ISO 15489-1:2001

SLOVENSKI STANDARD
01-november-2005
Informatika in dokumentacija – Upravljanje zapisov – 1. del: Splošno
Information and documentation -- Records management -- Part 1: General
Information et documentation -- Records management -- Partie 1: Principes directeurs
Ta slovenski standard je istoveten z: ISO 15489-1:2001
ICS:
01.140.20 Informacijske vede Information sciences
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

INTERNATIONAL ISO
STANDARD 15489-1
First edition
2001-09-15
Information and documentation — Records
management —
Part 1:
General
Information et documentation — «Records management»
Partie 1: Principes directeurs

Reference number
©
ISO 2001
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but shall not
be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this
file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat accepts no liability in this
area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters
were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event
that a problem relating to it is found, please inform the Central Secretariat at the address given below.

©  ISO 2001
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic
or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISO's member body
in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.ch
Web www.iso.ch
Printed in Switzerland
ii © ISO 2001 – All rights reserved

Contents Page
Foreword.v
Introduction.vi
1 Scope.1
2 Normative references.1
3 Terms and definitions .2
4 Benefits of records management.4
5 Regulatory environment.4
6 Policy and responsibilities .5
6.1 General.5
6.2 Policy.5
6.3 Responsibilities.5
7 Records management requirements .6
7.1 Principles of records management programmes.6
7.2 Characteristics of a record .7
7.2.1 General.7
7.2.2 Authenticity.7
7.2.3 Reliability.7
7.2.4 Integrity.7
7.2.5 Useability.7
8 Design and implementation of a records system .8
8.1 General.8
8.2 Records systems characteristics.8
8.2.1 Introduction.8
8.2.2 Reliability.8
8.2.3 Integrity.9
8.2.4 Compliance.9
8.2.5 Comprehensiveness.9
8.2.6 Systematic.9
8.3 Designing and implementing records systems.9
8.3.1 General.9
8.3.2 Documenting records transactions .9
8.3.3 Physical storage medium and protection .9
8.3.4 Distributed management.10
8.3.5 Conversion and migration .10
8.3.6 Access, retrieval and use .10
8.3.7 Retention and disposition.10
8.4 Design and implementation methodology.10
8.5 Discontinuing records systems .11
9 Records management processes and controls .11
9.1 Determining documents to be captured into a records system .11
9.2 Determining how long to retain records .11
9.3 Records capture.12
9.4 Registration.13
9.5 Classification.13
9.5.1 Classification of business activities.13
9.5.2 Classification systems.14
9.5.3 Vocabulary controls.14
9.5.4 Indexing.14
9.5.5 Allocation of numbers and codes.14
9.6 Storage and handling.14
9.7 Access.14
9.8 Tracking.15
9.8.1 General.15
9.8.2 Action tracking.15
9.8.3 Location tracking.15
9.9 Implementing disposition.16
9.10 Documenting records management processes .16
10 Monitoring and auditing.17
11 Training.17
Index.18

iv © ISO 2001 – All rights reserved

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO
member bodies). The work of preparing International Standards is normally carried out through ISO technical
committees. Each member body interested in a subject for which a technical committee has been established has
the right to be represented on that committee. International organizations, governmental and non-governmental, in
liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical
Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 3.
The main task of technical committees is to prepare International Standards. Draft International Standards adopted
by the technical committees are circulated to the member bodies for voting. Publication as an International
Standard requires approval by at least 75 % of the member bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this part of ISO 15489 may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO 15489-1 was prepared by Technical Committee ISO/TC 46, Information and documentation, Subcommittee
SC 11, Archives/records management.
ISO 15489 consists of the following parts, under the general title Information and documentation — Records
management:
 Part 1: General
 Part 2: Guidelines [Technical Report]
Introduction
The standardization of records management policies and procedures ensures that appropriate attention and
protection is given to all records, and that the evidence and information they contain can be retrieved more
efficiently and effectively, using standard practices and procedures.
This part of ISO 15489 was developed in response to consensus among participating ISO member countries to
standardize international best practice in records management using the Australian Standards AS 4390, Records
management as its starting point.
This International Standard is accompanied by a Technical Report (ISO/TR 15489-2) that is recommended for use
with it. ISO/TR 15489-2 provides further explanation and implementation options for achieving the outcomes of this
International Standard. It also includes a bibliography.

vi © ISO 2001 – All rights reserved

INTERNATIONAL STANDARD ISO 15489-1:2001(E)

Information and documentation — Records management —
Part 1:
General
1 Scope
1)
This part of ISO 15489 provides guidance on managing records of originating organizations, public or private, for
internal and external clients.
All the elements outlined in this part of ISO 15489 are recommended to ensure that adequate records are created,
captured and managed. Procedures that help to ensure the management of records according to the principles and
elements outlined in this part of ISO 15489 are provided in ISO/TR 15489-2 (Guidelines).
This part of ISO 15489
 applies to the management of records, in all formats or media, created or received by any public or private
organization in the conduct of its activities, or any individual with a duty to create and maintain records,
 provides guidance on determining the responsibilities of organizations for records and records policies,
procedures, systems and processes,
 provides guidance on records management in support of a quality process framework to comply with ISO 9001
and ISO 14001,
 provides guidance on the design and implementation of a records system, but
 does not include the management of archival records within archival institutions.
This part of ISO 15489 is intended for use by
 managers of organizations,
 records, information and technology management professionals,
 all other personnel in organizations, and
 other individuals with a duty to create and maintain records.
2 Normative references
The following normative documents contain provisions which, through reference in this text, constitute provisions of
this part of ISO 15489. For dated references, subsequent amendments to, or revisions of, any of these publications
do not apply. However, parties to agreements based on this part of ISO 15489 are encouraged to investigate the

1) In some countries, the management of records also applies to archives management. Archives management is not covered
in this part of ISO 15489.
possibility of applying the most recent editions of the normative documents indicated below. For undated
references, the latest edition of the normative document referred to applies. Members of ISO and IEC maintain
registers of currently valid International Standards.
2)
ISO 5127:— , Information and documentation — Vocabulary
ISO 9001, Quality management systems — Requirements
ISO 14001, Environmental management systems — Specification with guidance for use
3 Terms and definitions
For the purposes of this part of ISO 15489, the following terms and definitions apply. For terms not included here,
see ISO 5127.
3.1
access
right, opportunity, means of finding, using, or retrieving information
3.2
accountability
principle that individuals, organizations, and the community are responsible for their actions and may be required to
explain them to others
3.3
action tracking
process in which time limits for actions are monitored and imposed upon those conducting the business
3.4
archival authority
archival agency
archival institution
archival programme
agency or programme responsible for selecting, acquiring and preserving archives, making them available, and
approving destruction of other records
3.5
classification
systematic identification and arrangement of business activities and/or records into categories according to logically
structured conventions, methods, and procedural rules represented in a classification system
3.6
classification system
SEE classification (3.5)
3.7
conversion
process of changing records from one medium to another or from one format to another
SEE migration (3.13)
3.8
destruction
process of eliminating or deleting records, beyond any possible reconstruction

2) To be published. (Revision of all previous parts of ISO 5127)
2 © ISO 2001 – All rights reserved

3.9
disposition
range of processes associated with implementing records retention, destruction or transfer decisions which are
documented in disposition authorities or other instruments
3.10
document, noun
recorded information or object which can be treated as a unit
3.11
indexing
process of establishing access points to facilitate retrieval of records and/or information
3.12
metadata
data describing context, content and structure of records and their management through time
3.13
migration
act of moving records from one system to another, while maintaining the records' authenticity, integrity, reliability
and useability
SEE conversion (3.7)
3.14
preservation
processes and operations involved in ensuring the technical and intellectual survival of authentic records through
time
3.15
records
information created, received, and maintained as evidence and information by an organization or person, in
pursuance of legal obligations or in the transaction of business
3.16
records management
field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use
and disposition of records, including processes for capturing and maintaining evidence of and information about
business activities and transactions in the form of records
3.17
records system
information system which captures, manages and provides access to records through time
3.18
registration
act of giving a record a unique identifier on its entry into a system
3.19
tracking
creating, capturing and maintaining information about the movement and use of records
3.20
transfer
〈custody〉 change of custody, ownership and/or responsibility for records
3.21
transfer
〈movement〉 moving records from one location to another
4 Benefits of records management
Records management governs the practice both of records managers and of any person who creates or uses
records in the course of their business activities. Records management in an organization includes
a) setting policies and standards,
b) assigning responsibilities and authorities,
c) establishing and promulgating procedures and guidelines,
d) providing a range of services relating to the management and use of records,
e) designing, implementing and administering specialized systems for managing records, and
f) integrating records management into business systems and processes.
Records contain information that is a valuable resource and an important business asset. A systematic approach to
the management of records is essential for organizations and society to protect and preserve records as evidence
of actions. A records management system results in a source of information about business activities that can
support subsequent activities and business decisions, as well as ensuring accountability to present and future
stakeholders. Records enable organizations to
 conduct business in an orderly, efficient and accountable manner,
 deliver services in a consistent and equitable manner,
 support and document policy formation and managerial decision making,
 provide consistency, continuity and productivity in management and administration,
 facilitate the effective performance of activities throughout an organization,
 provide continuity in the event of a disaster,
 meet legislative and regulatory requirements including archival, audit and oversight activities,
 provide protection and support in litigation including the management of risks associated with the existence of,
or lack of, evidence of organizational activity,
 protect the interests of the organization and the rights of employees, clients and present and future
stakeholders,
 support and document current and future research and development activities, developments and
achievements, as well as historical research,
 provide evidence of business, personal and cultural activity,
 establish business, personal and cultural identity, and
 maintain corporate, personal or collective memory.
5 Regulatory environment
All organizations need to identify the regulatory environment that affects their activities and requirements to
document their activities. The policies and procedures of organizations should reflect the application of the
regulatory environment to their business processes. An organization should provide adequate evidence of its
compliance with the regulatory environment in the records of its activities.
4 © ISO 2001 – All rights reserved

The regulatory environment consists of
a) statute and case laws, and regulations governing the sector-specific and general business environment,
including laws and regulations relating specifically to records, archives, access, privacy, evidence, electronic
commerce, data protection and information,
b) mandatory standards of practice,
c) voluntary codes of best practice,
d) voluntary codes of conduct and ethics, and
e) identifiable expectations of the community about what is acceptable behaviour for the specific sector or
organization.
The nature of the organization and the sector to which it belongs will determine which of these regulatory elements
(individually or in combination) are most applicable to that organization's records management requirements.
6 Policy and responsibilities
6.1 General
An organization seeking to conform to this part of ISO 15489 should establish, document, maintain and promulgate
policies, procedures and practices for records management to ensure that its business need for evidence,
accountability and information about its activities is met.
6.2 Policy
Organizations should define and document a policy for records management. The objective of the policy should be
the creation and management of authentic, reliable and useable records, capable of supporting business functions
and activities for as long as they are required. Organizations should ensure that the policy is communicated and
implemented at all levels in the organization.
The policy should be adopted and endorsed at the highest decision-making level and promulgated throughout the
organization. Responsibility for compliance should be assigned.
The policy should be derived from an analysis of business activities. It should define the areas where legislation,
regulations, other standards and best practices have the greatest application in the creation of records connected
to business activities. In doing so, organizations should take into account their organizational environment and
economic considerations. Policies should be regularly reviewed to ensure that they reflect current business needs.
6.3 Responsibilities
Records management responsibilities and authorities should be defined and assigned, and promulgated
throughout the organization so that, where a specific need to create and capture records is identified, it should be
clear who is responsible for taking the necessary action. These responsibilities should be assigned to all
employees of the organization, including records managers, allied information professionals, executives, business
unit managers, systems administrators and others who create records as part of their work, and should be reflected
in job descriptions and similar statements. Specific leadership responsibility and accountability for records
management should be assigned to a person with appropriate authority within the organization. Designations of the
responsible individuals may be assigned by law.
Such responsibilities should include statements such as the following.
a) Records management professionals are responsible for all aspects of records management, including the
design, implementation and maintenance of records systems and their operations, and for training users on
records management and records systems operations as they affect individual practices.
b) Executives are responsible for supporting the application of records management policies throughout the
organization.
c) Systems administrators are responsible for ensuring that all documentation is accurate, available and legible to
personnel when required.
d) All employees are responsible and accountable for keeping accurate and complete records of their activities.
Archival authorities may be involved in the process of planning and implementing records management policies
and procedures.
7 Records management requirements
7.1 Principles of records management programmes
3)
Records are created, received and used in the conduct of business activities . To support the continuing conduct
of business, comply with the regulatory environment, and provide necessary accountability, organizations should
create and maintain authentic, reliable and useable records, and protect the integrity of those records for as long as
required. To do this, organizations should institute and carry out a comprehensive records management
programme which includes
a) determining what records should be created in each business process, and what information needs to be
included in the records,
b) deciding in what form and structure records should be created and captured, and the technologies to be used,
c) determining what metadata should be created with the record and through records processes and how that
metadata will be persistently linked and managed,
d) determining requirements for retrieving, using and transmitting records between business processes and other
users and how long they need to be kept to satisfy those requirements,
e) deciding how to organize records so as to support requirements for use,
f) assessing the risks that would be entailed by failure to have authoritative records of activity,
g) preserving records and making them accessible over time, in order to meet business requirements and
community expectations,
h) complying with legal and regulatory requirements, applicable standards and organizational policy,
i) ensuring that records are maintained in a safe and secure environment,
j) ensuring that records are retained only for as long as needed or required, and
k) identifying and evaluating opportunities for improving the effectiveness, efficiency or quality of its processes,
decisions, and actions that could result from better records creation or management.
Rules for creating and capturing records and metadata about records should be incorporated into the procedures
governing all business processes for which there is a requirement for evidence of activity.
Business continuity planning and contingency measures should ensure that records that are vital to the continued
functioning of the organization are identified as part of risk analysis, protected and recoverable when needed.

3) In this part of ISO 15489, business activity is used as a broad term, not restricted to commercial activity, but including public
administration, non-profit and other activities.
6 © ISO 2001 – All rights reserved

7.2 Characteristics of a record
7.2.1 General
A record should correctly reflect what was communicated or decided or what action was taken. It should be able to
support the needs of the business to which it relates and be used for accountability purposes.
As well as the content, the record should contain, or be persistently linked to, or associated with, the metadata
necessary to document a transaction, as follows:
a) the structure of a record, that is, its format and the relationships between the elements comprising the record,
should remain intact;
b) the business context in which the record was created, received and used should be apparent in the record
(including the business process of which the transaction is part, the date and time of the transaction and the
participants in the transaction);
c) the links between documents, held separately but combining to make up a record, should be present.
Records management policies, procedures and practices should lead to authoritative records which have the
characteristics given in 7.2.2 to 7.2.5.
7.2.2 Authenticity
An authentic record is one that can be proven
a) to be what it purports to be,
b) to have been created or sent by the person purported to have created or sent it, and
c) to have been created or sent at the time purported.
To ensure the authenticity of records, organizations should implement and document policies and procedures
which control the creation, receipt, transmission, maintenance and disposition of records to ensure that records
creators are authorized and identified and that records are protected against unauthorized addition, deletion,
alteration, use and concealment.
7.2.3 Reliability
A reliable record is one whose contents can be trusted as a full and accurate representation of the transactions,
activities or facts to which they attest and can be depended upon in the course of subsequent transactions or
activities. Records should be created at the time of the transaction or incident to which they relate, or soon
afterwards, by individuals who have direct knowledge of the facts or by instruments routinely used within the
business to conduct the transaction.
7.2.4 Integrity
The integrity of a record refers to its being complete and unaltered.
It is necessary that a record be protected against unauthorized alteration. Records management policies and
procedures should specify what additions or annotations may be made to a record after it is created, under what
circumstances additions or annotations may be authorized, and who is authorized to make them. Any authorized
annotation, addition or deletion to a record should be explicitly indicated and traceable.
7.2.5 Useability
A useable record is one that can be located, retrieved, presented and interpreted. It should be capable of
subsequent presentation as directly connected to the business activity or transaction that produced it. The
contextual linkages of records should carry the information needed for an understanding of the transactions that
created and used them. It should be possible to identify a record within the context of broader business activities
and functions. The links between records that document a sequence of activities should be maintained.
8 Design and implementation of a records system
8.1 General
Records management strategies are based on developing and adopting policies, procedures and practices, and
designing and implementing systems in ways that meet the operational needs of the organization and that accord
with the regulatory environment.
Strategies adopted by an organization for documenting its business activity should determine what records are
required and when, how and where they should be captured into records systems.
Implementation strategies for compliant records systems may include
a) designing records systems,
b) documenting records systems,
c) training records practitioners and other personnel,
d) converting records to new records systems, formats and controls,
e) setting standards and measuring compliance and performance against them, and
f) determining retention periods and making decisions about records which have continuing value, in keeping
with the regulatory environment.
Records management strategies should be documented in a strategic plan, such as an Information Management
Strategic Plan, which should be incorporated into organization-wide planning documentation.
Information systems, business applications and communication systems, and the business processes which they
support, should be designed, modified or redesigned so that adequate records can be created and captured as a
routine part of undertaking business activities.
8.2 Records systems characteristics
8.2.1 Introduction
Records systems should support records that contain the characteristics identified in 7.2. The systems should have
the characteristics described in 8.2.2 to 8.2.6.
8.2.2 Reliability
Any system deployed to manage records should be capable of continuous and regular operation in accordance
with responsible procedures.
A records system should
a) routinely capture all records within the scope of the business activities it covers,
b) organize the records in a way that reflects the business processes of the records’ creator,
c) protect the records from unauthorized alteration or disposition,
d) routinely function as the primary source of information about actions that are documented in the records, and
e) provide ready access to all relevant records and related metadata.
The reliability of the system should be documented by creating and maintaining records of systems operation.
These records should demonstrate that the system satisfied the criteria listed above.
8 © ISO 2001 – All rights reserved

A records system should be responsive to changing business needs but any changes in the system should not
have an impact on the characteristics of the records in the system. Similarly, when records are transferred from one
records system to another, the transfer should be carried out in a way that does not adversely affect the
characteristics of the records.
8.2.3 Integrity
Control measures such as access monitoring, user verification, authorized destruction and security should be
implemented to prevent unauthorized access, destruction, alteration or removal of records. These controls may
reside within a records system or be external to the specific system. For electronic records, the organization may
need to prove that any system malfunction, upgrade or regular maintenance does not affect the records' integrity.
8.2.4 Compliance
Records systems should be managed in compliance with all requirements arising from current business, the
regulatory environment and community expectations in which the organization operates. Personnel creating
records should understand how these requirements affect the business actions they perform. Records system
compliance with such requirements should be regularly assessed and the records of these assessments retained
for evidential purposes.
8.2.5 Comprehensiveness
Records systems should manage records resulting from the complete range of business activities for the
organization, or section of the organization, in which they operate.
8.2.6 Systematic
Records should be created, maintained and managed systematically. Records creation and maintenance practices
should be systematized through the design and operation of both records systems and business systems.
A records system should have accurately documented policies, assigned responsibilities and formal methodologies
for its management.
8.3 Designing and implementing records systems
8.3.1 General
A records system should have the functionality that enables it to carry out and to support the records management
processes described in clause 9.
Decisions about design and implementation of records systems and the processes they support need to be
considered in relation to existing organizational systems.
8.3.2 Documenting records transactions
Records systems should contain complete and accurate representations of all transactions that occur in relation to
a particular record. These include the processes associated with individual records. Such details may be
documented as part of the metadata embedded in, attached to, or associated with, a specific record. Alternatively,
they may be recorded as audit trails which should be kept at least as long as the document to which they relate is
retained.
8.3.3 Physical storage medium and protection
Appropriate storage environment and media, physical protective materials, handling procedures and storage
systems should be considered when designing the records system. Knowing how long the records will need to be
kept and maintained will affect decisions on storage media. The records system should address disaster
preparedness to ensure that risks are identified and mitigated. Integrity should be demonstrably maintained during
and after recovery from disaster.
8.3.4 Distributed management
Records systems should be capable of supporting alternative options for the location of records. In some cases,
where the legal and regulatory environment allows this, records may be physically stored with one organization, but
the responsibility and management control reside with either the creating organization or another appropriate
authority. Such arrangements, distinguishing between storage, ownership and responsibility for records, are
particularly relevant for records in electronic records systems. Variations in these arrangements may occur at any
time in the systems' existence, and any changes to these arrangements should be traceable and documented.
8.3.5 Conversion and migration
Records systems should be designed so that records will remain authentic, reliable and useable throughout any
kind of system change, including format conversion, migration between hardware and operating systems or specific
software applications, for the entire period of their retention (see 8.5).
8.3.6 Access, retrieval and use
Records systems should provide timely and efficient access to, and retrieval of, records needed in the continuing
conduct of business and to satisfy related accountability requirements.
Systems should include and apply controls on access to ensure that the integrity of the records is not
compromised. They should provide and maintain audit trails or other methods to demonstrate that records were
effectively protected from unauthorized use, alteration or destruction.
8.3.7 Retention and disposition
Records systems should be capable of facilitating and implementing decisions on the retention or disposition of
records. It should be possible for these decisions to be made at any time in the existence of records, including
during the design stage of records systems. It should also be possible, where appropriate, for disposition to be
activated automatically. Systems should provide audit trails or other methods to track completed disposition
actions.
8.4 Design and implementation methodology
In order to design and implement sustainable record systems, a design and implementation methodology is
essential.
The methodology given in items a) to h) is not designed to be linear. The tasks may be undertaken in different
stages, iteratively, partially or gradually, in accordance with organizational needs, formal compliance requirements
and changes to the organizational and records management environment.
a) Preliminary investigation. Collect information from documentary sources and through interviews; identify and
document the role and purpose of the organization, its structure, its legal, regulatory, business and political
environment, critical factors and critical weaknesses associated with records management.
b) Analysis of business activity. Collect information from documentary sources and through interviews; identify
and document each business function, activity and transaction and establish a hierarchy of them, that is, a
business classification system, and identify and document the flow of business processes and the transactions
which comprise them.
c) Identification of requirements for records. Collect information from documentary sources and through
interviews; identify the requirements for evidence of and information about each business function, activity
and transaction which should be satisfied through records. The requirements can be derived from an analysis
of the organization's regulatory environment (see clause 5) and the risk of not creating and maintaining the
records. Determine how each requirement may be satisfied through records management processes, and
articulate and document the requirements for records. Choose the appropriate records structure which best
satisfies each business function, activity or transaction.
d) Assessment of existing systems. Identify and analyse existing records systems and other information
systems to measure their performance against the requirements for records.
10 © ISO 2001 – All rights reserved

e) Identification of strategies for satisfying records requirements. Identify strategies for satisfying records
requirements, which may include adopting policies, standards, procedures and practices, designing new
systems and implementing systems in a way which satisfies a requirement for records. Strategies may be
applied to each records requirement separately or in combination. Str
...

INTERNATIONAL ISO
STANDARD 15489-1
First edition
2001-09-15
Information and documentation — Records
management —
Part 1:
General
Information et documentation — «Records management»
Partie 1: Principes directeurs

Reference number
©
ISO 2001
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but shall not
be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this
file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat accepts no liability in this
area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters
were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event
that a problem relating to it is found, please inform the Central Secretariat at the address given below.

©  ISO 2001
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic
or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISO's member body
in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.ch
Web www.iso.ch
Printed in Switzerland
ii © ISO 2001 – All rights reserved

Contents Page
Foreword.v
Introduction.vi
1 Scope.1
2 Normative references.1
3 Terms and definitions .2
4 Benefits of records management.4
5 Regulatory environment.4
6 Policy and responsibilities .5
6.1 General.5
6.2 Policy.5
6.3 Responsibilities.5
7 Records management requirements .6
7.1 Principles of records management programmes.6
7.2 Characteristics of a record .7
7.2.1 General.7
7.2.2 Authenticity.7
7.2.3 Reliability.7
7.2.4 Integrity.7
7.2.5 Useability.7
8 Design and implementation of a records system .8
8.1 General.8
8.2 Records systems characteristics.8
8.2.1 Introduction.8
8.2.2 Reliability.8
8.2.3 Integrity.9
8.2.4 Compliance.9
8.2.5 Comprehensiveness.9
8.2.6 Systematic.9
8.3 Designing and implementing records systems.9
8.3.1 General.9
8.3.2 Documenting records transactions .9
8.3.3 Physical storage medium and protection .9
8.3.4 Distributed management.10
8.3.5 Conversion and migration .10
8.3.6 Access, retrieval and use .10
8.3.7 Retention and disposition.10
8.4 Design and implementation methodology.10
8.5 Discontinuing records systems .11
9 Records management processes and controls .11
9.1 Determining documents to be captured into a records system .11
9.2 Determining how long to retain records .11
9.3 Records capture.12
9.4 Registration.13
9.5 Classification.13
9.5.1 Classification of business activities.13
9.5.2 Classification systems.14
9.5.3 Vocabulary controls.14
9.5.4 Indexing.14
9.5.5 Allocation of numbers and codes.14
9.6 Storage and handling.14
9.7 Access.14
9.8 Tracking.15
9.8.1 General.15
9.8.2 Action tracking.15
9.8.3 Location tracking.15
9.9 Implementing disposition.16
9.10 Documenting records management processes .16
10 Monitoring and auditing.17
11 Training.17
Index.18

iv © ISO 2001 – All rights reserved

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO
member bodies). The work of preparing International Standards is normally carried out through ISO technical
committees. Each member body interested in a subject for which a technical committee has been established has
the right to be represented on that committee. International organizations, governmental and non-governmental, in
liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical
Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 3.
The main task of technical committees is to prepare International Standards. Draft International Standards adopted
by the technical committees are circulated to the member bodies for voting. Publication as an International
Standard requires approval by at least 75 % of the member bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this part of ISO 15489 may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO 15489-1 was prepared by Technical Committee ISO/TC 46, Information and documentation, Subcommittee
SC 11, Archives/records management.
ISO 15489 consists of the following parts, under the general title Information and documentation — Records
management:
 Part 1: General
 Part 2: Guidelines [Technical Report]
Introduction
The standardization of records management policies and procedures ensures that appropriate attention and
protection is given to all records, and that the evidence and information they contain can be retrieved more
efficiently and effectively, using standard practices and procedures.
This part of ISO 15489 was developed in response to consensus among participating ISO member countries to
standardize international best practice in records management using the Australian Standards AS 4390, Records
management as its starting point.
This International Standard is accompanied by a Technical Report (ISO/TR 15489-2) that is recommended for use
with it. ISO/TR 15489-2 provides further explanation and implementation options for achieving the outcomes of this
International Standard. It also includes a bibliography.

vi © ISO 2001 – All rights reserved

INTERNATIONAL STANDARD ISO 15489-1:2001(E)

Information and documentation — Records management —
Part 1:
General
1 Scope
1)
This part of ISO 15489 provides guidance on managing records of originating organizations, public or private, for
internal and external clients.
All the elements outlined in this part of ISO 15489 are recommended to ensure that adequate records are created,
captured and managed. Procedures that help to ensure the management of records according to the principles and
elements outlined in this part of ISO 15489 are provided in ISO/TR 15489-2 (Guidelines).
This part of ISO 15489
 applies to the management of records, in all formats or media, created or received by any public or private
organization in the conduct of its activities, or any individual with a duty to create and maintain records,
 provides guidance on determining the responsibilities of organizations for records and records policies,
procedures, systems and processes,
 provides guidance on records management in support of a quality process framework to comply with ISO 9001
and ISO 14001,
 provides guidance on the design and implementation of a records system, but
 does not include the management of archival records within archival institutions.
This part of ISO 15489 is intended for use by
 managers of organizations,
 records, information and technology management professionals,
 all other personnel in organizations, and
 other individuals with a duty to create and maintain records.
2 Normative references
The following normative documents contain provisions which, through reference in this text, constitute provisions of
this part of ISO 15489. For dated references, subsequent amendments to, or revisions of, any of these publications
do not apply. However, parties to agreements based on this part of ISO 15489 are encouraged to investigate the

1) In some countries, the management of records also applies to archives management. Archives management is not covered
in this part of ISO 15489.
possibility of applying the most recent editions of the normative documents indicated below. For undated
references, the latest edition of the normative document referred to applies. Members of ISO and IEC maintain
registers of currently valid International Standards.
2)
ISO 5127:— , Information and documentation — Vocabulary
ISO 9001, Quality management systems — Requirements
ISO 14001, Environmental management systems — Specification with guidance for use
3 Terms and definitions
For the purposes of this part of ISO 15489, the following terms and definitions apply. For terms not included here,
see ISO 5127.
3.1
access
right, opportunity, means of finding, using, or retrieving information
3.2
accountability
principle that individuals, organizations, and the community are responsible for their actions and may be required to
explain them to others
3.3
action tracking
process in which time limits for actions are monitored and imposed upon those conducting the business
3.4
archival authority
archival agency
archival institution
archival programme
agency or programme responsible for selecting, acquiring and preserving archives, making them available, and
approving destruction of other records
3.5
classification
systematic identification and arrangement of business activities and/or records into categories according to logically
structured conventions, methods, and procedural rules represented in a classification system
3.6
classification system
SEE classification (3.5)
3.7
conversion
process of changing records from one medium to another or from one format to another
SEE migration (3.13)
3.8
destruction
process of eliminating or deleting records, beyond any possible reconstruction

2) To be published. (Revision of all previous parts of ISO 5127)
2 © ISO 2001 – All rights reserved

3.9
disposition
range of processes associated with implementing records retention, destruction or transfer decisions which are
documented in disposition authorities or other instruments
3.10
document, noun
recorded information or object which can be treated as a unit
3.11
indexing
process of establishing access points to facilitate retrieval of records and/or information
3.12
metadata
data describing context, content and structure of records and their management through time
3.13
migration
act of moving records from one system to another, while maintaining the records' authenticity, integrity, reliability
and useability
SEE conversion (3.7)
3.14
preservation
processes and operations involved in ensuring the technical and intellectual survival of authentic records through
time
3.15
records
information created, received, and maintained as evidence and information by an organization or person, in
pursuance of legal obligations or in the transaction of business
3.16
records management
field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use
and disposition of records, including processes for capturing and maintaining evidence of and information about
business activities and transactions in the form of records
3.17
records system
information system which captures, manages and provides access to records through time
3.18
registration
act of giving a record a unique identifier on its entry into a system
3.19
tracking
creating, capturing and maintaining information about the movement and use of records
3.20
transfer
〈custody〉 change of custody, ownership and/or responsibility for records
3.21
transfer
〈movement〉 moving records from one location to another
4 Benefits of records management
Records management governs the practice both of records managers and of any person who creates or uses
records in the course of their business activities. Records management in an organization includes
a) setting policies and standards,
b) assigning responsibilities and authorities,
c) establishing and promulgating procedures and guidelines,
d) providing a range of services relating to the management and use of records,
e) designing, implementing and administering specialized systems for managing records, and
f) integrating records management into business systems and processes.
Records contain information that is a valuable resource and an important business asset. A systematic approach to
the management of records is essential for organizations and society to protect and preserve records as evidence
of actions. A records management system results in a source of information about business activities that can
support subsequent activities and business decisions, as well as ensuring accountability to present and future
stakeholders. Records enable organizations to
 conduct business in an orderly, efficient and accountable manner,
 deliver services in a consistent and equitable manner,
 support and document policy formation and managerial decision making,
 provide consistency, continuity and productivity in management and administration,
 facilitate the effective performance of activities throughout an organization,
 provide continuity in the event of a disaster,
 meet legislative and regulatory requirements including archival, audit and oversight activities,
 provide protection and support in litigation including the management of risks associated with the existence of,
or lack of, evidence of organizational activity,
 protect the interests of the organization and the rights of employees, clients and present and future
stakeholders,
 support and document current and future research and development activities, developments and
achievements, as well as historical research,
 provide evidence of business, personal and cultural activity,
 establish business, personal and cultural identity, and
 maintain corporate, personal or collective memory.
5 Regulatory environment
All organizations need to identify the regulatory environment that affects their activities and requirements to
document their activities. The policies and procedures of organizations should reflect the application of the
regulatory environment to their business processes. An organization should provide adequate evidence of its
compliance with the regulatory environment in the records of its activities.
4 © ISO 2001 – All rights reserved

The regulatory environment consists of
a) statute and case laws, and regulations governing the sector-specific and general business environment,
including laws and regulations relating specifically to records, archives, access, privacy, evidence, electronic
commerce, data protection and information,
b) mandatory standards of practice,
c) voluntary codes of best practice,
d) voluntary codes of conduct and ethics, and
e) identifiable expectations of the community about what is acceptable behaviour for the specific sector or
organization.
The nature of the organization and the sector to which it belongs will determine which of these regulatory elements
(individually or in combination) are most applicable to that organization's records management requirements.
6 Policy and responsibilities
6.1 General
An organization seeking to conform to this part of ISO 15489 should establish, document, maintain and promulgate
policies, procedures and practices for records management to ensure that its business need for evidence,
accountability and information about its activities is met.
6.2 Policy
Organizations should define and document a policy for records management. The objective of the policy should be
the creation and management of authentic, reliable and useable records, capable of supporting business functions
and activities for as long as they are required. Organizations should ensure that the policy is communicated and
implemented at all levels in the organization.
The policy should be adopted and endorsed at the highest decision-making level and promulgated throughout the
organization. Responsibility for compliance should be assigned.
The policy should be derived from an analysis of business activities. It should define the areas where legislation,
regulations, other standards and best practices have the greatest application in the creation of records connected
to business activities. In doing so, organizations should take into account their organizational environment and
economic considerations. Policies should be regularly reviewed to ensure that they reflect current business needs.
6.3 Responsibilities
Records management responsibilities and authorities should be defined and assigned, and promulgated
throughout the organization so that, where a specific need to create and capture records is identified, it should be
clear who is responsible for taking the necessary action. These responsibilities should be assigned to all
employees of the organization, including records managers, allied information professionals, executives, business
unit managers, systems administrators and others who create records as part of their work, and should be reflected
in job descriptions and similar statements. Specific leadership responsibility and accountability for records
management should be assigned to a person with appropriate authority within the organization. Designations of the
responsible individuals may be assigned by law.
Such responsibilities should include statements such as the following.
a) Records management professionals are responsible for all aspects of records management, including the
design, implementation and maintenance of records systems and their operations, and for training users on
records management and records systems operations as they affect individual practices.
b) Executives are responsible for supporting the application of records management policies throughout the
organization.
c) Systems administrators are responsible for ensuring that all documentation is accurate, available and legible to
personnel when required.
d) All employees are responsible and accountable for keeping accurate and complete records of their activities.
Archival authorities may be involved in the process of planning and implementing records management policies
and procedures.
7 Records management requirements
7.1 Principles of records management programmes
3)
Records are created, received and used in the conduct of business activities . To support the continuing conduct
of business, comply with the regulatory environment, and provide necessary accountability, organizations should
create and maintain authentic, reliable and useable records, and protect the integrity of those records for as long as
required. To do this, organizations should institute and carry out a comprehensive records management
programme which includes
a) determining what records should be created in each business process, and what information needs to be
included in the records,
b) deciding in what form and structure records should be created and captured, and the technologies to be used,
c) determining what metadata should be created with the record and through records processes and how that
metadata will be persistently linked and managed,
d) determining requirements for retrieving, using and transmitting records between business processes and other
users and how long they need to be kept to satisfy those requirements,
e) deciding how to organize records so as to support requirements for use,
f) assessing the risks that would be entailed by failure to have authoritative records of activity,
g) preserving records and making them accessible over time, in order to meet business requirements and
community expectations,
h) complying with legal and regulatory requirements, applicable standards and organizational policy,
i) ensuring that records are maintained in a safe and secure environment,
j) ensuring that records are retained only for as long as needed or required, and
k) identifying and evaluating opportunities for improving the effectiveness, efficiency or quality of its processes,
decisions, and actions that could result from better records creation or management.
Rules for creating and capturing records and metadata about records should be incorporated into the procedures
governing all business processes for which there is a requirement for evidence of activity.
Business continuity planning and contingency measures should ensure that records that are vital to the continued
functioning of the organization are identified as part of risk analysis, protected and recoverable when needed.

3) In this part of ISO 15489, business activity is used as a broad term, not restricted to commercial activity, but including public
administration, non-profit and other activities.
6 © ISO 2001 – All rights reserved

7.2 Characteristics of a record
7.2.1 General
A record should correctly reflect what was communicated or decided or what action was taken. It should be able to
support the needs of the business to which it relates and be used for accountability purposes.
As well as the content, the record should contain, or be persistently linked to, or associated with, the metadata
necessary to document a transaction, as follows:
a) the structure of a record, that is, its format and the relationships between the elements comprising the record,
should remain intact;
b) the business context in which the record was created, received and used should be apparent in the record
(including the business process of which the transaction is part, the date and time of the transaction and the
participants in the transaction);
c) the links between documents, held separately but combining to make up a record, should be present.
Records management policies, procedures and practices should lead to authoritative records which have the
characteristics given in 7.2.2 to 7.2.5.
7.2.2 Authenticity
An authentic record is one that can be proven
a) to be what it purports to be,
b) to have been created or sent by the person purported to have created or sent it, and
c) to have been created or sent at the time purported.
To ensure the authenticity of records, organizations should implement and document policies and procedures
which control the creation, receipt, transmission, maintenance and disposition of records to ensure that records
creators are authorized and identified and that records are protected against unauthorized addition, deletion,
alteration, use and concealment.
7.2.3 Reliability
A reliable record is one whose contents can be trusted as a full and accurate representation of the transactions,
activities or facts to which they attest and can be depended upon in the course of subsequent transactions or
activities. Records should be created at the time of the transaction or incident to which they relate, or soon
afterwards, by individuals who have direct knowledge of the facts or by instruments routinely used within the
business to conduct the transaction.
7.2.4 Integrity
The integrity of a record refers to its being complete and unaltered.
It is necessary that a record be protected against unauthorized alteration. Records management policies and
procedures should specify what additions or annotations may be made to a record after it is created, under what
circumstances additions or annotations may be authorized, and who is authorized to make them. Any authorized
annotation, addition or deletion to a record should be explicitly indicated and traceable.
7.2.5 Useability
A useable record is one that can be located, retrieved, presented and interpreted. It should be capable of
subsequent presentation as directly connected to the business activity or transaction that produced it. The
contextual linkages of records should carry the information needed for an understanding of the transactions that
created and used them. It should be possible to identify a record within the context of broader business activities
and functions. The links between records that document a sequence of activities should be maintained.
8 Design and implementation of a records system
8.1 General
Records management strategies are based on developing and adopting policies, procedures and practices, and
designing and implementing systems in ways that meet the operational needs of the organization and that accord
with the regulatory environment.
Strategies adopted by an organization for documenting its business activity should determine what records are
required and when, how and where they should be captured into records systems.
Implementation strategies for compliant records systems may include
a) designing records systems,
b) documenting records systems,
c) training records practitioners and other personnel,
d) converting records to new records systems, formats and controls,
e) setting standards and measuring compliance and performance against them, and
f) determining retention periods and making decisions about records which have continuing value, in keeping
with the regulatory environment.
Records management strategies should be documented in a strategic plan, such as an Information Management
Strategic Plan, which should be incorporated into organization-wide planning documentation.
Information systems, business applications and communication systems, and the business processes which they
support, should be designed, modified or redesigned so that adequate records can be created and captured as a
routine part of undertaking business activities.
8.2 Records systems characteristics
8.2.1 Introduction
Records systems should support records that contain the characteristics identified in 7.2. The systems should have
the characteristics described in 8.2.2 to 8.2.6.
8.2.2 Reliability
Any system deployed to manage records should be capable of continuous and regular operation in accordance
with responsible procedures.
A records system should
a) routinely capture all records within the scope of the business activities it covers,
b) organize the records in a way that reflects the business processes of the records’ creator,
c) protect the records from unauthorized alteration or disposition,
d) routinely function as the primary source of information about actions that are documented in the records, and
e) provide ready access to all relevant records and related metadata.
The reliability of the system should be documented by creating and maintaining records of systems operation.
These records should demonstrate that the system satisfied the criteria listed above.
8 © ISO 2001 – All rights reserved

A records system should be responsive to changing business needs but any changes in the system should not
have an impact on the characteristics of the records in the system. Similarly, when records are transferred from one
records system to another, the transfer should be carried out in a way that does not adversely affect the
characteristics of the records.
8.2.3 Integrity
Control measures such as access monitoring, user verification, authorized destruction and security should be
implemented to prevent unauthorized access, destruction, alteration or removal of records. These controls may
reside within a records system or be external to the specific system. For electronic records, the organization may
need to prove that any system malfunction, upgrade or regular maintenance does not affect the records' integrity.
8.2.4 Compliance
Records systems should be managed in compliance with all requirements arising from current business, the
regulatory environment and community expectations in which the organization operates. Personnel creating
records should understand how these requirements affect the business actions they perform. Records system
compliance with such requirements should be regularly assessed and the records of these assessments retained
for evidential purposes.
8.2.5 Comprehensiveness
Records systems should manage records resulting from the complete range of business activities for the
organization, or section of the organization, in which they operate.
8.2.6 Systematic
Records should be created, maintained and managed systematically. Records creation and maintenance practices
should be systematized through the design and operation of both records systems and business systems.
A records system should have accurately documented policies, assigned responsibilities and formal methodologies
for its management.
8.3 Designing and implementing records systems
8.3.1 General
A records system should have the functionality that enables it to carry out and to support the records management
processes described in clause 9.
Decisions about design and implementation of records systems and the processes they support need to be
considered in relation to existing organizational systems.
8.3.2 Documenting records transactions
Records systems should contain complete and accurate representations of all transactions that occur in relation to
a particular record. These include the processes associated with individual records. Such details may be
documented as part of the metadata embedded in, attached to, or associated with, a specific record. Alternatively,
they may be recorded as audit trails which should be kept at least as long as the document to which they relate is
retained.
8.3.3 Physical storage medium and protection
Appropriate storage environment and media, physical protective materials, handling procedures and storage
systems should be considered when designing the records system. Knowing how long the records will need to be
kept and maintained will affect decisions on storage media. The records system should address disaster
preparedness to ensure that risks are identified and mitigated. Integrity should be demonstrably maintained during
and after recovery from disaster.
8.3.4 Distributed management
Records systems should be capable of supporting alternative options for the location of records. In some cases,
where the legal and regulatory environment allows this, records may be physically stored with one organization, but
the responsibility and management control reside with either the creating organization or another appropriate
authority. Such arrangements, distinguishing between storage, ownership and responsibility for records, are
particularly relevant for records in electronic records systems. Variations in these arrangements may occur at any
time in the systems' existence, and any changes to these arrangements should be traceable and documented.
8.3.5 Conversion and migration
Records systems should be designed so that records will remain authentic, reliable and useable throughout any
kind of system change, including format conversion, migration between hardware and operating systems or specific
software applications, for the entire period of their retention (see 8.5).
8.3.6 Access, retrieval and use
Records systems should provide timely and efficient access to, and retrieval of, records needed in the continuing
conduct of business and to satisfy related accountability requirements.
Systems should include and apply controls on access to ensure that the integrity of the records is not
compromised. They should provide and maintain audit trails or other methods to demonstrate that records were
effectively protected from unauthorized use, alteration or destruction.
8.3.7 Retention and disposition
Records systems should be capable of facilitating and implementing decisions on the retention or disposition of
records. It should be possible for these decisions to be made at any time in the existence of records, including
during the design stage of records systems. It should also be possible, where appropriate, for disposition to be
activated automatically. Systems should provide audit trails or other methods to track completed disposition
actions.
8.4 Design and implementation methodology
In order to design and implement sustainable record systems, a design and implementation methodology is
essential.
The methodology given in items a) to h) is not designed to be linear. The tasks may be undertaken in different
stages, iteratively, partially or gradually, in accordance with organizational needs, formal compliance requirements
and changes to the organizational and records management environment.
a) Preliminary investigation. Collect information from documentary sources and through interviews; identify and
document the role and purpose of the organization, its structure, its legal, regulatory, business and political
environment, critical factors and critical weaknesses associated with records management.
b) Analysis of business activity. Collect information from documentary sources and through interviews; identify
and document each business function, activity and transaction and establish a hierarchy of them, that is, a
business classification system, and identify and document the flow of business processes and the transactions
which comprise them.
c) Identification of requirements for records. Collect information from documentary sources and through
interviews; identify the requirements for evidence of and information about each business function, activity
and transaction which should be satisfied through records. The requirements can be derived from an analysis
of the organization's regulatory environment (see clause 5) and the risk of not creating and maintaining the
records. Determine how each requirement may be satisfied through records management processes, and
articulate and document the requirements for records. Choose the appropriate records structure which best
satisfies each business function, activity or transaction.
d) Assessment of existing systems. Identify and analyse existing records systems and other information
systems to measure their performance against the requirements for records.
10 © ISO 2001 – All rights reserved

e) Identification of strategies for satisfying records requirements. Identify strategies for satisfying records
requirements, which may include adopting policies, standards, procedures and practices, designing new
systems and implementing systems in a way which satisfies a requirement for records. Strategies may be
applied to each records requirement separately or in combination. Strategies should be selected on the basis
of the degree of risk involved through failure to satisfy a requirement, either within the business function which
the records system is intended to support, the existing systems environment or the corporate culture in which
the strategy should succeed (see clause 7).
f) Design of a records system. Design a records system which incorporates the strategies, processes and
practices described in this part of ISO 15489; ensure that the records system supports, and does not hinder,
business processes; assess and, if necessary, redesign business processes and operational business and
communication systems to incorporate records management.
g) Implementation of a records system. Implementing a records system should be undertaken systematically
using project planning and methodologies appropriate to the situation and with a view to integrating the
operation of records systems with business processes and related systems.
h) Post-implementation review. Gather information about the performance of the records system as an i
...

NORME ISO
INTERNATIONALE 15489-1
Première édition
2001-09-15
Information et documentation — «Records
management» —
Partie 1:
Principes directeurs
Information and documentation — Records management —
Part 1: General
Numéro de référence
©
ISO 2001
PDF – Exonération de responsabilité
Le présent fichier PDF peut contenir des polices de caractères intégrées. Conformément aux conditions de licence d'Adobe, ce fichier peut
être imprimé ou visualisé, mais ne doit pas être modifié à moins que l'ordinateur employé à cet effet ne bénéficie d'une licence autorisant
l'utilisation de ces polices et que celles-ci y soient installées. Lors du téléchargement de ce fichier, les parties concernées acceptent de fait la
responsabilité de ne pas enfreindre les conditions de licence d'Adobe. Le Secrétariat central de l'ISO décline toute responsabilité en la
matière.
Adobe est une marque déposée d'Adobe Systems Incorporated.
Les détails relatifs aux produits logiciels utilisés pour la création du présent fichier PDF sont disponibles dans la rubrique General Info du
fichier; les paramètres de création PDF ont été optimisés pour l'impression. Toutes les mesures ont été prises pour garantir l'exploitation de
ce fichier par les comités membres de l'ISO. Dans le cas peu probable où surviendrait un problème d'utilisation, veuillez en informer le
Secrétariat central à l'adresse donnée ci-dessous.

©  ISO 2001
Droits de reproduction réservés. Sauf prescription différente, aucune partie de cette publication ne peut être reproduite ni utilisée sous quelque
forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie et les microfilms, sans l'accord écrit de l'ISO à
l'adresse ci-après ou du comité membre de l'ISO dans le pays du demandeur.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax. + 41 22 749 09 47
E-mail copyright@iso.ch
Web www.iso.ch
Imprimé en Suisse
ii © ISO 2001 – Tous droits réservés

Sommaire Page
Avant-propos .v
Introduction.vi
1 Domaine d'application.1
2 Références normatives.2
3 Termes et définitions.2
4 Avantages du «Records management» .4
5 Environnement réglementaire.5
6 Politique et responsabilités.5
6.1 Généralités.5
6.2 Politique.5
6.3 Responsabilités.6
7 Exigences du «Records management».6
7.1 Principes généraux d'un programme de «Records management» .6
7.2 Caractéristiques d'un document d'archives .7
7.2.1 Généralités.7
7.2.2 Authenticité.7
7.2.3 Fiabilité.8
7.2.4 Intégrité.8
7.2.5 Exploitabilité.8
8 Conception et mise en œuvre d'un système d'archivage .8
8.1 Généralités.8
8.2 Caractéristiques du système d'archivage.9
8.2.1 Introduction.9
8.2.2 Fiabilité.9
8.2.3 Intégrité.9
8.2.4 Conformité.9
8.2.5 Étendue.9
8.2.6 Caractère systématique.9
8.3 Étapes de conception et de mise en œuvre du système d'archivage.10
8.3.1 Généralités.10
8.3.2 Enregistrement des opérations sur les documents.10
8.3.3 Support de stockage et protection .10
8.3.4 Gestion partagée.10
8.3.5 Conversion et migration .10
8.3.6 Accès, repérage et exploitation .10
8.3.7 Conservation et sort final .10
8.4 Méthodologie de conception et de mise en œuvre.11
8.5 Interruption du système d'archivage.11
9 Procédures du «Records management» et contrôles .12
9.1 Sélection des documents à intégrer dans un système d'archivage .12
9.2 Définition des durées de conservation .12
9.3 Intégration des documents.13
9.4 Enregistrement.14
9.5 Classement.14
9.5.1 Classement des activités.14
9.5.2 Système de classement.14
9.5.3 Vocabulaires contrôlés.14
9.5.4 Indexation.14
9.5.5 Attribution de numéros et de cotes .15
9.6 Stockage et manutention .15
9.7 Accès.15
9.8 Traçabilité.16
9.8.1 Généralités.16
9.8.2 Suivi des opérations.16
9.8.3 Suivi de la localisation .16
9.9 Application du sort final.16
9.10 Rédaction d'une charte d'archivage .17
10 Contrôle et audit .18
11 Formation.18
Index.19

iv © ISO 2001 – Tous droits réservés

Avant-propos
L'ISO (Organisation internationale de normalisation) est une fédération mondiale d'organismes nationaux de
normalisation (comités membres de l'ISO). L'élaboration des Normes internationales est en général confiée aux
comités techniques de l'ISO. Chaque comité membre intéressé par une étude a le droit de faire partie du comité
technique créé à cet effet. Les organisations internationales, gouvernementales et non gouvernementales, en
liaison avec l'ISO participent également aux travaux. L'ISO collabore étroitement avec la Commission
électrotechnique internationale (CEI) en ce qui concerne la normalisation électrotechnique.
Les Normes internationales sont rédigées conformément aux règles données dans les Directives ISO/CEI,
Partie 3.
La tâche principale des comités techniques est d'élaborer les Normes internationales. Les projets de Normes
internationales adoptés par les comités techniques sont soumis aux comités membres pour vote. Leur publication
comme Normes internationales requiert l'approbation de 75 % au moins des comités membres votants.
L'attention est appelée sur le fait que certains des éléments de la présente partie de l'ISO 15489 peuvent faire
l'objet de droits de propriété intellectuelle ou de droits analogues. L'ISO ne saurait être tenue pour responsable de
ne pas avoir identifié de tels droits de propriété et averti de leur existence.
L'ISO 15489-1 a été élaborée par le comité technique ISO/TC 46, Information et documentation, sous-comité
SC 11, Gestion des archives courantes et intermédiaires.
L'ISO 15489 comprend les parties suivantes, présentées sous le titre général Information et documentation —
«Records management»:
 Partie 1: Principes directeurs
 Partie 2: Guide pratique [Rapport technique]

Introduction
La normalisation des politiques et des procédures du «Records management» garantit que tous les documents
d'archives bénéficient de l'attention et de la protection appropriées, et que leurs valeurs de preuve et d'information
sont susceptibles d'être mises en évidence plus efficacement et plus facilement, en ayant recours à des pratiques
et procédures normalisées.
La présente partie de l'ISO 15489 a été élaborée en réponse au consensus entre les pays membres de l'ISO pour
la normalisation des bonnes pratiques internationales en matière d'organisation et de gestion des documents
d'archives, en utilisant la norme australienne AS 4390, Records management, comme point de départ.
La présente partie de l'ISO 15489 est accompagnée d'un Rapport technique (ISO/TR 15489-2), qu'il est
recommandé d'utiliser avec elle. L'ISO/TR 15489-2 fournit de plus amples explications et des suggestions pour la
réalisation des préconisations de la norme. Il comporte également une bibliographie.
vi © ISO 2001 – Tous droits réservés

NORME INTERNATIONALE ISO 15489-1:2001(F)

Information et documentation — «Records management» —
Partie 1:
Principes directeurs
1 Domaine d'application
1)
La présente partie de l'ISO 15489 constitue un guide pour l'organisation et la gestion des documents d'archives
des organismes, publics ou privés, pour le compte de clients internes ou externes.
Tous les éléments constitutifs de la présente partie de l'ISO 15489 visent à ce que les documents soient créés,
archivés et organisés d'une manière pertinente. Les procédures propres à assurer l'organisation et la gestion des
documents selon les principes et les éléments constitutifs de la présente partie de l'ISO 15489 sont présentées
dans l'ISO/TR 15489-2 (Guide pratique).
La présente partie de l'ISO 15489
 vise l'organisation et la gestion des documents, quels que soient leur forme ou leur support, produits ou reçus
par tout organisme, public ou privé, dans l'exercice de ses activités, ou par toute personne physique ayant la
responsabilité de produire ou de conserver des documents d'archives,
 constitue un guide pour définir les responsabilités des organismes vis à vis de leurs documents d'archives et
les politiques, procédures, systèmes et méthodes afférents,
 constitue un guide pour le «Records management» en tant que soutien d'une démarche qualité, en accord
avec l'ISO 9001 et l'ISO 14001,
 constitue un guide pour la conception et la mise en œuvre d'un système d'archivage,
 mais n'inclut pas l'organisation et la gestion des archives historiques au sein des institutions d'archives.
La présente partie de l'ISO 15489 est destinée
 aux dirigeants des organismes,
 aux professionnels du document d'archives et des technologies de l'information,
 à l'ensemble du personnel des organismes,
 ainsi qu'à toute personne physique ayant la responsabilité de créer et archiver des documents.

1) Dans certains pays, l'organisation et la gestion des documents d'archives s'applique aussi aux archives historiques. Les
archives historiques ne sont pas couvertes par la présente partie de l'ISO 15489.
Le terme anglais «records» désigne les documents considérés dans leur dimension de preuve (et d'utilité dans le cadre de la
conduite des activités de l'organisme émetteur), par opposition à «documents» (qui ne prend en compte que leur contenu
informatif) et à «archives» (qui vise la portée historique). N'ayant pas en français d'équivalent strict, «records» est traduit ici par
«documents d'archives» sauf lorsque le terme «documents» est suffisamment explicite dans le contexte, voire par «archives»
lorsque le sens l'impose.
2 Références normatives
Les documents normatifs suivants contiennent des dispositions qui, par suite de la référence qui y est faite,
constituent des dispositions valables pour la présente partie de l'ISO 15489. Pour les références datées, les
amendements ultérieurs ou les révisions de ces publications ne s'appliquent pas. Toutefois, les parties prenantes
aux accords fondés sur la présente partie de l'ISO 15489 sont invitées à rechercher la possibilité d'appliquer les
éditions les plus récentes des documents normatifs indiqués ci-après. Pour les références non datées, la dernière
édition du document normatif en référence s'applique. Les membres de l'ISO et de la CEI possèdent le registre des
Normes internationales en vigueur.
2)
ISO 5127:— , Information et documentation — Vocabulaire
ISO 9001, Systèmes de management de la qualité — Exigences
ISO 14001, Systèmes de management environnemental — Spécification et lignes directrices pour son utilisation
3 Termes et définitions
Pour les besoins de la présente partie de l'ISO 15489, les termes et définitions donnés dans l'ISO 5127 ainsi que
les suivants s'appliquent.
NOTE La présente partie de l'ISO 15489 comporte un index alphabétique des termes clés utilisés.
3.1
accès
droit, modalités et moyens de rechercher, d'exploiter ou de retrouver l'information
3.2
responsabilité
principe selon lequel les personnes physiques et morales, ainsi que la collectivité, sont responsables de leurs
actions et peuvent être tenues d'en rendre compte
3.3
suivi des opérations
action de fixer et d'imposer des étapes et des échéances dans le traitement des affaires
3.4
autorité archivistique
institution ou service d'archives en charge de la sélection, de la collecte et de la conservation des archives, de leur
mise à disposition et de l'approbation des éliminations des archives non historiques
3.5
classement
identification systématique et classement des activités et/ou des documents d'archives en catégories suivant
l'organisation logique d'un système de classification et en accord avec ses principes, ses méthodes et ses règles
3.6
système de classement
VOIR classement (3.5)
2) À publier. (Révision de toutes les parties de l'ISO 5127)
2 © ISO 2001 – Tous droits réservés

3.7
conversion
action de transférer des documents d'un support à un autre, ou d'un format à un autre
VOIR migration (3.13)
3.8
destruction
action d'éliminer ou de supprimer des documents, de façon irréversible
3.9
sort final
destination diversifiée des documents correspondant à la mise en œuvre des décisions de conservation, de
destruction ou de transfert des documents, telles qu'elles sont explicitées dans la charte d'archivage ou tout autre
outil de référence
3.10
document
tout écrit ou enregistrement considéré comme une unité
3.11
indexation
action de définir des points d'accès pour faciliter le repérage des documents et/ou des informations
3.12
métadonnées
données décrivant le contexte, le contenu et la structure des documents ainsi que leur gestion dans le temps
3.13
migration
action de transférer des documents d'un système à un autre en préservant leur authenticité, leur intégrité, leur
fiabilité et leur exploitabilité
VOIR conversion (3.7)
3.14
conservation
actions et tâches concourant à la pérennité technique et intellectuelle des documents authentiques
3.15
documents d'archives
documents
documents créés, reçus et préservés à titre de preuve et d'information par une personne physique ou morale dans
l'exercice de ses obligations légales ou la conduite de son activité
3.16
«Records management»
champ de l'organisation et de la gestion en charge d'un contrôle efficace et systématique de la création, de la
réception, de la conservation, de l'utilisation et du sort final des documents, y compris des méthodes de fixation et
de préservation de la preuve et de l'information liées à la forme des documents
3.17
système d'archivage
système d'information qui intègre les documents, les organise, les gère et les rend accessibles à terme
3.18
enregistrement
action de donner un identifiant unique à un document au moment de son archivage
3.19
traçabilité
fait de créer, d'enregistrer et de préserver les données relatives aux mouvements et à l'utilisation des documents
3.20
versement
action de transférer la conservation physique, la propriété ou la responsabilité de documents
3.21
transfert
action de changer la localisation des documents
4 Avantages du «Records management»
Le «Records management» gouverne les pratiques aussi bien des «records managers» que de toute personne qui
produit ou exploite des documents dans l'exercice de ses activités. Dans un organisme, le «Records management»
comporte
a) la mise en place de politiques et de normes,
b) la répartition des responsabilités et des compétences,
c) l'élaboration, la validation et la diffusion des procédures et des manuels correspondants,
d) l'offre d'une gamme de services d'organisation, de gestion et d'utilisation des documents,
e) la conception, la mise en œuvre et la maintenance de systèmes spécifiques pour l'organisation et la gestion
des documents d'archives,
f) l'intégration du «Records management» dans les systèmes d'organisation et les méthodes de travail.
Les documents d'archives contiennent des informations qui constituent une ressource non négligeable et un atout
important dans la conduite des affaires. Une démarche systématique d'organisation et de gestion des documents
d'archives est indispensable aux organismes, ainsi qu'à la société, pour protéger et conserver la preuve tangible de
leurs activités. Un système de «Records management» représente une source d'information sur les activités de
l'organisme et, de ce fait, une aide à la décision et à l'action, ainsi qu'un outil pour rendre des comptes à toute
partie intéressée présente ou future. Les documents d'archives permettent
 de conduire des affaires d'une manière ordonnée, efficace et responsable,
 de proposer une offre cohérente et équitable de services,
 d'apporter un soutien à la politique de formation et une aide à la décision,
 de donner de la cohérence, de la continuité et de la productivité aux tâches d'organisation et de gestion,
 de faciliter les performances réelles des activités au sein d'un organisme,
 d'assurer la continuité des affaires en cas de sinistre,
 de répondre aux exigences légales et réglementaires, y compris en matière d'archives, d'audit et de contrôle,
 de fournir une protection et un soutien en cas de litige, ceci incluant la gestion des risques du fait de
l'existence ou de la non-disponibilité d'une preuve,
 de protéger les intérêts de l'organisme et les droits de ses employés, de ses clients ainsi que des utilisateurs
présents et futurs de ces documents,
 de soutenir et de documenter les activités de recherche et de développement présentes et futures, les
réalisations et les résultats, aussi bien que la recherche historique,
4 © ISO 2001 – Tous droits réservés

 de fournir la preuve des activités professionnelles, personnelles et culturelles,
 d'établir une identité professionnelle, personnelle et culturelle,
 de préserver une mémoire d'entreprise, personnelle ou collective.
5 Environnement réglementaire
Tous les organismes ont besoin d'identifier l'environnement réglementaire qui concerne leurs activités et le
minimum nécessaire pour documenter ces activités. Il est recommandé que les politiques et procédures des
organismes traduisent la prise en compte de l'environnement réglementaire dans les méthodes de travail. Il
convient qu'un organisme puisse apporter la preuve, dans les documents qu'il produit, que ses activités sont bien
conformes à l'environnement réglementaire.
L'environnement réglementaire est défini par
a) la législation et la jurisprudence ainsi que la réglementation propres à l'activité en général et au secteur
d'activité concerné, y compris les lois et règlements relatifs aux documents d'archives, à l'accès à l'information,
au respect de la vie privée, à la notion de preuve, au commerce électronique et à la protection des données,
b) les normes ayant un caractère d'obligation légale,
c) les codes de bonnes pratiques adoptés volontairement,
d) les codes de conduite ou d'éthique adoptés volontairement,
e) les attentes identifiées de la société en matière de comportement des organismes dans le secteur d'activité
concerné.
La nature de l'organisme et son secteur d'activité détermineront lesquels de ces éléments réglementaires
(individuellement ou combinés) s'appliquent le mieux aux exigences du «Records management» dans cet
organisme.
6 Politique et responsabilités
6.1 Généralités
Il convient qu'un organisme qui cherche à se conformer à la présente partie de l'ISO 15489 élabore, documente,
conserve et diffuse des politiques, procédures et pratiques de «Records management» qui garantissent la
satisfaction de ses besoins en matière de preuve, de responsabilité et d'information dans la gestion de ses
activités.
6.2 Politique
Il est recommandé que les organismes définissent et documentent une politique en matière de «Records
management». Il convient que cette politique vise à la production et à l'organisation de documents authentiques,
fiables et exploitables, propres à conforter l'activité aussi longtemps que nécessaire. Il est recommandé que les
organismes s'assurent que cette politique est connue et mise en œuvre à tous les niveaux.
Il convient que cette politique soit adoptée et appuyée au plus haut niveau de décision et diffusée pour action dans
tout l'organisme. Il convient de désigner un responsable de la bonne exécution de cette diffusion.
Il est recommandé que cette politique soit issue d'une analyse des activités de l'organisme. Il convient de
déterminer là où la législation, la réglementation, les autres normes et bonnes pratiques s'appliquent avec le plus
de pertinence à la création de documents correspondant aux activités de l'organisme. Pour ce faire, il est
recommandé que les organismes prennent en compte leur environnement organisationnel et économique. Il
convient de soumettre à des révisions régulières ces politiques, afin qu'elles reflètent bien les besoins courants de
la gestion des affaires.
6.3 Responsabilités
Il est recommandé que les responsabilités et les compétences en matière de «Records management» soient
définies et attribuées, et que tout l'organisme en soit informé, de sorte que, là où un besoin spécifique de créer et
d'archiver un document est identifié, la personne responsable de cette action soit, elle aussi, clairement identifiée.
Il est recommandé que ce type de responsabilité soit attribué à tout le personnel: «records managers» et
professionnels de l'information, décideurs, cadres, administrateurs systèmes et autres collaborateurs dont l'activité
produit des documents, ces données figurant dans les descriptions de poste et autres types de documents
similaires. Il est recommandé que la responsabilité globale du «Records management» soit attribuée à une
personne qui, au sein de l'organisme, dispose de l'autorité nécessaire. Il est admis que la nomination de
responsables peut être une obligation légale.
Il est recommandé de définir ces responsabilités par des formulations telles que les suivantes.
a) Les professionnels du «Records management» sont responsables de tous les aspects du «Records
management»: conception, mise en œuvre et maintenance du système d'archivage et de ses procédures;
formation des utilisateurs au «Records management» et aux procédures d'archivage, dans la mesure où
celles-ci modifient les pratiques individuelles.
b) Les décideurs sont tenus de soutenir l'application des principes de «Records management» dans tout
l'organisme.
c) Les administrateurs systèmes sont responsables du maintien d'une documentation exacte, accessible et lisible
par les personnels qui en ont besoin.
d) Tous les collaborateurs sont responsables de produire des documents précis et complets sur leurs activités et
de les conserver en bonne et due forme.
Il est admis que les autorités archivistiques soient impliquées dans le projet et la mise en œuvre des politiques et
procédures de «Records management».
7 Exigences du «Records management»
7.1 Principes généraux d'un programme de «Records management»
3)
Les documents d'archives sont produits, reçus et utilisés dans la conduite des affaires . Pour permettre la
continuité dans la conduite des affaires, satisfaire à l'environnement réglementaire et assumer leurs
responsabilités, il est recommandé que les organismes produisent et conservent des documents authentiques,
fiables et exploitables, et préservent l'intégrité de ces documents aussi longtemps que nécessaire. Dans ce but, il
est recommandé que les organismes instaurent et mettent en place un programme complet de «Records
management» dont le rôle est de
a) définir quels documents a minima il convient de créer pour chaque type d'activité, et quelles informations il
convient d'y faire figurer,
b) décider sous quelle forme et quelle structure il convient de produire et d'archiver les documents, et quelles
technologies doivent être utilisées,
c) définir quelles métadonnées il convient de créer, avec ou autour du document, et comment ces métadonnées
et leurs liens seront maintenus et gérés dans le temps,
d) déterminer les besoins en matière de recherche, d'utilisation et de transmission des documents entre les
utilisateurs immédiats et les autres utilisateurs, et les délais de conservation correspondant à ces besoins,
e) décider le mode d'organisation des documents le mieux adapté à leur exploitation,

3) Dans la présente partie de l'ISO 15489, la conduite des affaires est utilisée au sens large, et non pas limitée à l'activité
commerciale; elle comprend aussi l'administration publique, les activités sans but lucratif et autres.
6 © ISO 2001 – Tous droits réservés

f) évaluer les risques attachés à la non-disponibilité de documents probants pour une activité,
g) conserver les documents et les rendre accessibles à terme, pour répondre aux besoins de l'organisme ou de
l'entreprise et aux attentes de la société,
h) se conformer aux exigences légales et réglementaires, aux normes en vigueur et aux politiques d'organisation,
i) s'assurer que les documents sont conservés dans un environnement sain et sécurisé,
j) s'assurer que les documents ne sont pas conservés au-delà de la durée nécessaire,
k) identifier et apprécier les occasions d'améliorer la rentabilité, l'efficacité et la qualité des méthodes, des
décisions et des opérations de création, d'organisation ou de gestion des documents.
Il est recommandé d'introduire des règles pour la production et l'archivage des documents et des métadonnées
dans les procédures générales s'appliquant à la conduite des affaires, dès lors qu'une preuve de l'action peut être
exigée.
Il est recommandé que le plan de continuité des affaires et les mesures d'urgence s'assurent que les documents
vitaux pour le fonctionnement de l'organisme sont identifiés et évalués lors de l'analyse des risques, sont protégés
et peuvent être récupérés le cas échéant.
7.2 Caractéristiques d'un document d'archives
7.2.1 Généralités
Il convient qu'un document soit le reflet précis ce qui a été dit ou décidé ou de l'action qui a été effectuée. Il
convient qu'il puisse répondre aux besoins de l'affaire dont il traite et puisse être utilisé pour rendre compte.
En plus de son contenu, il convient que le document inclue, directement ou au travers de liens ou associations
durables, les métadonnées nécessaires pour documenter une action, et ce de la manière suivante:
a) il convient que la structure du document, c'est-à-dire sa forme et les relations entre les éléments constitutifs du
document, demeure intacte;
b) il convient que le contexte de création et d'exploitation du document soit apparent (notamment le dossier ou
l'affaire de rattachement, la date et l'heure de l'action et les auteurs de cette action);
c) il convient que les liens, entre des documents isolés dont la combinaison produit un autre document
d'archives, soient apparents.
Il convient que les politiques, procédures et pratiques du «Records management» conduisent à la production de
documents d'archives faisant autorité du fait des caractéristiques données en 7.2.2 à 7.2.5.
7.2.2 Authenticité
Un document authentique est un document dont on peut prouver
a) qu'il est bien ce qu'il prétend être,
b) qu'il a été effectivement produit ou reçu par la personne qui prétend l'avoir produit ou reçu, et
c) qu'il a été produit ou reçu au moment où il prétend l'avoir été.
Afin de garantir l'authenticité des documents, il est recommandé que les organismes mettent en place et
documentent des politiques et des procédures de contrôle de la création, de la réception, de la transmission, de la
préservation et du sort final des documents, de manière à garantir que les créateurs de documents sont autorisés
et identifiés comme tels, et que les documents sont ainsi protégés contre des ajouts, des suppressions, des
altérations, une exploitation ou une dissimulation abusifs.
7.2.3 Fiabilité
Un document fiable est un document dont le contenu peut être considéré comme la représentation complète et
exacte des opérations, des activités ou des faits qu'il atteste, et sur lequel on peut s'appuyer lors d'opérations,
d'activités ou de faits ultérieurs. Il est recommandé que les documents soient créés au moment de l'opération ou
du fait qu'ils relatent ou juste après, par des personnes qui ont une connaissance directe des faits ou par des outils
courants dans la conduite des affaires.
7.2.4 Intégrité
L'intégrité d'un document renvoie au caractère complet et non altéré de son état.
Il est nécessaire qu'un document soit protégé contre les altérations abusives. Il est recommandé que les politiques
et les procédures de «Records management» précisent quels ajouts ou annotations pourront être portés sur un
document après sa création, dans quelles circonstances et par qui il convient d'enregistrer toute trace d'annotation,
d'ajout ou de suppression sur un document d'archives.
7.2.5 Exploitabilité
Un document utilisable est un document qui peut être localisé, récupéré, communiqué et interprété. Il convient qu'à
chaque communication, le document soit relié à l'activité ou à l'opération à l'origine de sa création. Il convient que
les liens contextuels des documents portent les informations nécessaires à la compréhension des opérations qui
les ont crées et utilisés. Il est recommandé de pouvoir replacer un document dans le contexte d'activités ou de
fonctions élargies. Il convient de maintenir les liens entre les archives qui documentent une succession logique
d'actions.
8 Conception et mise en œuvre d'un système d'archivage
8.1 Généralités
La stratégie en matière de «Records management» est basée sur la mise en forme et l'adoption de politiques, de
procédures et de pratiques, et sur la conception et la mise en œuvre d'un système qui satisfasse les besoins
opérationnels de l'organisme et qui réponde à l'environnement réglementaire.
Il convient que la stratégie retenue par un organisme pour documenter son activité détermine quels documents
sont nécessaires et quand, comment et où les intégrer dans le système d'archivage.
La stratégie de mise en œuvre d'un système d'archivage conforme peut comporter
a) la conception du système d'archivage,
b) la documentation du système d'archivage,
c) la formation des praticiens des documents et des autres personnels,
d) l'adaptation des documents au nouveau système d'archivage, à ses formats et à ses procédures de contrôle,
e) la mise en place de normes et la mesure de la conformité et de la performance vis à vis de ces normes,
f) la fixation de durées de conservation et leur application pour les documents qui ont une valeur pérenne, dans
le respect de l'environnement réglementaire.
Il est recommandé que la stratégie de «Records management» soit partie intégrante d'un plan stratégique, tel
qu'un plan stratégique de gestion de l'information, qui serait lui-même intégré dans le plan stratégique global de
l'organisme.
Il convient de concevoir, modifier ou réviser les systèmes d'information, les systèmes d'organisation et de
communication, aussi bien que les opérations qu'ils servent, de sorte que la production des documents
correspondants et leur intégration dans le système d'archivage constituent une démarche systématique dans le
déroulement de l'activité.
8 © ISO 2001 – Tous droits réservés

8.2 Caractéristiques du système d'archivage
8.2.1 Introduction
Il est recommandé que les documents archivés répondent aux caractéristiques énoncées en 7.2. Il convient que le
système présente les caractéristiques décrites de 8.2.2 à 8.2.6.
8.2.2 Fiabilité
Il est recommandé que tout système d'organisation et de gestion des documents d'archives fonctionne de manière
continue et régulière, cohérente avec les responsabilités en jeu.
Il convient qu'un système d'archivage
a) intègre automatiquement tous les documents d'archives relevant du champ d'activité de l'organisme,
b) organise les documents d'une manière telle qu'elle reflète les opérations du producteur des documents,
c) protège les documents contre une altération ou une élimination abusive,
d) joue automatiquement le rôle de source première d'information sur les activités décrites dans les documents,
e) fournisse un accès immédiat à tous les documents pertinents et à leurs métadonnées.
Il est recommandé de conforter la fiabilité du système en produisant et conservant les documents à même de
prouver que le système satisfait aux critères énoncés plus haut.
Il convient qu'un système d'archivage soit réactif à l'évolution des besoins sans que les modifications du système
affectent les caractéristiques des documents. Pareillement, quand des documents sont transférés d'un système
d'archivage vers un autre, il convient que le transfert soit opéré de manière que les caractéristiques fondamentales
des documents n'en soient pas changées.
8.2.3 Intégrité
Il est recommandé que des mesures de contrôle visant le droit d'accès, l'identité de l'utilisateur, le droit de procéder
à des éliminations et la sécurité soient mises en œuvre afin de prévenir tout accès, toute élimination, toute
altération ou tout déplacement abusifs des documents. Ces contrôles peuvent être inclus dans le système
d'archivage ou faire l'objet d'un système spécifique. Pour les documents électroniques, un organisme peut être
dans l'obligation de prouver que les dysfonctionnements du système, sa mise à niveau ou sa maintenance
n'affectent pas l'intégrité des documents.
8.2.4 Conformité
Il est recommandé que le système d'archivage soit organisé et géré en conformité avec toutes les exigences
issues des affaires courantes, de l'environnement réglementaire et des attentes du secteur d'activité concerné. Il
convient que les personnels créant des documents comprennent l'impact de ces exigences sur leur activité
quotidienne. Il est recommandé que la conformité du système d'archivage avec ces exigences soit régulièrement
évaluée et les rapports d'évaluation conservés à titre de preuve.
8.2.5 Étendue
Il est recommandé que le système d'archivage gère l'ensemble des documents issus de l'ensemble des activités
de l'organisme ou au moins de l'entité où il est mis en place.
8.2.6 Caractère systématique
Il est recommandé que les documents soient produits, conservés et gérés de manière systématique. Il convient de
concevoir et de mettre en place conjointement les systèmes d'archivage et d'organisation des activités, afin de
systématiser les méthodes de production et de conservation des documents.
Il convient qu'un système d'archivage dispose de politiques écrites précises, d'une répartition des responsabilités
et de méthodes de gestion formalisées.
8.3 Étapes de conception et de mise en œuvre du système d'archivage
8.3.1 Généralités
Il est recommandé qu'un système d'archivage possède les fonctionnalités nécessaires pour la mise en œuvre
intégrale des procédures d'archivage décrites à l'article 9.
Les décisions relatives à la conception et à la mise en œuvre d'un système d'archivage et des procédures
afférentes doivent être étudiées en lien avec les systèmes d'organisation existants.
8.3.2 Enregistrement des opérations sur les documents
Il convient que le système d'archivage donne le détail précis de toutes les opérations effectuées sur un document
particulier, que ce soit directement ou par le biais de documents associés. Ces précisions peuvent figurer en tant
que métadonnées intégrées, attachées ou associées à un document spécifique. Elles peuvent également être
consignées à titre de pistes d'audit, dont la conservation s'alignera au minimum sur celle du document en question.
8.3.3 Support de stockage et protection
Au moment de la conception du système d'archivage, il est recommandé de prendre en compte un environnement
et des supports de stockage adaptés, un conditionnement, des procédures de manipulations et un système de
stockage appropriés. La connaissance de la durée de conservation des documents influencera le choix du support
de stockage. Il est recommandé que le système d'archivage anticipe les sinistres potentiels afin de garantir que les
risques sont identifiés et atténués. Il convient que l'intégrité soit préservée de façon évidente pendant et après la
maîtrise du sinistre.
8.3.4 Gestion partagée
Il est recommandé que le système d'archivage puisse proposer plusieurs options pour la localisation des
documents. Dans certains cas, quand les lois et les règlements le permettent, il est possible que le stockage des
documents archivés soit externalisé, mais la responsabilité et le contrôle de gestion reviennent à l'organisme
producteur ou à l'autorité compétente. De telles dispositions, qui font la distinction entre stockage, propriété et
responsabilité des documents, sont particulièrement pertinentes dans un système d'archivage électronique. Il est
admis que des modifications puissent intervenir dans ces dispositions au cours de la vie du système; il est alors
recommandé que la traçabilité et la documentation de ces évolutions soient a
...