ISO 30301 - new international standard on record management systems

By Dr. Lalith Senaweera

In the prevailing competitive environment many organisations are taking steps to streamline the business process to provide an effective and efficient service to clients. Most organisations revisit business process by reviewing records to determine the status of the services and to initiate appropriate improvements.

In this regard, records play a vital role. Therefore, the importance of maintaining the relevant records in the right manner needs to be considered for the development of the business process.

Not only would the perusing of relevant records help to trace the history of any activity but also issues connected to that activity in the organisation, if such records are properly maintained.

In other words there is a need to have an efficient system to keep control of records. It is a fact that each and every organisation is tied up with the external environment and the organisation has to provide correct information to the regulators or interested parties as and when needed and, therefore, in such instances an efficient records control system would help the organisation to provide such information in a fast and efficient manner.

International initiatives

Considering the necessity of having the best practice for records management the International Organisation for Standardisation (ISO) with experts drawn from 27 countries on five continents developed the International Management System Standards for records.

ISO 30300:2011 - 'Information and documentation - Management systems for records - Fundamentals and vocabulary' and ISO 30301:2011 - 'Information and documentation - Management systems for records - Requirements'.

In this series of ISO standards, ISO 30300 can be considered the umbrella standard as it includes the fundamentals and vocabulary common to the whole series, while ISO 30301 specifies needs for a management system for records.

Moreover, a number of other standards in the ISO 30300 series is in the process of development.

These standards are compatible with other Management System Standards (MSS) developed by ISO, such as ISO 9001 - Quality management, ISO 14001 - Environmental management, ISO 22000 - Food Safety Management, ISO 50001 - Energy Management System, ISO and IEC 27001 - Information Security Management.

The ISO 30300 series offers the methodology to implement a Management System for Records (MSR) based on a systematic approach to the creation and management of records, aligned with organisational objectives and strategies.

ISO 30300:2011 MSR - specifies the needs to develop a records policy. It also sets objectives and targets for an organisation to implement systemic improvements.

It is possible to achieve this by designing record processes and systems, estimating the appropriate allocation of resources and setting up benchmarks to monitor, measure and evaluate outcome.

These steps help ensure that corrective action can be taken and controls in Annex A of ISO 30301 are directly related to the technical information in the related standards. .

Fundamentals

ISO 30300 defines terms and definitions applicable to the MSR standards. It contains some terms that are identical to or adapted from ISO 15489-1 plus other terms.

Implementing a MSR creates and controls records in a systematic and verifiable manner to: * Conduct business and deliver services efficiently, * Meet legislative, regulatory and accountability needs, * Optimise decision-making, operational consistency and continuity of an organisation, * Facilitate the effective operation of an organisation in the event of a disaster, * Provide protection and support in litigation, including the management of risks associated with the existence of or lack of evidence of organisational activity.

The process approach to a MSR is also detailed in the standard and emphasises the importance of:

* Identifying the organisation's needs with regard to records, including stakeholder's needs and expectations and setting up policy and objectives for records, * Implementing and operating controls for managing an organisation's risk in relation to its records, in the context of its overall business risks, * Monitoring and reviewing the performance and effectiveness of the MSR, * Continual improvement based in objective measurement.

This standard also covers the relationship between the MSR and the management system.

The MSR sets the policy, objectives and directive framework to control the organisation's records in records systems and ensure that the record systems meet organisational needs.

ISO 30301 Standard

The standards cover seven sections and the needs under each section are:

* Context of the organisation

When setting up and reviewing its MSR, an organisation shall take into account all external and internal factors that are relevant.

The external and internal factors identified and taken into account when setting up and reviewing the MSR shall be documented.

* Leadership

Top management shall demonstrate its commitment by ensuring MSR is compatible with the strategic direction of the organisation and integrating the MSR needs into the organisation's business processes while directing and supporting continual improvement.

* Planning

The organisation shall evaluate the need to plan action to address the risk and opportunities and where applicable, integrate and implement these actions into its MSR processes while ensuring that information will be available to evaluate whether the actions have been effective.

* Support

Top management of the organisation shall allocate and maintain the resources needed for MSR.

* Operation

The organisation shall determine, plan, implement and control the process needed to address the risks and opportunities and set up criteria for the processes.

* Performance evaluation

The organisation shall determine what needs to be measured and monitored.

The methods for monitoring, measurement, analysis and evaluation, as applicable, to ensue valid results.

* Improvement

The organisation shall continually improve the effectiveness of MSR through the use of the records policy, records objectives, audit result, analysis of data, corrective and preventive action and management evolution.

Benefits of MSR:

* Will protect the organisation from intensified commercial competition.

* Help make adjustments to suit technological change leading to e-commerce and e-government.

* Meet the speed of communications and dissemination of information through the Internet.

* Will meet the challenges arising out of increasing complexity of the regulatory environment whether local, national, or international.

Creation and management of records are integral to any organisation's activities, process and systems.

They enable business efficiency, accountability, risk management and business continuity. They also enable organisations to capitalise on the value of their information resources as business, commercial and knowledge assets and to contribute to the preservation of collective memory, in response to the challenges of the global and digital environment.

Implementation of a records policy and objectives based soundly on the organisation's needs will ensure that authoritative and reliable information about and evidence of business activities is created, managed and made accessible to those who need it for as long as necessary.

Successful implementation of good records policy and objectives results in records and records systems adequate for an organisation's needs.

Implementing a MSR in an organisation also guarantees the transparency and traceability of decisions made by responsible management and the recognition of public interest.

The writer is the Director General of the Sri Lanka Standards Institution