Information and documentation -- Management systems for records -- Guidelines for implementation

ISO 30302:2015 gives guidance for the implementation of a MSR in accordance with ISO 30301. This International Standard is intended to be used in conjunction with ISO 30300 and ISO 30301. This International Standard does not modify and/or reduce the requirements specified in ISO 30301. It describes the activities to be undertaken when designing and implementing a MSR. ISO 30302:2015 is intended to be used by any organization implementing a MSR. It is applicable to all types of organization (e.g. commercial enterprises, government agencies, non-profit organizations) of all sizes.

Information et documentation -- Système de gestion des documents d'activité -- Lignes directrices de mise en oeuvre

L'ISO 30302:2015 fournit des lignes directrices pour la mise en ?uvre d'un Systčme de Gestion des Documents d'Activité (SGDA) conforme ŕ l'ISO 30301. La présente Norme internationale est destinée ŕ ętre utilisée conjointement avec l'ISO 30300 et l'ISO 30301. La présente Norme internationale ne modifie pas et/ou ne restreint pas les exigences spécifiées dans l'ISO 30301. Elle décrit les activités ŕ entreprendre pour concevoir et mettre en ?uvre un SGDA. L'ISO 30302:2015 est destinée ŕ ętre utilisée par tout organisme mettant en ?uvre un SGDA. Elle est applicable ŕ tous les types d'organismes (par exemple: entreprises commerciales, organismes publics, organismes ŕ but non lucratif) de toutes tailles.

Informatika in dokumentacija - Sistemi za upravljanje zapisov - Smernice za uvedbo

Ta mednarodni standard podaja smernice za uvedbo sistemov za upravljanje zapisov v skladu s standardom ISO 30301. Ta mednarodni standard je treba uporabljati v povezavi s standardoma ISO 30300 in ISO 30301. Ta mednarodni standard ne spreminja in/ali zmanjšuje nobenih zahtev, ki so podane v standardu ISO 30301. Opisuje dejavnosti, ki jih je treba izvesti pri načrtovanju in uvajanju sistema za upravljanje zapisov.
Ta mednarodni standard je namenjen organizacijam, ki uvajajo sistem za upravljanje zapisov. Uporablja
se za vse vrste organizacij (npr. komercialna podjetja, vladne agencije, neprofitne organizacije) vseh velikosti.

General Information

Status
Published
Publication Date
18-Oct-2015
Current Stage
9092 - International Standard to be revised
Start Date
10-Aug-2020

Buy Standard

Standard
ISO 30302:2015 - Information and documentation -- Management systems for records -- Guidelines for implementation
English language
30 pages
sale 15% off
Preview
sale 15% off
Preview
Standard
ISO 30302:2017
English language
36 pages
sale 10% off
Preview
sale 10% off
Preview

e-Library read for
1 day
Standard
ISO 30302:2015 - Information et documentation -- Systeme de gestion des documents d'activité -- Lignes directrices de mise en oeuvre
French language
33 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

INTERNATIONAL ISO
STANDARD 30302
First edition
2015-09-15
Information and documentation —
Management systems for records —
Guidelines for implementation
Information et documentation — Système de gestion des documents
d’activité — Lignes directrices de mise en oeuvre
Reference number
ISO 30302:2015(E)
ISO 2015
---------------------- Page: 1 ----------------------
ISO 30302:2015(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2015, Published in Switzerland

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form

or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior

written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of

the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO 2015 – All rights reserved
---------------------- Page: 2 ----------------------
ISO 30302:2015(E)
Contents Page

Foreword ........................................................................................................................................................................................................................................iv

Introduction ..................................................................................................................................................................................................................................v

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

4 Context of the organization ....................................................................................................................................................................... 1

4.1 Understanding of the organization and its context ................................................................................................. 1

4.2 Business, legal and other requirements ............................................................................................................................ 2

4.3 Defining the scope of the MSR ................................................................................................................................................... 3

5 Leadership .................................................................................................................................................................................................................. 4

5.1 Management commitment ............................................................................................................................................................ 4

5.2 Policy ............................................................................................................................................................................................................... 4

5.3 Organizational roles, responsibilities and authorities.......................................................................................... 5

5.3.1 General...................................................................................................................................................................................... 5

5.3.2 Management responsibilities ................................................................................................................................ 6

5.3.3 Operational responsibilities ................................................................................................................................... 7

6 Planning ......................................................................................................................................................................................................................... 7

6.1 Actions to address risks and opportunities ................................................................................................................... 7

6.2 Records objectives and plans to achieve them ............................................................................................................ 9

7 Support ........................................................................................................................................................................................................................10

7.1 Resources ..................................................................................................................................................................................................10

7.2 Competence ............................................................................................................................................................................................11

7.3 Awareness and training ................................................................................................................................................................12

7.4 Communication ...................................................................................................................................................................................13

7.5 Documentation ....................................................................................................................................................................................14

7.5.1 General...................................................................................................................................................................................14

7.5.2 Control of documentation .....................................................................................................................................15

8 Operation ..................................................................................................................................................................................................................16

8.1 Operational planning and control .......................................................................................................................................16

8.2 Design of records processes .....................................................................................................................................................16

8.3 Implementation of records systems ..................................................................................................................................19

9 Performance evaluation ............................................................................................................................................................................21

9.1 Monitoring, measurement, analysis and evaluation ............................................................................................21

9.1.1 Determining what and how to monitor, measure, analyse and evaluate .....................21

9.1.2 Evaluation of the performance of records processes, systems and the

effectiveness of the MSR .........................................................................................................................................22

9.1.3 Assessing effectiveness ...........................................................................................................................................22

9.2 Internal system audit ......................................................................................................................................................................23

9.3 Management review ........................................................................................................................................................................24

10 Improvement .........................................................................................................................................................................................................25

10.1 Nonconformity control and corrective actions ........................................................................................................25

10.2 Continual improvement ...............................................................................................................................................................26

Annex A (informative) Examples of sources of information and requirements supporting

the analysis of organizational context ........................................................................................................................................27

Bibliography .............................................................................................................................................................................................................................30

© ISO 2015 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO 30302:2015(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www.iso.org/patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation on the meaning of ISO specific terms and expressions related to conformity

assessment, as well as information about ISO’s adherence to the WTO principles in the Technical

Barriers to Trade (TBT) see the following URL: Foreword - Supplementary information

The committee responsible for this document is ISO/TC 46, Information and documentation,

Subcommittee SC 11, Archives/records management.
iv © ISO 2015 – All rights reserved
---------------------- Page: 4 ----------------------
ISO 30302:2015(E)
Introduction

ISO 30302 is part of a series of International Standards, under the general title Information and

documentation — Management systems for records:

— ISO 30300, Information and documentation — Management systems for records — Fundamentals

and vocabulary

— ISO 30301, Information and documentation — Management systems for records — Requirements

— ISO 30302, Information and documentation — Management systems for records — Guidelines for

implementation

ISO 30300 specifies the terminology for the Management systems for records (MSR) series of standards

and the objectives and benefits of a MSR; ISO 30301 specifies the requirements for a MSR where an

organization needs to demonstrate its ability to create and control records from its business activities

for as long as they are required; ISO 30302 provides guidance for the implementation of a MSR.

The purpose of this International Standard is to provide practical guidance on how to implement a

management system for records (MSR) within an organization in accordance with ISO 30301. This

International Standard covers what is needed to establish and maintain a MSR.

The implementation of a MSR is generally executed as a project. A MSR can be implemented in

organizations with existing records systems or programmes to review and improve the management

of those systems or programmes or in organizations planning to implement a systematic and verifiable

approach to records creation and control for the first time. Guidance described in this International

Standard can be used in both situations.

It is assumed that organizations that decide to implement a MSR have made a preliminary assessment of

their existing records and records systems and have identified risks to be addressed and opportunities

for major improvements. For example, the decision to implement a MSR can be taken as a risk-reduction

measure for undertaking a major information technology platform change or outsourcing business

processes identified as high risk. Alternatively, the MSR can provide a standardized management

framework for major improvements such as integrating records processes with specific business

processes or improving control and management of records of online transactions or business use of

social media.

The use of this guidance is necessarily flexible. It depends on the size, nature and complexity of the

organization and the level of maturity of the MSR if one is already in place. Each organization’s context

and complexity is unique and its specific contextual requirements will drive the MSR implementation.

Smaller organizations will find that the activities described in this International Standard can be

simplified. Large or complex organizations might find that a layered management system is needed to

implement and manage the activities in this International Standard effectively.

Guidance in this International Standard follows the same structure as ISO 30301, describing the

activities to be undertaken to meet the requirements of ISO 30301 and how to document those activities.

Clause 4 deals with how to perform the analysis needed to implement a MSR. From this analysis, the

scope of the MSR is defined and the relationship between implementing a MSR and other management

systems is identified.

Clause 5 explains how to gain the commitment of top management. The commitment is expressed in a

records policy, the assignment of responsibilities, planning the implementation of the MSR and adopting

records objectives.

Clause 6 deals with planning, which is informed by high-level risk analysis, the contextual analysis (see

Clause 4), and the resources available (see Clause 7). Clause 7 outlines the support needed for the MSR,

such as resources, competence, training and communication, and documentation.
© ISO 2015 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO 30302:2015(E)

Clause 8 deals with defining or reviewing and planning the records processes to be implemented. It

draws on the contextual requirements and scope (see Clause 4) and is based on the records policy

(see 5.2), the risk analysis (see 6.1) and resources needed (see 7.1) to meet the records objectives

(see 6.2) in the planned implementation. Clause 8 explains what records processes and systems need to

be implemented for a MSR.

Clauses 9 and 10 deal with performance evaluation and improvement against planning, objectives and

requirements defined in ISO 30301.

For each of ISO 30301:2011, Clauses 4 to 10 , this International Standard provides the following:

a) the activities necessary to meet the requirements of ISO 30301 – activities can be done sequentially,

while some will need to be done simultaneously using the same contextual analysis;

b) inputs to the activities – these are the starting points and can be outputs from previous activities;

c) outputs of the activities – these are the results or deliverables on completion of the activities.

This International Standard is intended to be used by those responsible for leading the implementation

and maintenance of the MSR. It can also help top management in making decisions on the establishment,

scope and implementation of management systems in their organization. It is to be used by people

responsible for leading the implementation and maintenance of the MSR. The concepts of how to

design the operational records processes are based on the principles established by ISO 15489-1. Other

International Standards and Technical Reports developed by ISO/TC 46/SC 11 are the principal tools

for designing, implementing, monitoring and improving records processes, controls and systems, and

can be used in conjunction with this International Standard for implementing the detailed operational

elements of the MSR.

Organizations that have already implemented ISO 15489-1 can use this International Standard to

develop an organizational infrastructure for managing records under the systematic and verifiable

approach of the MSR.
vi © ISO 2015 – All rights reserved
---------------------- Page: 6 ----------------------
INTERNATIONAL STANDARD ISO 30302:2015(E)
Information and documentation — Management systems
for records — Guidelines for implementation
1 Scope

This International Standard gives guidance for the implementation of a MSR in accordance with

ISO 30301. This International Standard is intended to be used in conjunction with ISO 30300 and

ISO 30301. This International Standard does not modify and/or reduce the requirements specified in

ISO 30301. It describes the activities to be undertaken when designing and implementing a MSR.

This International Standard is intended to be used by any organization implementing a MSR. It is

applicable to all types of organization (e.g. commercial enterprises, government agencies, non-profit

organizations) of all sizes.
2 Normative references

The following documents, in whole or in part, are normatively referenced in this document and are

indispensable for its application. For dated references, only the edition cited applies. For undated

references, the latest edition of the referenced document (including any amendments) applies.

ISO 30300, Information and documentation — Management systems for records — Fundamentals and

vocabulary

ISO 30301:2011, Information and documentation — Management systems for records — Requirements

3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO 30300 apply.

4 Context of the organization
4.1 Understanding of the organization and its context

The context of the organization should determine and drive the implementation and improvement of

a MSR. The requirements of this Clause are intended to ensure the organization has considered its

context and needs as part of the implementation of a MSR. These requirements are met by analysing

the organization’s context. This analysis should be performed as the first step of the implementation to

a) identify internal and external factors (see 4.1),
b) identify business, legal and other requirements (see 4.2), and
c) define the scope of the MSR (see 4.3) and identify risks (see Clause 6).

NOTE 1 When the scope of the MSR is stated by top management at the starting point, before identifying

factors and the need for records, the extent of the contextual analysis is defined by the scope as stated.

NOTE 2 This MSS approach for context analysis and identification of requirements is compatible with the

analysis process (appraisal) proposed by ISO 15489-1 which also includes elements of planning (see Clause 6)

and identification of needs of records (see Clause 8).

Contextual information needs to be from a reliable source, accurate, up to date and complete. Regular

review of the sources of this information ensures the accuracy and reliability of the contextual analysis.

© ISO 2015 – All rights reserved 1
---------------------- Page: 7 ----------------------
ISO 30302:2015(E)

A.1 provides examples of sources of information about the organization’s internal and external context

and examples of potential stakeholders.

In identifying how the context affects the MSR, examples of important factors can be

1) how a competitive market affects the need to demonstrate efficient processes,

2) how external stakeholders’ values or perceptions affect records retention decisions or information

access decisions,

3) how the information technology infrastructure and information architecture can affect the

availability of records systems or records,

4) how the skills and competencies within the organization can affect the need for training or

external assistance,

5) how legislative instruments, policies, standards and codes affect the design of records processes

and controls,

6) how the organizational culture can affect compliance with the requirements of the MSR, and

7) how the complexity of the organization’s structure, business and legislative environment will affect

records policy, processes and controls (e.g. in a multi-jurisdictional environment).

Depending on the organization, the identification of internal and external factors may have been

performed for other purposes, including the implementation of other management system standards.

In such cases, a new analysis may not be needed and an adaptation will suffice.

The contextual analysis is a continual process. It informs the establishment and systematic evaluation

of the MSR (see Clause 9) and supports the cycle of continuous improvement (see Clause 10).

Output

Documented evidence that the analysis has been undertaken is a requirement of ISO 30301. Examples

are as follows:
— a list of internal and external factors to take into account;
— a chapter in a manual or project plan for implementing a MSR;

— a formal report on the analysis of the organization’s internal and external context and how it affects

and is affected by the MSR;
— a series of documents about the context of the organization.
4.2 Business, legal and other requirements

Using the result of the analysis described in 4.1 as the starting point, the legal, business and other

requirements are assessed in relation to the business activities and documented. The business

activities are the first elements that are analysed to identify the requirements that affect records

creation and control.
Identifying business requirements should take the following into account:

a) the nature of the activities of the organization (e.g. mining, financial advice, providing public

services, manufacturing, pharmaceutical, personal services, non-profit, community services);

b) the particular form or ownership of the organization (e.g. a trust, company or government

organization);

c) the particular sector to which the organization belongs (i.e. public or private sector, non-profit);

d) the jurisdiction(s) in which the organization operates.
2 © ISO 2015 – All rights reserved
---------------------- Page: 8 ----------------------
ISO 30302:2015(E)

Business requirements should be identified from the performance of current business processes and

also from the perspective of future planning and development. Special attention is needed when the

organization is implementing automated or digital business processes. In these cases, requirements can

change and need to be discussed with the people responsible for the development and implementation

of the proposed new processes.

Activities to determine all the mandatory legal and regulatory instruments applicable to the

organization include the following:
1) reviewing compliance requirements for sector-related legislation;

2) reviewing compliance for privacy and other records/data management legislation.

A.2 provides examples of the business, legal and other requirements relating to the creation and control

of records and for sources of expert assistance in identifying business, legal and other requirements.

Output

Documentation of the identification of the business, legal and other requirements is mandatory in order

to comply with ISO 30301. Requirements can be documented all together or in separate documents by

type of requirement. Examples of the kind of documentation are as follows:
— a list of requirements identified by type (e.g. business, legislative);
— a chapter in a manual or project plan for implementing a MSR;
— A formal report on identification of requirements for the MSR;

— a list of all laws and other codified regulatory or mandatory instruments that apply to the

organization relating to the creation and control of records;

— a Precedents Profile (a set of legal precedents on particular subject matters relevant to the

organization).
4.3 Defining the scope of the MSR

The scope of the MSR is a decision made by top management and clearly outlines the boundaries,

inclusions, exclusions, roles and relationships of the component parts of the MSR.

The scope can be defined as a result of the contextual analysis, taking into account identified factors

(see 4.1) and requirements (see 4.2) but also can be stated by top management from the starting point

before identifying factors and requirements.
The scope includes the following:

a) identification of what parts or functions of the organization are included. It can be the whole

organization, an area or department, a specific function or business process or a group of them;

b) identification of what parts or functions of other (related) organizations are included and the

relationships between them;

c) description of how the MSR integrates with the overall management system and with other

specific management systems implemented by the organization (e.g. ISO 9000, ISO 14000 and

ISO/IEC 27000);

d) identification of any processes that affect the MSR that are outsourced and the controls for the

entities responsible for the outsourced process.
© ISO 2015 – All rights reserved 3
---------------------- Page: 9 ----------------------
ISO 30302:2015(E)
Output

A documented statement defining the scope of the MSR is a requirement of the MSR. This statement can

be a single document or be included in other MSR documents such as the records policy (see 5.2) or in

manuals or project plans to implement the MSR.
5 Leadership
5.1 Management commitment

The commitment of top management to implementing the MSR is stated as explicitly and at the same

level of detail as for any other management systems implemented by the organization and as for its

other assets, e.g. human resources, finances and infrastructure. The requirement to demonstrate top

management commitment does not require a specific activity to be performed but is essential for

the success of the MSR. Commitment is also implicit in other requirements of ISO 30301 relating to

resources (see 7.1), communication (see 7.4) and management review (see 9.3).
Output

It is not mandatory to document top management’s commitment to the MSR, except in the records

policy (see 5.2), which can be considered as evidence of that commitment. Commitment can also be

demonstrated by actions or statements but depending on the nature and complexity of the organization,

evidence of commitment should be documented in addition to the records policy. Examples can be

found in the following:
— minutes of Boards of Directors or Boards of Management;
— statements in strategic and business plans;
— management resolutions and directives;
— budgets, business cases;
— communication plans.
5.2 Policy

The strategic direction of the organization, as defined by top management, is the basis for the records

policy. The records policy is established by top management as the driver for implementing and improving

an organization’s MSR and providing the benchmark for assessing the performance of the MSR.

Directions from top management need to be stated in a formal document. The document is not

normally drafted by top management but requires top management’s formal approval, independent of

the authors. Depending on the organization, top management can be identified by different positions

but the records policy should be endorsed by the person in the position recognized as the most senior.

The records policy contains the overall direction on how records creation and control meet the

organizational goals and provides the principles for action. It can be integrated into an overarching

management policy where more than one management systems standard are implemented. In this case,

the records policy does not require separate management endorsement.
Inputs to the records policy include the following:

a) analysis of the organizational context and identification of the requirements (see 4.1 to 4.2);

b) organizational goals and strategies;
c) influence of, or relationship of the policy to other organizational policies;
d) scope of the MSR (see 4.3);
4 © ISO 2015 – All rights reserved
---------------------- Page: 10 ----------------------
ISO 30302:2015(E)
e) organizational structure and delegations.
The records policy is a statement of intent and includes, for example,
1) purpose,
2) high-level directions for the creation and control of records,

3) high-level responsibilities or commitment for the creation and control of records,

4) indicatio
...

SLOVENSKI STANDARD
SIST ISO 30302:2017
01-februar-2017
Informatika in dokumentacija - Sistemi za upravljanje zapisov - Smernice za
uvedbo

Information and documentation -- Management systems for records -- Guidelines for

implementation

Information et documentation -- Système de gestion des documents d'activité -- Lignes

directrices de mise en oeuvre
Ta slovenski standard je istoveten z: ISO 30302:2015
ICS:
01.140.20 Informacijske vede Information sciences
03.100.70 Sistemi vodenja Management systems
SIST ISO 30302:2017 en,fr

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST ISO 30302:2017
---------------------- Page: 2 ----------------------
SIST ISO 30302:2017
INTERNATIONAL ISO
STANDARD 30302
First edition
2015-09-15
Information and documentation —
Management systems for records —
Guidelines for implementation
Information et documentation — Système de gestion des documents
d’activité — Lignes directrices de mise en oeuvre
Reference number
ISO 30302:2015(E)
ISO 2015
---------------------- Page: 3 ----------------------
SIST ISO 30302:2017
ISO 30302:2015(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2015, Published in Switzerland

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form

or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior

written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of

the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO 2015 – All rights reserved
---------------------- Page: 4 ----------------------
SIST ISO 30302:2017
ISO 30302:2015(E)
Contents Page

Foreword ........................................................................................................................................................................................................................................iv

Introduction ..................................................................................................................................................................................................................................v

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

4 Context of the organization ....................................................................................................................................................................... 1

4.1 Understanding of the organization and its context ................................................................................................. 1

4.2 Business, legal and other requirements ............................................................................................................................ 2

4.3 Defining the scope of the MSR ................................................................................................................................................... 3

5 Leadership .................................................................................................................................................................................................................. 4

5.1 Management commitment ............................................................................................................................................................ 4

5.2 Policy ............................................................................................................................................................................................................... 4

5.3 Organizational roles, responsibilities and authorities.......................................................................................... 5

5.3.1 General...................................................................................................................................................................................... 5

5.3.2 Management responsibilities ................................................................................................................................ 6

5.3.3 Operational responsibilities ................................................................................................................................... 7

6 Planning ......................................................................................................................................................................................................................... 7

6.1 Actions to address risks and opportunities ................................................................................................................... 7

6.2 Records objectives and plans to achieve them ............................................................................................................ 9

7 Support ........................................................................................................................................................................................................................10

7.1 Resources ..................................................................................................................................................................................................10

7.2 Competence ............................................................................................................................................................................................11

7.3 Awareness and training ................................................................................................................................................................12

7.4 Communication ...................................................................................................................................................................................13

7.5 Documentation ....................................................................................................................................................................................14

7.5.1 General...................................................................................................................................................................................14

7.5.2 Control of documentation .....................................................................................................................................15

8 Operation ..................................................................................................................................................................................................................16

8.1 Operational planning and control .......................................................................................................................................16

8.2 Design of records processes .....................................................................................................................................................16

8.3 Implementation of records systems ..................................................................................................................................19

9 Performance evaluation ............................................................................................................................................................................21

9.1 Monitoring, measurement, analysis and evaluation ............................................................................................21

9.1.1 Determining what and how to monitor, measure, analyse and evaluate .....................21

9.1.2 Evaluation of the performance of records processes, systems and the

effectiveness of the MSR .........................................................................................................................................22

9.1.3 Assessing effectiveness ...........................................................................................................................................22

9.2 Internal system audit ......................................................................................................................................................................23

9.3 Management review ........................................................................................................................................................................24

10 Improvement .........................................................................................................................................................................................................25

10.1 Nonconformity control and corrective actions ........................................................................................................25

10.2 Continual improvement ...............................................................................................................................................................26

Annex A (informative) Examples of sources of information and requirements supporting

the analysis of organizational context ........................................................................................................................................27

Bibliography .............................................................................................................................................................................................................................30

© ISO 2015 – All rights reserved iii
---------------------- Page: 5 ----------------------
SIST ISO 30302:2017
ISO 30302:2015(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www.iso.org/patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation on the meaning of ISO specific terms and expressions related to conformity

assessment, as well as information about ISO’s adherence to the WTO principles in the Technical

Barriers to Trade (TBT) see the following URL: Foreword - Supplementary information

The committee responsible for this document is ISO/TC 46, Information and documentation,

Subcommittee SC 11, Archives/records management.
iv © ISO 2015 – All rights reserved
---------------------- Page: 6 ----------------------
SIST ISO 30302:2017
ISO 30302:2015(E)
Introduction

ISO 30302 is part of a series of International Standards, under the general title Information and

documentation — Management systems for records:

— ISO 30300, Information and documentation — Management systems for records — Fundamentals

and vocabulary

— ISO 30301, Information and documentation — Management systems for records — Requirements

— ISO 30302, Information and documentation — Management systems for records — Guidelines for

implementation

ISO 30300 specifies the terminology for the Management systems for records (MSR) series of standards

and the objectives and benefits of a MSR; ISO 30301 specifies the requirements for a MSR where an

organization needs to demonstrate its ability to create and control records from its business activities

for as long as they are required; ISO 30302 provides guidance for the implementation of a MSR.

The purpose of this International Standard is to provide practical guidance on how to implement a

management system for records (MSR) within an organization in accordance with ISO 30301. This

International Standard covers what is needed to establish and maintain a MSR.

The implementation of a MSR is generally executed as a project. A MSR can be implemented in

organizations with existing records systems or programmes to review and improve the management

of those systems or programmes or in organizations planning to implement a systematic and verifiable

approach to records creation and control for the first time. Guidance described in this International

Standard can be used in both situations.

It is assumed that organizations that decide to implement a MSR have made a preliminary assessment of

their existing records and records systems and have identified risks to be addressed and opportunities

for major improvements. For example, the decision to implement a MSR can be taken as a risk-reduction

measure for undertaking a major information technology platform change or outsourcing business

processes identified as high risk. Alternatively, the MSR can provide a standardized management

framework for major improvements such as integrating records processes with specific business

processes or improving control and management of records of online transactions or business use of

social media.

The use of this guidance is necessarily flexible. It depends on the size, nature and complexity of the

organization and the level of maturity of the MSR if one is already in place. Each organization’s context

and complexity is unique and its specific contextual requirements will drive the MSR implementation.

Smaller organizations will find that the activities described in this International Standard can be

simplified. Large or complex organizations might find that a layered management system is needed to

implement and manage the activities in this International Standard effectively.

Guidance in this International Standard follows the same structure as ISO 30301, describing the

activities to be undertaken to meet the requirements of ISO 30301 and how to document those activities.

Clause 4 deals with how to perform the analysis needed to implement a MSR. From this analysis, the

scope of the MSR is defined and the relationship between implementing a MSR and other management

systems is identified.

Clause 5 explains how to gain the commitment of top management. The commitment is expressed in a

records policy, the assignment of responsibilities, planning the implementation of the MSR and adopting

records objectives.

Clause 6 deals with planning, which is informed by high-level risk analysis, the contextual analysis (see

Clause 4), and the resources available (see Clause 7). Clause 7 outlines the support needed for the MSR,

such as resources, competence, training and communication, and documentation.
© ISO 2015 – All rights reserved v
---------------------- Page: 7 ----------------------
SIST ISO 30302:2017
ISO 30302:2015(E)

Clause 8 deals with defining or reviewing and planning the records processes to be implemented. It

draws on the contextual requirements and scope (see Clause 4) and is based on the records policy

(see 5.2), the risk analysis (see 6.1) and resources needed (see 7.1) to meet the records objectives

(see 6.2) in the planned implementation. Clause 8 explains what records processes and systems need to

be implemented for a MSR.

Clauses 9 and 10 deal with performance evaluation and improvement against planning, objectives and

requirements defined in ISO 30301.

For each of ISO 30301:2011, Clauses 4 to 10 , this International Standard provides the following:

a) the activities necessary to meet the requirements of ISO 30301 – activities can be done sequentially,

while some will need to be done simultaneously using the same contextual analysis;

b) inputs to the activities – these are the starting points and can be outputs from previous activities;

c) outputs of the activities – these are the results or deliverables on completion of the activities.

This International Standard is intended to be used by those responsible for leading the implementation

and maintenance of the MSR. It can also help top management in making decisions on the establishment,

scope and implementation of management systems in their organization. It is to be used by people

responsible for leading the implementation and maintenance of the MSR. The concepts of how to

design the operational records processes are based on the principles established by ISO 15489-1. Other

International Standards and Technical Reports developed by ISO/TC 46/SC 11 are the principal tools

for designing, implementing, monitoring and improving records processes, controls and systems, and

can be used in conjunction with this International Standard for implementing the detailed operational

elements of the MSR.

Organizations that have already implemented ISO 15489-1 can use this International Standard to

develop an organizational infrastructure for managing records under the systematic and verifiable

approach of the MSR.
vi © ISO 2015 – All rights reserved
---------------------- Page: 8 ----------------------
SIST ISO 30302:2017
INTERNATIONAL STANDARD ISO 30302:2015(E)
Information and documentation — Management systems
for records — Guidelines for implementation
1 Scope

This International Standard gives guidance for the implementation of a MSR in accordance with

ISO 30301. This International Standard is intended to be used in conjunction with ISO 30300 and

ISO 30301. This International Standard does not modify and/or reduce the requirements specified in

ISO 30301. It describes the activities to be undertaken when designing and implementing a MSR.

This International Standard is intended to be used by any organization implementing a MSR. It is

applicable to all types of organization (e.g. commercial enterprises, government agencies, non-profit

organizations) of all sizes.
2 Normative references

The following documents, in whole or in part, are normatively referenced in this document and are

indispensable for its application. For dated references, only the edition cited applies. For undated

references, the latest edition of the referenced document (including any amendments) applies.

ISO 30300, Information and documentation — Management systems for records — Fundamentals and

vocabulary

ISO 30301:2011, Information and documentation — Management systems for records — Requirements

3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO 30300 apply.

4 Context of the organization
4.1 Understanding of the organization and its context

The context of the organization should determine and drive the implementation and improvement of

a MSR. The requirements of this Clause are intended to ensure the organization has considered its

context and needs as part of the implementation of a MSR. These requirements are met by analysing

the organization’s context. This analysis should be performed as the first step of the implementation to

a) identify internal and external factors (see 4.1),
b) identify business, legal and other requirements (see 4.2), and
c) define the scope of the MSR (see 4.3) and identify risks (see Clause 6).

NOTE 1 When the scope of the MSR is stated by top management at the starting point, before identifying

factors and the need for records, the extent of the contextual analysis is defined by the scope as stated.

NOTE 2 This MSS approach for context analysis and identification of requirements is compatible with the

analysis process (appraisal) proposed by ISO 15489-1 which also includes elements of planning (see Clause 6)

and identification of needs of records (see Clause 8).

Contextual information needs to be from a reliable source, accurate, up to date and complete. Regular

review of the sources of this information ensures the accuracy and reliability of the contextual analysis.

© ISO 2015 – All rights reserved 1
---------------------- Page: 9 ----------------------
SIST ISO 30302:2017
ISO 30302:2015(E)

A.1 provides examples of sources of information about the organization’s internal and external context

and examples of potential stakeholders.

In identifying how the context affects the MSR, examples of important factors can be

1) how a competitive market affects the need to demonstrate efficient processes,

2) how external stakeholders’ values or perceptions affect records retention decisions or information

access decisions,

3) how the information technology infrastructure and information architecture can affect the

availability of records systems or records,

4) how the skills and competencies within the organization can affect the need for training or

external assistance,

5) how legislative instruments, policies, standards and codes affect the design of records processes

and controls,

6) how the organizational culture can affect compliance with the requirements of the MSR, and

7) how the complexity of the organization’s structure, business and legislative environment will affect

records policy, processes and controls (e.g. in a multi-jurisdictional environment).

Depending on the organization, the identification of internal and external factors may have been

performed for other purposes, including the implementation of other management system standards.

In such cases, a new analysis may not be needed and an adaptation will suffice.

The contextual analysis is a continual process. It informs the establishment and systematic evaluation

of the MSR (see Clause 9) and supports the cycle of continuous improvement (see Clause 10).

Output

Documented evidence that the analysis has been undertaken is a requirement of ISO 30301. Examples

are as follows:
— a list of internal and external factors to take into account;
— a chapter in a manual or project plan for implementing a MSR;

— a formal report on the analysis of the organization’s internal and external context and how it affects

and is affected by the MSR;
— a series of documents about the context of the organization.
4.2 Business, legal and other requirements

Using the result of the analysis described in 4.1 as the starting point, the legal, business and other

requirements are assessed in relation to the business activities and documented. The business

activities are the first elements that are analysed to identify the requirements that affect records

creation and control.
Identifying business requirements should take the following into account:

a) the nature of the activities of the organization (e.g. mining, financial advice, providing public

services, manufacturing, pharmaceutical, personal services, non-profit, community services);

b) the particular form or ownership of the organization (e.g. a trust, company or government

organization);

c) the particular sector to which the organization belongs (i.e. public or private sector, non-profit);

d) the jurisdiction(s) in which the organization operates.
2 © ISO 2015 – All rights reserved
---------------------- Page: 10 ----------------------
SIST ISO 30302:2017
ISO 30302:2015(E)

Business requirements should be identified from the performance of current business processes and

also from the perspective of future planning and development. Special attention is needed when the

organization is implementing automated or digital business processes. In these cases, requirements can

change and need to be discussed with the people responsible for the development and implementation

of the proposed new processes.

Activities to determine all the mandatory legal and regulatory instruments applicable to the

organization include the following:
1) reviewing compliance requirements for sector-related legislation;

2) reviewing compliance for privacy and other records/data management legislation.

A.2 provides examples of the business, legal and other requirements relating to the creation and control

of records and for sources of expert assistance in identifying business, legal and other requirements.

Output

Documentation of the identification of the business, legal and other requirements is mandatory in order

to comply with ISO 30301. Requirements can be documented all together or in separate documents by

type of requirement. Examples of the kind of documentation are as follows:
— a list of requirements identified by type (e.g. business, legislative);
— a chapter in a manual or project plan for implementing a MSR;
— A formal report on identification of requirements for the MSR;

— a list of all laws and other codified regulatory or mandatory instruments that apply to the

organization relating to the creation and control of records;

— a Precedents Profile (a set of legal precedents on particular subject matters relevant to the

organization).
4.3 Defining the scope of the MSR

The scope of the MSR is a decision made by top management and clearly outlines the boundaries,

inclusions, exclusions, roles and relationships of the component parts of the MSR.

The scope can be defined as a result of the contextual analysis, taking into account identified factors

(see 4.1) and requirements (see 4.2) but also can be stated by top management from the starting point

before identifying factors and requirements.
The scope includes the following:

a) identification of what parts or functions of the organization are included. It can be the whole

organization, an area or department, a specific function or business process or a group of them;

b) identification of what parts or functions of other (related) organizations are included and the

relationships between them;

c) description of how the MSR integrates with the overall management system and with other

specific management systems implemented by the organization (e.g. ISO 9000, ISO 14000 and

ISO/IEC 27000);

d) identification of any processes that affect the MSR that are outsourced and the controls for the

entities responsible for the outsourced process.
© ISO 2015 – All rights reserved 3
---------------------- Page: 11 ----------------------
SIST ISO 30302:2017
ISO 30302:2015(E)
Output

A documented statement defining the scope of the MSR is a requirement of the MSR. This statement can

be a single document or be included in other MSR documents such as the records policy (see 5.2) or in

manuals or project plans to implement the MSR.
5 Leadership
5.1 Management commitment

The commitment of top management to implementing the MSR is stated as explicitly and at the same

level of detail as for any other management systems implemented by the organization and as for its

other assets, e.g. human resources, finances and infrastructure. The requirement to demonstrate top

management commitment does not require a specific activity to be performed but is essential for

the success of the MSR. Commitment is also implicit in other requirements of ISO 30301 relating to

resources (see 7.1), communication (see 7.4) and management review (see 9.3).
Output

It is not mandatory to document top management’s commitment to the MSR, except in the records

policy (see 5.2), which can be considered as evidence of that commitment. Commitment can also be

demonstrated by actions or statements but depending on the nature and complexity of the organization,

evidence of commitment should be documented in addition to the records policy. Examples can be

found in the following:
— minutes of Boards of Directors or Boards of Management;
— statements in strategic and business plans;
— management resolutions and directives;
— budgets, business cases;
— communication plans.
5.2 Policy

The strategic direction of the organization, as defined by top management, is the basis for the records

policy. The records policy is established by top management as the driver for implementing and improving

an organization’s MSR and providing the benchmark for assessing the performance of the MSR.

Directions from top management need to be stated in a formal document. The document is not

normally drafted by top management but requires top management’s formal approval, independent of

the authors. Depending on the organization, top management can be identified by different positions

but the records policy should be endorsed by the person in the position recognized as the most senior.

The records policy contains the overall direction on how records creation a
...

NORME ISO
INTERNATIONALE 30302
Première édition
2015-10-15
Information et documentation —
Système de gestion des documents
d’activité — Lignes directrices de
mise en oeuvre
Information and documentation — Management systems for records
— Guidelines for implementation
Numéro de référence
ISO 30302:2015(F)
ISO 2015
---------------------- Page: 1 ----------------------
ISO 30302:2015(F)
DOCUMENT PROTÉGÉ PAR COPYRIGHT
© ISO 2015, Publié en Suisse

Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite ni utilisée

sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie, l’affichage sur

l’internet ou sur un Intranet, sans autorisation écrite préalable. Les demandes d’autorisation peuvent être adressées à l’ISO à

l’adresse ci-après ou au comité membre de l’ISO dans le pays du demandeur.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO 2015 – Tous droits réservés
---------------------- Page: 2 ----------------------
ISO 30302:2015(F)
Sommaire Page

Avant-propos ..............................................................................................................................................................................................................................iv

Introduction ..................................................................................................................................................................................................................................v

1 Domaine d’application ................................................................................................................................................................................... 1

2 Références normatives ................................................................................................................................................................................... 1

3 Termes et définitions ....................................................................................................................................................................................... 1

4 Contexte de l’organisme ................................................................................................................................................................................ 1

4.1 Compréhension de l’organisme et de son contexte ................................................................................................. 1

4.2 Exigences opérationnelles, légales et d’autres natures ....................................................................................... 2

4.3 Détermination du domaine d’application du SGDA ................................................................................................ 3

5 Responsabilité de la direction ................................................................................................................................................................ 4

5.1 Engagement de la direction ......................................................................................................................................................... 4

5.2 Politique ........................................................................................................................................................................................................ 4

5.3 Rôles, responsabilités et habilitations au sein de l’organisme ...................................................................... 5

5.3.1 Généralités ............................................................................................................................................................................ 5

5.3.2 Responsabilités de la direction............................................................................................................................ 7

5.3.3 Responsabilités opérationnelles ........................................................................................................................ 7

6 Planification .............................................................................................................................................................................................................. 8

6.1 Actions à mener pour prendre en compte les risques et opportunités ................................................. 8

6.2 Objectifs à atteindre en matière de gestion des documents d’activité et moyens à

mettre en œuvre .................................................................................................................................................................................10

7 Support ........................................................................................................................................................................................................................11

7.1 Ressources ...............................................................................................................................................................................................11

7.2 Compétences ..........................................................................................................................................................................................12

7.3 Sensibilisation et formation......................................................................................................................................................13

7.4 Communication ...................................................................................................................................................................................14

7.5 Documentation ....................................................................................................................................................................................15

7.5.1 Généralités .........................................................................................................................................................................15

7.5.2 Contrôle de la documentation ...........................................................................................................................17

8 Réalisation ...............................................................................................................................................................................................................17

8.1 Planification et contrôle de la réalisation .....................................................................................................................17

8.2 Conception des processus liés aux documents d’activité ................................................................................18

8.3 Mise en œuvre des systèmes documentaires ............................................................................................................21

9 Évaluation de la performance ..............................................................................................................................................................23

9.1 Surveillance, mesure, analyse et évaluation de la performance ................................................................23

9.1.1 Détermination de l’objet et du mode de contrôle, de mesure, d’analyse et

d’évaluation de la performance .......................................................................................................................23

9.1.2 Évaluation de la performance des processus et des systèmes

documentaires ainsi que de l’efficacité du SGDA ..............................................................................24

9.1.3 Évaluation de l’efficacité du SGDA .................................................................................................................24

9.2 Audit interne du système ............................................................................................................................................................25

9.3 Revue de direction ............................................................................................................................................................................26

10 Amélioration ..........................................................................................................................................................................................................27

10.1 Contrôle des non-conformités et actions correctives .........................................................................................27

10.2 Amélioration continue ...................................................................................................................................................................29

Annexe A (informative) Exemples de sources d’informations et d’exigences étayant

l’analyse du contexte organisationnel ......... ................................................................................................................................30

Bibliographie ...........................................................................................................................................................................................................................33

© ISO 2015 – Tous droits réservés iii
---------------------- Page: 3 ----------------------
ISO 30302:2015(F)
Avant-propos

L’ISO (Organisation internationale de normalisation) est une fédération mondiale d’organismes

nationaux de normalisation (comités membres de l’ISO). L’élaboration des Normes internationales est

en général confiée aux comités techniques de l’ISO. Chaque comité membre intéressé par une étude

a le droit de faire partie du comité technique créé à cet effet. Les organisations internationales,

gouvernementales et non gouvernementales, en liaison avec l’ISO participent également aux travaux.

L’ISO collabore étroitement avec la Commission électrotechnique internationale (IEC) en ce qui

concerne la normalisation électrotechnique.

Les procédures utilisées pour élaborer le présent document et celles destinées à sa mise à jour sont

décrites dans les Directives ISO/IEC, Partie 1. Il convient, en particulier de prendre note des différents

critères d’approbation requis pour les différents types de documents ISO. Le présent document a été

rédigé conformément aux règles de rédaction données dans les Directives ISO/IEC, Partie 2 (voir www.

iso.org/directives).

L’attention est appelée sur le fait que certains des éléments du présent document peuvent faire l’objet de

droits de propriété intellectuelle ou de droits analogues. L’ISO ne saurait être tenue pour responsable

de ne pas avoir identifié de tels droits de propriété et averti de leur existence. Les détails concernant

les références aux droits de propriété intellectuelle ou autres droits analogues identifiés lors de

l’élaboration du document sont indiqués dans l’Introduction et/ou dans la liste des déclarations de

brevets reçues par l’ISO (voir www.iso.org/brevets).

Les appellations commerciales éventuellement mentionnées dans le présent document sont données

pour information, par souci de commodité, à l’intention des utilisateurs et ne sauraient constituer

un engagement.

Pour une explication de la signification des termes et expressions spécifiques de l’ISO liés à

l’évaluation de la conformité, ou pour toute information au sujet de l’adhésion de l’ISO aux principes

de l’OMC concernant les obstacles techniques au commerce (OTC), voir le lien suivant: Avant-propos —

Informations supplémentaires.

Le comité chargé de l’élaboration du présent document est l’ISO/TC 46, Information et documentation,

sous-comité SC 11, Archives/Gestion des documents d’activité.
iv © ISO 2015 – Tous droits réservés
---------------------- Page: 4 ----------------------
ISO 30302:2015(F)
Introduction

L’ISO 30302 fait partie d’une série de Normes internationales présentées sous le titre général Information

et documentation — Systèmes de gestion des documents d’activité:

— ISO 30300, Information et documentation — Systèmes de gestion des documents d’activité — Principes

essentiels et vocabulaire

— ISO 30301, Information et documentation — Systèmes de gestion des documents d’activité — Exigences

— ISO 30302, Information et documentation — Systèmes de gestion des documents d’activité — Lignes

directrices de mise en œuvre

L’ISO 30300 spécifie la terminologie employée dans la série de normes relatives aux systèmes de gestion

des documents d’activité (SGDA), ainsi que les objectifs et les avantages d’un tel système. L’ISO 30301

spécifie les exigences relatives à un système de gestion des documents d’activité lorsqu’un organisme

démontre son aptitude à créer et à contrôler les documents de ses activités aussi longtemps que ces

documents sont nécessaires. L’ISO 30302 fournit des lignes directrices relatives à la mise en œuvre d’un

système de gestion des documents d’activité.

La présente Norme internationale a pour objet de fournir des lignes directrices pratiques sur la

manière de mettre en œuvre au sein d’un organisme un système de gestion des documents d’activité

(SGDA) conforme aux exigences de l’ISO 30301. La présente Norme internationale traite des aspects

nécessaires à l’élaboration et à la maintenance d’un SGDA.

La mise en œuvre d’un SGDA est généralement réalisée sous forme de projet. Un SGDA peut être mis

en œuvre dans des organismes possédant déjà des systèmes ou des programmes documentaires pour

revoir et améliorer la gestion de ces systèmes ou de ces programmes, ou bien dans des organismes

qui entendent mettre en œuvre pour la première fois une méthode systématique et vérifiable de

création et de contrôle de documents d’activité. Les lignes directrices décrites dans la présente Norme

internationale peuvent être utilisées dans ces deux cas.

Il est tenu pour acquis que les organismes qui décident de mettre en œuvre un SGDA ont procédé à une

évaluation préliminaire de leurs documents d’activité et de leurs systèmes documentaires existants et

qu’ils ont identifié les risques devant être traités et les opportunités d’améliorations significatives. Par

exemple, la décision de mettre en œuvre un SGDA peut constituer une mesure de réduction d’un risque

engendré par la modification significative d’une plateforme informatique ou par l’externalisation de

processus d’activité identifiés comme présentant un risque élevé. Le SGDA peut également fournir un

cadre de gestion normalisé pour la mise en œuvre d’améliorations significatives comme l’intégration

des processus documentaires à des processus opérationnels spécifiques ou l’amélioration du contrôle et

de la gestion des documents d’activité liés aux transactions en ligne ou à l’utilisation des médias sociaux.

L’utilisation de ces lignes directrices laisse nécessairement place à une certaine souplesse. Elle est

fonction de la taille, de la nature et de la complexité de l’organisme, ainsi que du degré de maturité

du SGDA éventuellement déjà en place. Le contexte et la complexité de chaque organisme sont uniques

et les exigences contextuelles spécifiques à l’organisme conditionneront la mise en œuvre du SGDA.

Les organismes de petite taille s’apercevront que les activités décrites dans la présente Norme

internationale peuvent être simplifiées. Les organismes de grande taille ou complexes peuvent être

amenés à constater qu’un système de gestion à couches multiples s’avère nécessaire pour mettre en

œuvre et gérer efficacement les activités prévues dans la présente Norme internationale.

Les lignes directrices de la présente Norme internationale suivent la même structure que celle de

l’ISO 30301, pour décrire les activités à entreprendre en vue de répondre aux exigences de l’ISO 30301

et la façon de documenter ces activités.

L’Article 4 explique comment réaliser l’analyse nécessaire à toute mise en œuvre d’un SGDA. Cette

analyse permet de définir le domaine d’application du SGDA et de déterminer les relations entre la mise

en œuvre d’un SGDA et les autres systèmes de management.
© ISO 2015 – Tous droits réservés v
---------------------- Page: 5 ----------------------
ISO 30302:2015(F)

L’Article 5 explique comment obtenir l’engagement de la direction. Cet engagement s’exprime par une

politique relative aux documents d’activité, l’attribution des responsabilités, la planification de la mise

en œuvre du SGDA et l’adoption d’objectifs en matière de documents d’activité.

L’Article 6 traite de la planification, qui prend en compte l’analyse du risque de niveau élevé, l’analyse

contextuelle (voir l’Article 4) et les ressources disponibles (voir l’Article 7). L’Article 7 décrit le

support dont doit disposer un SGDA, par exemple les ressources, les compétences, la formation et la

communication et la documentation.

L’Article 8 traite de la définition ou de la revue et de la planification des processus documentaires à

mettre en œuvre. Il respecte les exigences contextuelles et le domaine d’application (voir l’Article 4) et

repose sur la politique des documents d’activité (voir 5.2), l’analyse du risque (voir 6.1) et les ressources

nécessaires (voir 7.1) pour répondre aux objectifs associés aux documents d’activité (voir 6.2) dans le

cadre de la mise en œuvre planifiée. L’Article 8 donne des explications sur les processus et les systèmes

documentaires devant être mis en œuvre dans le cadre d’un SGDA.

Les Articles 9 et 10 traitent de l’évaluation et de l’amélioration de la performance par rapport à la

planification, aux objectifs et aux exigences définis dans l’ISO 30301.

Pour chacun des articles 4 à 10 de l’ISO 30301:2011, la présente Norme internationale décrit les

éléments suivants:

a) les activités nécessaires pour répondre aux exigences de l’ISO 30301:— ces activités peuvent être

réalisées l’une après l’autre, tandis que certaines nécessiteront d’être menées simultanément en

utilisant la même analyse contextuelle;

b) les éléments d’entrée des activités – ils constituent les points de départ et peuvent correspondre

aux éléments de sortie d’activités antérieures;

c) les éléments de sortie des activités – il s’agit des résultats ou des livrables obtenus à l’achèvement

des activités.

La présente Norme internationale est destinée à être utilisée par les personnes responsables de la mise

en œuvre et de la maintenance des systèmes de gestion de l’organisme. Elle aide également la direction

à prendre des décisions en matière d’instauration, de définition du domaine d’application et de mise en

œuvre des systèmes de gestion de l’organisme. Elle doit être utilisée par les personnes responsables de

la mise en œuvre et de la maintenance du SGDA. Les éléments de conception des processus opérationnels

liés aux documents d’activité reposent sur les principes énoncés par l’ISO 15489-1. Les autres Normes

internationales et Rapports techniques rédigés par l’ISO/TC 46/SC 11 constituent les principaux outils

de conception, de mise en œuvre, de surveillance et d’amélioration des processus, des contrôles et des

systèmes documentaires, et peuvent être utilisés conjointement avec la présente Norme internationale

pour la mise en œuvre des éléments opérationnels précis du SGDA.

Les organismes ayant déjà mis en œuvre l’ISO 15489-1 peuvent utiliser la présente Norme internationale

pour élaborer une infrastructure organisationnelle de gestion des documents d’activité dans le cadre

de la méthode systématique et vérifiable du SGDA.
vi © ISO 2015 – Tous droits réservés
---------------------- Page: 6 ----------------------
NORME INTERNATIONALE ISO 30302:2015(F)
Information et documentation — Système de gestion des
documents d’activité — Lignes directrices de mise en oeuvre
1 Domaine d’application

La présente Norme internationale fournit des lignes directrices pour la mise en œuvre d’un Système de

Gestion des Documents d’Activité (SGDA) conforme à l’ISO 30301. La présente Norme internationale est

destinée à être utilisée conjointement avec l’ISO 30300 et l’ISO 30301. La présente Norme internationale

ne modifie pas et/ou ne restreint pas les exigences spécifiées dans l’ISO 30301. Elle décrit les activités à

entreprendre pour concevoir et mettre en œuvre un SGDA.

La présente Norme internationale est destinée à être utilisée par tout organisme mettant en œuvre

un SGDA. Elle est applicable à tous les types d’organismes (par exemple: entreprises commerciales,

organismes publics, organismes à but non lucratif) de toutes tailles.
2 Références normatives

Les documents ci-après, dans leur intégralité ou non, sont des références normatives indispensables à

l’application du présent document. Pour les références datées, seule l’édition citée s’applique. Pour les

références non datées, la dernière édition du document de référence s’applique (y compris les éventuels

amendements).

ISO 30300, Information et documentation — Systèmes de gestion des documents d’activité — Principes

essentiels et vocabulaire

ISO 30301:2011, Information et documentation — Systèmes de gestion des documents d’activité — Exigences

3 Termes et définitions

Pour les besoins du présent document, les termes et définitions donnés dans l’ISO 30300 s’appliquent.

4 Contexte de l’organisme
4.1 Compréhension de l’organisme et de son contexte

Il convient que le contexte de l’organisme détermine et conditionne la mise en œuvre et l’amélioration

d’un SGDA. Les exigences du présent article visent à vérifier que l’organisme prend en compte le contexte

et les besoins qui lui sont propres dans le cadre de la mise en œuvre d’un SGDA. Ces exigences sont

satisfaites en analysant le contexte de l’organisme. Il convient que cette analyse constitue la première

étape de la mise en œuvre, afin de:
a) déterminer les facteurs internes et externes (voir 4.1),

b) déterminer les exigences opérationnelles, légales et d’autres natures (voir 4.2), et

c) définir le domaine d’application du SGDA (voir 4.3) et identifier les risques (voir l’Article 6).

NOTE 1 Lorsque le domaine d’application du SGDA est formulé par la direction au point de départ, avant la

détermination des facteurs et des besoins en documents d’activité, l’étendue de l’analyse contextuelle est définie

par le domaine d’application formulé.
© ISO 2015 – Tous droits réservés 1
---------------------- Page: 7 ----------------------
ISO 30302:2015(F)

NOTE 2 L’approche des NSM (normes de systèmes de management) en matière d’analyse contextuelle et

d’identification des exigences est compatible avec le processus d’analyse (évaluation) proposé par l’ISO 15489-1

qui intègre également des éléments de planification (voir l’Article 6) et d’identification de besoins en documents

d’activité (voir l’Article 8).

Il est nécessaire que les informations contextuelles proviennent d’une source fiable, qu’elles soient

exactes, à jour et exhaustives. Une revue régulière des sources de ces informations garantit l’exactitude

et la fiabilité de l’analyse contextuelle.

L’Article A.1 présente des exemples de sources d’information sur le contexte interne et externe d’un

organisme et des exemples de possibles parties intéressées.

Voici des exemples possibles de facteurs significatifs à prendre en compte lors de la détermination de la

façon dont le contexte influe sur le SGDA:

1) la façon dont un marché concurrentiel influe sur la nécessité de démontrer l’efficacité de ses processus,

2) la façon dont les valeurs ou les perceptions des parties prenantes externes influent sur les décisions

de conservation des documents d’activité ou sur les décisions d’accès à l’information,

3) la façon dont l’infrastructure informatique et l’architecture de l’information peuvent influer sur la

disponibilité des systèmes documentaires ou des documents d’activité,

4) la façon dont les qualifications et les compétences au sein de l’organisme peuvent influer sur les

besoins en formation ou en assistance externe,

5) la façon dont les instruments législatifs, les politiques, les normes et les codes influent sur la

conception des processus et des contrôles documentaires,

6) la façon dont la culture organisationnelle peut influer sur la conformité aux exigences du SGDA, et

7) la façon dont la complexité de la structure de l’organisme, de son environnement opérationnel et

législatif peut influer sur la politique, les processus et les contrôles documentaires (par exemple,

dans un environnement plurijuridictionnel).

En fonction de l’organisme, l’identification des facteurs internes et externes peut avoir été réalisée à

d’autres fins, notamment la mise en œuvre d’autres normes de systèmes de management. Dans ces cas-

là, une nouvelle analyse peut ne pas être nécessaire et une adaptation suffira.

L’analyse contextuelle est un processus continu. Elle influence l’établissement et l’évaluation

systématique du SGDA (voir l’Article 9) et étaye le cycle d’amélioration continue (voir l’Article 10).

Éléments de sortie

L’ISO 30301 exige des preuves documentées que l’analyse a été entreprise. En voici des exemples:

— une liste des facteurs internes et externes à prendre en compte;

— un chapitre d’un manuel ou d’un plan de projet consacré à la mise en œuvre d’un SGDA;

— un rapport formel sur l’analyse du contexte interne et externe de l’organisme et sur la façon dont il

influe sur le SGDA et dont il est influencé par celui-ci;
— un ensemble de documents sur le contexte de l’organisme.
4.2 Exigences opérationnelles, légales et d’autres natures

En utilisant le résultat de l’analyse décrite en 4.1 comme point de départ, les exigences opérationnelles,

légales et d’autres natures sont évaluées par rapport aux activités opérationnelles et sont documentées.

Les activités opérationnelles sont les premiers éléments qui sont analysés en vue d’identifier les

exigences qui influent sur la création et le contrôle des documents d’activité.
2 © ISO 2015 – Tous droits réservés
---------------------- Page: 8 ----------------------
ISO 30302:2015(F)

Il convient que l’identification des exigences opérationnelles prenne en compte les éléments suivants:

a) la nature des activités de l’organisme (par exemple, exploitation minière, conseil financier,

prestations de services collectifs, fabrication, industrie pharmaceutique, services à la personne,

services bénévoles (d’intérêt général));

b) la forme particulière de l’organisme ou sa propriété (par exemple, société fiduciaire, entreprise ou

organisme gouvernemental);

c) le secteur particulier dont relève l’organisme (c’est-à-dire secteur public ou privé, à but non lucratif);

d) la ou les juridictions dans le cadre desquelles l’organisme exerce son activité.

Il convient d’identifier les exigences opérationnelles à partir de la performance des processus

opérationnels en cours et également sous l’angle de la planification et du développement envisagés. Il

est nécessaire d’accorder une attention particulière aux situations dans lesquelles l’organisme met en

œuvre des processus opérationnels automatisés ou numériques. Dans ce type de situations, les exigences

peuvent changer et nécessiter d’être débattues avec les personnes responsables de l’élaboration et de la

mise en œuvre des nouveaux processus proposés.

Les activités permettant de déterminer tous les instruments juridiques et réglementaires obligatoires

applicables à l’organisme incluent les suivantes:

1) une revue des exigences de conformité à la législation associée au secteur concerné;

2) une revue de la conformité à la législation sur la protection des données personnelles et la gestion

des documents d’activité/autres données.

L’Article A.2 fournit des exemples d’exigences opérationnelles, légales et d’autres natures se rapportant

à la création et au contrôle des documents d’activité, ainsi que des sources d’assistance spécialisée pour

identifier les exigences opérationnelles, légales et d’autres natures.
Éléments de sortie

Pour être en conformité avec l’ISO 30301, il est obligatoire de procéder à la documentation de la phase

d’identification des exigences opérationnelles, légales et d’autres natures. Les exigences peuvent être

documentées en un seul ensemble ou dans des documents distincts par type d’exigence. Des exemples

de types de documents incluent les suivants:

— une liste des exigences identifiées par type (par exemple opérationnelles, législatives);

— un chapitre d’un manuel ou d’un plan de projet consacré à la mise en œuvre d’un SGDA;

— un rapport formel sur l’identification des exigences relatives au SGDA;

— une liste de toutes les lois et autres instruments codifiés réglementaires ou obligatoires qui

s’appliquent à l’organisme et se rapportent à la création et au contrôle des documents d’activité;

— une jurisprudence (un ensemble de précédents juridiques sur des problématiques spécifiques

pertinentes pour l’organisme).
4.3 Détermination du domaine d’application du SGDA

Le domaine d’application du SGDA relève d’une décision prise par la direction et expose clairement le

périmètre, les inclusions, les exclusions, les rôles et les relations entre les parties constituantes du SGDA.

Le domaine d’application peut être déterminé à la suite de l’analyse contextuelle, en prenant en compte

les facteurs identifiés (voir 4.1) et les exigences (voir 4.2) mais peut être également formulé par la

direction dès le début, avant l’identification des facteurs et des exigences.
© ISO 2015 – Tous droits réservés 3
---------------------- Page: 9 ----------------------
ISO 30302:2015(F)
Le domaine d’application inclut les éléments suivants:

a) l’identification des parties ou des fonctions de l’organisme concernées. Ce peut être l’organisme

dans son ensemble, une zone ou un service, une fonction spécifique ou un processus opérati

...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.