Many of my students, over the years, have asked if organizations can be certified to ISO 15489 (Information and documentation – Records management). The answer is NO!
However, there is some good news! The International Organization for Standardization (ISO) has approved and published two standards with their new initiative to develop a series of management system standards for records. They are:
• ISO/DIS 30300 Management system for records – Fundamentals and Vocabulary
• ISO/DIS 30301 Management system for records – Requirements.
ISO published the MSR in the same way that other management system standards (MSS) were developed and approved. Other examples are: e.g. ISO 9000 - Quality management systems, ISO 14001 – Environmental management systems, ISO 27001 - Information Security 1 ISO/TC 46/SC 11N1068 N1069 management systems. It provides a global, standardized approach to management systems.
The MSR standards are aimed at management. There is still the need to communicate to top management about good records management, and get their commitment to provide the appropriate leadership, funds and people for the implementation of records management processes – to support accountability and effective business. These standards are intended to align records processes with the most applied management methodologies known as ‘management systems’. According to ISO, a ‘management system’ is a ‘framework of policies, procedures, guidelines and associated resources to achieve the objectives of the organization’.
The MSR standards are an organization-wide, strategic approach to providing the right framework for implementation of records management operational processes, systems and controls based on international best practice. An MSR links the overall management system implemented by top management to the operational records activities. As such, the MSR standards are presented at a higher level than ISO15489, aimed at the controls and processes for managing the organization and establishing the strategic framework for good records management, including policy, leadership, planning, and monitoring. ISO’s position is that ISO 15489 is aimed more at the operational aspects of records management – focused on the controls and processes for managing records.
ISO/DIS 30300 is the first management system standard for records. All management system standards begin their series with a statement of the fundamentals of their discipline. ISO/DIS 30300 defines the key principles behind an MSR, and the terms and definitions used throughout the MSR standards. And, by the way, their terms and definitions can differ from those in ISO 15489.
ISO/DIS 30301 sets out the requirements that must be met by an MSR. Certification of an organization’s MSR (by an independent body) is done against the requirements in this standard.
These MSR standards are not meant to replace ISO 15489. The two will have to work in conjunction with one another for organizations to be successful.
What I particular appreciate in the MSR is the idea of managing records as assets. ‘Asset’ refers to anything that has value to the organization, e.g. information, software, physical, services,people, and intangibles.
There is a strong need to identify ‘records’ as ‘valuable’ to organizations without falling into the difficulty of quantifying or defining value. The use of the word ‘asset’ reflects this requirement. The inclusion of ‘asset’ is considered important for top management – who should be concerned about evidence-based governance, capacity building, sustainable development and value added business process.
It is also made clear in the MSR that ‘records’ are to be kept for a reason, not merely accumulated by default.
Organizations can be certified against the MSR standards! The MSR provides a strong, measurable and accountable organizational framework for the records management processes and controls. It provides policy, objectives, leadership, support, planning and performance evaluation – all closely linked to the organization’s business goals and policies, which can all be measured.
With ISO 30301 having been published, any certification body can build its own certification scheme within their country. Certification bodies can offer third party certification as part of their portfolio of services.
ISO is currently developing ISO 30302 - Management System for Records - Guidelines for Implementation. This will be a guide to help organizations implement an MSR in accordance with the ISO 30301 requirements (we will need to watch to see when this guideline is published). However, you do not need to wait for ISO 30302 to implement an MSR. You can start on your own at any time.
ISO is also developing an additional publication, Management system for records – Requirements for bodies providing audit and certification. This will contain the requirements for independent bodies providing audit and certification of an organization’s MSR, in accordance with ISO/DIS 30301.
These are exciting developments from ISO! We will have to watch for these new publications. At the same time, we need to seriously look at these Management system for records standards to see how we can, both, gain support for, and improve, our records management programs within our own organizations.#ECM #ERM #ElectronicRecordsManagement