ISO 30301 - new international standard on record management systems
By Dr. Lalith Senaweera
In the prevailing competitive environment many organisations are
taking steps to streamline the business process to provide an effective
and efficient service to clients. Most organisations revisit business
process by reviewing records to determine the status of the services and
to initiate appropriate improvements.
In this regard, records play a vital role. Therefore, the importance
of maintaining the relevant records in the right manner needs to be
considered for the development of the business process.
Not only would the perusing of relevant records help to trace the
history of any activity but also issues connected to that activity in
the organisation, if such records are properly maintained.
In other words there is a need to have an efficient system to keep
control of records. It is a fact that each and every organisation is
tied up with the external environment and the organisation has to
provide correct information to the regulators or interested parties as
and when needed and, therefore, in such instances an efficient records
control system would help the organisation to provide such information
in a fast and efficient manner.
International initiatives
Considering the necessity of having the best practice for records
management the International Organisation for Standardisation (ISO) with
experts drawn from 27 countries on five continents developed the
International Management System Standards for records.
ISO 30300:2011 - 'Information and documentation - Management systems
for records - Fundamentals and vocabulary' and ISO 30301:2011 -
'Information and documentation - Management systems for records -
Requirements'.
In this series of ISO standards, ISO 30300 can be considered the
umbrella standard as it includes the fundamentals and vocabulary common
to the whole series, while ISO 30301 specifies needs for a management
system for records.
Moreover, a number of other standards in the ISO 30300 series is in
the process of development.
These standards are compatible with other Management System Standards
(MSS) developed by ISO, such as ISO 9001 - Quality management, ISO 14001
- Environmental management, ISO 22000 - Food Safety Management, ISO
50001 - Energy Management System, ISO and IEC 27001 - Information
Security Management.
The ISO 30300 series offers the methodology to implement a Management
System for Records (MSR) based on a systematic approach to the creation
and management of records, aligned with organisational objectives and
strategies.
ISO 30300:2011 MSR - specifies the needs to develop a records policy.
It also sets objectives and targets for an organisation to implement
systemic improvements.
It is possible to achieve this by designing record processes and
systems, estimating the appropriate allocation of resources and setting
up benchmarks to monitor, measure and evaluate outcome.
These steps help ensure that corrective action can be taken and
controls in Annex A of ISO 30301 are directly related to the technical
information in the related standards. .
Fundamentals
ISO 30300 defines terms and definitions applicable to the MSR
standards. It contains some terms that are identical to or adapted from
ISO 15489-1 plus other terms.
Implementing a MSR creates and controls records in a systematic and
verifiable manner to: * Conduct business and deliver services
efficiently, * Meet legislative, regulatory and accountability needs, *
Optimise decision-making, operational consistency and continuity of an
organisation, * Facilitate the effective operation of an organisation in
the event of a disaster, * Provide protection and support in litigation,
including the management of risks associated with the existence of or
lack of evidence of organisational activity.
The process approach to a MSR is also detailed in the standard and
emphasises the importance of:
* Identifying the organisation's needs with regard to records,
including stakeholder's needs and expectations and setting up policy and
objectives for records, * Implementing and operating controls for
managing an organisation's risk in relation to its records, in the
context of its overall business risks, * Monitoring and reviewing the
performance and effectiveness of the MSR, * Continual improvement based
in objective measurement.
This standard also covers the relationship between the MSR and the
management system.
The MSR sets the policy, objectives and directive framework to
control the organisation's records in records systems and ensure that
the record systems meet organisational needs.
ISO 30301 Standard
The standards cover seven sections and the needs under each section
are:
* Context of the organisation
When setting up and reviewing its MSR, an organisation shall take
into account all external and internal factors that are relevant.
The external and internal factors identified and taken into account
when setting up and reviewing the MSR shall be documented.
* Leadership
Top management shall demonstrate its commitment by ensuring MSR is
compatible with the strategic direction of the organisation and
integrating the MSR needs into the organisation's business processes
while directing and supporting continual improvement.
* Planning
The organisation shall evaluate the need to plan action to address
the risk and opportunities and where applicable, integrate and implement
these actions into its MSR processes while ensuring that information
will be available to evaluate whether the actions have been effective.
* Support
Top management of the organisation shall allocate and maintain the
resources needed for MSR.
* Operation
The organisation shall determine, plan, implement and control the
process needed to address the risks and opportunities and set up
criteria for the processes.
* Performance evaluation
The organisation shall determine what needs to be measured and
monitored.
The methods for monitoring, measurement, analysis and evaluation, as
applicable, to ensue valid results.
* Improvement
The organisation shall continually improve the effectiveness of MSR
through the use of the records policy, records objectives, audit result,
analysis of data, corrective and preventive action and management
evolution.
Benefits of MSR:
* Will protect the organisation from intensified commercial
competition.
* Help make adjustments to suit technological change leading to
e-commerce and e-government.
* Meet the speed of communications and dissemination of information
through the Internet.
* Will meet the challenges arising out of increasing complexity of
the regulatory environment whether local, national, or international.
Creation and management of records are integral to any organisation's
activities, process and systems.
They enable business efficiency, accountability, risk management and
business continuity. They also enable organisations to capitalise on the
value of their information resources as business, commercial and
knowledge assets and to contribute to the preservation of collective
memory, in response to the challenges of the global and digital
environment.
Implementation of a records policy and objectives based soundly on
the organisation's needs will ensure that authoritative and reliable
information about and evidence of business activities is created,
managed and made accessible to those who need it for as long as
necessary.
Successful implementation of good records policy and objectives
results in records and records systems adequate for an organisation's
needs.
Implementing a MSR in an organisation also guarantees the
transparency and traceability of decisions made by responsible
management and the recognition of public interest.
The writer is the Director General of the Sri Lanka Standards
Institution |