SIST-TP ISO/TR 21965:2019
(Main)Information and documentation -- Records management in enterprise architecture
Information and documentation -- Records management in enterprise architecture
The document creates a common language that embeds records management concerns and
requirements into enterprise architecture with the twin goals of building consensus
— among records managers, enterprise architects and solution architects, and
— across the domains of records management, enterprise architecture and solution architecture.
NOTE This common understanding of Records Management enables Enterprise Architects to understand the
motivations, concerns and goals of Records Managers, recognize them as influential key business stakeholders
during organizational transformation, and use this understanding to influence systems planning and design. As a
result, Records Management becomes an organizational capability at governance, strategic and operational levels.
This document provides a records management viewpoint, with architecture principles and
corresponding architectural views of records. It explains records management for enterprise
architects and other related professionals, so that they can achieve the competency needed to support
collaborative initiatives.
This document provides support to enterprise architects in areas including:
— understanding and identifying records management principles, goals and requirements significant
for the architectural representation,
— facilitating consultations with records managers during the project lifecycle,
— identifying opportunities to reuse existing records management analyses and tools.
This document provides scenarios and models for solution architects and those who have responsibility
for infrastructure overview.
This document also provides a common language to records managers for collaboration with enterprise
architects to position records management requirements in the architecture development process.
Information et documentation -- Gestion des documents d'activité dans les architectures (des systemes d'information) d'entreprise
Ce document cr�e un langage commun qui int�gre les sujets d'int�r�t et les exigences en mati�re de gestion des documents d'activit� dans l'architecture (des syst�mes d'information) d'entreprise avec le double objectif de faire na�tre un consensus:
— entre les responsables de la gestion de documents d'activit�, les architectes (des syst�mes d'information) d'entreprise et les architectes de solutions; et
— � travers les domaines de la gestion des documents d'activit�, de l'architecture d'entreprise et de l'architecture de solutions.
NOTE Cette compr�hension commune de la gestion des documents d'activit� permet aux architectes d'entreprise de comprendre les motivations, les sujets d'int�r�t et les objectifs des responsables de la gestion de documents d'activit�, de les reconna�tre comme des intervenants op�rationnels cl�s influents pendant la transformation organisationnelle et d'utiliser cette compr�hension pour influencer la planification et la conception des syst�mes. Ainsi la gestion des documents d'activit� devient une capacit� organisationnelle au niveau de la gouvernance, de la strat�gie et des op�rations.
Le pr�sent document pr�sente un point de vue sur la gestion des documents d'activit�, avec les principes d'architecture et les vues architecturales correspondantes des documents d'activit�. Il explique la gestion des documents d'activit� pour les architectes d'entreprise et autres professionnels connexes, afin qu'ils puissent acqu�rir les comp�tences n�cessaires pour soutenir les initiatives de collaboration.
Le pr�sent document fournit un soutien aux architectes d'entreprise dans les domaines suivants:
— comprendre et d�terminer les principes, les objectifs et les exigences en mati�re de gestion des documents d'activit� qui sont importants pour la repr�sentation architecturale;
— faciliter les consultations avec les responsables de la gestion de documents d'activit� pendant le cycle de vie du projet;
— d�terminer les possibilit�s de r�utiliser les analyses et les outils de gestion des documents d'activit� existants.
Le pr�sent document fournit des sc�narios et des mod�les destin�s aux architectes de solutions et � ceux qui ont la responsabilit� de la vue d'ensemble de l'infrastructure.
Le pr�sent document fournit �galement un langage commun qui permettra aux responsables de la gestion de documents d'activit� de collaborer avec les architectes d'entreprise afin de positionner les exigences relatives � la gestion des documents d'activit� dans le processus de d�veloppement de l'architecture.
Informatika in dokumentacija - Upravljanje zapisov v arhitekturi podjetja
Dokument ustvarja skupni jezik, ki v arhitekturo podjetja vpeljuje vprašanja in zahteve glede upravljanja zapisov z dvojnimi cilji doseganja soglasja:
– med upravitelji zapisov, planerji in načrtovalci rešitev, ter
– po področjih upravljanja zapisov, arhitekture podjetja in arhitekture rešitev.
OPOMBA: To skupno razumevanje upravljanja zapisov planerjem v podjetju omogoča, da razumejo vzgibe, pomisleke in cilje upraviteljev zapisov, da planerji vedo, da so upravitelji zapisov pomembni poslovni deležniki v preobrazbi organizacije, ter da ta spoznanja upoštevajo pri načrtovanju in oblikovanju sistemov. Posledično upravljanje zapisov postane organizacijska zmožnost na vodstveni, strateški in operativni ravni.
Ta dokument vključuje stališče do upravljanja zapisov, načela arhitekture in
ustrezne arhitekturne poglede na zapise. Pojasnjuje upravljanje zapisov, namenjeno planerjem
v podjetjih in drugim strokovnjakom, da lahko pridobijo kompetence, potrebne za podporo pobudam sodelovanja.
Ta dokument zagotavlja podporo planerjem pri:
– razumevanju in prepoznavanju načel, ciljev ter zahtev za upravljanje zapisov, pomembnih za arhitekturo podjetja,
– lažjem dogovarjanju z upravitelji zapisov v življenjskem ciklu projekta,
– prepoznavanju priložnosti za ponovno uporabo obstoječih analiz in orodij za upravljanje zapisov.
Ta dokument vsebuje scenarije in modele za načrtovalce rešitev ter tiste, ki so odgovorni za infrastrukturo.
Dokument opredeljuje tudi skupni jezik za komunikacijo med upravitelji zapisov in planerji, da upoštevajo zahteve za upravljanje zapisov in jih vključijo v proces razvoja arhitekture.
General Information
Buy Standard
Standards Content (Sample)
SLOVENSKI STANDARD
SIST-TP ISO/TR 21965:2019
01-oktober-2019
Informatika in dokumentacija - Upravljanje zapisov v arhitekturi podjetja
Information and documentation -- Records management in enterprise architecture
Information et documentation -- Gestion des documents d'activité dans les architectures
(des systemes d'information) d'entreprise
Ta slovenski standard je istoveten z: ISO/TR 21965:2019
ICS:
01.140.20 Informacijske vede Information sciences
03.100.01 Organizacija in vodenje Company organization and
podjetja na splošno management in general
SIST-TP ISO/TR 21965:2019 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
---------------------- Page: 1 ----------------------
SIST-TP ISO/TR 21965:2019
---------------------- Page: 2 ----------------------
SIST-TP ISO/TR 21965:2019
TECHNICAL ISO/TR
REPORT 21965
First edition
2019-03
Information and documentation —
Records management in enterprise
architecture
Information et documentation — Gestion des documents d'activité
dans les architectures (des systemes d'information) d'entreprise
Reference number
ISO/TR 21965:2019(E)
©
ISO 2019
---------------------- Page: 3 ----------------------
SIST-TP ISO/TR 21965:2019
ISO/TR 21965:2019(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2019
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2019 – All rights reserved
---------------------- Page: 4 ----------------------
SIST-TP ISO/TR 21965:2019
ISO/TR 21965:2019(E)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Records management viewpoint purpose and content overview . 7
4.1 Records management viewpoint purpose . 7
4.2 Records management viewpoint and the ADM. 8
5 View: Records management business context and stakeholders . 8
5.1 Records management in the business context . 8
5.2 Records management stakeholders . 9
6 View: Records management information .11
7 View: Records management motivation — Goals .12
8 View: Records management motivation — Capability .13
9 View: Records business management motivation — Architecture principles .14
9.1 General .14
9.2 Records management architecture principles .17
10 View: Records management reference application scenarios .21
11 View: Records management strategy and implementation .23
12 Records management and the Architecture Development Method .24
12.1 General .24
12.2 Areas of concern for records management within enterprise architecture .25
12.3 Records management objectives by method phase .26
Annex A (informative) Relationships to ISO records management standards .28
Annex B (informative) Alignment of records management principles to ISO records
management standard .29
Annex C (informative) Alignment with the TOGAF ADM Phase .33
Annex D (informative) Other relevant ISO standards and international references .44
Annex E (informative) Summary of ArchiMate 3.0 concepts and notation .46
Annex F (informative) Archi — ArchiMate modelling tool .47
Bibliography .48
© ISO 2019 – All rights reserved iii
---------------------- Page: 5 ----------------------
SIST-TP ISO/TR 21965:2019
ISO/TR 21965:2019(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso
.org/iso/foreword .html.
This document was prepared by Technical Committee ISO/TC 46, Information and documentation,
Subcommittee SC 11, Archives/records management.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/members .html.
iv © ISO 2019 – All rights reserved
---------------------- Page: 6 ----------------------
SIST-TP ISO/TR 21965:2019
ISO/TR 21965:2019(E)
Introduction
General
A record is information created, received and maintained as evidence and as an asset by an organization
or person, in pursuit of legal obligations or in the transaction of business. Records management is
the field of management responsible for the efficient and systematic control of records, and thus the
primary source for the definition of the main principles and requirements for the records management
capability.
Enterprise architects work with stakeholders, both leaders and subject matter experts, to develop and
maintain a holistic view of the organization's strategy, processes, information assets, and information
technology. The role of the enterprise architect is to take this knowledge and ensure that the business
and IT are in alignment. The enterprise architect links the business mission, strategy and processes of
an organization to its information and technology strategy. Enterprise architects document this using
multiple architectural models or views that show how the current and future needs of an organization
will be met in an efficient, sustainable, agile, and adaptable manner.
The concept of records as information assets is consistent with the definition in ISO 15489-1:2016
of “information created, received and maintained as evidence and as an asset by an organization or
person, in pursuit of legal obligations or in the transaction of business”. Consistent good practice in the
management of the information assets of a business is most important, regardless of the broader or
narrower interpretation of the terms “record” and “records management”, and concepts of “business
record”, “evidence”, “information asset”, “legal obligations”, and “transaction” in an organization or
business.
The purpose of this document is to provide a common reference for records managers (or information
managers in general) and enterprise architects about requirements for records processes and systems.
The goal is to establish the records manager as a key stakeholder in enterprise architecture, which
supports embedding records management:
— into the strategic goals, enabling it as an organizational capability for consideration for governance,
risk and compliance;
— into the enterprise architecture requirements, to influence systems analysis, design, planning, and
change management.
Enterprise architects are highly influential in the creation of organization-wide business requirements
and in solution architectures. Enterprise architects create and maintain enterprise architecture
representations, usually comprised of multiple models or views that show how the current and future
needs of an organization will be met in an efficient, sustainable, agile, and adaptable manner. Records
requirements, principles and models can be stated in ways that can be readily incorporated into these
enterprise architecture representations to embed records processes and systems into normal business
practice and into solutions to be designed. Incorporating recordkeeping requirements into system
analysis and design will help enterprise architects link systems to recordkeeping control tools, and
thus resolve issues such as the efficient and systematic control of the creation, receipt, maintenance,
use and disposition of records. In that sense, this document has the following objectives:
a) Explaining the core concepts and records management principles to enterprise architects;
b) Explaining the core concerns of records management as an enterprise architecture viewpoint;
c) Explaining the alignment of the records management viewpoint and enterprise architecture
methods.
The records management viewpoint expressed here makes use of the concepts of “concerns” and “system
of concerns” defined in ISO/IEC/IEEE 42010, and of the concepts of “stakeholders”, “viewpoint, “view” and
“model” as also defined coherently in that standard and in the main enterprise architecture references
of The Open Group Architecture Framework (TOGAF) and ArchiMate. With reference to ArchiMate,
the main scope of this viewpoint is the motivational aspect and the layers strategy and business, with
© ISO 2019 – All rights reserved v
---------------------- Page: 7 ----------------------
SIST-TP ISO/TR 21965:2019
ISO/TR 21965:2019(E)
minor considerations for the layers of application and implementation. TOGAF is used to inform how this
records management viewpoint relates to the Architecture Development Method (ADM).
NOTE For an explanation of ArchiMate diagram conventions, see Annex A.
Motivation
Since enterprise architecture often drives decisions about investment in information systems, it is
important that records management requirements can be aligned with enterprise architecture. This
ensures that enterprise architects can understand the business value realized through managed
records.
System designers can then consider building in records management capabilities by design. This
requires the expression of records management concerns in a way that is useful for representation in
architecture descriptions.
Motivations for the development of this document include the need to improve the following situations:
— Lack of understanding in many organizations that the information created and received as part of
their business activities are in fact records and therefore should be managed not only as records but
also as enterprise assets,
— Information is of growing importance as an organisational asset on its own right. New sensor
technology, big data phenomena, open data and linked data practices, etc., require efficient control
over derived information and its uses (e.g. machine learning applications, decision aid processes,
etc.), and therefore demand adequate Records Management,
— Lack of managing records not only as records but also as enterprise assets results in records
management often being de-scoped or “deferred” during systems analysis and design, shifting
architectural debt to the end of life of system’s decommissioning (end of life of a system), This
deferment can result in uncertainty and lack of fundamental knowledge in the moment of the
decommissioning, implying high risks for the business and costly corrective efforts,
— Lack of embedding records management capability in the design of systems that create and receive
records, resulting in: unmanageable records; needed authoritative information not available to the
organization; increased risk of exposure of the organization to risks (such as compliance risks) and
a loss of efficiency (such as for discovery tasks),
— Cost of re-engineering an enterprise solution designs due to compliance risks.
Understanding records management concerns within an enterprise architecture context can minimize
some of the following typical challenges:
— Reliance on manual interventions in the management of records, described:
— By Enterprise Architects as “create, describe, store, maintain and dispose of records”,
— By Records Managers as “creation, capture and management of records”.
— Records not created within, or persistently linked to, the business context (see Figure 1),
— Exposure to risks and compliance issues due to:
— Systems not designed to preserve the integrity of records, for example, not preventing
unauthorized changes to content and metadata, or with inadequate activity monitoring,
— Systems not able to destroy records when those records are due for destruction,
— Systems not designed to prevent the destruction of records that are scheduled for retention,
— Systems not recording the disposition of records,
vi © ISO 2019 – All rights reserved
---------------------- Page: 8 ----------------------
SIST-TP ISO/TR 21965:2019
ISO/TR 21965:2019(E)
— Systems with limitations for decommissioning properly, because it isn’t possible to apply
disposition rules to poorly described content or because the system lacks disposition capabilities,
— Migrations that damage the integrity of records (content, context, rendering), are compromised
through poorly designed migration processes,
— Systems unable to appropriately discover or view or retrieve records,
— Systems unable to prevent inappropriate disclosure of records, nor to publish appropriate as
open data due to inadequate metadata,
— Inability to transfer control of archival records to archival authorities.
— Overhead cost of maintaining unmanaged records indefinitely,
— Loss of reputation and legal risks associated with lack of evidence or lack of integrity of evidence.
Structure of this document
This document is organized into four main groupings:
— Clauses 1 to 3 provide the context overview, including Introduction, Scope, Normative references,
and Terms and definitions.
— Clauses 4 to 11 set out the Records Management Viewpoint in the scenarios of “Business”, “Motivation”,
“Information”, “Strategy”, “Implementation” and “Reference Application”.
— Clause 12 — Records Management and the Architecture Development Method — provides guidelines
for the consideration of Records Management concerns during an Enterprise Architecture process,
[1]
considering the ADM, as proposed by TOGAF 9 .
— Annexes supporting Clauses 4 to 12.
© ISO 2019 – All rights reserved vii
---------------------- Page: 9 ----------------------
SIST-TP ISO/TR 21965:2019
---------------------- Page: 10 ----------------------
SIST-TP ISO/TR 21965:2019
TECHNICAL REPORT ISO/TR 21965:2019(E)
Information and documentation — Records management
in enterprise architecture
1 Scope
The document creates a common language that embeds records management concerns and
requirements into enterprise architecture with the twin goals of building consensus
— among records managers, enterprise architects and solution architects, and
— across the domains of records management, enterprise architecture and solution architecture.
NOTE This common understanding of Records Management enables Enterprise Architects to understand the
motivations, concerns and goals of Records Managers, recognize them as influential key business stakeholders
during organizational transformation, and use this understanding to influence systems planning and design. As a
result, Records Management becomes an organizational capability at governance, strategic and operational levels.
This document provides a records management viewpoint, with architecture principles and
corresponding architectural views of records. It explains records management for enterprise
architects and other related professionals, so that they can achieve the competency needed to support
collaborative initiatives.
This document provides support to enterprise architects in areas including:
— understanding and identifying records management principles, goals and requirements significant
for the architectural representation,
— facilitating consultations with records managers during the project lifecycle,
— identifying opportunities to reuse existing records management analyses and tools.
This document provides scenarios and models for solution architects and those who have responsibility
for infrastructure overview.
This document also provides a common language to records managers for collaboration with enterprise
architects to position records management requirements in the architecture development process.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https: //www .iso .org/obp
— IEC Electropedia: available at http: //www .electropedia .org/
© ISO 2019 – All rights reserved 1
---------------------- Page: 11 ----------------------
SIST-TP ISO/TR 21965:2019
ISO/TR 21965:2019(E)
3.1 General
3.1.1
access
right, opportunity, means of finding, using or retrieving information
[SOURCE: ISO 15489-1:2016, 3.1]
3.1.2
activity
major task performed by a business entity as part of a function
[SOURCE: ISO 15489-1:2016, 3.2]
3.1.3
appraisal
evaluation of business activities to determine which records need to be created and captured, and how,
and how long, the records need to be kept
Note 1 to entry: In some records and archives management traditions, appraisal is solely used as an instrument
to identify retention requirements or to create a disposition authority. The concept of appraisal as defined here is
meant to be used in a broader way.
[SOURCE: ISO TR 21946: 2018, Introduction]
3.1.4
architecture
fundamental concepts or properties of a system in its environment embodied in its elements,
relationships, and in the principles of its design and evolution
[SOURCE: ISO/IEC/IEEE 42010:2011, 3.2]
3.1.5
asset
anything that has value to the organization
Note 1 to entry: There can be many types of assets, including:
a) information (such as documents and databases);
b) software, such as a computer program;
c) physical, such as a computer;
d) services (meaning capabilities to deliver something);
e) people, and their qualifications, skills, and experience; and
f) intangibles, such as reputation and image.
[SOURCE: ISO/IEC 27000:2009, 2.3]
3.1.6
authoritative record
records, regardless of form or structure, are authoritative evidence of business when they possess the
characteristics of authenticity, reliability, integrity and usability
[SOURCE: ISO 15489-1:2016, 5.2.2.]
2 © ISO 2019 – All rights reserved
---------------------- Page: 12 ----------------------
SIST-TP ISO/TR 21965:2019
ISO/TR 21965:2019(E)
3.1.7
classification
systematic identification and/or arrangement of business activities and/or records into categories
according to logically structured conventions, methods, and procedural rules
[SOURCE: ISO 15489-1:2016, 3.5]
3.1.8
system of concern
interest in a system relevant to one or more of its stakeholders (3.1.22)
Note 1 to entry: A concern pertains to any influence on a system in its environment, including developmental,
technological, business, operational, organizational, political, economic, legal, regulatory, ecological and social
influences.
[SOURCE: ISO 42010:2011, 3.7]
3.1.9
context of the organization
combination of internal and external issues that can have an effect on an organization’s approach to
developing and achieving its objectives
Note 1 to entry: The organization’s objectives can be related to its products and services, investments and
behaviour towards its interested parties.
Note 2 to entry: The concept of context of the organization is equally applicable to not-for-profit or public service
organizations as it is to those seeking profits.
Note 3 to entry: In English, this concept is often referred to by other terms such as “business environment”,
“organizational environment” or “ecosystem of an organization”.
Note 4 to entry: Understanding the infrastructure can help to define the context of the organization.
Note 5 to entry: An encapsulation of data that is recognized by a business domain expert as representing a
conceptual thing relevant for the domain model of that business (instances of information entities can become
information assets).
[SOURCE: ISO 9000:2015, 3.2.2, modified — Notes 1 to 5 to entry have been added.]
3.1.10
disposition
range of processes associated with implementing records retention, destruction or transfer
decisions, which are documented in disposition authorities or other instruments
[SOURCE: ISO 15489-1:2016, 3.8]
3.1.11
evidence
documentation of a transaction
Note 1 to entry: Proof of a business transaction which can be shown to have been created in the normal course of
business activity and which is inviolate and complete. Not limited to the legal sense of the term.
[SOURCE: ISO 15489-1:2016, 3.10, modified]
3.1.12
function
group of activities that fulfils the major responsibilities for achieving the strategic goals of a
business entity
[SOURCE: ISO 15489-1:2016, 3.11]
© ISO 2019 – All rights reserved 3
---------------------- Page: 13 ----------------------
SIST-TP ISO/TR 21965:2019
ISO/TR 21965:2019(E)
3.1.13
management system
set of interrelated or interacting elements of an organization to establish policies and objectives, and
processes to achieve those objectives
Note 1 to entry: A management system can address a single discipline or several disciplines, e.g. quality
management, financial management or environmental management.
Note 2 to entry: The management system elements establish the organization’s structure, roles and
responsibilities, planning, operation, policies, practices, rules, beliefs, objectives and processes to achieve those
objectives.
Note 3 to entry: The scope of a management system can include the whole of the organization, specific and
identified functions of the organization, specific and identified sections of the organization, or one or more
functions across a group of organizations.
Note 4 to entry: This constitutes one of the common terms and core definitions for ISO management system
standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1. The original
definition has been modified by modifying Notes 1 to 3 to entry.
[SOURCE: ISO 9000:2015, 3.5.3]
3.1.14
metadata for records
structured or semi-structured information, which enables the creation, management, and use of
records through time and within and across domains
[SOURCE: ISO 15489-1:2016, 3.12]
3.1.15
metadata schema
logical plan showing the relationships between metadata elements, normally through establishing
rules for the use and management of metadata specifically about the semantics, the syntax and the
optionality (obligation level) of values
[SOURCE: ISO 23081-1:2017, 3.10]
3.1.16
migration
process of moving records from one Records Management service to another service
maintaining all the characteristics of these records
Note 1 to entry: See also definitions of this concept in ISO 30300:2011, 3.3.8 and ISO 15489-1:2016, 3.13.
3.1.17
model kind
conventions for a type of modelling
Note 1 to entry: Examples of model kinds include data flow diagrams, class diagrams, Petri nets, balance sheets,
organization charts and state transition models.
[SOURCE: ISO 42010:2011, 3.9]
3.1.18
record(s)
information created, received and maintained as evidence and as an asset (3.1.5) by an organization or
person, in pursuit of legal obligations or in the transaction of business
Note 1 to entry: The viewpoint defined in this document is intended to be useful in any enterprise architecture
scenario, and intended to prevent conflicting meanings in multiple viewpoints. The term used in the ArchiMate
modelling of this viewpoint is “business record”. In this document the term “business record” has the same
definition as the established definition for “record” in the records management domain.
4 © ISO 2019 – All rights reserved
---------------------- Page: 14 ----------------------
SIST-TP ISO/TR 21965:2019
ISO/TR 21965:2019(E)
[SOURCE: ISO 15489-1:2016, 3.14]
3.1.19
records management
field of management responsible for the efficient and systematic control of the creation, receipt,
maintenance, use and disposition (3.1.10) of records, including processes for capturing and maintaining
evidence of and information about business activities and transactions in the form of records
[SOURCE: ISO 15489-1:2016, 3.15]
3.1.20
records management capability
capability of realizing the records management (3.1.19) goals
3.1.21
records system
information system which captures, manages and provides access (3.1.1) to records (3.1.18) through time
Note 1 to entry: In the context of records management, “system” means a business system that is responsible for
automating business activities and transactions.
[SOURCE: ISO 15489-1:2016, 3.16, modified —In the definition, the word “over” has been replaced by
“through” and Note 1 to entry has been replaced.]
3.1.22
stakeholder
individual, team, organization, or classes thereof, having an interest in a system
Note 1 to entry: Different stakeholders with different roles will have different concerns
[SOURCE: ISO 42010:2011 3.10]
3.
...
TECHNICAL ISO/TR
REPORT 21965
First edition
2019-03
Information and documentation —
Records management in enterprise
architecture
Information et documentation — Gestion des documents d'activité
dans les architectures (des systemes d'information) d'entreprise
Reference number
ISO/TR 21965:2019(E)
©
ISO 2019
---------------------- Page: 1 ----------------------
ISO/TR 21965:2019(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2019
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2019 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/TR 21965:2019(E)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Records management viewpoint purpose and content overview . 7
4.1 Records management viewpoint purpose . 7
4.2 Records management viewpoint and the ADM. 8
5 View: Records management business context and stakeholders . 8
5.1 Records management in the business context . 8
5.2 Records management stakeholders . 9
6 View: Records management information .11
7 View: Records management motivation — Goals .12
8 View: Records management motivation — Capability .13
9 View: Records business management motivation — Architecture principles .14
9.1 General .14
9.2 Records management architecture principles .17
10 View: Records management reference application scenarios .21
11 View: Records management strategy and implementation .23
12 Records management and the Architecture Development Method .24
12.1 General .24
12.2 Areas of concern for records management within enterprise architecture .25
12.3 Records management objectives by method phase .26
Annex A (informative) Relationships to ISO records management standards .28
Annex B (informative) Alignment of records management principles to ISO records
management standard .29
Annex C (informative) Alignment with the TOGAF ADM Phase .33
Annex D (informative) Other relevant ISO standards and international references .44
Annex E (informative) Summary of ArchiMate 3.0 concepts and notation .46
Annex F (informative) Archi — ArchiMate modelling tool .47
Bibliography .48
© ISO 2019 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/TR 21965:2019(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso
.org/iso/foreword .html.
This document was prepared by Technical Committee ISO/TC 46, Information and documentation,
Subcommittee SC 11, Archives/records management.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/members .html.
iv © ISO 2019 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/TR 21965:2019(E)
Introduction
General
A record is information created, received and maintained as evidence and as an asset by an organization
or person, in pursuit of legal obligations or in the transaction of business. Records management is
the field of management responsible for the efficient and systematic control of records, and thus the
primary source for the definition of the main principles and requirements for the records management
capability.
Enterprise architects work with stakeholders, both leaders and subject matter experts, to develop and
maintain a holistic view of the organization's strategy, processes, information assets, and information
technology. The role of the enterprise architect is to take this knowledge and ensure that the business
and IT are in alignment. The enterprise architect links the business mission, strategy and processes of
an organization to its information and technology strategy. Enterprise architects document this using
multiple architectural models or views that show how the current and future needs of an organization
will be met in an efficient, sustainable, agile, and adaptable manner.
The concept of records as information assets is consistent with the definition in ISO 15489-1:2016
of “information created, received and maintained as evidence and as an asset by an organization or
person, in pursuit of legal obligations or in the transaction of business”. Consistent good practice in the
management of the information assets of a business is most important, regardless of the broader or
narrower interpretation of the terms “record” and “records management”, and concepts of “business
record”, “evidence”, “information asset”, “legal obligations”, and “transaction” in an organization or
business.
The purpose of this document is to provide a common reference for records managers (or information
managers in general) and enterprise architects about requirements for records processes and systems.
The goal is to establish the records manager as a key stakeholder in enterprise architecture, which
supports embedding records management:
— into the strategic goals, enabling it as an organizational capability for consideration for governance,
risk and compliance;
— into the enterprise architecture requirements, to influence systems analysis, design, planning, and
change management.
Enterprise architects are highly influential in the creation of organization-wide business requirements
and in solution architectures. Enterprise architects create and maintain enterprise architecture
representations, usually comprised of multiple models or views that show how the current and future
needs of an organization will be met in an efficient, sustainable, agile, and adaptable manner. Records
requirements, principles and models can be stated in ways that can be readily incorporated into these
enterprise architecture representations to embed records processes and systems into normal business
practice and into solutions to be designed. Incorporating recordkeeping requirements into system
analysis and design will help enterprise architects link systems to recordkeeping control tools, and
thus resolve issues such as the efficient and systematic control of the creation, receipt, maintenance,
use and disposition of records. In that sense, this document has the following objectives:
a) Explaining the core concepts and records management principles to enterprise architects;
b) Explaining the core concerns of records management as an enterprise architecture viewpoint;
c) Explaining the alignment of the records management viewpoint and enterprise architecture
methods.
The records management viewpoint expressed here makes use of the concepts of “concerns” and “system
of concerns” defined in ISO/IEC/IEEE 42010, and of the concepts of “stakeholders”, “viewpoint, “view” and
“model” as also defined coherently in that standard and in the main enterprise architecture references
of The Open Group Architecture Framework (TOGAF) and ArchiMate. With reference to ArchiMate,
the main scope of this viewpoint is the motivational aspect and the layers strategy and business, with
© ISO 2019 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO/TR 21965:2019(E)
minor considerations for the layers of application and implementation. TOGAF is used to inform how this
records management viewpoint relates to the Architecture Development Method (ADM).
NOTE For an explanation of ArchiMate diagram conventions, see Annex A.
Motivation
Since enterprise architecture often drives decisions about investment in information systems, it is
important that records management requirements can be aligned with enterprise architecture. This
ensures that enterprise architects can understand the business value realized through managed
records.
System designers can then consider building in records management capabilities by design. This
requires the expression of records management concerns in a way that is useful for representation in
architecture descriptions.
Motivations for the development of this document include the need to improve the following situations:
— Lack of understanding in many organizations that the information created and received as part of
their business activities are in fact records and therefore should be managed not only as records but
also as enterprise assets,
— Information is of growing importance as an organisational asset on its own right. New sensor
technology, big data phenomena, open data and linked data practices, etc., require efficient control
over derived information and its uses (e.g. machine learning applications, decision aid processes,
etc.), and therefore demand adequate Records Management,
— Lack of managing records not only as records but also as enterprise assets results in records
management often being de-scoped or “deferred” during systems analysis and design, shifting
architectural debt to the end of life of system’s decommissioning (end of life of a system), This
deferment can result in uncertainty and lack of fundamental knowledge in the moment of the
decommissioning, implying high risks for the business and costly corrective efforts,
— Lack of embedding records management capability in the design of systems that create and receive
records, resulting in: unmanageable records; needed authoritative information not available to the
organization; increased risk of exposure of the organization to risks (such as compliance risks) and
a loss of efficiency (such as for discovery tasks),
— Cost of re-engineering an enterprise solution designs due to compliance risks.
Understanding records management concerns within an enterprise architecture context can minimize
some of the following typical challenges:
— Reliance on manual interventions in the management of records, described:
— By Enterprise Architects as “create, describe, store, maintain and dispose of records”,
— By Records Managers as “creation, capture and management of records”.
— Records not created within, or persistently linked to, the business context (see Figure 1),
— Exposure to risks and compliance issues due to:
— Systems not designed to preserve the integrity of records, for example, not preventing
unauthorized changes to content and metadata, or with inadequate activity monitoring,
— Systems not able to destroy records when those records are due for destruction,
— Systems not designed to prevent the destruction of records that are scheduled for retention,
— Systems not recording the disposition of records,
vi © ISO 2019 – All rights reserved
---------------------- Page: 6 ----------------------
ISO/TR 21965:2019(E)
— Systems with limitations for decommissioning properly, because it isn’t possible to apply
disposition rules to poorly described content or because the system lacks disposition capabilities,
— Migrations that damage the integrity of records (content, context, rendering), are compromised
through poorly designed migration processes,
— Systems unable to appropriately discover or view or retrieve records,
— Systems unable to prevent inappropriate disclosure of records, nor to publish appropriate as
open data due to inadequate metadata,
— Inability to transfer control of archival records to archival authorities.
— Overhead cost of maintaining unmanaged records indefinitely,
— Loss of reputation and legal risks associated with lack of evidence or lack of integrity of evidence.
Structure of this document
This document is organized into four main groupings:
— Clauses 1 to 3 provide the context overview, including Introduction, Scope, Normative references,
and Terms and definitions.
— Clauses 4 to 11 set out the Records Management Viewpoint in the scenarios of “Business”, “Motivation”,
“Information”, “Strategy”, “Implementation” and “Reference Application”.
— Clause 12 — Records Management and the Architecture Development Method — provides guidelines
for the consideration of Records Management concerns during an Enterprise Architecture process,
[1]
considering the ADM, as proposed by TOGAF 9 .
— Annexes supporting Clauses 4 to 12.
© ISO 2019 – All rights reserved vii
---------------------- Page: 7 ----------------------
TECHNICAL REPORT ISO/TR 21965:2019(E)
Information and documentation — Records management
in enterprise architecture
1 Scope
The document creates a common language that embeds records management concerns and
requirements into enterprise architecture with the twin goals of building consensus
— among records managers, enterprise architects and solution architects, and
— across the domains of records management, enterprise architecture and solution architecture.
NOTE This common understanding of Records Management enables Enterprise Architects to understand the
motivations, concerns and goals of Records Managers, recognize them as influential key business stakeholders
during organizational transformation, and use this understanding to influence systems planning and design. As a
result, Records Management becomes an organizational capability at governance, strategic and operational levels.
This document provides a records management viewpoint, with architecture principles and
corresponding architectural views of records. It explains records management for enterprise
architects and other related professionals, so that they can achieve the competency needed to support
collaborative initiatives.
This document provides support to enterprise architects in areas including:
— understanding and identifying records management principles, goals and requirements significant
for the architectural representation,
— facilitating consultations with records managers during the project lifecycle,
— identifying opportunities to reuse existing records management analyses and tools.
This document provides scenarios and models for solution architects and those who have responsibility
for infrastructure overview.
This document also provides a common language to records managers for collaboration with enterprise
architects to position records management requirements in the architecture development process.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https: //www .iso .org/obp
— IEC Electropedia: available at http: //www .electropedia .org/
© ISO 2019 – All rights reserved 1
---------------------- Page: 8 ----------------------
ISO/TR 21965:2019(E)
3.1 General
3.1.1
access
right, opportunity, means of finding, using or retrieving information
[SOURCE: ISO 15489-1:2016, 3.1]
3.1.2
activity
major task performed by a business entity as part of a function
[SOURCE: ISO 15489-1:2016, 3.2]
3.1.3
appraisal
evaluation of business activities to determine which records need to be created and captured, and how,
and how long, the records need to be kept
Note 1 to entry: In some records and archives management traditions, appraisal is solely used as an instrument
to identify retention requirements or to create a disposition authority. The concept of appraisal as defined here is
meant to be used in a broader way.
[SOURCE: ISO TR 21946: 2018, Introduction]
3.1.4
architecture
fundamental concepts or properties of a system in its environment embodied in its elements,
relationships, and in the principles of its design and evolution
[SOURCE: ISO/IEC/IEEE 42010:2011, 3.2]
3.1.5
asset
anything that has value to the organization
Note 1 to entry: There can be many types of assets, including:
a) information (such as documents and databases);
b) software, such as a computer program;
c) physical, such as a computer;
d) services (meaning capabilities to deliver something);
e) people, and their qualifications, skills, and experience; and
f) intangibles, such as reputation and image.
[SOURCE: ISO/IEC 27000:2009, 2.3]
3.1.6
authoritative record
records, regardless of form or structure, are authoritative evidence of business when they possess the
characteristics of authenticity, reliability, integrity and usability
[SOURCE: ISO 15489-1:2016, 5.2.2.]
2 © ISO 2019 – All rights reserved
---------------------- Page: 9 ----------------------
ISO/TR 21965:2019(E)
3.1.7
classification
systematic identification and/or arrangement of business activities and/or records into categories
according to logically structured conventions, methods, and procedural rules
[SOURCE: ISO 15489-1:2016, 3.5]
3.1.8
system of concern
interest in a system relevant to one or more of its stakeholders (3.1.22)
Note 1 to entry: A concern pertains to any influence on a system in its environment, including developmental,
technological, business, operational, organizational, political, economic, legal, regulatory, ecological and social
influences.
[SOURCE: ISO 42010:2011, 3.7]
3.1.9
context of the organization
combination of internal and external issues that can have an effect on an organization’s approach to
developing and achieving its objectives
Note 1 to entry: The organization’s objectives can be related to its products and services, investments and
behaviour towards its interested parties.
Note 2 to entry: The concept of context of the organization is equally applicable to not-for-profit or public service
organizations as it is to those seeking profits.
Note 3 to entry: In English, this concept is often referred to by other terms such as “business environment”,
“organizational environment” or “ecosystem of an organization”.
Note 4 to entry: Understanding the infrastructure can help to define the context of the organization.
Note 5 to entry: An encapsulation of data that is recognized by a business domain expert as representing a
conceptual thing relevant for the domain model of that business (instances of information entities can become
information assets).
[SOURCE: ISO 9000:2015, 3.2.2, modified — Notes 1 to 5 to entry have been added.]
3.1.10
disposition
range of processes associated with implementing records retention, destruction or transfer
decisions, which are documented in disposition authorities or other instruments
[SOURCE: ISO 15489-1:2016, 3.8]
3.1.11
evidence
documentation of a transaction
Note 1 to entry: Proof of a business transaction which can be shown to have been created in the normal course of
business activity and which is inviolate and complete. Not limited to the legal sense of the term.
[SOURCE: ISO 15489-1:2016, 3.10, modified]
3.1.12
function
group of activities that fulfils the major responsibilities for achieving the strategic goals of a
business entity
[SOURCE: ISO 15489-1:2016, 3.11]
© ISO 2019 – All rights reserved 3
---------------------- Page: 10 ----------------------
ISO/TR 21965:2019(E)
3.1.13
management system
set of interrelated or interacting elements of an organization to establish policies and objectives, and
processes to achieve those objectives
Note 1 to entry: A management system can address a single discipline or several disciplines, e.g. quality
management, financial management or environmental management.
Note 2 to entry: The management system elements establish the organization’s structure, roles and
responsibilities, planning, operation, policies, practices, rules, beliefs, objectives and processes to achieve those
objectives.
Note 3 to entry: The scope of a management system can include the whole of the organization, specific and
identified functions of the organization, specific and identified sections of the organization, or one or more
functions across a group of organizations.
Note 4 to entry: This constitutes one of the common terms and core definitions for ISO management system
standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1. The original
definition has been modified by modifying Notes 1 to 3 to entry.
[SOURCE: ISO 9000:2015, 3.5.3]
3.1.14
metadata for records
structured or semi-structured information, which enables the creation, management, and use of
records through time and within and across domains
[SOURCE: ISO 15489-1:2016, 3.12]
3.1.15
metadata schema
logical plan showing the relationships between metadata elements, normally through establishing
rules for the use and management of metadata specifically about the semantics, the syntax and the
optionality (obligation level) of values
[SOURCE: ISO 23081-1:2017, 3.10]
3.1.16
migration
process of moving records from one Records Management service to another service
maintaining all the characteristics of these records
Note 1 to entry: See also definitions of this concept in ISO 30300:2011, 3.3.8 and ISO 15489-1:2016, 3.13.
3.1.17
model kind
conventions for a type of modelling
Note 1 to entry: Examples of model kinds include data flow diagrams, class diagrams, Petri nets, balance sheets,
organization charts and state transition models.
[SOURCE: ISO 42010:2011, 3.9]
3.1.18
record(s)
information created, received and maintained as evidence and as an asset (3.1.5) by an organization or
person, in pursuit of legal obligations or in the transaction of business
Note 1 to entry: The viewpoint defined in this document is intended to be useful in any enterprise architecture
scenario, and intended to prevent conflicting meanings in multiple viewpoints. The term used in the ArchiMate
modelling of this viewpoint is “business record”. In this document the term “business record” has the same
definition as the established definition for “record” in the records management domain.
4 © ISO 2019 – All rights reserved
---------------------- Page: 11 ----------------------
ISO/TR 21965:2019(E)
[SOURCE: ISO 15489-1:2016, 3.14]
3.1.19
records management
field of management responsible for the efficient and systematic control of the creation, receipt,
maintenance, use and disposition (3.1.10) of records, including processes for capturing and maintaining
evidence of and information about business activities and transactions in the form of records
[SOURCE: ISO 15489-1:2016, 3.15]
3.1.20
records management capability
capability of realizing the records management (3.1.19) goals
3.1.21
records system
information system which captures, manages and provides access (3.1.1) to records (3.1.18) through time
Note 1 to entry: In the context of records management, “system” means a business system that is responsible for
automating business activities and transactions.
[SOURCE: ISO 15489-1:2016, 3.16, modified —In the definition, the word “over” has been replaced by
“through” and Note 1 to entry has been replaced.]
3.1.22
stakeholder
individual, team, organization, or classes thereof, having an interest in a system
Note 1 to entry: Different stakeholders with different roles will have different concerns
[SOURCE: ISO 42010:2011 3.10]
3.1.23
transaction
smallest unit of a work process consisting of an exchange between two or more participants or systems
[SOURCE: ISO 15489-1:2016, 3.18]
3.1.24
work process
one or more sequences of activities required to produce an outcome that complies with governing rules
Note 1 to entry: The definition above corrects here the definition “one or more sequences of actions required to
produce an outcome that complies with governing rules”.
[SOURCE: ISO 15489-1:2015, 3.19]
3.2 Terms relating to TOGAF
NOTE TOGAF 9.2 terminology is available at http: //pubs .opengroup .org/architecture/togaf9
-doc/arch/chap03 .htm.
3.2.1
actor
person, organization, or system that has one or more roles that initiates or interacts with activities
EXAMPLE A sales representative who travels to visit customers.
Note 1 to entry: Actors may be internal or external to an organization. In the automotive industry, an original
equipment manufacturer would be considered an actor by an automotive dealership that interacts with its supply
chain activities.
[SOURCE: TOGAF 9.2, 3.2, modified]
© ISO 2019 – All rights reserved 5
---------------------- Page: 12 ----------------------
ISO/TR 21965:2019(E)
3.2.2
architecture principles
qualitative statemen
...
RAPPORT ISO/TR
TECHNIQUE 21965
Première édition
2019-03
Information et documentation —
Gestion des documents d'activité
dans les architectures (des systémes
d'information) d'entreprise
Information and documentation — Records management in
enterprise architecture
Numéro de référence
ISO/TR 21965:2019(F)
©
ISO 2019
---------------------- Page: 1 ----------------------
ISO/TR 21965:2019(F)
DOCUMENT PROTÉGÉ PAR COPYRIGHT
© ISO 2019
Tous droits réservés. Sauf prescription différente ou nécessité dans le contexte de sa mise en œuvre, aucune partie de cette
publication ne peut être reproduite ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique,
y compris la photocopie, ou la diffusion sur l’internet ou sur un intranet, sans autorisation écrite préalable. Une autorisation peut
être demandée à l’ISO à l’adresse ci-après ou au comité membre de l’ISO dans le pays du demandeur.
ISO copyright office
Case postale 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Genève
Tél.: +41 22 749 01 11
Fax: +41 22 749 09 47
E-mail: copyright@iso.org
Web: www.iso.org
Publié en Suisse
ii © ISO 2019 – Tous droits réservés
---------------------- Page: 2 ----------------------
ISO/TR 21965:2019(F)
Sommaire Page
Avant-propos .iv
Introduction .v
1 Domaine d'application . 1
2 Références normatives . 1
3 Termes et définitions . 1
4 Objectif du point de vue de la gestion des documents d'activité et vue d'ensemble
du contenu. 7
4.1 Objectif du point de vue de la gestion des documents d'activité . 7
4.2 Point de vue de la gestion des documents d'activité et méthode ADM . 8
5 Vue: Contexte opérationnel et parties prenantes de la gestion des documents d'activité .9
5.1 Gestion des documents d'activité dans le contexte opérationnel . 9
5.2 Parties prenantes de la gestion des documents d'activité.10
6 Vue: Informations relatives à la gestion de documents d'activité .11
7 Vue: Motivation pour la gestion des documents d'activité — Objectifs .13
8 Vue: Motivation pour la gestion des documents d'activité — Capacité .14
9 Vue: Motivation pour la gestion des documents d'activité — Principes d'architecture .16
9.1 Généralités .16
9.2 Principes d'architecture de gestion des documents d'activité .19
10 Vue: Scénarios d'application de référence pour la gestion des documents d'activité .25
11 Vue: Stratégie de gestion des documents d'activité et mise en œuvre .27
12 Gestion des documents d'activité et méthode de développement de l'architecture .29
12.1 Généralités .29
12.2 Domaines de sujets d'intérêt pour la gestion des documents d'activité au sein
de l'architecture d'entreprise .30
12.3 Objectifs de gestion des documents d'activité par phase de la méthode .31
Annexe A (informative) Liens avec les normes ISO de gestion des documents d'activité .33
Annexe B (informative) Alignement des principes de gestion des documents d'activité sur
les normes ISO de gestion des documents d'activité .34
Annexe C (informative) Harmonisation avec la phase ADM TOGAF .38
Annexe D (informative) Autres normes ISO et références internationales pertinentes .51
Annexe E (informative) Résumé des concepts et de la notation d'ArchiMate 3.0.53
Annexe F (informative) Archi — Outil de modélisation ArchiMate .54
Bibliographie .55
© ISO 2019 – Tous droits réservés iii
---------------------- Page: 3 ----------------------
ISO/TR 21965:2019(F)
Avant-propos
L'ISO (Organisation internationale de normalisation) est une fédération mondiale d'organismes
nationaux de normalisation (comités membres de l'ISO). L'élaboration des Normes internationales est
en général confiée aux comités techniques de l'ISO. Chaque comité membre intéressé par une étude
a le droit de faire partie du comité technique créé à cet effet. Les organisations internationales,
gouvernementales et non gouvernementales, en liaison avec l'ISO participent également aux travaux.
L'ISO collabore étroitement avec la Commission électrotechnique internationale (IEC) en ce qui
concerne la normalisation électrotechnique.
Les procédures utilisées pour élaborer le présent document et celles destinées à sa mise à jour sont
décrites dans les Directives ISO/IEC, Partie 1. Il convient, en particulier, de prendre note des différents
critères d'approbation requis pour les différents types de documents ISO. Le présent document a été
rédigé conformément aux règles de rédaction données dans les Directives ISO/IEC, Partie 2 (voir www
.iso .org/directives).
L'attention est attirée sur le fait que certains des éléments du présent document peuvent faire l'objet de
droits de propriété intellectuelle ou de droits analogues. L'ISO ne saurait être tenue pour responsable
de ne pas avoir identifié de tels droits de propriété et averti de leur existence. Les détails concernant
les références aux droits de propriété intellectuelle ou autres droits analogues identifiés lors de
l'élaboration du document sont indiqués dans l'Introduction et/ou dans la liste des déclarations de
brevets reçues par l'ISO (voir www .iso .org/brevets).
Les appellations commerciales éventuellement mentionnées dans le présent document sont données
pour information, par souci de commodité, à l’intention des utilisateurs et ne sauraient constituer un
engagement.
Pour une explication de la nature volontaire des normes, la signification des termes et expressions
spécifiques de l'ISO liés à l'évaluation de la conformité, ou pour toute information au sujet de l'adhésion
de l'ISO aux principes de l’Organisation mondiale du commerce (OMC) concernant les obstacles
techniques au commerce (OTC), voir www .iso .org/avant -propos.
Le présent document a été élaboré par le comité technique ISO/TC 46, Information et documentation,
sous-comité SC 11, Archives/gestion des documents d'activité.
Il convient que l’utilisateur adresse tout retour d’information ou toute question concernant le présent
document à l’organisme national de normalisation de son pays. Une liste exhaustive desdits organismes
se trouve à l’adresse www .iso .org/fr/members .html.
iv © ISO 2019 – Tous droits réservés
---------------------- Page: 4 ----------------------
ISO/TR 21965:2019(F)
Introduction
Généralités
Un document d'activité regroupe des informations créées, reçues et préservées comme preuve et
actif par une personne physique ou morale dans l'exercice de ses obligations légales ou la conduite
des opérations liées à son activité. La gestion des documents d'activité est le domaine de la gestion
en charge d'un contrôle efficace et systématique des documents d'activité, et donc la principale source
pour définir les principes fondamentaux et les exigences essentielles relatifs à la capacité de gestion des
documents d'activité.
Les architectes (des systèmes d'information) d'entreprise travaillent avec les parties prenantes,
tant les dirigeants que les experts en la matière, pour élaborer et maintenir une vision globale de la
stratégie, des processus, des actifs informationnels et des technologies de l'information. Le rôle de
l'architecte d'entreprise est de prendre en compte ces connaissances et de s'assurer que l'organisme et
l'informatique sont cohérents. L'architecte d'entreprise établit un lien entre la mission, la stratégie et
les processus opérationnels d'un organisme et sa stratégie en matière d'information et de technologie.
Les architectes d'entreprise illustrent cela à l'aide de multiples modèles architecturaux ou vues
architecturales qui montrent comment les besoins actuels et futurs d'un organisme seront satisfaits
d'une manière efficace, durable, agile et adaptable.
Le concept de «documents d'activité» en tant qu'actifs informationnels est conforme à la définition
donnée dans l'ISO 15489-1:2016: «informations créées, reçues et préservées comme preuve et actif par
une personne physique ou morale dans l'exercice de ses obligations légales ou la conduite des opérations
liées à son activité». Dans la gestion des actifs informationnels d'un organisme, le plus important est
la cohérence des bonnes pratiques, quelle que soit l'interprétation plus ou moins large des termes
«document d'activité» et «gestion des documents d'activité», ainsi que des concepts de «documents
d'activité opérationnels», «preuve», «actif informationnel», «obligations légales»et de «transaction» au
sein de l'organisme ou de l'organisation.
Le présent document a pour but de proposer une référence commune aux responsables de la gestion de
documents d'activité (ou aux responsables de l'information en général) et aux architectes d'entreprise
concernant les exigences relatives aux processus et aux systèmes documentaires. L'objectif est que
le responsable de la gestion des documents d'activité devienne un acteur clé de l'architecture (des
systèmes d'information) d'entreprise, qui accompagne l'intégration de la gestion des documents
d'activité:
— dans les objectifs stratégiques, ce qui en fait une capacité organisationnelle à prendre en compte en
matière de gouvernance, de risque et de conformité;
— dans les exigences de l'architecture d'entreprise, afin d'influencer les systèmes d'analyse, la
conception, la planification et la gestion des changements.
Les architectes d'entreprise ont une grande influence sur la création d'exigences opérationnelles
à l'échelle de l'organisme et sur les architectures de solutions. Les architectes d'entreprise créent et
maintiennent des représentations d'architecture d'entreprise, généralement composées de plusieurs
modèles ou vues qui montrent comment les besoins actuels et futurs d'un organisme seront satisfaits
d'une manière efficace, durable, agile et adaptable. Les exigences, les principes et les modèles en
matière de documents d'activité peuvent être énoncés de manière à pouvoir être facilement intégrés
à ces représentations de l'architecture d'entreprise afin d'intégrer les processus et les systèmes
documentaires aux pratiques opérationnelles normales et aux solutions à concevoir. L'intégration des
exigences en matière de tenue des documents d'activité dans l'analyse et la conception des systèmes
aidera les architectes d'entreprise à relier les systèmes aux outils de contrôle de la tenue des documents
d'activité et à résoudre ainsi des problèmes tels que le contrôle efficace et systématique de la création,
de la réception, de la maintenance, de l'utilisation et du sort final des documents d'activité. En ce sens,
le présent document vise les objectifs suivants:
a) expliquer les concepts de base et les principes de la gestion des documents d'activité aux architectes
d'entreprise;
© ISO 2019 – Tous droits réservés v
---------------------- Page: 5 ----------------------
ISO/TR 21965:2019(F)
b) expliquer les principaux sujets d'intérêt de la gestion des documents d'activité du point de vue de
l'architecture d'entreprise;
c) expliquer le lien entre le point de vue de la gestion des documents d'activité et les méthodes
d'architecture d'entreprise.
Le point de vue de la gestion des documents d'activité exprimé dans le présent document se base sur
les concepts de «sujets d'intérêt» et «systèmes d'intérêt» définis dans l'ISO/IEC/IEEE 42010, ainsi
que sur les concepts de «parties prenantes», «points de vue», «vue» et «modèle» également définis de
manière cohérente dans cette norme et dans les principales références en architecture d'entreprise que
sont TOGAF (The Open Group Architecture Framework) et ArchiMate. En ce qui concerne ArchiMate, le
principal domaine d'application de ce point de vue est l'aspect de motivation et les couches stratégie et
métier, avec des considérations mineures pour les couches application et implémentation. Le TOGAF est
utilisé pour déterminer la façon dont ce point de vue de la gestion des documents d'activité est lié à la
méthode ADM (Architecture Development Method).
NOTE Pour une explication des conventions du diagramme ArchiMate, voir l'Annexe E.
Motivation
Étant donné que l'architecture d'entreprise oriente souvent les décisions d'investissement dans
les systèmes d'information, il est important que les exigences en matière de gestion des documents
d'activité puissent être alignées avec l'architecture d'entreprise. Ainsi, les architectes d'entreprise
peuvent comprendre la plus-value opérationnelle réalisée grâce à la gestion des documents d'activité.
Les concepteurs de systèmes peuvent alors envisager d'intégrer des capacités de gestion des documents
d'activité dès la conception. Pour ce faire, il faut exprimer les sujets d'intérêt relatifs à la gestion
des documents d'activité d'une manière qui soit utile pour la représentation dans les descriptions
d'architecture.
Parmi les raisons qui ont motivé l'élaboration du présent document figure la nécessité d'améliorer les
situations suivantes:
— beaucoup d'organismes ne comprennent pas que l'information créée et reçue dans le cadre de leurs
activités opérationnelles constitue en fait des documents d'activité et devrait donc être gérée non
seulement comme des documents d'activité, mais aussi comme des actifs de l'entreprise;
— l'information est de plus en plus importante en tant qu'actif organisationnel à part entière. Les
nouvelles technologies de détection, les phénomènes de big data, et les pratiques relatives aux
données ouvertes et liées, etc., exigent un contrôle efficace de l'information dérivée et de ses
utilisations (par exemple applications d'apprentissage machine, processus d'aide à la décision, etc.)
et nécessitent donc une gestion adéquate des documents d'activité;
— l'absence de gestion des documents d'activité non seulement en tant que documents d'activité,
mais aussi en tant qu'actifs de l'entreprise, fait que la gestion des documents d'activité est souvent
supprimée ou «différée» lors de l'analyse et de la conception des systèmes, ce qui entraîne un
report de la dette architecturale à la fin de la vie utile du système (mise hors service), ce qui peut se
traduire par des incertitudes et un manque de connaissances fondamentales au moment de la mise
hors service, entraînant des risques élevés pour les activités et de coûteux efforts correctifs;
— un manque d'intégration de la capacité de gestion des documents d'activité dans la conception
des systèmes de création et de réception des documents d'activité, ce qui entraîne: des documents
d'activité ingérables; des informations officielles nécessaires auxquelles l'organisme n'a pas accès;
un risque accru d'exposition de l'organisme à des risques (comme les risques de conformité) et une
perte d'efficacité (comme les tâches de découverte);
— le coût de la réingénierie de la conception d'une solution d'entreprise en raison des risques liés à la
conformité.
vi © ISO 2019 – Tous droits réservés
---------------------- Page: 6 ----------------------
ISO/TR 21965:2019(F)
Comprendre les sujets d'intérêt relatifs à la gestion des documents d'activité dans le contexte d'une
architecture d'entreprise peut réduire au minimum certains des défis types suivants:
— le recours à des interventions manuelles dans la gestion des documents d'activité, décrit:
— par les architectes d'entreprise comme consistant à «créer, décrire, entreposer, tenir à jour et
décider du sort final des documents d'activité»;
— par les responsables de la gestion de documents d'activité comme consistant à «créer, capturer
et gérer les documents d'activité»;
— les documents d'activité qui ne sont pas créés dans le contexte opérationnel ou qui n'y sont pas liés
en permanence (voir Figure 1);
— l'exposition aux risques et aux problèmes de conformité dus à:
— des systèmes qui ne sont pas conçus pour préserver l'intégrité des documents d'activité, par
exemple, qui n'empêchent pas les modifications non autorisées du contenu et des métadonnées,
ou dont la surveillance des activités est insuffisante;
— des systèmes qui ne sont pas en mesure de détruire les documents d'activité lorsqu'ils
doivent l'être;
— des systèmes qui ne sont pas conçus pour empêcher la destruction des documents d'activité
dont la conservation est prévue;
— des systèmes qui n'enregistrent pas le sort final des documents d'activité;
— des systèmes ayant des capacités limitées pour effectuer une mise hors service correctement,
parce qu'il n'est pas possible d'appliquer des règles de sort final à des contenus mal décrits ou
parce que le système n'est pas doté de capacités de gestion du sort final;
— des migrations qui portent atteinte à l'intégrité des documents d'activité (contenu, contexte,
rendu), qui sont compromises par des processus de migration mal conçus;
— des systèmes qui ne sont pas en mesure de découvrir, de visualiser ou de récupérer les documents
d'activité de façon appropriée;
— des systèmes qui sont incapables d'empêcher la divulgation inappropriée de documents
d'activité, ni de publier des données appropriées sous forme de données ouvertes en raison de
métadonnées inadéquates;
— l'incapacité de transférer le contrôle des documents d'activité à conserver aux autorités
d'archives;
— les frais généraux liés à la tenue de dossiers non gérés pour une période indéterminée;
— la perte de réputation et les risques juridiques associés au manque de preuves ou à l'absence
d'intégrité des preuves.
Structure du présent document
Le présent document est organisé selon quatre grandes sections:
— les Articles 1 à 3 donnent un aperçu du contexte, avec notamment les parties Introduction, Domaine
d'application, Références normatives et Termes et définitions;
— les Articles 4 à 11 exposent le point de vue de la gestion des documents d'activité dans les scénarios
«Métier», «Motivation», «Information», «Stratégie», «Implémentation» et «Application de référence»;
© ISO 2019 – Tous droits réservés vii
---------------------- Page: 7 ----------------------
ISO/TR 21965:2019(F)
— l'Article 12 — Gestion des documents d'activité et méthode ADM (Architecture Development Method) —
fournit des lignes directrices pour la prise en compte des sujets d'intérêt relatifs à la gestion des
documents d'activité au cours d'un processus d'architecture d'entreprise, compte tenu de l'ADM,
[10]
comme le propose le TOGAF 9 ;
— les annexes sur lesquelles s'appuient les Articles 4 à 12.
viii © ISO 2019 – Tous droits réservés
---------------------- Page: 8 ----------------------
RAPPORT TECHNIQUE ISO/TR 21965:2019(F)
Information et documentation — Gestion des documents
d'activité dans les architectures (des systémes
d'information) d'entreprise
1 Domaine d'application
Ce document crée un langage commun qui intègre les sujets d'intérêt et les exigences en matière de
gestion des documents d'activité dans l'architecture (des systèmes d'information) d'entreprise avec le
double objectif de faire naître un consensus:
— entre les responsables de la gestion de documents d'activité, les architectes (des systèmes
d'information) d'entreprise et les architectes de solutions; et
— à travers les domaines de la gestion des documents d'activité, de l'architecture d'entreprise et de
l'architecture de solutions.
NOTE Cette compréhension commune de la gestion des documents d'activité permet aux architectes
d'entreprise de comprendre les motivations, les sujets d'intérêt et les objectifs des responsables de la gestion
de documents d'activité, de les reconnaître comme des intervenants opérationnels clés influents pendant
la transformation organisationnelle et d'utiliser cette compréhension pour influencer la planification et la
conception des systèmes. Ainsi la gestion des documents d'activité devient une capacité organisationnelle au
niveau de la gouvernance, de la stratégie et des opérations.
Le présent document présente un point de vue sur la gestion des documents d'activité, avec les principes
d'architecture et les vues architecturales correspondantes des documents d'activité. Il explique la
gestion des documents d'activité pour les architectes d'entreprise et autres professionnels connexes,
afin qu'ils puissent acquérir les compétences nécessaires pour soutenir les initiatives de collaboration.
Le présent document fournit un soutien aux architectes d'entreprise dans les domaines suivants:
— comprendre et déterminer les principes, les objectifs et les exigences en matière de gestion des
documents d'activité qui sont importants pour la représentation architecturale;
— faciliter les consultations avec les responsables de la gestion de documents d'activité pendant le
cycle de vie du projet;
— déterminer les possibilités de réutiliser les analyses et les outils de gestion des documents d'activité
existants.
Le présent document fournit des scénarios et des modèles destinés aux architectes de solutions et à
ceux qui ont la responsabilité de la vue d'ensemble de l'infrastructure.
Le présent document fournit également un langage commun qui permettra aux responsables de la
gestion de documents d'activité de collaborer avec les architectes d'entreprise afin de positionner
les exigences relatives à la gestion des documents d'activité dans le processus de développement de
l'architecture.
2 Références normatives
Le présent document ne contient aucune référence normative.
3 Termes et définitions
Pour les besoins du présent document, les termes et définitions suivants s'appliquent.
© ISO 2019 – Tous droits réservés 1
---------------------- Page: 9 ----------------------
ISO/TR 21965:2019(F)
L'ISO et l'IEC tiennent à jour des bases de données terminologiques destinées à être utilisées en
normalisation, consultables aux adresses suivantes:
— ISO Online browsing platform: disponible à l'adresse https: //www .iso .org/obp
— IEC Electropedia: disponible à l'adresse http: //www .electropedia .org/
3.1 Généralités
3.1.1
accès
droit, modalités et moyens de recherche, d'exploitation ou de récupération de l'information
[SOURCE: ISO 15489-1:2016, 3.1]
3.1.2
activité
tâche principale exécutée par une entité organisationnelle dans le cadre d'une fonction
[SOURCE: ISO 15489-1:2016, 3.2]
3.1.3
évaluation
étude des activités opérationnelles pour déterminer les documents d'activité qu'il est nécessaire de
créer et de capturer, ainsi que leur durée et moyen de conservation
Note 1 à l'article: Dans certaines méthodes de gestion des documents d'activité et des archives, l'évaluation
sert uniquement à déterminer les exigences en matière de conservation ou à créer un référentiel de gestion des
documents d'activité. Le concept d'évaluation tel qu'il est défini dans ce document est destiné à être utilisé de
manière plus large.
[SOURCE: ISO TR 21946: 2018, Introduction]
3.1.4
architecture
concepts fondamentaux ou propriétés d'un système dans son environnement incarnés dans
ses éléments, ses relations et dans les principes de sa conception et de son évolution
[SOURCE: ISO/IEC/IEEE 42010:2011, 3.2]
3.1.5
actif
tout élément représentant de la valeur pour l'organisme
Note 1 à l'article: Il peut exister plusieurs sortes d'actifs, dont:
a) l'information (par exemple les documents et les bases de données);
b) les logiciels, par exemple un programme informatique;
c) les actifs physiques, par exemple un ordinateur;
d) les services (c'est-à-dire la capacité de fournir quelque chose);
e) le personnel, et ses qualifications, compétences et expérience; et
f) les actifs incorporels, par exemple la réputation et l'image.
[SOURCE: ISO/IEC 27000:2009, 2.3]
2 © ISO 2019 – Tous droits réservés
---------------------- Page: 10 ----------------------
ISO/TR 21965:2019(F)
3.1.6
documents d'activité probants
quelle que soit leur forme ou leur structure, les documents d'activité constituent des preuves de l'activité
faisant autorité lorsqu'elles possèdent les caractéristiques d'authenticité, de fiabilité, d'intégrité et
d'utilisabilité
[SOURCE: ISO 15489-1:2016, 5.2.2.]
3.1.7
classification
identification systématique et/ou classement des activités et/ou des documents d'activité en catégories
suivant des conventions et méthodes structurées logiquement, ainsi que des règles de procédures
[SOURCE: ISO 15489-1:2016, 3.5]
3.1.8
système d'intérêt
intérêt envers un système qui concerne une ou plusieurs de ses parties prenantes (3.1.22)
Note 1 à l'article: Un sujet d'intérêt se rapporte à toute influence sur un système dans son environnement, y
compris les influences de développement, technologiques, commerciales, opérationnelles, organisationnelles,
politiques, économiques, juridiques, réglementaires, écologiques et sociales.
[SOURCE: ISO/IEC/IEEE 42010:2011, 3.7]
3.1.9
contexte d'un organisme
combinaison d'enjeux internes et externes pouvant avoir un effet sur l'approche d'un organisme en ce
qui concerne la détermination et la réalisation de ses objectifs
Note 1 à l'article: Les objectifs de l'organisme peuvent être liés à ses produits et services, ses investissements et
son comportement envers ses parties intéressées.
Note 2 à l'article: Le concept de contexte de l'organisme s'applique aussi bien aux organismes à but non lucratif ou
de service public qu'aux organismes à but lucratif.
Note 3 à l'article: En anglais, ce concept est souvent désigné par d'autres termes, tels que «environnement
commercial», «environnement de l'organisme» ou «écosystème d'un organisme».
Note 4 à l'article: Comprendre l'infrastructure peut aider à définir le contexte de l'organisme.
Note 5 à l'article: L'encapsulation des données reconnue par un expert du domaine d'activité comme représentant
un élément conceptuel pertinent pour le modèle de domaine de cette activité (les instances d'entités d'information
peuvent devenir des actifs d'information).
[SOURCE: ISO 9000:2015, 3.2.2, modifiée — La Note 5 à l'article a été ajoutée.]
3.1.10
sort final
série de processus associés à la mise en œuvre des décisions de conservation,
de destruction ou de transfert des documents d'activité, telles qu'explicitées dans le référentiel de
gestion des documents d'activité ou tout autre outil de référence
[SOURCE: ISO 15489-1:2016, 3.8]
3.1.11
preuve
information ou document prouvant une opération
Note 1 à l'article: Preuve d'une opération dont il peut être démontré qu'elle a été créée dans le cadre normal de
la conduite de l'activité de l'organisme et qu'elle est intacte et complète. Ne se limite pas au sens légal du terme.
[SOURCE: ISO 15489-1:2016, 3.10, modifiée]
© ISO 2019 – Tous droits réservés 3
---------------------- Page: 11 ----------------------
ISO/TR 21965:2019(F)
3.1.12
fonction
ensemble d'activités qui assure les principales responsabilités en vue d'atteindre les objectifs
stratégiques d'une entité organisationnelle
[SOURCE: ISO 15489-1:2016, 3.11]
3.1.13
système de management
ensemble d'éléments corrélés ou en interaction d'un organisme, utilisés pour établir des politiques, des
objectifs et des processus de façon à atteindre lesdits objectifs
Note 1 à l'article: Un système de management peut traiter d'un seul ou de plusieurs domaines, par exemple
management de la qualité, gestion financière ou management environnemental.
Note 2 à l'article: Les éléments du systè
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.