titles
in this figure represent the subject or domain, not the complete official titles of published standards and technical
reports. An updated figure with new products is available at https: //committee .iso .org/home/tc46sc11.
Figure 1 — Standards on MSR and related International Standards and Technical Reports
0.4  MSR family of standards
This family of standards is intended to be used in support of:
a) top management who make decisions regarding the establishment and implementation of
management systems within their organization;
b) people responsible for the implementation of MSR, such as professionals in the areas of risk
management, auditing, management of records, information technology and information security.
The process approach incorporated to a management system for records emphasizes the importance of:
— identifying the organization's records requirements, including interested parties' needs and
expectations, and establishing policy and objectives for records;
— implementing and operating controls for managing an organization’s risks in relation to its records,
in the context of its overall business risks;
— monitoring and reviewing the performance and effectiveness of the MSR;
— continual improvement based on objective measurement.
Figure 2 represents the structure of this document in process approach.
vi © ISO 2019 – All rights reserved

---------------------- Page: 8 ----------------------
SIST ISO 30301:2019
ISO 30301:2019(E)

Figure 2 — Structure of MSR in process approach
0.5  Relationship and compatibility with other management system standards
This document conforms to ISO’s requirements for management system standards. These requirements
include a high-level structure, identical core text, common terms with core definitions, designed to
benefit users implementing multiple ISO management system standards.
The term “documented information” is one of the core terms for MSS. Requirements related to
documented information are given in 7.5. in all MSS. This document, apart from constituting a MSS
itself, can support organizations to implement the documented information requirements of other
management systems. For more information, see https: //committee .iso .org/home/tc46sc11).
© ISO 2019 – All rights reserved vii

---------------------- Page: 9 ----------------------
SIST ISO 30301:2019

---------------------- Page: 10 ----------------------
SIST ISO 30301:2019
INTERNATIONAL STANDARD ISO 30301:2019(E)
Information and documentation — Management systems
for records — Requirements
1 Scope
This document specifies requirements to be met by a management system for records (MSR) in order
to support an organization in the achievement of its mandate, mission, strategy and goals. It addresses
the development and implementation of a records policy and objectives and gives information on
measuring and monitoring performance.
An MSR can be established by an organization or across organizations that share business activities.
Throughout this document, the term “organization” is not limited to one organization but also includes
other organizational structures.
This document is applicable to any organization that wishes to:
— establish, implement, maintain and improve an MSR to support its business;
— ensure itself of conformity with its stated records policy;
— demonstrate conformity with this document by
a) undertaking a self-assessment and self-declaration, or
b) seeking confirmation of its self-declaration by a party external to the organization, or
c) seeking certification of its MSR by an external party.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 30300, Information and documentation — Management systems for records — Fundamentals and
vocabulary
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 30300 and the following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https: //www .iso .org/obp
— IEC Electropedia: available at http: //www .electropedia .org/
3.1
organization
person or group of people that has its own functions with responsibilities, authorities and relationships
to achieve its objectives (3.8)
Note 1 to entry: The concept of organization includes, but is not limited to sole-trader, company, corporation, firm,
enterprise, authority, partnership, charity or institution, or part or combination thereof, whether incorporated
or not, public or private.
© ISO 2019 – All rights reserved 1

---------------------- Page: 11 ----------------------
SIST ISO 30301:2019
ISO 30301:2019(E)

3.2
interested party
stakeholder
person or organization (3.1) that can affect, be affected by, or perceive itself to be affected by a decision
or activity
3.3
requirement
need or expectation that is stated, generally implied or obligatory
Note 1 to entry: “Generally implied” means that it is custom or common practice for the organization and
interested parties that the need or expectation under consideration is implied.
Note 2 to entry: A specified requirement is one that is stated, for example in documented information.
3.4
management system
set of interrelated or interacting elements of an organization (3.1) to establish policies (3.7) and
objectives (3.8) and processes (3.12) to achieve those objectives
Note 1 to entry: A management system can address a single discipline or several disciplines.
Note 2 to entry: The system elements include the organization’s structure, roles and responsibilities, planning
and operation.
Note 3 to entry: The scope of a management system may include the whole of the organization, specific and
identified functions of the organization, specific and identified sections of the organization, or one or more
functions across a group of organizations.
3.5
top management
person or group of people who directs and controls an organization (3.1) at the highest level
Note 1 to entry: Top management has the power to delegate authority and provide resources within the
organization.
Note 2 to entry: If the scope of the management system (3.4) covers only part of an organization, then top
management refers to those who direct and control that part of the organization.
3.6
effectiveness
extent to which planned activities are realized and planned results achieved
3.7
policy
intentions and direction of an organization (3.1), as formally expressed by its top management (3.5)
3.8
objective
result to be achieved
Note 1 to entry: An objective can be strategic, tactical, or operational.
Note 2 to entry: Objectives can relate to different disciplines (such as financial, health and safety, and
environmental goals) and can apply at different levels [such as strategic, organization-wide, project, product and
process (3.12)].
Note 3 to entry: An objective can be expressed in other ways, e.g. as an intended outcome, a purpose, an
operational criterion, as an MSR objective, or by the use of other words with similar meaning (e.g. aim, goal, or
target).
Note 4 to entry: In the context of MSR, MSR objectives are set by the organization, consistent with the MSR policy,
to achieve specific results.
2 © ISO 2019 – All rights reserved

---------------------- Page: 12 ----------------------
SIST ISO 30301:2019
ISO 30301:2019(E)

3.9
risk
effect of uncertainty
Note 1 to entry: An effect is a deviation from the expected — positive or negative.
Note 2 to entry: Uncertainty is the state, even partial, of deficiency of information related to, understanding or
knowledge of, an event, its consequence, or likelihood.
Note 3 to entry: Risk is often characterized by reference to potential “events” (as defined in ISO Guide 73:2009,
3.5.1.3) and “consequences” (as defined in ISO Guide 73:2009, 3.6.1.3), or a combination of these.
Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including
changes in circumstances) and the associated “likelihood” (as defined in ISO Guide 73:2009, 3.6.1.1) of occurrence.
3.10
competence
ability to apply knowledge and skills to achieve intended results
3.11
documented information
information required to be controlled and maintained by an organization (3.1) and the medium on
which it is contained
Note 1 to entry: Documented information can be in any format and media, and from any source.
Note 2 to entry: Documented information can refer to:
— the management system (3.4), including related processes (3.12);
— information created in order for the organization to operate (documentation);
— evidence of results achieved (records).
3.12
process
set of interrelated or interacting activities which transforms inputs into outputs
3.13
performance
measurable result
Note 1 to entry: Performance can relate either to quantitative or qualitative findings.
Note 2 to entry: Performance can relate to the management of activities, processes (3.12), products (including
services), systems or organizations (3.1).
3.14
outsource, verb
make an arrangement where an external organization (3.1) performs part of an organization’s function
or process (3.12)
Note 1 to entry: An external organization is outside the scope of the management system (3.4), although the
outsourced function or process is within the scope.
3.15
monitoring
determining the status of a system, a process (3.12) or an activity
Note 1 to entry: To determine the status, there may be a need to check, supervise or critically observe.
3.16
measurement
process (3.12) to determine a value
© ISO 2019 – All rights reserved 3

---------------------- Page: 13 ----------------------
SIST ISO 30301:2019
ISO 30301:2019(E)

3.17
audit
systematic, independent and documented process (3.12) for obtaining audit evidence and evaluating it
objectively to determine the extent to which the audit criteria are fulfilled
Note 1 to entry: An audit can be an internal audit (first party) or an external audit (second party or third party),
and it can be a combined audit (combining two or more disciplines).
Note 2 to entry: An internal audit is conducted by the organization itself, or by an external party on its behalf.
Note 3 to entry: “Audit evidence” and “audit criteria” are defined in ISO 19011.
3.18
conformity
fulfilment of a requirement (3.3)
3.19
nonconformity
non-fulfilment of a requirement (3.3)
3.20
corrective action
action to eliminate the cause of a nonconformity (3.19) and to prevent recurrence
3.21
continual improvement
recurring activity to enhance performance (3.13)
4 Context of the organization
4.1 Understanding the organization and its context
4.1.1 General
The organization shall determine external and internal issues that are relevant to its purpose and that
affect its ability to achieve the intended outcome(s) of its MSR.
External issues in the organization's context may include, but is not limited to:
— the social and cultural, legal, regulatory, financial, technological, economic, natural and competitive
environment, whether international, national, regional or local;
— key drivers and trends which can have an impact on the objectives of the organization;
— relationships with, and perceptions, values and expectations of, external interested parties (see 4.2).
Internal issues in the organization's context may include, but is not limited to:
a) governance, organizational structure, roles and accountabilities;
b) policies, objectives and the strategies that are in place to achieve them;
c) capabilities, understood in terms of resources and knowledge (e.g. capital, time, people, processes,
systems and technologies);
d) information systems, information flows and decision-making processes (both formal and informal);
e) technological context, including technologies that are maintained solely by the organization, as
well as technologies used for collaboration with other parties;
4 © ISO 2019 – All rights reserved

---------------------- Page: 14 ----------------------
SIST ISO 30301:2019
ISO 30301:2019(E)

f) relationships with, and perceptions and values of, internal interested parties and the organization's
culture;
g) standards, guidelines and models adopted by the organization;
h) the form and extent of contractual relationships.
4.1.2 Records requirements
The organization shall identify and document the business need for records in order to understand
what records should be created, captured and managed.
The organization shall identify, assess and document records requirements affecting its business
operations with which it shall comply and for which it requires evidence of compliance. These
requirements can be business, legal, regulatory or other requirements.
Business requirements include all the requirements for the performance of the operations or business
of the organization. Requirements arise from current business performance, future planning and
development, risk management and business continuity planning.
Legal requirements include requirements related to the creation, capture and management of records.
Sources of legal requirements are:
— statute and case law, including law and regulations governing the sector-specific and general
business environment;
— laws and regulations relating specifically to evidence, records and archives, access, privacy, data
and information protection, and electronic commerce;
— the constitutional rules of organizations, ch
...

INTERNATIONAL ISO
STANDARD 30301
Second edition
2019-02
Information and documentation —
Management systems for records —
Requirements
Information et documentation — Systèmes de gestion des documents
d'activité — Exigences
Reference number
ISO 30301:2019(E)
©
ISO 2019

---------------------- Page: 1 ----------------------
ISO 30301:2019(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO 2019
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2019 – All rights reserved

---------------------- Page: 2 ----------------------
ISO 30301:2019(E)

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Context of the organization . 4
4.1 Understanding the organization and its context . 4
4.1.1 General. 4
4.1.2 Records requirements . 5
4.2 Understanding the needs and expectations of interested parties . 5
4.3 Determining the scope of the MSR . 6
4.4 Management system for records . 6
5 Leadership . 6
5.1 Leadership and commitment . 6
5.2 Policy . 6
5.3 Organization roles, responsibilities and authorities . 7
6 Planning . 7
6.1 Actions to address risks and opportunities . 7
6.2 Records objectives and planning to achieve them . 8
7 Support . 8
7.1 Resources . 8
7.2 Competence . 9
7.3 Awareness . 9
7.4 Communication . 9
7.5 Documented information . 9
7.5.1 General. 9
7.5.2 Creating and updating .10
7.5.3 Control of documented information .10
8 Operation .10
8.1 Operational planning and control .10
8.2 Determining records to be created .11
8.3 Designing and implementing records processes, controls and systems .11
9 Performance evaluation .11
9.1 Monitoring, measurement, analysis and evaluation .11
9.2 Internal audit .11
9.3 Management review .12
10 Improvement .12
10.1 Nonconformity and corrective actions .12
10.2 Continual improvement .13
Annex A (normative) Operational requirements for records processes, control and systems .14
Bibliography .16
© ISO 2019 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO 30301:2019(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso
.org/iso/foreword .html.
This document was prepared by Technical Committee ISO/TC 46, Information and documentation,
Subcommittee SC 11, Archives/records management.
This second edition cancels and replaces the first edition (ISO 30301:2011), which has been technically
revised to fully follow the common text of the high level structure (HLS) for all ISO management
systems standards (MSS), and to align operational requirements with the guidelines in ISO 15489.
The main changes compared to the previous edition are as follows:
— a new subclause, 4.1.2 Records requirements, has been added;
— subclauses 8.2 and 8.3 have been redrafted;
— the requirements in Annex A have been renamed and reordered. Requirements numbered A.1.1.1
and A.1.1.2 are now included in 8.2, A.2.5.7 has been deleted from Annex A.
ISO 30301 is part of a family of International Standards on management systems for records.
A list of all products in the ISO 30300 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/members .html.
iv © ISO 2019 – All rights reserved

---------------------- Page: 4 ----------------------
ISO 30301:2019(E)

Introduction
0.1  General
Organizational success largely depends upon implementing and maintaining a management system that
is designed to continually improve performance while addressing the needs of all interested parties.
Management systems offer methodologies to make decisions and manage resources in order to achieve
the organization's goals.
Creation and management of records are integral to any organization's activities, processes and
systems. They enable business efficiency, accountability, risk management and business continuity.
They also enable organizations to capitalize on the value of their information resources as strategic
assets, and to contribute to the preservation of collective memory, in response to the challenges of the
global and digital environment.
0.2  Management system
Management system standards (MSS) provide tools for top management to implement a systematic
and verifiable approach to organizational control in an environment that encourages good business
practices.
The standards on management systems for records are designed to assist organizations of all types and
sizes, or groups of organizations with shared business activities, to implement, operate and improve an
effective management system for records (MSR). The MSR directs and controls an organization for the
purposes of establishing a policy and objectives with regard to records and achieving those objectives.
This is done through the use of:
— defined roles and responsibilities;
— systematic processes;
— measurement and evaluation;
— review and improvement.
Implementation of a records policy and objectives soundly based on the organization's requirements
will ensure that authoritative and reliable information about, and evidence of, business activities
is created, managed and made accessible to those who need it for as long as required. Successful
implementation of good records policy and objectives results in records and records systems adequate
for all of an organization's purposes.
Implementing an MSR in an organization also guarantees the transparency and traceability of decisions
made by responsible management and the recognition of public interest.
0.3  Relationship with other records standards
The standards on MSR are developed within the MSS framework to be compatible and to share
elements and methodology with other MSS. ISO 15489-1, together with other International Standards
and Technical Reports, are the principal tools for designing, implementing, monitoring and improving
records processes and controls, which operate under the governance of the MSR where organizations
decide to implement MSS methodology.
NOTE ISO 15489 is the foundation standard which codifies best practice for records management operations.
The structure of standards on MSR and the most relevant products for implementing records processes
and controls, either published or under preparation, is shown in Figure 1.
© ISO 2019 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO 30301:2019(E)

NOTE Titles of some products and technical reports are susceptible to change when they are revised. Titles
in this figure represent the subject or domain, not the complete official titles of published standards and technical
reports. An updated figure with new products is available at https: //committee .iso .org/home/tc46sc11.
Figure 1 — Standards on MSR and related International Standards and Technical Reports
0.4  MSR family of standards
This family of standards is intended to be used in support of:
a) top management who make decisions regarding the establishment and implementation of
management systems within their organization;
b) people responsible for the implementation of MSR, such as professionals in the areas of risk
management, auditing, management of records, information technology and information security.
The process approach incorporated to a management system for records emphasizes the importance of:
— identifying the organization's records requirements, including interested parties' needs and
expectations, and establishing policy and objectives for records;
— implementing and operating controls for managing an organization’s risks in relation to its records,
in the context of its overall business risks;
— monitoring and reviewing the performance and effectiveness of the MSR;
— continual improvement based on objective measurement.
Figure 2 represents the structure of this document in process approach.
vi © ISO 2019 – All rights reserved

---------------------- Page: 6 ----------------------
ISO 30301:2019(E)

Figure 2 — Structure of MSR in process approach
0.5  Relationship and compatibility with other management system standards
This document conforms to ISO’s requirements for management system standards. These requirements
include a high-level structure, identical core text, common terms with core definitions, designed to
benefit users implementing multiple ISO management system standards.
The term “documented information” is one of the core terms for MSS. Requirements related to
documented information are given in 7.5. in all MSS. This document, apart from constituting a MSS
itself, can support organizations to implement the documented information requirements of other
management systems. For more information, see https: //committee .iso .org/home/tc46sc11).
© ISO 2019 – All rights reserved vii

---------------------- Page: 7 ----------------------
INTERNATIONAL STANDARD ISO 30301:2019(E)
Information and documentation — Management systems
for records — Requirements
1 Scope
This document specifies requirements to be met by a management system for records (MSR) in order
to support an organization in the achievement of its mandate, mission, strategy and goals. It addresses
the development and implementation of a records policy and objectives and gives information on
measuring and monitoring performance.
An MSR can be established by an organization or across organizations that share business activities.
Throughout this document, the term “organization” is not limited to one organization but also includes
other organizational structures.
This document is applicable to any organization that wishes to:
— establish, implement, maintain and improve an MSR to support its business;
— ensure itself of conformity with its stated records policy;
— demonstrate conformity with this document by
a) undertaking a self-assessment and self-declaration, or
b) seeking confirmation of its self-declaration by a party external to the organization, or
c) seeking certification of its MSR by an external party.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 30300, Information and documentation — Management systems for records — Fundamentals and
vocabulary
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 30300 and the following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https: //www .iso .org/obp
— IEC Electropedia: available at http: //www .electropedia .org/
3.1
organization
person or group of people that has its own functions with responsibilities, authorities and relationships
to achieve its objectives (3.8)
Note 1 to entry: The concept of organization includes, but is not limited to sole-trader, company, corporation, firm,
enterprise, authority, partnership, charity or institution, or part or combination thereof, whether incorporated
or not, public or private.
© ISO 2019 – All rights reserved 1

---------------------- Page: 8 ----------------------
ISO 30301:2019(E)

3.2
interested party
stakeholder
person or organization (3.1) that can affect, be affected by, or perceive itself to be affected by a decision
or activity
3.3
requirement
need or expectation that is stated, generally implied or obligatory
Note 1 to entry: “Generally implied” means that it is custom or common practice for the organization and
interested parties that the need or expectation under consideration is implied.
Note 2 to entry: A specified requirement is one that is stated, for example in documented information.
3.4
management system
set of interrelated or interacting elements of an organization (3.1) to establish policies (3.7) and
objectives (3.8) and processes (3.12) to achieve those objectives
Note 1 to entry: A management system can address a single discipline or several disciplines.
Note 2 to entry: The system elements include the organization’s structure, roles and responsibilities, planning
and operation.
Note 3 to entry: The scope of a management system may include the whole of the organization, specific and
identified functions of the organization, specific and identified sections of the organization, or one or more
functions across a group of organizations.
3.5
top management
person or group of people who directs and controls an organization (3.1) at the highest level
Note 1 to entry: Top management has the power to delegate authority and provide resources within the
organization.
Note 2 to entry: If the scope of the management system (3.4) covers only part of an organization, then top
management refers to those who direct and control that part of the organization.
3.6
effectiveness
extent to which planned activities are realized and planned results achieved
3.7
policy
intentions and direction of an organization (3.1), as formally expressed by its top management (3.5)
3.8
objective
result to be achieved
Note 1 to entry: An objective can be strategic, tactical, or operational.
Note 2 to entry: Objectives can relate to different disciplines (such as financial, health and safety, and
environmental goals) and can apply at different levels [such as strategic, organization-wide, project, product and
process (3.12)].
Note 3 to entry: An objective can be expressed in other ways, e.g. as an intended outcome, a purpose, an
operational criterion, as an MSR objective, or by the use of other words with similar meaning (e.g. aim, goal, or
target).
Note 4 to entry: In the context of MSR, MSR objectives are set by the organization, consistent with the MSR policy,
to achieve specific results.
2 © ISO 2019 – All rights reserved

---------------------- Page: 9 ----------------------
ISO 30301:2019(E)

3.9
risk
effect of uncertainty
Note 1 to entry: An effect is a deviation from the expected — positive or negative.
Note 2 to entry: Uncertainty is the state, even partial, of deficiency of information related to, understanding or
knowledge of, an event, its consequence, or likelihood.
Note 3 to entry: Risk is often characterized by reference to potential “events” (as defined in ISO Guide 73:2009,
3.5.1.3) and “consequences” (as defined in ISO Guide 73:2009, 3.6.1.3), or a combination of these.
Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including
changes in circumstances) and the associated “likelihood” (as defined in ISO Guide 73:2009, 3.6.1.1) of occurrence.
3.10
competence
ability to apply knowledge and skills to achieve intended results
3.11
documented information
information required to be controlled and maintained by an organization (3.1) and the medium on
which it is contained
Note 1 to entry: Documented information can be in any format and media, and from any source.
Note 2 to entry: Documented information can refer to:
— the management system (3.4), including related processes (3.12);
— information created in order for the organization to operate (documentation);
— evidence of results achieved (records).
3.12
process
set of interrelated or interacting activities which transforms inputs into outputs
3.13
performance
measurable result
Note 1 to entry: Performance can relate either to quantitative or qualitative findings.
Note 2 to entry: Performance can relate to the management of activities, processes (3.12), products (including
services), systems or organizations (3.1).
3.14
outsource, verb
make an arrangement where an external organization (3.1) performs part of an organization’s function
or process (3.12)
Note 1 to entry: An external organization is outside the scope of the management system (3.4), although the
outsourced function or process is within the scope.
3.15
monitoring
determining the status of a system, a process (3.12) or an activity
Note 1 to entry: To determine the status, there may be a need to check, supervise or critically observe.
3.16
measurement
process (3.12) to determine a value
© ISO 2019 – All rights reserved 3

---------------------- Page: 10 ----------------------
ISO 30301:2019(E)

3.17
audit
systematic, independent and documented process (3.12) for obtaining audit evidence and evaluating it
objectively to determine the extent to which the audit criteria are fulfilled
Note 1 to entry: An audit can be an internal audit (first party) or an external audit (second party or third party),
and it can be a combined audit (combining two or more disciplines).
Note 2 to entry: An internal audit is conducted by the organization itself, or by an external party on its behalf.
Note 3 to entry: “Audit evidence” and “audit criteria” are defined in ISO 19011.
3.18
conformity
fulfilment of a requirement (3.3)
3.19
nonconformity
non-fulfilment of a requirement (3.3)
3.20
corrective action
action to eliminate the cause of a nonconformity (3.19) and to prevent recurrence
3.21
continual improvement
recurring activity to enhance performance (3.13)
4 Context of the organization
4.1 Understanding the organization and its context
4.1.1 General
The organization shall determine external and internal issues that are relevant to its purpose and that
affect its ability to achieve the intended outcome(s) of its MSR.
External issues in the organization's context may include, but is not limited to:
— the social and cultural, legal, regulatory, financial, technological, economic, natural and competitive
environment, whether international, national, regional or local;
— key drivers and trends which can have an impact on the objectives of the organization;
— relationships with, and perceptions, values and expectations of, external interested parties (see 4.2).
Internal issues in the organization's context may include, but is not limited to:
a) governance, organizational structure, roles and accountabilities;
b) policies, objectives and the strategies that are in place to achieve them;
c) capabilities, understood in terms of resources and knowledge (e.g. capital, time, people, processes,
systems and technologies);
d) information systems, information flows and decision-making processes (both formal and informal);
e) technological context, including technologies that are maintained solely by the organization, as
well as technologies used for collaboration with other parties;
4 © ISO 2019 – All rights reserved

---------------------- Page: 11 ----------------------
ISO 30301:2019(E)

f) relationships with, and perceptions and values of, internal interested parties and the organization's
culture;
g) standards, guidelines and models adopted by the organization;
h) the form and extent of contractual relationships.
4.1.2 Records requirements
The organization shall identify and document the business need for records in order to understand
what records should be created, captured and managed.
The organization shall identify, assess and document records requirements affecting its business
operations with which it shall comply and for which it requires evidence of compliance. These
requirements can be business, legal, regulatory or other requirements.
Business requirements include all the requirements for the performance of the operations or business
of the organization. Requirements arise from current business performance, future planning and
development, risk management and business continuity planning.
Legal requirements include requirements related to the creation, capture and management of records.
Sources of legal requirements are:
— statute and case law, including law and regulations governing the sector-specific and general
business environment;
— laws and regulations relating specifically to evidence, records and archives, access, privacy, data
and information protection, and electronic commerce;
— the constitutional rules of organizations, charters or agreements to which the organization is a party;
— treaties and other instruments the organization is legally bound to uphold.
Other requirements include non-legal voluntary commitments made by the organization:
a) voluntary codes of best practice;
b) voluntary codes of conduct and ethics.
4.2 Understanding the needs and expectations of interested parties
The organization shall determine:
— the interested parties that are relevant to the MSR;
— the requirements of these interested parties.
In relation to records, interested parties expect organizations to be accountable for their actions and
retain and make records available when needed. Requirements of the interested parties, may include,
but is not limited to:
a) identifiable expectations about what is acceptable behaviour for the specific sector or organization,
including good governance, the proper control of fraudulent or malicious behaviour and
transparency in decision making;
b) protection of involved agents or other interested parties’ rights and entitlements;
c) expectations that infor
...

NORME ISO
INTERNATIONALE 30301
Deuxième édition
2019-02
Information et documentation —
Systèmes de gestion des documents
d'activité — Exigences
Information and documentation — Management systems for records
— Requirements
Numéro de référence
ISO 30301:2019(F)
©
ISO 2019

---------------------- Page: 1 ----------------------
ISO 30301:2019(F)

DOCUMENT PROTÉGÉ PAR COPYRIGHT
© ISO 2019
Tous droits réservés. Sauf prescription différente ou nécessité dans le contexte de sa mise en œuvre, aucune partie de cette
publication ne peut être reproduite ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique,
y compris la photocopie, ou la diffusion sur l’internet ou sur un intranet, sans autorisation écrite préalable. Une autorisation peut
être demandée à l’ISO à l’adresse ci-après ou au comité membre de l’ISO dans le pays du demandeur.
ISO copyright office
Case postale 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Genève
Tél.: +41 22 749 01 11
Fax: +41 22 749 09 47
E-mail: copyright@iso.org
Web: www.iso.org
Publié en Suisse
ii © ISO 2019 – Tous droits réservés

---------------------- Page: 2 ----------------------
ISO 30301:2019(F)

Sommaire Page
Avant-propos .iv
Introduction .v
1 Domaine d'application . 1
2 Références normatives . 1
3 Termes et définitions . 1
4 Contexte de l'organisme. 4
4.1 Compréhension de l'organisme et de son contexte . 4
4.1.1 Généralités . 4
4.1.2 Exigences relatives aux documents d’activité . 5
4.2 Compréhension des besoins et attentes des parties intéressées . 6
4.3 Détermination du périmètre d'application du système de gestion des documents
d’activité . 6
4.4 Système de gestion des documents d’activité . 7
5 Leadership . 7
5.1 Leadership et engagement. 7
5.2 Politique . 7
5.3 Rôles, responsabilités et autorités au sein de l'organisme . 8
6 Planification . 8
6.1 Actions à mettre en œuvre face aux risques et opportunités . 8
6.2 Objectifs concernant les documents d'activité et planification des actions pour les
atteindre . 8
7 Support . 9
7.1 Ressources . 9
7.2 Compétences . 9
7.3 Sensibilisation .10
7.4 Communication .10
7.5 Informations documentées .10
7.5.1 Généralités .10
7.5.2 Création et mise à jour .10
7.5.3 Maîtrise des informations documentées .11
8 Réalisation des activités opérationnelles .11
8.1 Planification et contrôle opérationnels .11
8.2 Détermination des documents d’activité devant être créés .11
8.3 Conception et mise en œuvre des processus, de la maîtrise et des systèmes
documentaires .12
9 Évaluation des performances .12
9.1 Surveillance, mesure, analyse et évaluation .12
9.2 Audit interne .12
9.3 Revue de direction .13
10 Amélioration .13
10.1 Non-conformité et actions correctives .13
10.2 Amélioration continue .14
Annexe A (normative) Exigences opérationnelles relatives aux processus liés aux
documents d’activité, à la maîtrise et aux systèmes documentaires .15
Bibliographie .18
© ISO 2019 – Tous droits réservés iii

---------------------- Page: 3 ----------------------
ISO 30301:2019(F)

Avant-propos
L'ISO (Organisation internationale de normalisation) est une fédération mondiale d'organismes
nationaux de normalisation (comités membres de l'ISO). L'élaboration des Normes internationales est
en général confiée aux comités techniques de l'ISO. Chaque comité membre intéressé par une étude
a le droit de faire partie du comité technique créé à cet effet. Les organisations internationales,
gouvernementales et non gouvernementales, en liaison avec l'ISO participent également aux travaux.
L'ISO collabore étroitement avec la Commission électrotechnique internationale (IEC) en ce qui
concerne la normalisation électrotechnique.
Les procédures utilisées pour élaborer le présent document et celles destinées à sa mise à jour sont
décrites dans les Directives ISO/IEC, Partie 1. Il convient, en particulier, de prendre note des différents
critères d'approbation requis pour les différents types de documents ISO. Le présent document a été
rédigé conformément aux règles de rédaction données dans les Directives ISO/IEC, Partie 2 (voir www
.iso .org/directives).
L'attention est attirée sur le fait que certains des éléments du présent document peuvent faire l'objet de
droits de propriété intellectuelle ou de droits analogues. L'ISO ne saurait être tenue pour responsable
de ne pas avoir identifié de tels droits de propriété et averti de leur existence. Les détails concernant
les références aux droits de propriété intellectuelle ou autres droits analogues identifiés lors de
l'élaboration du document sont indiqués dans l'Introduction et/ou dans la liste des déclarations de
brevets reçues par l'ISO (voir www .iso .org/brevets).
Les appellations commerciales éventuellement mentionnées dans le présent document sont données
pour information, par souci de commodité, à l’intention des utilisateurs et ne sauraient constituer un
engagement.
Pour une explication de la nature volontaire des normes, la signification des termes et expressions
spécifiques de l'ISO liés à l'évaluation de la conformité, ou pour toute information au sujet de l'adhésion
de l'ISO aux principes de l’Organisation mondiale du commerce (OMC) concernant les obstacles
techniques au commerce (OTC), voir www .iso .org/avant -propos.
Le présent document a été élaboré par le comité technique ISO/TC 46, Information et documentation,
sous-comité SC 11, Archives/Gestion des documents d'activité.
Cette deuxième édition annule et remplace la première édition (ISO 30301:2011), qui a fait l’objet
d’une révision technique afin de se conformer pleinement au texte commun de la structure de niveau
supérieur (HLS) applicable à toutes les normes de système de management, et d’aligner les exigences
opérationnelles avec les lignes directrices de l’ISO 15489.
Les principales modifications par rapport à l’édition précédente sont les suivantes:
— ajout d’un nouveau paragraphe, 4.1.2 Exigences relatives aux documents d’activité;
— refonte des paragraphes 8.2 et 8.3;
— les exigences de l’Annexe A ont été renommées et reclassées. Les exigences numérotées A.1.1.1
et A.1.1.2 sont à présent incluses dans le paragraphe 8.2 et le paragraphe A.2.5.7 a été supprimé de
l’Annexe A.
L'ISO 30301 fait partie d'une famille de Normes internationales traitant des systèmes de gestion des
documents d’activité.
Une liste de toutes les parties de la série ISO 30300 se trouve sur le site de l’ISO.
Il convient que l’utilisateur adresse tout retour d’information ou toute question concernant le présent
document à l’organisme national de normalisation de son pays. Une liste exhaustive desdits organismes
se trouve à l’adresse www .iso .org/fr/members .html.
iv © ISO 2019 – Tous droits réservés

---------------------- Page: 4 ----------------------
ISO 30301:2019(F)

Introduction
0.1 Généralités
Le succès organisationnel dépend dans une large mesure de la mise en œuvre et de la maintenance
d'un système de management conçu dans l'optique d'une amélioration continue des performances tout
en répondant aux besoins de toutes les parties intéressées. Les systèmes de management offrent des
méthodologies pour prendre des décisions et gérer les ressources en vue d'atteindre les objectifs de
l'organisme.
La création et la gestion des documents d'activité font partie intégrante de toutes les activités, processus
et systèmes d'un organisme. Les documents d'activité contribuent à l’efficience, à la responsabilité, au
management du risque et à la continuité des activités. Ils permettent également aux organismes de tirer
profit de la valeur de leurs informations comme actifs stratégiques, tout en contribuant à la conservation
de la mémoire collective et en répondant aux défis de l'environnement mondial et numérique.
0.2 Système de management
Les normes de systèmes de management fournissent des outils à la direction pour développer une
approche systématique et vérifiable du contrôle organisationnel dans un environnement qui favorise
les bonnes pratiques opérationnelles.
Les normes relatives aux systèmes de gestion des documents d'activité sont conçues pour aider les
organismes de tous types et de toutes tailles, ou les groupements d'organismes partageant des activités
opérationnelles, à mettre en œuvre, exploiter et améliorer un système de gestion des documents
d'activité efficace (SGDA). Le SGDA oriente et assure la maîtrise des actions de l’organisme qui visent
à établir une politique et des objectifs de gestion des documents d'activité de façon à atteindre lesdits
objectifs, au moyen:
— de rôles et responsabilités définis;
— de processus systématiques;
— de mesures et d’évaluations;
— de revues et d’améliorations.
La mise en œuvre d'une politique et d'objectifs relatifs aux documents d'activité, solidement fondés sur
les exigences de l'organisme, assurera que des informations fiables et qui font autorité, concernant les
activités opérationnelles de l'organisme, ainsi que les preuves associées, sont créées, gérées et mises à
disposition de ceux qui en ont besoin, aussi longtemps que nécessaire. La mise en œuvre réussie de la
politique et des objectifs relatifs aux documents d'activité conduit à l’existence de systèmes de gestion
des documents d'activité et de documents d’activité adéquats.
La mise en œuvre d'un SGDA au sein d'un organisme garantit également la transparence et la traçabilité
des décisions prises pour un management responsable et la prise en compte de l’intérêt collectif.
0.3 Relation avec les autres normes relatives aux documents d'activité
Les normes relatives aux SGDA sont développées dans le cadre des normes de systèmes de management
afin d'être compatibles et de partager des éléments et une méthodologie avec d'autres normes de
systèmes de management. L’ISO 15489-1 et les autres Normes internationales et Rapports techniques
sont les principaux outils pour concevoir, mettre en œuvre, surveiller et améliorer les processus de
gestion des documents d'activité et leurs contrôles, ce qui permet d'agir dans le cadre de la gouvernance
du SGDA quand les organismes décident de déployer une méthodologie fondée sur une norme de
système de management.
NOTE L’ISO 15489 est la norme de base qui définit les bonnes pratiques en matière d'opérations de gestion
des documents d'activité.
© ISO 2019 – Tous droits réservés v

---------------------- Page: 5 ----------------------
ISO 30301:2019(F)

La structure des normes relatives au SGDA et les produits les mieux adaptés à la mise en œuvre de
processus de gestion des documents d'activité et leurs contrôles, les normes étant publiées ou en
préparation, sont indiqués à la Figure 1.
NOTE Les titres de certains produits et rapports techniques sont susceptibles de changer lorsqu’ils seront
révisés. Les titres indiqués dans la figure représentent le sujet ou le domaine, et ne sont pas les titres complets
officiels de normes et rapports techniques publiés. Une figure mise à jour avec de nouveaux produits est
disponible à l'adresse suivante: https: //committee .iso .org/home/tc46sc11.
Figure 1 — Normes relatives au SGDA et Normes internationales et Rapports techniques
associés
0.4 La famille de normes du SGDA
Cette famille de normes est destinée à être utilisée pour aider:
a) les dirigeants des organismes qui prennent des décisions pour établir et mettre en œuvre des
systèmes de management dans leur organisme;
b) les responsables de la mise en œuvre du SGDA, tels que les professionnels de la gestion des risques,
de l’audit, de la gestion des documents d’activité, des systèmes d’informations et de la sécurité de
l’information.
L’approche processus intégrée à un système de gestion des documents d’activité met l’accent sur:
— l’identification des exigences de l'organisme en matière de documents d’activité, y compris les
besoins et attentes des parties intéressées, et l’établissement d'une politique et d'objectifs de gestion
des documents d’activité;
— la mise en œuvre et l'application de contrôles afin de gérer les risques de l'organisme associés à ses
documents d’activité, dans le contexte des risques globaux liés à l'activité de l'organisme;
— la surveillance et la revue des performances et de l'efficacité du SGDA;
vi © ISO 2019 – Tous droits réservés

---------------------- Page: 6 ----------------------
ISO 30301:2019(F)

— l’amélioration continue sur la base de mesures objectives.
La Figure 2 représente la structure du présent document selon une approche processus.
Figure 2 — Structure du SGDA selon une approche processus
0.5 Relation et compatibilité avec les autres normes de système de management
Le présent document est conforme aux exigences des normes de système de management de l’ISO.
Ces exigences contiennent la structure de niveau supérieur, le texte de base identique, les termes et
définitions de base communs, conçus pour bénéficier aux utilisateurs mettant en œuvre plusieurs
normes ISO de système de management.
Le terme « information documentée » est un des termes de base des normes de système de management.
Les exigences relatives à une information documentée sont indiquées en 7.5 dans toutes les normes de
système de management. Outre le fait de constituer lui-même une norme de système de management, le
présent document peut aider les organismes à mettre en œuvre les exigences relatives aux informations
documentées d’autres systèmes de management. Pour toutes informations complémentaires, voir https:
//committee .iso .org/home/tc46sc11).
© ISO 2019 – Tous droits réservés vii

---------------------- Page: 7 ----------------------
NORME INTERNATIONALE ISO 30301:2019(F)
Information et documentation — Systèmes de gestion des
documents d'activité — Exigences
1 Domaine d'application
Le présent document spécifie les exigences relatives à un système de gestion des documents d'activité
(SGDA) visant à soutenir un organisme dans la réalisation de son mandat, de sa mission, de sa stratégie
et de ses objectifs. Il traite du développement et de la mise en œuvre d'une politique et de finalités
relatives aux documents d’activité et donne des informations sur le mesurage et la surveillance des
performances.
Un SGDA peut être établi par un organisme ou plusieurs organismes lorsque ceux-ci partagent des
activités. Tout au long du présent document, le terme « organisme » ne se limite pas à un seul organisme,
mais inclut également d'autres structures organisationnelles.
Le présent document s'applique à tout organisme souhaitant:
— établir, mettre en œuvre, tenir à jour et améliorer un SGDA venant en support de ses activités;
— s'assurer lui-même de la conformité à sa politique déclarée en matière de documents d'activité;
— démontrer sa conformité au présent document en:
a) réalisant une auto-évaluation et une auto-déclaration; ou
b) demandant une confirmation de son auto-déclaration par une partie externe à l’organisme; ou
c) demandant une certification de son SGDA par une partie externe.
2 Références normatives
Les documents suivants sont cités dans le texte de sorte qu’ils constituent, pour tout ou partie de leur
contenu, des exigences du présent document. Pour les références datées, seule l’édition citée s’applique.
Pour les références non datées, la dernière édition du document de référence s'applique (y compris les
éventuels amendements).
ISO 30300, Information et documentation — Systèmes de gestion des documents d'activité — Principes
essentiels et vocabulaire
3 Termes et définitions
Pour les besoins du présent document, les termes et définitions donnés dans l’ISO 30300 ainsi que les
suivants s’appliquent.
L'ISO et l'IEC tiennent à jour des bases de données terminologiques destinées à être utilisées en
normalisation, consultables aux adresses suivantes:
— ISO Online browsing platform: disponible à l'adresse https: //www .iso .org/obp
— IEC Electropedia: disponible à l'adresse http: //www .electropedia .org/
© ISO 2019 – Tous droits réservés 1

---------------------- Page: 8 ----------------------
ISO 30301:2019(F)

3.1
organisme
personne ou groupe de personnes ayant un rôle avec les responsabilités, l’autorité et les relations lui
permettant d’atteindre ses objectifs (3.8)
Note 1 à l'article: Le concept d’organisme englobe sans s'y limiter, les travailleurs indépendants, les compagnies,
les sociétés, les firmes, les entreprises, les administrations, les partenariats, les organisations caritatives ou les
institutions, ou bien une partie ou une combinaison des entités précédentes, à responsabilité limitée ou ayant un
autre statut, de droit public ou privé.
3.2
partie intéressée
partie prenante
personne ou organisme (3.1) qui peut soit influer sur une décision ou une activité, soit être influencée
ou s’estimer influencée par une décision ou une activité
3.3
exigence
besoin ou attente formulé généralement implicite ou obligatoire
Note 1 à l'article: « Généralement implicite » signifie qu’il est habituel ou courant, pour l’organisme et les parties
intéressées, que le besoin ou l’attente en question soit implicite.
Note 2 à l'article: Une exigence spécifiée est une exigence formulée, par exemple une information documentée.
3.4
système de management
ensemble d’éléments corrélés ou en interaction d’un organisme (3.1) utilisés pour établir des politiques
(3.7) et des objectifs (3.8), et des processus (3.12) de façon à atteindre lesdits objectifs
Note 1 à l'article: Un système de management peut traiter d'un seul ou de plusieurs domaines.
Note 2 à l'article: Les éléments du système comprennent la structure, les rôles et responsabilités, la planification
et le fonctionnement de l'organisme.
Note 3 à l'article: Le périmètre d’un système de management peut comprendre l’ensemble de l’organisme, des
fonctions ou des sections spécifiques et identifiées de l’organisme, ou une ou plusieurs fonctions dans un groupe
d’organismes.
3.5
direction
personne ou groupe de personnes qui oriente et dirige un organisme (3.1) au plus haut niveau
Note 1 à l'article: La direction a le pouvoir de déléguer son autorité et de fournir des ressources au sein de
l’organisme.
Note 2 à l'article: Si le périmètre du système de management (3.4) ne couvre qu'une partie de l’organisme, alors la
direction s'adresse à ceux qui orientent et dirigent cette partie de l’organisme.
3.6
efficacité
niveau de réalisation des activités planifiées et d'obtention des résultats escomptés
3.7
politique
intentions et orientations d’un organisme (3.1), telles qu’elles sont officiellement formulées par
sa direction (3.5)
3.8
objectif
résultat à atteindre
Note 1 à l'article: Un objectif peut être stratégique, tactique ou opérationnel.
2 © ISO 2019 – Tous droits réservés

---------------------- Page: 9 ----------------------
ISO 30301:2019(F)

Note 2 à l'article: Les objectifs peuvent se rapporter à différents domaines (tels que finance, santé, sécurité,
et environnement) et peuvent s’appliquer à divers niveaux [au niveau stratégique, à un niveau concernant
l'organisme dans son ensemble ou afférant à un projet, un produit ou un processus (3.12), par exemple].
Note 3 à l'article: Un objectif peut être exprimé de différentes manières, par exemple par un résultat escompté,
un besoin, un critère opérationnel, en tant qu’objectif de SGDA ou par l'utilisation d'autres termes ayant la même
signification (par exemple finalité, but ou cible).
Note 4 à l'article: Dans le contexte des SGDA, les objectifs du SGDA sont fixés par l’organisme, en cohérence avec
sa politique en matière de SGDA, en vue d’obtenir des résultats spécifiques.
3.9
risque
effet de l’incertitude
Note 1 à l'article: Un effet est un écart, positif ou négatif, par rapport à une attente.
Note 2 à l'article: L’incertitude est l’état, même partiel, de manque d’information qui entrave la compréhension ou
la connaissance d’un événement, de ses conséquences ou de sa vraisemblance.
Note 3 à l'article: Un risque est souvent caractérisé par référence à des événements potentiels (tels que définis
dans le Guide ISO 73:2009, 3.5.1.3) et à des conséquences également potentielles (telles que définies dans le
Guide ISO 73:2009, 3.6.1.3), ou par référence à une combinaison des deux.
Note 4 à l'article: Un risque est souvent exprimé en termes de combinaison des conséquences d’un événement (y
compris des changements de circonstances) et de la vraisemblance de son occurrence (telle que définie dans le
Guide ISO 73:2009, 3.6.1.1).
3.10
compétence
aptitude à mettre en œuvre des connaissances et des savoir-faire pour obtenir les résultats escomptés
3.11
information documentée
information devant être maîtrisée et tenue à jour par un organisme (3.1) ainsi que le support sur lequel
elle figure
Note 1 à l'article: Les informations documentées peuvent se présenter sous n'importe quel format et sur tous
supports et peuvent provenir de toute source.
Note 2 à l'article: Les informations documentées peuvent se rapporter:
— au système de management (3.4), y compris les processus (3.12) connexes;
— aux informations créées en vue du fonctionnement de l’organisme (documentation);
— aux preuves des résultats obtenus (enregistrements) ou documents d’activité
3.12
processus
ensemble d'activités corrélées ou en interaction qui transforme des éléments d'entrée en éléments
de sortie
3.13
performance
résultat mesurable
Note 1 à l'article: Les performances peuvent être liées à des résultats quantitatifs ou qualitatifs.
Note 2 à l'article: Les performances peuvent concerner le management d’activités, de processus (3.12), de produits
(y compris de services), de systèmes ou d’organismes (3.1).
© ISO 2019 – Tous droits réservés 3

---------------------- Page: 10 ----------------------
ISO 30301:2019(F)

3.14
externaliser
passer un accord selon lequel un organisme (3.1) externe assure une partie de la fonction, ou met en
œuvre une partie du processus (3.12) d'un organisme
Note 1 à l'article: L’organisme externe n’est pas inclus dans le périmètre du système de management (3.4),
contrairement à la fonction ou au processus externalisé qui en font partie intégrante.
3.15
surveillance
détermination de l’état d'un système, d'un processus (3.12) ou d’une activité
Note 1 à l'article: Pour déterminer cet état, il peut être nécessaire de vérifier, de superviser ou d'observer d'un
point de vue critique.
3.16
mesure
processus (3.12) visant à déterminer une valeur
3.17
audit
processus (3.12) méthodique, indépendant et documenté, permettant d'obtenir des preuves d'audit et de
les évaluer de manière objective pour déterminer dans quelle mesure les critères d'audit sont satisfaits
Note 1 à l'article: Un audit peut être interne (de première partie) ou externe (de seconde ou tierce partie), et il
peut être combiné (s’il associe deux domaines ou plus).
Note 2 à l'article: Un audit interne est réalisé par l'organisme lui-même ou par une partie externe pour le compte
de celui-ci.
Note 3 à l'article: Les termes « preuves d’audit » et « critères d’audit » sont définis dans l’ISO 19011.
3.18
conformité
satisfaction d'une exigence (3.3)
3.19
non-conformité
non-satisfaction d'une exigence (3.3)
3.20
action corrective
action visant à éliminer la cause d'une non-conformité (3.19) et à éviter qu’elle ne réapparaisse
3.21
amélioration continue
activité récurrente menée pour améliorer les performances (3.13)
4 Contexte de l'organisme
4.1 Compréhension de l'organisme et de son contexte
4.1.1 Généralités
L’organisme doit déterminer les enjeux externes et internes pertinents par rapport à sa finalité, et qui
influent sur sa capacité à atteindre le ou les résultats at
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.