What is ISO 15489?
ISO 15489 is an international standard created by the International Organization for Standardization (ISO) for records management, recognized and adopted globally. The first version, which was published in 2001, has been revised and republished with the most recent 2016 version. Originally, it has two parts: Part 1 defines the concepts and principles that lay down the guidelines for creating, capturing, and managing records; Part 2 then (which was withdrawn) outlines the specific guidelines for the standard.
Organizations follow this standard to effectively manage their records and documents according to a set of guiding concepts and principles. Ultimately, ISO 15489 is helpful in letting businesses have secure and efficient recordkeeping and records management processes that can help them in various aspects and business functions, such as safety management, data privacy protection, and continuous improvement initiatives.
Brief History
What are the Differences Between ISO 15489:2001 and ISO 15489:2016?
For a brief overview, here’s a straightforward comparison of the standard’s 2001 and 2016 versions:
| ISO 15489-1:2001 | ISO 15489-1:2016 |
| Section 1: Scope | |
| Section 2: Normative references | |
| Section 3: Terms and definitions | |
| Section 4: Benefits of records management | Section 4: Principles for managing records |
| Section 5: Regulatory environment | Section 5: Records and records systems |
| Section 6: Policy and responsibilities | Section 6: Policies and responsibilities |
| Section 7: Records management requirements | Section 7: Appraisal |
| Section 8: Design and implementation of a records system | Section 8: Records controls |
| Section 9: Records management processes and controls | Section 9: Processes for creating, capturing and managing records |
| Section 10: Monitoring and auditing | Moved as a subsection of Section 6 (Section 6.4) |
| Section 11: Training | Moved as a subsection of Section 6 (Section 6.5) |
What Happened to ISO 15489 Part 2?
The former ISO 15489 Part 2 was withdrawn in 2017 and instead of revising it, new projects were published. These include the following:
- ISO 16175: Information and documentation — Processes and functional requirements for software for managing records
- ISO 21946: Information and documentation — Appraisal for managing records
- ISO 21965: Information and documentation — Records management in enterprise architecture
- ISO 22428: Managing records in cloud computing environments
What is the Purpose of ISO 15489-1 2016?
According to the ISO, records are considered pieces of evidence of business activity and information assets. Depending on the type of business, an organization’s level of reliance on records, documents, and information may vary. Regardless, having a records management framework with a proper records lifecycle process can result in various benefits, both for the short and long term.
Establishing a functional records management approach can be done more effectively by following a global standard’s principles and practices. This is where ISO 15489 comes in. The first part of ISO 15489:2016 highlights the principles and concepts of an organization’s records management approach.
Also, conforming with a global standard on a records management system like ISO 15489 helps an organization comply with laws and regulations exclusive to their jurisdiction while meeting world-class standards at the same time.
The Standard’s Principles and Requirements
As the nature of business records and the methods of managing them evolve over time mainly due to digitalization, it’s essential to regularly check your organization’s guidelines and processes in records management to keep up with the changes.
To guide you, following a global standard like ISO 15489 can help. The ISO 15489 overview is comprised of the following clauses:
- Scope – Outlines principles relating to metadata for records and records systems, records controls, policies, and processes, among others.
- Normative references – States that there are no normative references for the standard.
- Terms and definitions – Defines the terminology applicable to the document or standard.
- Principles for managing records – The process of records management is practically based on five principles:
- In any context, the phases of creating, capturing, and managing records are all key parts of conducting business.
- Any form or structure of records is considered authoritative evidence of business as long as they have the characteristics of authenticity, reliability, integrity, and usability.
- Records must consist of content and metadata to describe their context, content, structure, and the way they’re managed.
- Conducting analysis and risk assessment on business activities in legal, regulatory, and societal contexts is essential to form decisions regarding the creation, capturing, and management of records.
- The systems for records management are helpful in applying the records controls and executing processes to create, capture, and manage records. These depend on the defined policies, responsibilities, monitoring and evaluation, and training to meet records requirements.
- Records and records systems – Describes the general characteristics and attributes of records and records systems.
- Policies and responsibilities – Highlights the general policies, responsibilities, monitoring and evaluation processes, and competence and training efforts for the standard.
- Appraisal – Specifies processes and guidelines in conducting evaluation and appraisal of business activities toward determining the records needed to be created, captured, and maintained.
- Records controls – Lists the controls needed to be designed and implemented, such as metadata schemas as well as access and permissions rules, among others.
- Processes for creating, capturing, and managing records – Discusses the specific processes to be integrated into procedures and applicable systems in an organization, including classification and indexing, access control, storing records, and the migration or conversion of records.
Improve your GRC management
Simplify risk management and compliance with our centralized platform, designed to integrate and automate processes for optimal governance.
Explore nowExamples
Some examples of where following a records management standard like ISO 15489 is highly beneficial are in the realm of privacy. These include the following:
- The European Union’s (EU) General Data Protection Regulation (GDPR)
- Australia’s Privacy Act
- California’s Consumer Privacy Act (CCPA)
- American Health Information Management Association (AHIMA)
These laws and regulations tackle guidelines, requirements, and processes for organizations under each jurisdiction that they should follow for collecting, creating, storing, updating, maintaining, and protecting consumer information and the general public’s data. Hence, following a set of guiding principles and practices outlined in an international standard helps businesses maintain compliance or conformance with statutory requirements.
Training
Since business records help provide context to activities and processes, it’s highly necessary to have well-trained records managers and employees in identifying records when they are created. Also, they must be well-informed about the concepts of records and information management so that they can help various departments and functions effectively use and store relevant records.
Different types of training programs can be implemented, including sit-down sessions to align those in charge of records management with the standard practices the organization must follow. Requirements on records retention must also be properly disseminated and enforced for strict compliance.
In these initiatives, using Training can help make learning more accessible and effective. Also, your ISO 15489 training efforts can be more streamlined, letting everyone involved in this business aspect be aligned with the practices and processes to implement toward an effective records management system.
FAQs About ISO 15489
Record management ensures that business or organizational records are identified, maintained, and stored securely to help achieve business objectives, provide context to business processes, and continuously improve systems. In the same way, this process is also useful in discarding unimportant information and records.
Depending on the type of business, the job title of the one responsible for record management may vary. Commonly, archivists, records managers, records administrators, and custodians are in charge of managing a business’s records and documents.
While records management can be a part of any type or size of an organization, ISO 15489 is typically used in industries that deal with sensitive information (e.g., healthcare) and in businesses that maintain large amounts of records for business purposes (e.g., retail, manufacturing, and hospitality).
As with other ISO standards, an ISO 15489 certification or conformance isn’t a requirement for businesses and organizations. However, following the principles and practices recommended by the standard can help result in many advantages. Such include:
- reduced costs since records/documents are easily accessible and can help in processes;
- better-managed risks since there are data available through records that can be used in proposing solutions and proactively addressing problems; and
- having a system of recordkeeping that supports an organization’s objectives.
Patricia Guevara
