SIST-TS ISO/TS 7538:2025
(Main)Functional requirements for disposition of records
Functional requirements for disposition of records
This document identifies the purpose and benefits of disposition and provides organizations with guidance about how to manage disposition-related processes. In particular, it:
— specifies responsibilities for records disposition processes;
— provides guidance on the key areas against which records disposition processes can be assessed;
— provides requirements and guidance for those implementing disposition processes; and
— provides guidance on how to integrate records disposition processes into an organization’s operations.
Exigences fonctionnelles pour le sort final des documents d'activité
Funkcionalne zahteve za razporejanje zapisov
Ta dokument opredeljuje namen in prednosti razporejanja ter zagotavlja smernice za organizacije o upravljanju postopka, povezanega z razporejanjem. Zlasti: – določa odgovornosti za postopke razporejanja zapisov; – podaja smernice o ključnih področjih glede na katera je mogoče oceniti postopke razporejanja zapisov; – podaja zahteve in smernice za osebe, ki izvajajo postopke razporejanja; ter – podaja smernice v zvezi s tem, kako vključiti postopke razporejanja zapisov v dejavnosti organizacije.
General Information
Overview
ISO/TS 7538:2024 - Functional requirements for disposition of records - provides practical guidance for managing the end-of-life of records. It defines the purpose and benefits of records disposition and sets out responsibilities, governance and process requirements to ensure records are retained, transferred, preserved or destroyed in a controlled, lawful and auditable way. The technical specification emphasizes integration of disposition into business operations and “disposition by design” during system and process development.
Key topics and technical requirements
- Scope and purpose: Clarifies why disposition is essential for records management, compliance, risk reduction, cost control and preservation of corporate memory.
- Responsibilities and governance: Requires top management (or delegated authority) to authorize and be accountable for disposition decisions and establishes governance for disposition authorities.
- Disposition policies and authorities: Guidance on creating, reviewing and updating disposition authorities (including retention schedules and triggers).
- Disposition processes: Requirements for documenting processes, implementing disposition actions (destruction, transfer, retention), and recording that actions were completed.
- Exceptional circumstances: Rules for disposition holds, disposition after exceptional events, and managing legal or regulatory interruptions to routine disposition.
- Principles: Emphasizes legality, authority, accountability, informed decision-making, justification, planning, timeliness, security, by-design implementation and sustainability.
- Performance evaluation: Monitoring, measurement, analysis and continual improvement of disposition processes.
- Practical challenges: Informative annex identifying common challenges and mitigation approaches.
Applications and who should use it
ISO/TS 7538:2024 is intended for organizations that manage records across physical and digital environments. Primary users include:
- Records managers and archivists - for developing disposition authorities and retention schedules.
- Information governance and compliance teams - to meet legal and evidentiary obligations.
- Risk managers and privacy officers - to reduce exposure from unnecessary data retention.
- IT architects and software suppliers - to design records systems that support disposition by design.
- Senior management and legal counsels - to establish governance, authorization and accountability for disposition.
Practical benefits include cost reduction (storage and legacy infrastructure), improved search and operational efficiency, legal compliance, reduced security/privacy risks, and preservation of historically valuable records.
Related standards
ISO/TS 7538:2024 references and aligns with key records and risk standards:
- ISO 15489-1 (Records management - Concepts and principles)
- ISO 30300 / ISO 30301 (Records management system and core concepts)
- ISO 16175-1 (Functional requirements for records software)
- ISO 18128 (Records risk assessment)
- ISO 31000 (Risk management)
- ISO/TR 21946 (Appraisal guidance)
Using ISO/TS 7538:2024 helps organizations implement consistent, auditable records disposition processes that integrate with wider records management and information governance programs.
Frequently Asked Questions
SIST-TS ISO/TS 7538:2025 is a technical specification published by the Slovenian Institute for Standardization (SIST). Its full title is "Functional requirements for disposition of records". This standard covers: This document identifies the purpose and benefits of disposition and provides organizations with guidance about how to manage disposition-related processes. In particular, it: — specifies responsibilities for records disposition processes; — provides guidance on the key areas against which records disposition processes can be assessed; — provides requirements and guidance for those implementing disposition processes; and — provides guidance on how to integrate records disposition processes into an organization’s operations.
This document identifies the purpose and benefits of disposition and provides organizations with guidance about how to manage disposition-related processes. In particular, it: — specifies responsibilities for records disposition processes; — provides guidance on the key areas against which records disposition processes can be assessed; — provides requirements and guidance for those implementing disposition processes; and — provides guidance on how to integrate records disposition processes into an organization’s operations.
SIST-TS ISO/TS 7538:2025 is classified under the following ICS (International Classification for Standards) categories: 01.140.20 - Information sciences. The ICS classification helps identify the subject area and facilitates finding related standards.
You can purchase SIST-TS ISO/TS 7538:2025 directly from iTeh Standards. The document is available in PDF format and is delivered instantly after payment. Add the standard to your cart and complete the secure checkout process. iTeh Standards is an authorized distributor of SIST standards.
Standards Content (Sample)
SLOVENSKI STANDARD
01-junij-2025
Funkcionalne zahteve za razporejanje zapisov
Functional requirements for disposition of records
Exigences fonctionnelles pour le sort final des documents d'activité
Ta slovenski standard je istoveten z: ISO/TS 7538:2024
ICS:
01.140.20 Informacijske vede Information sciences
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
Technical
Specification
ISO/TS 7538
First edition
Functional requirements for
2024-08
disposition of records
Exigences fonctionnelles pour le sort final des documents
d'activité
Reference number
© ISO 2024
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Purpose and benefits . 2
5 Principles . 2
6 Disposition requirements . 3
6.1 General .3
6.2 Governance of disposition .3
6.2.1 General .3
6.2.2 Authorization of disposition .3
6.2.3 Reviewing and updating disposition authorities .4
6.3 Disposition policies .5
6.4 Disposition processes .5
6.4.1 General .5
6.4.2 Processes .5
6.4.3 Documenting disposition . . .6
6.4.4 Disposition actions .6
6.5 Exceptional circumstances and their implications for disposition .8
6.5.1 General .8
6.5.2 Disposition due to exceptional events.8
6.5.3 Disposition holds .8
7 Performance evaluation and improvement . 9
7.1 General .9
7.2 Monitoring, measurement, analysis and evaluation . .9
Annex A (informative) Disposition challenges . 10
Bibliography . 14
iii
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out through
ISO technical committees. Each member body interested in a subject for which a technical committee
has been established has the right to be represented on that committee. International organizations,
governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely
with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of ISO document should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
ISO draws attention to the possibility that the implementation of this document may involve the use of (a)
patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed patent
rights in respect thereof. As of the date of publication of this document, ISO had not received notice of (a)
patent(s) which may be required to implement this document. However, implementers are cautioned that
this may not represent the latest information, which may be obtained from the patent database available at
www.iso.org/patents. ISO shall not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 46, Information and documentation,
Subcommittee SC 11, Archives/records management.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
iv
Introduction
Disposition is an integral part of records management and allows organizations to reduce storage costs and
save unnecessary time and expense managing records that are no longer required. Proper disposition also
helps to ensure compliance, reduce risks, and preserve corporate and societal memory.
Disposition is the “range of records processes associated with implementing records retention, destruction
or transfer decisions which are documented in disposition authorities or other instruments”. Disposition
can be implemented:
a) on the receipt or creation of a record;
b) when the status of a record changes;
c) when records no longer have any administrative, legislative, historical, or cultural value; or
d) for long term preservation and archival purposes.
As set out in ISO 15489-1, taking a managed and documented approach to the disposition of records is
an important aspect of the efficient and accountable management of records, and is part of a structured
approach to records management.
Such an approach is normally considered during appraisal, subsequent retention schedule development, and
records systems design. In best practice, disposition is part of business activities, rather than an ad hoc
activity, and is done regularly according to records requirements.
Planning for, and having efficient and authorized systems and processes in place to guide disposition
supports accountability, efficiency, and good governance, while ensuring that records are controlled in an
appropriate manner for a range of purposes.
This document assumes that requirements related to the disposition of records are identified during
appraisal, as described in ISO/TR 21946.
Appraisal is the process of analysing and evaluating business functions and processes, business context,
and risk to determine records requirements. Results of the appraisal can be used in disposition decisions.
Appraisal decisions should be implemented through processes documented in disposition authorities or
other instruments.
This document is not intended to give guidance on how the appraisal process is designed, implemented, or
undertaken. Guidance on appraisal can be found in ISO/TR 21946.
Implementing a disposition authority involves carrying out the disposition actions identified through the
appraisal process. It is a process that includes:
— reviewing whether it is permitted for records to be disposed of;
— undertaking the disposition action;
— documenting that the disposition has taken place.
Disposition actions are usually undertaken on a regular and routine basis. However, some disposition actions
can require a one-off or ad hoc process. For example, when a record is sold to a third party for commercial
purposes or when an organizational function is transferred to another agency. In these circumstances, the
implementation of disposition is appropriate to the disposition action and risk management considerations.
This document also supports organizations in implementing disposition by design, which involves analysing
disposition requirements and implementing measures at early stages of the design and development of
products, processes, systems or services that involve handling records.
v
Technical Specification ISO/TS 7538:2024(en)
Functional requirements for disposition of records
1 Scope
This document identifies the purpose and benefits of disposition and provides organizations with guidance
about how to manage disposition-related processes. In particular, it:
— specifies responsibilities for records disposition processes;
— provides guidance on the key areas against which records disposition processes can be assessed;
— provides requirements and guidance for those implementing disposition processes; and
— provides guidance on how to integrate records disposition processes into an organization’s operations.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
ISO 15489-1, Information and documentation — Records management — Part 1: Concepts and principles
ISO 18128, Information and documentation — Records risks — Risk assessment for records management
ISO 16175-1:2020, Information and documentation — Processes and functional requirements for software for
managing records — Part 1: Functional requirements and associated guidance for any applications that manage
digital records
ISO 30300, Information and documentation — Records management — Core concepts and vocabulary
ISO 31000, Risk management — Guidelines
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 30300 and the following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
disposition action
action taken to dispose of a record in response to the applicable disposition authority
Note 1 to entry: individual entry in the disposition authority usually includes a disposition action along with a
retention period and an event from which the disposal date should be calculated.
3.2
disposition trigger
event that triggers the start of the retention period or the execution of the disposition action
4 Purpose and benefits
Disposition supports effective business, compliance and mitigation of security and privacy risks. Examples
of benefits of disposition are listed below.
From a business point of view:
— cost reduction, workload reduction, release of resources and storage (including cloud);
— reduction of the cost of supporting legacy infrastructure;
— enhancement of operating efficiency (e.g. search efficiency);
— elimination of health hazards (e.g. mould or pest infestation); and
— management of corporate data, information, records, and knowledge (including rearrangement,
archiving).
From a societal point of view:
— preservation of memory and knowledge of permanent value; and
— reduction of the environmental impact of storage and management to support action on climate change.
From a legal point of view:
— compliance (e.g. with archival law, privacy laws); and
— enhancement of legal and evidentiary value of digital copies by disposing of paper-based originals, after
following the guidelines for digitization of records as described in ISO/TR 13028
From a risk management point of view:
— reduction of the risk of security incidents, such as disclosure of sensitive and confidential information; and
— reduction of the risks to the business that can occur when records retention is not managed in accordance
with business requirements.
Disposition benefits should be considered along with the relevant costs and risks.
5 Principles
The organization shall comply with the following principles when performing disposition:
— legality: decisions about disposition of records are based on applicable legal requirements;
— authority: disposition of records shall be authorized by top management or delegate;
— accountability: top management shall be accountable for the disposition of records for which they are
responsible;
— informed decision making: disposition actions shall be based on an informed decision-making process;
— justification: disposition actions and retention periods for the records shall be justified;
— planning: disposition of records shall be planned and undertaken according to any existing external and
internal requirements and integrated into the organization's business processes and programs;
— timeliness: records shall be disposed of in a timely manner;
— security: disposition of records shall be undertaken using a secure method so that the content is protected
and is not inadvertently released or lost;
— by design: disposition of records shall be considered from the first stages of systems and processes
design; and
— sustainability: disposition of records shall be undertaken in accordance with sustainability requirements.
6 Disposition requirements
6.1 General
Disposition is an integral part of records management. Organizations shall consider decisions about
disposition throughout the records management process. The development of disposition authorities,
including retention schedules, and determination of whether records should be destroyed at the end of their
life-cycle or transferred to another entity are informed by the results of the appraisal process. Consideration
of disposition processes can also help prevent the imposition of legal or regulatory sanctions.
It is important to recognize disposition as a part of good records management processes, controls, and
systems. Effective disposition requires records to be managed in accordance with ISO 15489-1. Disposition
is part of a management system for records as described in ISO 30301.
Records systems and processes shall be designed to support disposition.
In cases where records are created within a business system, incorporating disposition by design as an
integral component of systems architecture is particularly important. This integration enables the efficient
and effective disposition of records when the time is right. By integrating disposition considerations during
the design phase, organizations can ensure the appropriate management and disposition of records in
compliance with legal and operational requirements.
When the records system and process are designed, it is important to consider data, information, and/or
records disposition issues from the early stages of their development. Such an approach follows the principle
of disposition by design, and covers:
— the disposition-related functionality in systems;
— the defining and assigning tasks and responsibilities as part of disposition processes; and
— the information architecture of the solutions (e.g. database structures).
Implementing disposition by design means adhering to the following principles:
— integrating disposition requirements into the design of systems and processes; and
— proactive implementation of disposition measures to anticipate risks and prevent negative events.
6.2 Governance of disposition
6.2.1 General
Regular and routine disposition begins with a records management framework, including procedures for
the creation and classification of records, and is supported by appropriate technical and personnel support.
Staff undertaking disposition shall have an appropriate knowledge of the value of the records and the
organizational policies and procedures relevant to the disposition activities that they carry out.
It is important that disposition is appropriately authorized.
6.2.2 Authorization of disposition
Disposition authorities are instruments that define and prescribe the disposition actions for different
record groups or classes. They support organizational accountability by providing evidence of decisions and
justification of actions, in the event that they are challenged.
Disposition authorities shall be based on the analysis of the legal, regulatory, policy, business, and societal
requirements that impact different record types. This means that the level of detail shall match the nature of
the records being disposed of and the contingent risks. The decision makers shall be confident that there is
no legitimate operational, legal or audit need for the organization to retain the records. This means that the
nature of the records being disposed of shall determine the appropriate level of organizational authorization.
For example, disposition of ephemeral or facilitative records may be authorized by an organizational
policy and implemented by the records’ creator. Disposition of core operational records, however, shall be
documented with the appropriate detail, and then approved by an appropriate person(s) who can ensure
that there is no legitimate operational, legal or audit need for the records to be further retained.
Disposition authorities should be concise and easy to understand and use.
In public organizations, disposition authorities can be authorized by an external archive authority or
regulator. However, private organizations can also develop disposition authorities based on their own
business needs and regulatory requirements.
The development of disposition authorities is described in ISO 15489-1.
Disposition shall be undertaken as set out in authorised disposition authorities. Some disposition authorities
can cover the whole organization where others can represent different functions or parts of the organization.
Care shall be taken to ensure that all relevant disposition authorities are taken into account (and reconciled
where appropriate) in the framework of an organisation’s disposition program. This is particularly so in
organizations that operate across multiple jurisdictions.
It is also possible that some records are covered by several disposition authorities or parts of disposition
authorities. In such cases, they shall be retained until the longest retention period elapses.
From a records management point of view, an entry in a disposition authority typically defines:
— the records covered;
— the status of a record;
— relevant legislative and regulatory references;
— references to other relevant disposition authorities;
— the disposition trigger initiating the retention period;
— retention periods;
— disposition actions;
— due diligence (see 6.4.2); and
— roles and responsibilities for managing the disposition.
6.2.3 Reviewing and updating disposition authorities
Context changes can affect records management requirements in ways that require a revision of the original
appraisal decision or the application of a disposition authority. These can include:
— ongoing business needs;
— the need to retain records for foreseeable, pending, or actual legal action or investigations;
— changes to legislative or regulatory requirements;
— administrative changes affecting an organization’s functions or business activities; and
— changes in societal expectations for the disposition of records.
It is important that the organization regularly reviews and, when necessary, updates disposition authorities
so that they are aligned with their current environment. Superseded versions of disposition authorities shall
be retained to demonstrate the legality and consistency of past disposition actions.
6.3 Disposition policies
Disposition shall be supported by policies stating the organization’s commitment to a compliant, equitable
and efficient approach. The policy shall also clearly define relevant responsibilities and identify relevant
stakeholders. Documenting disposition policies supports organizational accountability by providing
evidence of recognition and response to organizational change. This enables organizations to defend their
disposition decisions and actions if challenged.
Organizations shall document disposition policies and consider the following:
— the legislative framework under which it operates;
— the interests of relevant stakeholders, including other organizations;
— how the organization manages its records in relation to its functions; and
— the level of documentation that is required to be
...
Technical
Specification
ISO/TS 7538
First edition
Functional requirements for
2024-08
disposition of records
Exigences fonctionnelles pour le sort final des documents
d'activité
Reference number
© ISO 2024
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Purpose and benefits . 2
5 Principles . 2
6 Disposition requirements . 3
6.1 General .3
6.2 Governance of disposition .3
6.2.1 General .3
6.2.2 Authorization of disposition .3
6.2.3 Reviewing and updating disposition authorities .4
6.3 Disposition policies .5
6.4 Disposition processes .5
6.4.1 General .5
6.4.2 Processes .5
6.4.3 Documenting disposition . . .6
6.4.4 Disposition actions .6
6.5 Exceptional circumstances and their implications for disposition .8
6.5.1 General .8
6.5.2 Disposition due to exceptional events.8
6.5.3 Disposition holds .8
7 Performance evaluation and improvement . 9
7.1 General .9
7.2 Monitoring, measurement, analysis and evaluation . .9
Annex A (informative) Disposition challenges . 10
Bibliography . 14
iii
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out through
ISO technical committees. Each member body interested in a subject for which a technical committee
has been established has the right to be represented on that committee. International organizations,
governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely
with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of ISO document should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
ISO draws attention to the possibility that the implementation of this document may involve the use of (a)
patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed patent
rights in respect thereof. As of the date of publication of this document, ISO had not received notice of (a)
patent(s) which may be required to implement this document. However, implementers are cautioned that
this may not represent the latest information, which may be obtained from the patent database available at
www.iso.org/patents. ISO shall not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 46, Information and documentation,
Subcommittee SC 11, Archives/records management.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
iv
Introduction
Disposition is an integral part of records management and allows organizations to reduce storage costs and
save unnecessary time and expense managing records that are no longer required. Proper disposition also
helps to ensure compliance, reduce risks, and preserve corporate and societal memory.
Disposition is the “range of records processes associated with implementing records retention, destruction
or transfer decisions which are documented in disposition authorities or other instruments”. Disposition
can be implemented:
a) on the receipt or creation of a record;
b) when the status of a record changes;
c) when records no longer have any administrative, legislative, historical, or cultural value; or
d) for long term preservation and archival purposes.
As set out in ISO 15489-1, taking a managed and documented approach to the disposition of records is
an important aspect of the efficient and accountable management of records, and is part of a structured
approach to records management.
Such an approach is normally considered during appraisal, subsequent retention schedule development, and
records systems design. In best practice, disposition is part of business activities, rather than an ad hoc
activity, and is done regularly according to records requirements.
Planning for, and having efficient and authorized systems and processes in place to guide disposition
supports accountability, efficiency, and good governance, while ensuring that records are controlled in an
appropriate manner for a range of purposes.
This document assumes that requirements related to the disposition of records are identified during
appraisal, as described in ISO/TR 21946.
Appraisal is the process of analysing and evaluating business functions and processes, business context,
and risk to determine records requirements. Results of the appraisal can be used in disposition decisions.
Appraisal decisions should be implemented through processes documented in disposition authorities or
other instruments.
This document is not intended to give guidance on how the appraisal process is designed, implemented, or
undertaken. Guidance on appraisal can be found in ISO/TR 21946.
Implementing a disposition authority involves carrying out the disposition actions identified through the
appraisal process. It is a process that includes:
— reviewing whether it is permitted for records to be disposed of;
— undertaking the disposition action;
— documenting that the disposition has taken place.
Disposition actions are usually undertaken on a regular and routine basis. However, some disposition actions
can require a one-off or ad hoc process. For example, when a record is sold to a third party for commercial
purposes or when an organizational function is transferred to another agency. In these circumstances, the
implementation of disposition is appropriate to the disposition action and risk management considerations.
This document also supports organizations in implementing disposition by design, which involves analysing
disposition requirements and implementing measures at early stages of the design and development of
products, processes, systems or services that involve handling records.
v
Technical Specification ISO/TS 7538:2024(en)
Functional requirements for disposition of records
1 Scope
This document identifies the purpose and benefits of disposition and provides organizations with guidance
about how to manage disposition-related processes. In particular, it:
— specifies responsibilities for records disposition processes;
— provides guidance on the key areas against which records disposition processes can be assessed;
— provides requirements and guidance for those implementing disposition processes; and
— provides guidance on how to integrate records disposition processes into an organization’s operations.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
ISO 15489-1, Information and documentation — Records management — Part 1: Concepts and principles
ISO 18128, Information and documentation — Records risks — Risk assessment for records management
ISO 16175-1:2020, Information and documentation — Processes and functional requirements for software for
managing records — Part 1: Functional requirements and associated guidance for any applications that manage
digital records
ISO 30300, Information and documentation — Records management — Core concepts and vocabulary
ISO 31000, Risk management — Guidelines
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 30300 and the following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
disposition action
action taken to dispose of a record in response to the applicable disposition authority
Note 1 to entry: individual entry in the disposition authority usually includes a disposition action along with a
retention period and an event from which the disposal date should be calculated.
3.2
disposition trigger
event that triggers the start of the retention period or the execution of the disposition action
4 Purpose and benefits
Disposition supports effective business, compliance and mitigation of security and privacy risks. Examples
of benefits of disposition are listed below.
From a business point of view:
— cost reduction, workload reduction, release of resources and storage (including cloud);
— reduction of the cost of supporting legacy infrastructure;
— enhancement of operating efficiency (e.g. search efficiency);
— elimination of health hazards (e.g. mould or pest infestation); and
— management of corporate data, information, records, and knowledge (including rearrangement,
archiving).
From a societal point of view:
— preservation of memory and knowledge of permanent value; and
— reduction of the environmental impact of storage and management to support action on climate change.
From a legal point of view:
— compliance (e.g. with archival law, privacy laws); and
— enhancement of legal and evidentiary value of digital copies by disposing of paper-based originals, after
following the guidelines for digitization of records as described in ISO/TR 13028
From a risk management point of view:
— reduction of the risk of security incidents, such as disclosure of sensitive and confidential information; and
— reduction of the risks to the business that can occur when records retention is not managed in accordance
with business requirements.
Disposition benefits should be considered along with the relevant costs and risks.
5 Principles
The organization shall comply with the following principles when performing disposition:
— legality: decisions about disposition of records are based on applicable legal requirements;
— authority: disposition of records shall be authorized by top management or delegate;
— accountability: top management shall be accountable for the disposition of records for which they are
responsible;
— informed decision making: disposition actions shall be based on an informed decision-making process;
— justification: disposition actions and retention periods for the records shall be justified;
— planning: disposition of records shall be planned and undertaken according to any existing external and
internal requirements and integrated into the organization's business processes and programs;
— timeliness: records shall be disposed of in a timely manner;
— security: disposition of records shall be undertaken using a secure method so that the content is protected
and is not inadvertently released or lost;
— by design: disposition of records shall be considered from the first stages of systems and processes
design; and
— sustainability: disposition of records shall be undertaken in accordance with sustainability requirements.
6 Disposition requirements
6.1 General
Disposition is an integral part of records management. Organizations shall consider decisions about
disposition throughout the records management process. The development of disposition authorities,
including retention schedules, and determination of whether records should be destroyed at the end of their
life-cycle or transferred to another entity are informed by the results of the appraisal process. Consideration
of disposition processes can also help prevent the imposition of legal or regulatory sanctions.
It is important to recognize disposition as a part of good records management processes, controls, and
systems. Effective disposition requires records to be managed in accordance with ISO 15489-1. Disposition
is part of a management system for records as described in ISO 30301.
Records systems and processes shall be designed to support disposition.
In cases where records are created within a business system, incorporating disposition by design as an
integral component of systems architecture is particularly important. This integration enables the efficient
and effective disposition of records when the time is right. By integrating disposition considerations during
the design phase, organizations can ensure the appropriate management and disposition of records in
compliance with legal and operational requirements.
When the records system and process are designed, it is important to consider data, information, and/or
records disposition issues from the early stages of their development. Such an approach follows the principle
of disposition by design, and covers:
— the disposition-related functionality in systems;
— the defining and assigning tasks and responsibilities as part of disposition processes; and
— the information architecture of the solutions (e.g. database structures).
Implementing disposition by design means adhering to the following principles:
— integrating disposition requirements into the design of systems and processes; and
— proactive implementation of disposition measures to anticipate risks and prevent negative events.
6.2 Governance of disposition
6.2.1 General
Regular and routine disposition begins with a records management framework, including procedures for
the creation and classification of records, and is supported by appropriate technical and personnel support.
Staff undertaking disposition shall have an appropriate knowledge of the value of the records and the
organizational policies and procedures relevant to the disposition activities that they carry out.
It is important that disposition is appropriately authorized.
6.2.2 Authorization of disposition
Disposition authorities are instruments that define and prescribe the disposition actions for different
record groups or classes. They support organizational accountability by providing evidence of decisions and
justification of actions, in the event that they are challenged.
Disposition authorities shall be based on the analysis of the legal, regulatory, policy, business, and societal
requirements that impact different record types. This means that the level of detail shall match the nature of
the records being disposed of and the contingent risks. The decision makers shall be confident that there is
no legitimate operational, legal or audit need for the organization to retain the records. This means that the
nature of the records being disposed of shall determine the appropriate level of organizational authorization.
For example, disposition of ephemeral or facilitative records may be authorized by an organizational
policy and implemented by the records’ creator. Disposition of core operational records, however, shall be
documented with the appropriate detail, and then approved by an appropriate person(s) who can ensure
that there is no legitimate operational, legal or audit need for the records to be further retained.
Disposition authorities should be concise and easy to understand and use.
In public organizations, disposition authorities can be authorized by an external archive authority or
regulator. However, private organizations can also develop disposition authorities based on their own
business needs and regulatory requirements.
The development of disposition authorities is described in ISO 15489-1.
Disposition shall be undertaken as set out in authorised disposition authorities. Some disposition authorities
can cover the whole organization where others can represent different functions or parts of the organization.
Care shall be taken to ensure that all relevant disposition authorities are taken into account (and reconciled
where appropriate) in the framework of an organisation’s disposition program. This is particularly so in
organizations that operate across multiple jurisdictions.
It is also possible that some records are covered by several disposition authorities or parts of disposition
authorities. In such cases, they shall be retained until the longest retention period elapses.
From a records management point of view, an entry in a disposition authority typically defines:
— the records covered;
— the status of a record;
— relevant legislative and regulatory references;
— references to other relevant disposition authorities;
— the disposition trigger initiating the retention period;
— retention periods;
— disposition actions;
— due diligence (see 6.4.2); and
— roles and responsibilities for managing the disposition.
6.2.3 Reviewing and updating disposition authorities
Context changes can affect records management requirements in ways that require a revision of the original
appraisal decision or the application of a disposition authority. These can include:
— ongoing business needs;
— the need to retain records for foreseeable, pending, or actual legal action or investigations;
— changes to legislative or regulatory requirements;
— administrative changes affecting an organization’s functions or business activities; and
— changes in societal expectations for the disposition of records.
It is important that the organization regularly reviews and, when necessary, updates disposition authorities
so that they are aligned with their current environment. Superseded versions of disposition authorities shall
be retained to demonstrate the legality and consistency of past disposition actions.
6.3 Disposition policies
Disposition shall be supported by policies stating the organization’s commitment to a compliant, equitable
and efficient approach. The policy shall also clearly define relevant responsibilities and identify relevant
stakeholders. Documenting disposition policies supports organizational accountability by providing
evidence of recognition and response to organizational change. This enables organizations to defend their
disposition decisions and actions if challenged.
Organizations shall document disposition policies and consider the following:
— the legislative framework under which it operates;
— the interests of relevant stakeholders, including other organizations;
— how the organization manages its records in relation to its functions; and
— the level of documentation that is required to be created or maintained.
The policies shall be reassessed in the event of substantial contextual changes.
This recommendation shall be understood and implemented in line with routine business practices and
available resources. This means that the level of detail in the policies shall reflect the nature of the records
being disposed of and the contingent risks.
6.4 Disposition processes
6.4.1 General
All aspects of disposition
...
Die Standardisierungsspezifikation SIST-TS ISO/TS 7538:2025 behandelt die funktionalen Anforderungen für die Entsorgung von Aufzeichnungen und bietet eine umfassende Grundlage für Organisationen, die ihre Aufzeichnungs- und Entsorgungsprozesse optimieren möchten. Der Umfang dieses Dokuments ist klar auf die Identifizierung der Zwecke und Vorteile der Entsorgung ausgerichtet, was es zu einem unverzichtbaren Werkzeug für die effiziente Verwaltung von Aufzeichnungen macht. Ein wesentliches Merkmal dieser Norm ist die klare Spezifizierung von Verantwortlichkeiten im Zusammenhang mit den Entsorgungsprozessen von Aufzeichnungen. Dies fördert nicht nur die Rechenschaftspflicht innerhalb der Organisation, sondern hilft auch, den gesamten Prozess der Aufzeichnung und Entsorgung zu rationalisieren. Die genaue Anleitung zu den wichtigsten Bereichen, anhand derer die Entsorgungsprozesse bewertet werden können, stellt sicher, dass Organisationen den Stand ihrer Praktiken bewerten und gegebenenfalls Anpassungen vornehmen können. Zudem bietet die Norm Anforderungen und hilfreiche Richtlinien für diejenigen, die Entsorgungsprozesse implementieren möchten. Dies macht sie besonders nützlich für neu gegründete Organisationen sowie für etablierte Unternehmen, die ihre Verfahren aktualisieren oder anpassen wollen. Die detaillierte Anleitung zur Integration der Entsorgungsprozesse in die Betriebsabläufe einer Organisation betont die Notwendigkeit, die Aufzeichnungen nicht isoliert zu betrachten, sondern als integralen Bestandteil des gesamten Geschäftsprozesses. Die Relevanz von SIST-TS ISO/TS 7538:2025 kann nicht überbewertet werden. In einer Zeit, in der Datenmanagement immer wichtiger wird, bietet dieser Standard eine solide Grundlage, die Organisationen nicht nur dabei unterstützt, gesetzliche Anforderungen zu erfüllen, sondern auch die Effizienz ihrer Betriebsabläufe zu steigern. Die Möglichkeit, die Entsorgungsprozesse ordnungsgemäß zu verwalten, ist ein entscheidender Faktor für die Informationssicherheit und das Risikomanagement in Unternehmen. Insgesamt stellt die Norm eine wesentliche Ressource dar, die Organisationen dabei hilft, ihre Aufzeichnungs- und Entsorgungsprozesse zu strukturieren und zu optimieren, was zu einer verbesserten Compliance und einer effizienteren Verwaltung von Informationen führt.
SIST-TS ISO/TS 7538:2025 문서는 기록 처리의 기능적 요구사항을 명시하고 있으며, 이는 조직이 기록의 폐기 과정들을 효과적으로 관리하는 데 있어 매우 중요한 지침을 제공합니다. 이 표준은 기록 폐기의 목적과 이점을 명확히 하여, 다양한 조직들이 효과적인 폐기 프로세스를 구현하는 데 필요한 로드맵을 제공합니다. 첫 번째로, 이 표준은 기록 폐기 프로세스에 대한 책임을 명확히 지정하고 있습니다. 이는 각 조직이 누가 어떤 역할을 맡아야 하는지를 분명히 하여, 책임성과 투명성을 높이는 데 기여합니다. 이러한 명확성은 또한 조직 내에서 기록 관리의 표준화를 촉진합니다. 두 번째로, 기록 폐기 프로세스가 평가될 수 있는 주요 영역에 대한 지침을 제공합니다. 이를 통해 조직들은 자신들의 폐기 프로세스가 어디에서 부족한지 점검하고 개선할 수 있는 기회를 가지게 됩니다. 이는 궁극적으로 기록 관리의 질을 향상시키는 데 앞장섭니다. 세 번째로, 기록 폐기 프로세스를 실행하는 이들을 위한 요구사항과 지침을 포함하고 있어, 실제로 업무에 적용하기 위한 실질적인 안내를 제공합니다. 이로 인해 조직 구성원들이 기준에 맞춰 정확하게 폐기 프로세스를 수행할 수 있도록 지원합니다. 마지막으로, 시스템 표준은 기록 폐기 프로세스를 조직의 운영에 통합하는 방법에 대한 지침을 마련하여, 이러한 과정을 일상적인 업무 활동으로 자연스럽게 아우를 수 있도록 도와줍니다. 이 통합은 조직의 효율성을 극대화하며, 기록 관리의 지속 가능성을 확보하는 데 중요한 역할을 합니다. SIST-TS ISO/TS 7538:2025는 조직의 기록 관리 체계에서 반드시 갖추어야 할 필수적인 표준으로, 폐기 과정을 관리하는 데 필요한 모든 요소를 종합적으로 포함하고 있습니다. 이를 통해 효율적이고 효과적인 기록 관리가 이루어질 수 있도록 하는 것이 이 문서의 가장 큰 강점이자 중요성입니다.
The SIST-TS ISO/TS 7538:2025 standard delivers a comprehensive framework focused on the functional requirements for the disposition of records. Its primary purpose is to highlight the importance and advantages of effective records disposition, which is critical for organizations aiming to manage their information lifecycle efficiently. One of the significant strengths of this standard is its clear specification of responsibilities associated with records disposition processes. By defining these roles, organizations can ensure accountability and streamline the execution of disposition tasks, leading to enhanced compliance and reduced risks related to information governance. Furthermore, the standard provides valuable guidance on key areas against which records disposition processes can be assessed. This evaluative framework enables organizations to benchmark their practices against industry standards and continually improve their processes. This assessment capability reinforces the usefulness of the standard in guiding organizations towards best practices in records management. Another noteworthy feature of the SIST-TS ISO/TS 7538:2025 is the detailed requirements and guidance it offers for those responsible for implementing disposition processes. By equipping professionals with actionable insights, the standard facilitates the effective execution of these processes, thereby contributing to an organization’s overall efficiency and effectiveness. Lastly, the integration guidance provided within this standard is particularly relevant. By recommending strategies for incorporating records disposition processes into an organization’s operations, the standard supports a holistic approach to information management that acknowledges the interconnectedness of records lifecycle management within organizational structures. Overall, the SIST-TS ISO/TS 7538:2025 stands out as a pivotal resource for organizations seeking to optimize their records disposition practices, ensuring that they adhere to best practices while streamlining their information management processes.
La norme SIST-TS ISO/TS 7538:2025 constitue un cadre essentiel pour les organisations souhaitant optimiser la gestion des processus de disposition des enregistrements. Son champ d'application est clairement défini, en soulignant non seulement l'importance de la disposition, mais également les avantages associés à une mise en œuvre efficace. Cette norme se distingue par sa capacité à préciser les responsabilités inhérentes aux processus de disposition des enregistrements, ce qui est fondamental pour assurer une gestion sans faille au sein des organisations. L'un des points forts de cette norme est son approche pratique, fournissant des directives claires sur les domaines clés qui permettent d'évaluer les processus de disposition des enregistrements. En offrant des critères d'évaluation, la norme permet aux organisations de mesurer leur conformité et d'identifier des pistes d'amélioration. Cela renforce la pertinence de la norme dans le contexte actuel où la gestion documentaire et la conformité réglementaire sont primordiales. De plus, la norme fournit des exigences essentielles et des conseils pratiques pour ceux qui mettent en œuvre les processus de disposition. Cela garantit que les équipes chargées de la gestion des enregistrements disposent d'une base solide sur laquelle fonder leurs actions. L’intégration des processus de disposition des enregistrements dans les opérations d’une organisation est également un aspect crucial abordé par cette norme. Elle encourage une approche systémique qui aligne la gestion documentaire avec les objectifs stratégiques de l'organisation. En définitive, la SIST-TS ISO/TS 7538:2025 est un outil précieux pour toute institution cherchant à améliorer son efficacité opérationnelle tout en respectant les exigences de conformité. Sa structure détaillée et ses recommandations pratiques en font un standard indéniablement pertinent pour la gestion de la disposition des enregistrements.
SIST-TS ISO/TS 7538:2025は、記録の処理に関する機能的要件を定めた標準です。本標準は、記録の処理の目的と利点を明確にし、組織が処理関連プロセスを管理するためのガイダンスを提供します。 この標準の範囲には、記録の処理プロセスに対する責任の明記が含まれており、各組織が自らのプロセスをどのように評価すべきかを示す主要な領域に関する指針も提供されています。記録の処理を実施するための要件やガイダンスが明確に設定されているため、企業はこの標準を用いることで、より一層効果的に記録管理を行うことができます。 さらに、記録の処理プロセスを組織の運営に統合する方法についても具体的なガイダンスが示されています。この点は、データ管理のプロセスを効率化し、組織全体の業務プロセスと調和させるために重要です。 したがって、SIST-TS ISO/TS 7538:2025は、組織が記録管理を適切に行うための基盤を提供する、非常に重要かつ有用な標準です。記録の処理における明確な指針と要件を示すことにより、企業は法的および業務上のリスクを低減し、より円滑な業務運営を実現することができます。
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.
Loading comments...