BS ISO 15489-1:2016

What is ISO 15489-1 about?  

ISO 15489-1 discusses information and documentation. ISO 15489-1 is the first part of the ISO 15489 series of standards that defines the concepts and principles from which approaches to the creation, capture, and management of records are developed. ISO 15489-1 will help cross-sector organizations to comply with data protection legislation and in particular, will help them meet the enhanced information governance obligations arising from the new General Data Protection Regulation.  

ISO 15489 describes concepts and principles relating to the following: 

• Records, metadata for records and records systems 
• Policies, assigned responsibilities, monitoring, and training supporting the effective management of records 
• Recurrent analysis of business context and the identification of records requirements 
• Records controls 
• Processes for creating, capturing, and managing records 

Note: ISO 15489-1 is not intended to provide detailed implementation advice for specific environments in which records are created, captured, and managed. 

Note: Organizations seeking to implement, operate and improve an MSR are advised to use this part of ISO 15489 in conjunction with the ISO 30300 series of International Standards. 

Who is ISO 15489-1 for? 

ISO 15489-1 on record management is useful for: 

• Information risk and governance officers 
• Records managers 
• Information managers 
• IT managers 
• Information security managers 
• Architects 
• Chief information officers 
• Archivists, special librarians 
• Knowledge management professionals 
• Business administrators 
• Legal advisors 

Why should you use ISO 15489-1?  

Records are both evidence of business activity and information assets. They can be distinguished from other information assets by their role as evidence in the transaction of business and by their reliance on metadata.  Increasingly, records are made and kept in digital environments, offering a range of opportunities for new kinds of use and reuse. Digital environments also allow greater flexibility in the implementation of records controls, within and between systems that manage records. 

ISO 15489-1 defines key concepts and establishes high-level principles from which 
records controls, processes, and systems for managing records in any environment may be developed. Advice on the design and implementation of controls, processes, and systems for managing records in these different environments is addressed in subsequent part(s) and in other International Standards and Technical Reports. 

Approaches to the creation, capture and management of records based on the concepts and principles in ISO 15489-1 ensure that authoritative evidence of business is created, captured, managed, and made accessible to those who need it, for as long as it is required. This enables the following: 

• Improve transparency and accountability 
• Effective policy formation; informed decision-making 
• Management of business risks; continuity in the event of a disaster 
• The protection of rights and obligations of organizations and individuals 
• Protection and support in litigation; compliance with legislation and regulations 
• Improve the ability to demonstrate corporate responsibility, including meeting sustainability goals 
• Reduction of costs through greater business efficiency; protection of intellectual property 
• Evidence-based research and development activities 
• The formation of business, personal and cultural identity; the protection of corporate, personal, and collective memory 

What’s changed since the last update?  

BS ISO 15489-1:2016 cancels and replaces BS ISO 15489-1:2001. BS ISO 15489-1:2016 includes the following principal changes: 

• Focusses only on principles and concepts and no longer provides a prescribed implementation methodology 
• Re-interprets the traditional term “appraisal” as a core activity for determining records requirements 
• Greater emphasis on the importance of metadata as an essential part of managing records and on the need for independence of records metadata from specific systems and environments 
• Broadened definition of the role of records as both enablers of business activity and information assets 
• Highlights increased opportunities for records use and reuse in the digital environment 
• Greater focus on the need to extend systems and rules for the creation, capture, and management of records beyond traditional organizational boundaries, such as collaborative and multi-jurisdictional work 
• Greater emphasis on the importance of risk management in devising strategies for managing records, and the management of records as a risk management strategy in itself