Effective Records Management Part 4: How to comply with BS ISO 5489-1 Effective records management – Part 4: How to comply with BS ISO 5489-1 Effective records management – Part 4: How to comply with BS ISO 5489-1 Philip Jones and Robert McLean First published in the UK in 2007 by BSI 389 Chiswick High Road London W4 4AL © British Standards Institution 2007 All rights reserved Except as permitted under the Copyright, Designs and Patents Act 1988, no part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means – electronic, photocopying, recording or otherwise – without prior permission in writing from the publisher Whilst every care has been taken in developing and compiling this publication, BSI accepts no liability for any loss or damage caused, arising directly or indirectly in connection with reliance on its contents except to the extent that such liability may not be excluded in law The right of Philip Jones and Robert Mclean to be identifed as the authors of this Work has been asserted by them in accordance with sections 77 and 78 of the Copyright, Designs and Patents Act 1988 Typeset in Helvetica and Century Schoolbook by Monolith Printed in Great Britain by MPG Books Ltd, Bodmin, Cornwall British Library Cataloguing in Publication Data A catalogue record for this book is available from the British Library ISBN 978-0-580-49662-2 Foreword All businesses, whether private or public sector, rely on information and records to conduct their affairs in a systematic and legally compliant way The strategic management of records and information is essential to this process and never more so in an age of e-commerce and e-government With a rapidly changing and developing business context there are considerable organizational benefts to adopting a consistent and standardized approach to the management of records and information In October 2001 the frst international standard for the management of records, was launched in Montreal, Canada The two-part publication of Standard and Technical Report, implemented in the United Kingdom as BS ISO 15489-1:2001 and PD ISO/TR 15489-2:2001, were the culmination of three years’ work by a group of international experts to synthesize best practice from around the world in the strategic management of records This Standard and Technical Report are applicable to multinational companies and small enterprises alike and provide an essential tool for the management of records and information The standard provides a framework within which the necessary management of records and information can take place This publication is the fourth in a series of publications on records management and is intended to complement the Standard and Technical Report and help place them in context for the user The publications expand on the framework that the standard creates and provide both interpretation and illustration of good practice Each volume has been written predominately from the United Kingdom perspective by leading United Kingdom practitioners, who have frst hand, practical experience of, and insight into, the issues facing United Kingdom organizations today The other books in this series are: – BIP 0025-1:2002, Effective records management — Part : A management guide to the value of BS ISO 5489-1 ; – BIP 0025-2:2002, Effective records management — Part 2: Practical implementation of BS ISO 5489-1 ; – BIP 0025-3:2003, Effective records management — Part 3: Performance management for BS ISO 5489-1 Further publications may be added in future Philip A Jones Chairman IDT/2/17 Contents Introduction 1 Background Why is compliance with BS ISO 5489-1 important? Benefts o f compliance Responsibilities for attaining compliance Risk management and goernance issues Meeting goernance and compliance requirements 6.1 Oeriew 6.2 Quadrant – Relaxed goernance 6.3 Quadrant – Focused goernance 6.4 Quadrant – Reduced goernance 6.5 Quadrant – Vigorous goernance Risk assessment How to use this publication 2.1 2.2 2.3 2.4 2.5 2.6 Introduction Sel f-assessment and compliance (SAC) processes How to use this publication How to use the forms – Forms A/1 to A/6 2.4.1 Form numbering 2.4.2 Number o f forms per department or function 2.4.3 ISO re ference 2.4.4 Requirement detail and ftness for purpose 2.4.5 Source 2.4.6 Responsibility 2.4.7 Scoring explained 2.4.8 Remedial action needed How to use the forms – Forms B/1 to B/6 How to use the forms – Form C 1 4 4 5 5 7 10 10 10 11 11 11 11 11 11 12 12 ii How to comply with BS ISO 5489-1 Sel f-Assessmen t an d Compl i an ce (SAC) Processes 3.1 3.2 3.3 3.4 iii Step – Records management strategic issues 3.1 Records and in formation policies 3.1 SAC criteria: records management strategic issues Step (a) – Records management programme 3.2.1 General 3.2.2 Step (b) – Determining requirements for records 3.2.3 SAC criteria: authenticity 3.2.4 SAC criteria: reliability 3.2.5 SAC criteria: integrity 3.2.6 SAC criteria: usability 3.2.7 SAC criteria: metadata Step – Records systems characteristics and functionality 3.3.1 System requirements 3.3.2 SAC criteria: reliability 3.3.3 SAC criteria: integrity 3.3.4 SAC criteria: compliance 3.3.5 SAC criteria: comprehensieness 3.3.6 SAC criteria: systematic Step – Records management processes and controls 3.4.1 Determining documents to be captured into a records system 3.4.2 S AC criteria: determine documents to be created and captured as records 3.4.3 Determining how long to retain records 3.4.4 SAC criteria: record retention 3.4.5 Records capture 3.4.6 SAC criteria: records capture and classifcation 3.4.7 Registration 3.4.8 SAC criteria: registration 3.4.9 Classifcation 3.4.1 Classifcation systems 3.4.1 SAC criteria: classifcation 3.4.1 Vocabulary controls 3.4.1 SAC criteria: ocabulary controls 3.4.1 Indexing 3.4.1 Allocation o f numbers and codes 3.4.1 SAC criteria: indexing 3.4.1 Storage and handling 3.4.1 SAC criteria: storage 3.4.1 Access 3.4.20 SAC criteria: access 13 13 13 14 15 15 18 19 19 20 20 21 21 21 22 22 22 23 23 24 24 25 25 25 26 26 28 28 28 29 29 29 30 30 30 30 31 31 31 32 Form A/3 Com pl eted by: Ref: A/3/ Nam e of System or Process: x (may be organization-wide or departmental) ISO Cri teri a Req u i rem en t d etai l Ref Veri f cati on – f tn ess Sou rce Date: Respon si bi l i ty for pu rpose 2 Score Fu rth er acti on n eed ed Rel i abi l i ty – ti nu ou s an d reg u l ar operati on I n teg ri ty – trol m easu res i n pl ace Com pl i an t wi th al l bu si n ess req u i rem en ts Com preh en si ve i n scope System ati c i n operati on Total score Total possi bl e score (1 x nu m ber of cri teri a assessed ) Percen tag e score Take forward to su m m ary sh eet Scori n g eval u ati on : = fai l s –2 = p ar ti al l y m e e ts re q u i re m e n t, bu t i m p o r tan t o r h i g h - ri s k e l e m e n ts m i s s i n g o r i n ad e q u ate –4 = m o s tl y m e e ts re q u i re m e n t wi th o n l y m i n o r o r l ow- ri s k e l e m e n ts m i s s i n g = f u l l y to m e e t b as i c re q u i re m e n t m e e ts re q u i re m e n t H o w to co m p l y wi th B S I S O - 56 Desi g n an d i m pl em en tati on – record s system ch aracteri sti cs Desi g n an d i m pl em en tati on – record s system fu n cti on al i ty Nam e of system or process: I SO Form A/4 (may be organization-wide or departmental) Cri teri a Ref Req u i rem en t d etai l Veri f cati on Ref: A/4/ – f tn ess x Sou rce Com pl eted by: Date: Respon si bi l i ty for pu rpose Score Fu rth er acti on n eed ed Com pl ete an d accu rate represen tati on s of al l tran sacti on s for record s 3 Physi cal storag e m ed i u m appropri ate an d protected Al tern ati ve storag e l ocati on s su pported wh ere req u i red 5 Mi g rati on an d /or conversi on strateg y covers en ti re reten ti on l i fe of record s Access, retri eval an d u se trol l ed an d ad eq u ate for pu rpose Reten ti on an d d i sposi ti on processes ad eq u ate Di scon ti nu ed system s m n tai n ed u n ti l al l record s rem oved Total score Total possi bl e score (1 x nu m ber of cri teri a assessed ) Percen tag e score Take forward to su m m ary sh eet Scori n g eval u ati on : = fai l s –2 = p ar ti al l y m e e ts re q u i re m e n t, bu t i m p o r tan t o r h i g h - ri s k e l e m e n ts m i s s i n g o r i n ad e q u ate –4 = m o s tl y m e e ts re q u i re m e n t wi th o n l y m i n o r o r l ow- ri s k e l e m e n ts m i s s i n g = f u l l y to m e e t b as i c re q u i re m e n t m e e ts re q u i re m e n t An n ex C 57 Nam e of system or process: ISO Form A/5 (may be organization-wide or departmental) Cri teri a Ref Req u i rem en t d etai l Veri f cati on Ref: A/5/ – f tness x Sou rce Com pl eted by: Date: Respon si bi l i ty for pu rpose Score Fu rth er acti on n eed ed Determ i n e d ocu m en ts to be captu red i n to system Determ i n e h ow l on g to keep records Record s captu re Reg i strati on Cl assi Storag e an d h an d l i n g Access Tracki n g 9 I m pl em en ti n g d i sposi ti on Docu m en ti n g record s f cati on m an ag em en t processes Total score Total possi bl e score (1 x nu m ber of cri teri a assessed ) Percentag e score Take forward to su m m ary sh eet Scori n g eval u ati on : = fai l s –2 = p ar ti al l y m e e ts re q u i re m e n t, bu t i m p o r tan t o r h i g h - ri s k e l e m e n ts m i s s i n g o r i n ad e q u ate –4 = m o s tl y m e e ts re q u i re m e n t wi th o n l y m i n o r o r l ow- ri s k e l e m e n ts m i s s i n g = f u l l y to m e e t b as i c re q u i re m e n t m e e ts re q u i re m e n t H o w to co m p l y wi th B S I S O - 58 Record s m an ag em en t processes an d trol s Trai n i n g Form A/6 Com pl eted by: Ref: A/6/ Nam e of system or process: x (may be organization-wide or departmental) ISO Cri teri a Req u i rem en t d etai l Ref Veri f cati on – f tn ess Sou rce Date: Respon si bi l i ty for pu rpose 11 Score Fu rth er acti on n eed ed Trai n i n g prog ram m e i n sti tu ted for u sers 11 Trai n i n g prog ram m e i n sti tu ted for record s m an ag em en t professi on al s 11 Sen i or m an ag em en t com m i tted to prog ram m e 11 Trai n i n g eval u ated an d revi ewed Total score Total possi bl e score (1 x nu m ber of cri teri a assessed ) Percen tag e score Take forward to su m m ary sh eet Scori n g eval u ati on : = fai l s –2 = p ar ti al l y m e e ts re q u i re m e n t, bu t i m p o r tan t o r h i g h - ri s k e l e m e n ts m i s s i n g o r i n ad e q u ate –4 = m o s tl y m e e ts re q u i re m e n t wi th o n l y m i n o r o r l ow- ri s k e l e m e n ts m i s s i n g = f u l l y to m e e t b as i c re q u i re m e n t 59 An n ex C m e e ts re q u i re m e n t Form A/7 Ref: A/7/x Name of system or process: (may be organization-wide or departmental) ISO Ref Criteria 10 Compliance monitoring undertaken 10 External auditing completed satisfactorily 10 Recommendations for modi f cations taken forward 10 Compliance documented Requirement detail Veri f cation – f tness for purpose Source Completed by: Date: Responsibility Score Further action needed Total score Total possible score (1 x number of criteria assessed) Percentage score Scoring evaluation: = fai l s –2 = p ar ti al l y m e e ts re q u i re m e n t, bu t i m p o r tan t o r h i g h - ri s k e l e m e n ts m i s s i n g o r i n ad e q u ate –4 = m o s tl y m e e ts re q u i re m e n t wi th o n l y m i n o r o r l ow- ri s k e l e m e n ts m i s s i n g = f u l l y to m e e t b as i c re q u i re m e n t m e e ts re q u i re m e n t Take forward to summary sheet H o w to co m p l y wi th B S I S O - 60 Monitoring and auditing Record s m an ag em en t pol i cy an d respon si bi l i ty Form B/1 Ref: B/3/x Form A Ref System or process Score Acti on s req u i red (%) Averag e percen tag e score: * Pri ori ty * Respon si bi l i ty Targ et d ate for rem ed i al acti on (s) % Priority based on risk matrix (see p 4) Ann ex C 61 Form B/2 Ref: B/3/x Form A Ref System or process Score Acti on s req u i red (%) Averag e percen tag e score: * Priority based on risk matrix (see p 4) Pri ori ty * Respon si bi l i ty Targ et d ate for rem ed i al acti on (s) % H o w to co m p l y wi th B S I S O - 62 Record s m an ag em en t req u i rem en ts – record s ch aracteri sti cs Record s system ch aracteri sti cs Form B/3 Ref: B/3/x Form A Ref System or process Score Acti on s req u i red (%) Averag e percen tag e score: * Pri ori ty * Respon si bi l i ty Targ et d ate for rem ed i al acti on (s) % Priority based on risk matrix (see p 4) A n n e x C Form B/4 Ref: B/4/x Form A Ref System or process Score Acti on s req u i red (%) Averag e percen tag e score: * Priority based on risk matrix (see p 4) Pri ori ty * Respon si bi l i ty Targ et d ate for rem ed i al acti on (s) % H o w to co m p l y wi th B S I S O - 64 Record s system fu n cti on al i ty Record s m an ag em en t processes an d trol s Form B/5 Ref: B/5/x Form Ref System or process Score Acti on s req u i red (%) Averag e percen tag e score: * Pri ori ty * Respon si bi l i ty Targ et d ate for rem ed i al acti on (s) % Priority based on risk matrix (see p 4) A n n e x C Form B/6 Ref: B/6/x Form Ref System or process Score Acti on s req u i red (%) Averag e percen tag e score: * Priority based on risk matrix (see p 4) Pri ori ty * Respon si bi l i ty Targ et d ate for rem ed i al acti on (s) % H o w to co m p l y wi th B S I S O - 66 Record s m an ag em en t trai n i n g Record s m an ag em en t m on i tori n g an d au d i ti n g Form B/7 Ref: B/7/x Form Ref System or process Score Acti on s req u i red (%) Averag e percen tag e score: * Pri ori ty * Respon si bi l i ty Targ et d ate for rem ed i al acti on (s) % Priority based on risk matrix (see p 4) A n n e x C Nam e of org an i zati on : Ref SAC secti on Date SAC au d i t com pl eted : Score Acti on s req u i red (%) Policy and responsibility Records management requirements Design and implementation Process and control Monitoring and audit Training Aerage percentage score: Total percen tag e com pl i an t wi th BS I SO 5489-1 : Date for n ext SAC revi ew: Pri ori ty Respon si bi l i ty Targ et d ate for rem ed i al acti on (s) % % Si g n ed … … … … … … … … … … … … … … … … … … … … … Date… … … … … … … … … Posi ti on … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … How to comply with BS ISO 5489-1 68 Grand total – sel f-assessment compliance score: Form C BSI Group Headquarters Business Information 389 C hiswick High Road London W4 4AL Tel: +44 (0)20 8996 9001 Fax: +44 (0)20 8996 7001 Website: www bsi-global com Email: info@bsi-global com BSI order ref: BIP 0025-4 I SBN 978-0-5 80-49662 -2 780580 496622