Information and documentation — Information Governance — Concept and principles

This document establishes concepts and principles for Information Governance. This document applies to the governance of the organisation's past, current and future information assets. It applies to organisations of all sizes in all sectors, including public and private companies, government entities, and not-for-profit organisations.

Information et documentation — Gouvernance de l’information — Concept et principes

Le présent document établit les concepts et principes relatifs à la gouvernance de l'information. Le présent document s'applique à la gouvernance des actifs informationnels passés, présents et futurs de l'organisme. Il s'applique aux organismes de toutes tailles et de tous les secteurs, y compris les sociétés publiques et privées, les entités gouvernementales, et les organisations à but non lucratif.

Informatika in dokumentacija - Upravljanje informacij - Koncept in načela

Ta dokument določa koncepte in načela upravljanja informacij.
Uporablja se za upravljanje preteklih, sedanjih in prihodnjih informacijskih sredstev organizacije. Uporablja se za organizacije vseh velikosti v vseh sektorjih, vključno z javnimi in zasebnimi podjetji, vladnimi subjekti in neprofitnimi organizacijami.

General Information

Status
Published
Publication Date
19-May-2022
Current Stage
6060 - International Standard published
Start Date
20-May-2022
Due Date
04-Jun-2022
Completion Date
20-May-2022

Buy Standard

Standard
ISO 24143:2023 - BARVE
English language
18 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day
Standard
ISO 24143:2022 - Information and documentation — Information Governance — Concept and principles Released:5/20/2022
English language
12 pages
sale 15% off
Preview
sale 15% off
Preview
Standard
ISO 24143:2022 - Information and documentation — Information Governance — Concept and principles Released:5/27/2022
French language
12 pages
sale 15% off
Preview
sale 15% off
Preview
Draft
ISO/DIS 24143:2021 - BARVE
English language
16 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

SLOVENSKI STANDARD
SIST ISO 24143:2023
01-januar-2023
Informatika in dokumentacija - Upravljanje informacij - Koncept in načela
Information and documentation -- Information Governance -- Concept and principles
Information et documentation -- Gouvernance de l’information -- Concept et principes
Ta slovenski standard je istoveten z: ISO 24143:2022
ICS:
01.140.20 Informacijske vede Information sciences
SIST ISO 24143:2023 en,fr
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST ISO 24143:2023

---------------------- Page: 2 ----------------------
SIST ISO 24143:2023
INTERNATIONAL ISO
STANDARD 24143
First edition
2022-05
Information and documentation —
Information Governance — Concept
and principles
Information et documentation — Gouvernance de l’information —
Concept et principes
Reference number
ISO 24143:2022(E)
© ISO 2022

---------------------- Page: 3 ----------------------
SIST ISO 24143:2023
ISO 24143:2022(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2022
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
  © ISO 2022 – All rights reserved

---------------------- Page: 4 ----------------------
SIST ISO 24143:2023
ISO 24143:2022(E)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
3.1 Terms relating to concept of information . 1
3.2 Terms relating to the concept of Information Governance . 2
4 Benefits of Information Governance .3
4.1 General . 3
4.2 Strategic benefits . . . 3
4.3 Operational benefits . 4
5 Principles of Information Governance . 5
5.1 Recognising information as a corporate, strategic asset. 5
5.2 Designing Information Governance as a key element of corporate strategy . 5
5.3 Integrating Information Governance into the organisation’s governance
frameworks . 5
5.4 Securing senior management’s leadership and commitment . 5
5.5 Building Information Governance in a collaborative way . 6
5.6 Ensuring Information Governance supports legal compliance and any mandatory
requirements . . . 6
5.7 Aligning Information Governance to business objectives . 6
5.8 Ensuring Information Governance supports information security and privacy . 6
5.9 Ensuring Information Governance supports information quality and integrity . 6
5.10 Fostering a collaboration and knowledge sharing culture . 7
5.11 Adopting a risk-based approach . 7
5.12 Ensuring the availability and accessibility of information to authorised stakeholder . 7
5.13 Governing information throughout its information lifecycle . 7
5.14 Supporting corporate culture . 7
5.15 Supporting sustainability . 8
Annex A (informative) Concept diagrams . 9
Bibliography .11
iii
© ISO 2022 – All rights reserved

---------------------- Page: 5 ----------------------
SIST ISO 24143:2023
ISO 24143:2022(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 46, Information and documentation.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
iv
  © ISO 2022 – All rights reserved

---------------------- Page: 6 ----------------------
SIST ISO 24143:2023
ISO 24143:2022(E)
Introduction
Information is a critical asset that is indispensable to support business processes and therefore, a
foundation for the success of any business activities. Due to numerous existing and emerging forms
and uses of information and information-related risks, organizations often struggle with implementing
consistent and comprehensive systems to store, retrieve, share and analyse information. The current
global digital transformation and the changes in societal expectations increasingly demand greater
transparency, accountability, data protection, security, interoperability and information sharing within
and between organisations. This trend requires a solid vision and strategy for Information Governance
that supports the business process at a strategic level including digital transformation initiatives. Many
governmental and non-governmental organisations worldwide already perceive the necessity and
understand the benefits of coordinating at a strategic level the efforts of multiple information-, data-
and knowledge-related disciplines.
This document defines concepts and principles for Information Governance.
This document provides guiding principles for members of governing bodies of organisations (which
can comprise owners, directors, partners, executive managers, or similar) on the effective, efficient,
compliant, secure, transparent and accountable creation, use, maintenance, preservation and
disposition of information within their organisations.
Information Governance is an integral part of the overall governance of the organisation. It identifies
common high-level principles and provides a framework enabling effective and efficient cooperation of
all the information-related professionals, in support of the mission of an organisation and achievement
of its strategic goals. Stakeholders which are engaged in the collaboration include but are not limited to:
— Data Management
— Information Management
— Records Management
— Knowledge Management
— Regulatory Compliance
— Digital Preservation
— Information Security
— Enterprise Architecture
— Data Protection
— Open Data
— Big Data
— Artificial Intelligence (AI)
— Blockchain
— Business Processes
— Quality Management.
Information Governance requires coherence and integration with relevant Management System
Standards (MSS), such as ISO 9000, ISO/IEC 27000 and the ISO 30300 series.
Information Governance is a strategic framework for managing information assets across an entire
organisation to support its business outcomes and obtain assurance that the risks to its information,
and thereby the operational capabilities and integrity of the organisation, are adequately identified
v
© ISO 2022 – All rights reserved

---------------------- Page: 7 ----------------------
SIST ISO 24143:2023
ISO 24143:2022(E)
and managed. Information Governance includes but is not limited to policies, processes, procedures,
roles and controls put in place to meet regulatory, legal, risk and operational requirements. Information
Governance provides an overarching high-level framework that:
— aligns all information-related activities with the mission and goals of an organisation, and its
business, legal and societal obligations,
— ensures a comprehensive and systematic approach to information by integrating processes relevant
to directing and controlling information,
— supports cooperation between stakeholders, and
— creates a high-level basis for managing information regardless its form, type and format, informs
education, professional development of the workforce and awareness about information-related
obligations, risks and possibilities.
vi
  © ISO 2022 – All rights reserved

---------------------- Page: 8 ----------------------
SIST ISO 24143:2023
INTERNATIONAL STANDARD ISO 24143:2022(E)
Information and documentation — Information
Governance — Concept and principles
1 Scope
This document establishes concepts and principles for Information Governance.
This document applies to the governance of the organisation's past, current and future information
assets. It applies to organisations of all sizes in all sectors, including public and private companies,
government entities, and not-for-profit organisations.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1 Terms relating to concept of information
3.1.1
authentic (preferred term)
authenticity (admitted term)
property of information (3.1.3) that can be proven to be what it purports to be
Note 1 to entry: Authenticity implies that information has been created or sent by the agent purported to have
created or sent it, and to have been created or sent when purported.
Note 2 to entry: When information can be proven to be what it purports to be it, it can be called authentic
information.
Note 3 to entry: See Figure A.1 in Annex A.
[SOURCE: ISO 30300:2020, 3.2.2, modified — “records” has been replaced by "information". “Authentic”
has been replaced by “authenticity”. A new Note 2 to entry has been added.]
3.1.2
data
set of characters or symbols to which meaning is or could be assigned
Note 1 to entry: See Figure A.1 in Annex A.
[SOURCE: ISO 30300: 2020, 3.2.4]
1
© ISO 2022 – All rights reserved

---------------------- Page: 9 ----------------------
SIST ISO 24143:2023
ISO 24143:2022(E)
3.1.3
information
data (3.1.2) in context with a particular meaning
Note 1 to entry: See Figure A.1 in Annex A.
[SOURCE: ISO 30300:2020, 3.2.7]
3.1.4
information asset
information (3.1.3) that has value to the relevant stakeholder
Note 1 to entry: See Figure A.1 in Annex A.
[SOURCE: ISO/TS 17573-2:2020, 3.95, modified — “information” is taken place of “knowledge and data”.]
3.1.5
integrity
property of information that is complete and unaltered
Note 1 to entry: See Figure A.1 in Annex A.
[SOURCE: ISO 30300:2020, 3.2.8, modified — “records” has been replaced by "information".]
3.2 Terms relating to the concept of Information Governance
3.2.1
compliance
characteristic of conformance to rules, such as those defined by a law, a regulation, a standard, or a
policy
Note 1 to entry: See Figure A.2 in Annex A.
[SOURCE: ISO/IEC 20924:2021, 3.1.10, modified — The word "characteristic" has been added in the
definition. A note to entry has been added.]
3.2.2
digital continuity
ability to use digital information (3.1.3) in the way that is needed, for whenever and wherever is needed
Note 1 to entry: See Figure A.2 in Annex A.
3.2.3
disposition
range of processes associated with implementing retention, destruction or transfer decisions about
information (3.1.3)
Note 1 to entry: See Figure A.2 in Annex A.
[SOURCE: ISO 30300:2020, 3.4.8, modified — “records” has been replaced by “information”, shortened
in words but keeping the meaning.]
3.2.4
e-discovery
process of identifying, collecting, preserving, reviewing and exchanging electronically stored
information (ESI) for the purpose of using it as digital evidence
Note 1 to entry: E-discovery also known as ediscovery, eDiscovery, e-Discovery, e-discovery, electronic discovery.
Note 2 to entry: ESI includes, but not limited to electronic formats, emails, documents, presentations, databases,
voicemail, audio and video files.
2
  © ISO 2022 – All rights reserved

---------------------- Page: 10 ----------------------
SIST ISO 24143:2023
ISO 24143:2022(E)
Note 3 to entry: E-discovery often refers to a form of digital investigation that attempts to find evidence in ESI in
response to a request for production in a law suit or investigation.
Note 4 to entry: See Figure A.2 in Annex A.
3.2.5
framework
structure composed of related parts designed to support the accomplishment of a specific task
Note 1 to entry: See Figure A.2 in Annex A.
[SOURCE: ISO 15638-6:2014, 4.30]
3.2.6
governance
principles, policies and framework by which an organisation is directed and controlled
Note 1 to entry: See Figure A.2 in Annex A.
[SOURCE: ISO/IEEE 11073-10201:2020, 3.1.25, modified — “composed of related parts” taking place of
“processes and specifications”]
3.2.7
Information Governance
strategic framework for governing information assets (3.1.4) across an entire organization in order
to enhance coordinated support for the achievement of business outcomes and obtain assurance that
the risks to its information (3.1.3), and thereby the operation capabilities and integrity (3.1.5) of the
organisation, are effectively identified and managed
Note 1 to entry: Information Governance includes (but is not limited to) policies, processes, procedures, roles and
controls put in place to meet regulatory, legal, risk and operational requirements.
Note 2 to entry: Data is one form of information asset.
Note 3 to entry: See Figure A.2 in Annex A.
3.2.8
information security
preservation of confidentiality, integrity and availability of information (3.1.3)
Note 1 to entry: See Figure A.2 in Annex A.
[SOURCE: ISO/IEC 27000:2018, 2.28]
4 Benefits of Information Governance
4.1 General
Information Governance is a strategic, multi-disciplinary framework enabli
...

INTERNATIONAL ISO
STANDARD 24143
First edition
2022-05
Information and documentation —
Information Governance — Concept
and principles
Information et documentation — Gouvernance de l’information —
Concept et principes
Reference number
ISO 24143:2022(E)
© ISO 2022

---------------------- Page: 1 ----------------------
ISO 24143:2022(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2022
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
  © ISO 2022 – All rights reserved

---------------------- Page: 2 ----------------------
ISO 24143:2022(E)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
3.1 Terms relating to concept of information . 1
3.2 Terms relating to the concept of Information Governance . 2
4 Benefits of Information Governance .3
4.1 General . 3
4.2 Strategic benefits . . . 3
4.3 Operational benefits . 4
5 Principles of Information Governance . 5
5.1 Recognising information as a corporate, strategic asset. 5
5.2 Designing Information Governance as a key element of corporate strategy . 5
5.3 Integrating Information Governance into the organisation’s governance
frameworks . 5
5.4 Securing senior management’s leadership and commitment . 5
5.5 Building Information Governance in a collaborative way . 6
5.6 Ensuring Information Governance supports legal compliance and any mandatory
requirements . . . 6
5.7 Aligning Information Governance to business objectives . 6
5.8 Ensuring Information Governance supports information security and privacy . 6
5.9 Ensuring Information Governance supports information quality and integrity . 6
5.10 Fostering a collaboration and knowledge sharing culture . 7
5.11 Adopting a risk-based approach . 7
5.12 Ensuring the availability and accessibility of information to authorised stakeholder . 7
5.13 Governing information throughout its information lifecycle . 7
5.14 Supporting corporate culture . 7
5.15 Supporting sustainability . 8
Annex A (informative) Concept diagrams . 9
Bibliography .11
iii
© ISO 2022 – All rights reserved

---------------------- Page: 3 ----------------------
ISO 24143:2022(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 46, Information and documentation.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
iv
  © ISO 2022 – All rights reserved

---------------------- Page: 4 ----------------------
ISO 24143:2022(E)
Introduction
Information is a critical asset that is indispensable to support business processes and therefore, a
foundation for the success of any business activities. Due to numerous existing and emerging forms
and uses of information and information-related risks, organizations often struggle with implementing
consistent and comprehensive systems to store, retrieve, share and analyse information. The current
global digital transformation and the changes in societal expectations increasingly demand greater
transparency, accountability, data protection, security, interoperability and information sharing within
and between organisations. This trend requires a solid vision and strategy for Information Governance
that supports the business process at a strategic level including digital transformation initiatives. Many
governmental and non-governmental organisations worldwide already perceive the necessity and
understand the benefits of coordinating at a strategic level the efforts of multiple information-, data-
and knowledge-related disciplines.
This document defines concepts and principles for Information Governance.
This document provides guiding principles for members of governing bodies of organisations (which
can comprise owners, directors, partners, executive managers, or similar) on the effective, efficient,
compliant, secure, transparent and accountable creation, use, maintenance, preservation and
disposition of information within their organisations.
Information Governance is an integral part of the overall governance of the organisation. It identifies
common high-level principles and provides a framework enabling effective and efficient cooperation of
all the information-related professionals, in support of the mission of an organisation and achievement
of its strategic goals. Stakeholders which are engaged in the collaboration include but are not limited to:
— Data Management
— Information Management
— Records Management
— Knowledge Management
— Regulatory Compliance
— Digital Preservation
— Information Security
— Enterprise Architecture
— Data Protection
— Open Data
— Big Data
— Artificial Intelligence (AI)
— Blockchain
— Business Processes
— Quality Management.
Information Governance requires coherence and integration with relevant Management System
Standards (MSS), such as ISO 9000, ISO/IEC 27000 and the ISO 30300 series.
Information Governance is a strategic framework for managing information assets across an entire
organisation to support its business outcomes and obtain assurance that the risks to its information,
and thereby the operational capabilities and integrity of the organisation, are adequately identified
v
© ISO 2022 – All rights reserved

---------------------- Page: 5 ----------------------
ISO 24143:2022(E)
and managed. Information Governance includes but is not limited to policies, processes, procedures,
roles and controls put in place to meet regulatory, legal, risk and operational requirements. Information
Governance provides an overarching high-level framework that:
— aligns all information-related activities with the mission and goals of an organisation, and its
business, legal and societal obligations,
— ensures a comprehensive and systematic approach to information by integrating processes relevant
to directing and controlling information,
— supports cooperation between stakeholders, and
— creates a high-level basis for managing information regardless its form, type and format, informs
education, professional development of the workforce and awareness about information-related
obligations, risks and possibilities.
vi
  © ISO 2022 – All rights reserved

---------------------- Page: 6 ----------------------
INTERNATIONAL STANDARD ISO 24143:2022(E)
Information and documentation — Information
Governance — Concept and principles
1 Scope
This document establishes concepts and principles for Information Governance.
This document applies to the governance of the organisation's past, current and future information
assets. It applies to organisations of all sizes in all sectors, including public and private companies,
government entities, and not-for-profit organisations.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1 Terms relating to concept of information
3.1.1
authentic (preferred term)
authenticity (admitted term)
property of information (3.1.3) that can be proven to be what it purports to be
Note 1 to entry: Authenticity implies that information has been created or sent by the agent purported to have
created or sent it, and to have been created or sent when purported.
Note 2 to entry: When information can be proven to be what it purports to be it, it can be called authentic
information.
Note 3 to entry: See Figure A.1 in Annex A.
[SOURCE: ISO 30300:2020, 3.2.2, modified — “records” has been replaced by "information". “Authentic”
has been replaced by “authenticity”. A new Note 2 to entry has been added.]
3.1.2
data
set of characters or symbols to which meaning is or could be assigned
Note 1 to entry: See Figure A.1 in Annex A.
[SOURCE: ISO 30300: 2020, 3.2.4]
1
© ISO 2022 – All rights reserved

---------------------- Page: 7 ----------------------
ISO 24143:2022(E)
3.1.3
information
data (3.1.2) in context with a particular meaning
Note 1 to entry: See Figure A.1 in Annex A.
[SOURCE: ISO 30300:2020, 3.2.7]
3.1.4
information asset
information (3.1.3) that has value to the relevant stakeholder
Note 1 to entry: See Figure A.1 in Annex A.
[SOURCE: ISO/TS 17573-2:2020, 3.95, modified — “information” is taken place of “knowledge and data”.]
3.1.5
integrity
property of information that is complete and unaltered
Note 1 to entry: See Figure A.1 in Annex A.
[SOURCE: ISO 30300:2020, 3.2.8, modified — “records” has been replaced by "information".]
3.2 Terms relating to the concept of Information Governance
3.2.1
compliance
characteristic of conformance to rules, such as those defined by a law, a regulation, a standard, or a
policy
Note 1 to entry: See Figure A.2 in Annex A.
[SOURCE: ISO/IEC 20924:2021, 3.1.10, modified — The word "characteristic" has been added in the
definition. A note to entry has been added.]
3.2.2
digital continuity
ability to use digital information (3.1.3) in the way that is needed, for whenever and wherever is needed
Note 1 to entry: See Figure A.2 in Annex A.
3.2.3
disposition
range of processes associated with implementing retention, destruction or transfer decisions about
information (3.1.3)
Note 1 to entry: See Figure A.2 in Annex A.
[SOURCE: ISO 30300:2020, 3.4.8, modified — “records” has been replaced by “information”, shortened
in words but keeping the meaning.]
3.2.4
e-discovery
process of identifying, collecting, preserving, reviewing and exchanging electronically stored
information (ESI) for the purpose of using it as digital evidence
Note 1 to entry: E-discovery also known as ediscovery, eDiscovery, e-Discovery, e-discovery, electronic discovery.
Note 2 to entry: ESI includes, but not limited to electronic formats, emails, documents, presentations, databases,
voicemail, audio and video files.
2
  © ISO 2022 – All rights reserved

---------------------- Page: 8 ----------------------
ISO 24143:2022(E)
Note 3 to entry: E-discovery often refers to a form of digital investigation that attempts to find evidence in ESI in
response to a request for production in a law suit or investigation.
Note 4 to entry: See Figure A.2 in Annex A.
3.2.5
framework
structure composed of related parts designed to support the accomplishment of a specific task
Note 1 to entry: See Figure A.2 in Annex A.
[SOURCE: ISO 15638-6:2014, 4.30]
3.2.6
governance
principles, policies and framework by which an organisation is directed and controlled
Note 1 to entry: See Figure A.2 in Annex A.
[SOURCE: ISO/IEEE 11073-10201:2020, 3.1.25, modified — “composed of related parts” taking place of
“processes and specifications”]
3.2.7
Information Governance
strategic framework for governing information assets (3.1.4) across an entire organization in order
to enhance coordinated support for the achievement of business outcomes and obtain assurance that
the risks to its information (3.1.3), and thereby the operation capabilities and integrity (3.1.5) of the
organisation, are effectively identified and managed
Note 1 to entry: Information Governance includes (but is not limited to) policies, processes, procedures, roles and
controls put in place to meet regulatory, legal, risk and operational requirements.
Note 2 to entry: Data is one form of information asset.
Note 3 to entry: See Figure A.2 in Annex A.
3.2.8
information security
preservation of confidentiality, integrity and availability of information (3.1.3)
Note 1 to entry: See Figure A.2 in Annex A.
[SOURCE: ISO/IEC 27000:2018, 2.28]
4 Benefits of Information Governance
4.1 General
Information Governance is a strategic, multi-disciplinary framework enabling collaboration between
related professions. It considers information as a valuable corporate asset, and has the potential to
deliver the following benefits.
4.2 Strategic benefits
Information Governance:
a) Provides an overarching high-level governance framework that supports an organisation’s mission
and results in achieving economic and strategic benefits including, but not limited to:
1) maximisatio
...

NORME ISO
INTERNATIONALE 24143
Première édition
2022-05
Information et documentation —
Gouvernance de l’information —
Concept et principes
Information and documentation — Information Governance —
Concept and principles
Numéro de référence
ISO 24143:2022(F)
© ISO 2022

---------------------- Page: 1 ----------------------
ISO 24143:2022(F)
DOCUMENT PROTÉGÉ PAR COPYRIGHT
© ISO 2022
Tous droits réservés. Sauf prescription différente ou nécessité dans le contexte de sa mise en œuvre, aucune partie de cette
publication ne peut être reproduite ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique,
y compris la photocopie, ou la diffusion sur l’internet ou sur un intranet, sans autorisation écrite préalable. Une autorisation peut
être demandée à l’ISO à l’adresse ci-après ou au comité membre de l’ISO dans le pays du demandeur.
ISO copyright office
Case postale 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Genève
Tél.: +41 22 749 01 11
E-mail: copyright@iso.org
Web: www.iso.org
Publié en Suisse
ii
  © ISO 2022 – Tous droits réservés

---------------------- Page: 2 ----------------------
ISO 24143:2022(F)
Sommaire Page
Avant-propos .iv
Introduction .v
1 Domaine d'application .1
2 Références normatives .1
3 Termes et définitions . 1
3.1 Termes relatifs au concept d'information. 1
3.2 Termes relatifs au concept de gouvernance de l'information . 2
4 Avantages de la gouvernance de l'information . 3
4.1 Généralités . 3
4.2 Avantages stratégiques . 4
4.3 Avantages opérationnels . 4
5 Principes de gouvernance de l'information . 5
5.1 Reconnaître l'information comme un actif stratégique pour l'organisme. 5
5.2 Concevoir la gouvernance de l'information comme un élément clé de la stratégie
de l'organisme . 5
5.3 Intégrer la gouvernance de l'information aux cadres de gouvernance de l'organisme . 5
5.4 Garantir le leadership et l'engagement de l'équipe de direction . 6
5.5 Construire collectivement la gouvernance de l'information . 6
5.6 Garantir la conformité juridique et le respect des exigences obligatoires . 6
5.7 Aligner la gouvernance de l'information avec les objectifs de l'organisme . 6
5.8 Garantir la sécurité et la confidentialité de l'information . 7
5.9 Garantir la qualité et l'intégrité de l'information . 7
5.10 Promouvoir la collaboration et la culture du partage des connaissances . 7
5.11 Adopter une approche basée sur les risques . 7
5.12 Garantir la disponibilité et l'accessibilité de l'information aux parties prenantes
autorisées . 7
5.13 Gouverner l'information tout au long de son cycle de vie . 8
5.14 Soutenir la culture de l'organisme . 8
5.15 Soutenir le développement durable . 8
Annexe A (informative) Schémas conceptuels . 9
Bibliographie .11
iii
© ISO 2022 – Tous droits réservés

---------------------- Page: 3 ----------------------
ISO 24143:2022(F)
Avant-propos
L'ISO (Organisation internationale de normalisation) est une fédération mondiale d'organismes
nationaux de normalisation (comités membres de l'ISO). L'élaboration des Normes internationales est
en général confiée aux comités techniques de l'ISO. Chaque comité membre intéressé par une étude
a le droit de faire partie du comité technique créé à cet effet. Les organisations internationales,
gouvernementales et non gouvernementales, en liaison avec l'ISO participent également aux travaux.
L'ISO collabore étroitement avec la Commission électrotechnique internationale (IEC) en ce qui
concerne la normalisation électrotechnique.
Les procédures utilisées pour élaborer le présent document et celles destinées à sa mise à jour sont
décrites dans les Directives ISO/IEC, Partie 1. Il convient, en particulier, de prendre note des différents
critères d'approbation requis pour les différents types de documents ISO. Le présent document a
été rédigé conformément aux règles de rédaction données dans les Directives ISO/IEC, Partie 2 (voir
www.iso.org/directives).
L'attention est attirée sur le fait que certains des éléments du présent document peuvent faire l'objet de
droits de propriété intellectuelle ou de droits analogues. L'ISO ne saurait être tenue pour responsable
de ne pas avoir identifié de tels droits de propriété et averti de leur existence. Les détails concernant
les références aux droits de propriété intellectuelle ou autres droits analogues identifiés lors de
l'élaboration du document sont indiqués dans l'Introduction et/ou dans la liste des déclarations de
brevets reçues par l'ISO (voir www.iso.org/brevets).
Les appellations commerciales éventuellement mentionnées dans le présent document sont données
pour information, par souci de commodité, à l’intention des utilisateurs et ne sauraient constituer un
engagement.
Pour une explication de la nature volontaire des normes, la signification des termes et expressions
spécifiques de l'ISO liés à l'évaluation de la conformité, ou pour toute information au sujet de l'adhésion
de l'ISO aux principes de l’Organisation mondiale du commerce (OMC) concernant les obstacles
techniques au commerce (OTC), voir www.iso.org/avant-propos.
Le présent document a été élaboré par le comité technique ISO/TC 46, Information et documentation.
Il convient que l’utilisateur adresse tout retour d’information ou toute question concernant le présent
document à l’organisme national de normalisation de son pays. Une liste exhaustive desdits organismes
se trouve à l’adresse www.iso.org/fr/members.html.
iv
  © ISO 2022 – Tous droits réservés

---------------------- Page: 4 ----------------------
ISO 24143:2022(F)
Introduction
L'information est un actif critique indispensable à la conduite des processus métier et par conséquent
un élément fondamental de la réussite de toute activité métier, quelle qu'elle soit. Or, les organismes
rencontrent souvent des difficultés dans la mise en œuvre de systèmes cohérents et complets de stockage,
de recherche, de partage et d'analyse de l'information, en raison de l'existence et de l'émergence d'une
grande variété de formes et d'usages de l'information, et de risques liés à la gestion de l'information. La
transformation numérique actuelle (qui est un phénomène mondial), ainsi que l'évolution générale des
sociétés, suscitent une demande accrue de transparence, de responsabilité, de protection des données,
de sécurité, d'interopérabilité et de partage de l'information au sein des organismes et entre eux. Cette
tendance requiert une vision et une stratégie solides en matière de gouvernance de l'information,
en soutien aux processus métier à un niveau stratégique, y compris en ce qui concerne les projets de
transformation numérique. De nombreuses organisations gouvernementales et non gouvernementales,
partout dans le monde, perçoivent déjà la nécessité – et comprennent les avantages – d'une coordination
stratégique des nombreuses disciplines relatives aux informations, données et connaissances.
Le présent document définit les concepts et principes relatifs à la gouvernance de l'information.
Le présent document fournit des principes directeurs destinés aux membres des instances dirigeantes
des organismes (il peut s'agir d'actionnaires, de dirigeants, de partenaires, de cadres dirigeants ou
autres) pour créer, utiliser, tenir à jour et conserver l'information de leur organisme et lui appliquer le
sort final approprié, de manière effective, efficace, conforme, sécurisée, transparente et responsable.
La gouvernance de l'information fait partie intégrante de la gouvernance globale d'un organisme.
Elle identifie des principes communs de haut niveau et fournit un cadre permettant une coopération
effective et efficace de tous les professionnels de l'information, en vue de soutenir la mission de
l'organisme et d'atteindre ses objectifs stratégiques. Cette collaboration s'effectue dans les domaines
suivants, entre autres :
— Gestion des données ;
— Gestion de l'information ;
— Gestion des documents d'activité (quasi-synonyme : Gestion des données et documents) ;
— Gestion des connaissances ;
— Conformité réglementaire ;
— Conservation numérique (quasi-synonyme : Archivage électronique) ;
— Sécurité de l'information ;
— Architecture d'entreprise ;
— Protection des données ;
— Données ouvertes ;
— « Big Data » ;
— Intelligence artificielle (IA) ;
— Blockchain ;
— Processus métier ;
— Management de la qualité.
La gouvernance de l'information requiert cohérence et intégration avec les normes de systèmes de
management pertinentes, telles que les séries ISO 9000, ISO/IEC 27000 et ISO 30300.
v
© ISO 2022 – Tous droits réservés

---------------------- Page: 5 ----------------------
ISO 24143:2022(F)
La gouvernance de l'information est un cadre stratégique pour la gestion transverse des actifs
informationnels de l'ensemble d'un organisme, permettant de soutenir les résultats opérationnels
de celui-ci et de garantir que les risques relatifs à ces informations, et par conséquent les capacités
opérationnelles et l'intégrité de l'organisme, sont correctement identifiés et gérés. La gouvernance de
l'information comprend, entre autres, les politiques, processus, procédures, rôles et contrôles mis en
place dans le but de répondre aux exigences réglementaires, légales, opérationnelles et relatives aux
risques. La gouvernance de l'information fournit un cadre global de haut niveau qui :
— organise toutes les activités de gestion de l'information en fonction de la mission et des objectifs de
l'organisme, ainsi que de ses obligations commerciales, légales et sociétales ;
— garantit une approche complète et systématique de l'information en intégrant des processus relatifs
à la diffusion et au contrôle de l'information ;
— soutient la coopération entre les parties prenantes ; et
— crée une base de haut niveau pour la gestion de l'information, quels qu'en soient la forme, le type
et le format ; contribue à la formation et au développement professionnel du personnel, et à la
sensibilisation au sujet des obligations, risques et possibilités relatifs à l'information.
vi
  © ISO 2022 – Tous droits réservés

---------------------- Page: 6 ----------------------
NORME INTERNATIONALE ISO 24143:2022(F)
Information et documentation — Gouvernance de
l’information — Concept et principes
1 Domaine d'application
Le présent document établit les concepts et principes relatifs à la gouvernance de l'information.
Le présent document s'applique à la gouvernance des actifs informationnels passés, présents et futurs
de l'organisme. Il s'applique aux organismes de toutes tailles et de tous les secteurs, y compris les
sociétés publiques et privées, les entités gouvernementales, et les organisations à but non lucratif.
2 Références normatives
Le présent document ne contient aucune référence normative.
3 Termes et définitions
Pour les besoins du présent document, les termes et définitions suivants s'appliquent.
L'ISO et l'IEC tiennent à jour des bases de données terminologiques destinées à être utilisées en
normalisation, consultables aux adresses suivantes :
— ISO Online browsing platform : disponible à l'adresse https:// www .iso .org/ obp
— IEC Electropedia : disponible à l'adresse https:// www .electropedia .org/
3.1 Termes relatifs au concept d'information
3.1.1
authentique (terme à privilégier)
authenticité (terme admis)
propriété d'une information (3.1.3) dont on peut prouver qu'elle est bien ce qu'elle est supposée être
Note 1 à l'article: L'authenticité implique que l'information a été créée ou envoyée par l'acteur supposé l'avoir
créée ou envoyée, et qu'elle a été créée ou envoyée au moment prétendu.
Note 2 à l'article: Lorsqu'il est possible de prouver qu'une information est bien ce qu'elle est supposée être, elle
peut être qualifiée d'information authentique.
Note 3 à l'article: Voir Figure A.1 à l'Annexe A.
[SOURCE: : ISO 30300:2020, 3.2.2, modifié — « document d'activité » a été remplacé par « information ».
« authentique » a été remplacé par « authenticité ». Une nouvelle Note 2 à l'article a été ajoutée.]
3.1.2
données
ensemble de caractères ou de symboles auxquels une signification est ou pourrait être assignée
Note 1 à l'article: Voir Figure A.1 à l'Annexe A.
[SOURCE: : ISO 30300:2020, 3.2.4]
1
© ISO 2022 – Tous droits réservés

---------------------- Page: 7 ----------------------
ISO 24143:2022(F)
3.1.3
informations
données (3.1.2) dans un contexte de signification particulière
Note 1 à l'article: Voir Figure A.1 à l'Annexe A.
[SOURCE: : ISO 30300:2020, 3.2.7]
3.1.4
actif informationnel
information (3.1.3) ayant de la valeur pour la partie prenante concernée
Note 1 à l'article: Voir Figure A.1 à l'Annexe A.
[SOURCE: : ISO/TS 17573-2:2020, 3.95, modifié — « information » remplace « connaissances ou
données ».]
3.1.5
intégrité
propriété d'une information qui est complète et non modifiée
Note 1 à l'article: Voir Figure A.1 à l'Annexe A.
[SOURCE: : ISO 30300:2020, 3.2.8, modifié — « document d'activité » a été remplacé par « information ».]
3.2 Termes relatifs au concept de gouvernance de l'information
3.2.1
conformité
caractéristique de conformité aux règles, telles que définies par une loi, une réglementation, une norme
ou une politique
Note 1 à l'article: Voir Figure A.2 à l'Annexe A.
[SOURCE: : ISO/IEC 20924:2021, 3.1.10, modifié — Le mot "caractéristique" a été ajouté dans la
définition. Une note à l'entrée a été ajoutée.]
3.2.2
continuité numérique
capacité à utiliser l'information (3.1.3) numérique de la manière requise, au moment et à l'endroit requis
Note 1 à l'article: Voir Figure A.2 à l'Annexe A.
3.2.3
sort final
série de processus associés à la mise en œuvre des décisions de conservation, de destruction ou de
transfert de l'information (3.1.3)
Note 1 à l'article: Voir Figure A.2 à l'Annexe A.
[SOURCE: : ISO 30300:2020, 3.4.8, modifié — « documents d'activité » a été remplacé par « information »,
afin de raccourcir la définition tout en conservant le sens.]
3.2.4
investigation électronique
processus d'identification, de collecte, de conservation, de vérification et d'échange d'informations
enregistrées sous forme électronique afin de pouvoir les utiliser en tant que preuves numériques
Note 1 à l'article: L'investigation électronique est également connue sous le nom d'« investigation informatique ».
Note 2 à l'article: Les informations enregistrées sous forme électronique incluent, entre autres, les formats
électroniques, courriers électroniques, documents, présentations, bases de données, messages vocaux et fichiers
audio et vidéo.
2
  © ISO 2022 – Tous droits réservés

---------------------- Page: 8 ----------------------
ISO 24143:2022(F)
Note 3 à l'article: L'investigation électronique désigne souvent une forme d'investigation numérique visant à
rechercher des preuves parmi des informations enregistrées sous forme électronique en réponse à une demande
de présentation formulée dans le cadre d'une enquête ou de poursuites judiciaires.
Note 4 à l'article: Voir Figure A.2 à l'Annexe A.
3.2.5
cadre
structure composée de différentes parties associées conçues pour prendre en charge la réalisation
d'une tâche spécifique
Note 1 à l'article: Voir Figure A.2 à l'Annexe A.
[SOURCE: : ISO 15638-6:2014, 4.30]
3.2.6
gouvernance
principes, politiques et cadre permettant à un organisme d'être dirigé et contrôlé
Note 1 à l'article: Voir Figure A.2 à l'Annexe A.
[SOURCE: : ISO/IEEE 11073-10201:2020, 3.1.25, modifié — « composée de différentes parties associées »
remplace « processus et spécifications ».]
3.2.7
gouvernance de l'information
cadre stratégique de gouvernance des actifs informationnels (3.1.4) transverse au sein d'un organisme,
visant à améliorer la coordination pour soutenir les résultats opérationnels et garantir que les risques
que court l'information (3.1.3), et par conséquent les capacités opérationnelles et l'intégrité (3.1.5) de
l'organisme, sont effectivement identifiés et gérés
Note 1 à l'article: La gouvernance de l'information comprend, entre autres, les politiques, processus, procédures,
rôles et contrôles mis en place dans le but de répondre aux exigences réglementaires, légales, opérationnelles et
relatives aux risques.
Note 2 à l'article: Les données sont une forme d'actifs informationnels.
Note 3 à l'article: Voir Figure A.2 à l'Annexe A.
3.2.8
sécurité de l'information
protection de la confidentialité, de l'intégrité et de la disponibilité de l'information (3.1.3)
Note 1 à l'article: Voir Figure A.2 à l'Annexe A.
[SOURCE: : ISO/IEC 27000:2018, 2.28]
4 Avantages de la gouvernance de l'information
4.1 Généralités
La gouvernance de l'information est un cadre stratégique et pluridisciplinaire qui permet la
collaboration entre les professions impliquées. Elle considère l'information comme un actif de valeur de
l'organisme et peut procurer les avantages suivants.
3
© ISO 2022 – Tous droits réservés

---------------------- Page: 9 ----------------------
ISO 24143:2022(F)
4.2 Avantages stratégiques
La gouvernance de l'information :
a) fournit un cadre global de gouvernance de haut niveau qui soutient la mission et les résultats d'un
organisme en procurant les avantages économiques et stratégiques suivants, notamment :
1) la maximisation de la valeur retirée des actifs informationnels ;
2) la protection des droits de l'organisme et des autres parties prenantes ;
3) la conformité avec les obligations légales et réglementaires ; et
4) la promotion de l'ouverture, de la transparence et de la responsabilité ;
b) soutient un processus de décision éclairé en donnant accès au bon moment à une information
authentique, fiable, pertinente, complète et précise, à jour et accessible ;
c) réduit les risqu
...

SLOVENSKI STANDARD
oSIST ISO/DIS 24143:2021
01-oktober-2021
Informatika in dokumentacija - Upravljanje informacij - Koncept in načela
Information and documentation -- Information Governance -- Concept and principles
Information et documentation -- Gouvernance de l’information -- Concept et principes
Ta slovenski standard je istoveten z: ISO/DIS 24143
ICS:
01.140.20 Informacijske vede Information sciences
oSIST ISO/DIS 24143:2021 en,fr
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
oSIST ISO/DIS 24143:2021

---------------------- Page: 2 ----------------------
oSIST ISO/DIS 24143:2021
DRAFT INTERNATIONAL STANDARD
ISO/DIS 24143
ISO/TC 46 Secretariat: AFNOR
Voting begins on: Voting terminates on:
2021-05-11 2021-08-03
Information and documentation — Information
Governance — Concept and principles
Information et documentation — Gouvernance de l’information — Concept et principes
ICS: 01.140.20
THIS DOCUMENT IS A DRAFT CIRCULATED
FOR COMMENT AND APPROVAL. IT IS
THEREFORE SUBJECT TO CHANGE AND MAY
NOT BE REFERRED TO AS AN INTERNATIONAL
STANDARD UNTIL PUBLISHED AS SUCH.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL,
This document is circulated as received from the committee secretariat.
TECHNOLOGICAL, COMMERCIAL AND
USER PURPOSES, DRAFT INTERNATIONAL
STANDARDS MAY ON OCCASION HAVE TO
BE CONSIDERED IN THE LIGHT OF THEIR
POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN
Reference number
NATIONAL REGULATIONS.
ISO/DIS 24143:2021(E)
RECIPIENTS OF THIS DRAFT ARE INVITED
TO SUBMIT, WITH THEIR COMMENTS,
NOTIFICATION OF ANY RELEVANT PATENT
RIGHTS OF WHICH THEY ARE AWARE AND TO
©
PROVIDE SUPPORTING DOCUMENTATION. ISO 2021

---------------------- Page: 3 ----------------------
oSIST ISO/DIS 24143:2021
ISO/DIS 24143:2021(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2021 – All rights reserved

---------------------- Page: 4 ----------------------
oSIST ISO/DIS 24143:2021
ISO/DIS 24143:2021(E)

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
3.1 Terms relating to the concept of information . 1
3.2 Terms relating to the concept of information governance . 2
4 The Benefits of Information Governance . 2
4.1 Strategic benefits . 2
4.2 Operational benefits . 3
5 Principles of Information Governance . 3
5.1 Recognise Information as a corporate, strategic asset . 3
5.2 Build Information Governance in a collaborative way . 4
5.3 Design Information Governance as a key element of corporate strategy . 4
5.4 Integrate Information Governance into the organisation’s governance frameworks . 4
5.5 Secure senior management’s leadership and commitment . 4
5.6 Ensure Information Governance supports legal compliance and any mandatory
requirements . 5
5.7 Align Information Governance to business objectives . 5
5.8 Ensure Information Governance supports information security and privacy . 5
5.9 Ensure Information Governance supports information quality and integrity . 5
5.10 Foster a collaboration and knowledge sharing culture . 5
5.11 Adopt a risk-based approach . 6
5.12 Enhance organisation’s performance . 6
5.13 Govern Information throughout its information lifecycle . 6
5.14 Support corporate culture. 6
5.15 Support sustainability . 6
Annex A Concept Diagrams . 7
Bibliography . 9
© ISO 2021 – All rights reserved iii

---------------------- Page: 5 ----------------------
oSIST ISO/DIS 24143:2021
ISO/DIS 24143:2021(E)

Foreword
ISO (the International Organisation for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is typically carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organisations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organisation (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/
iso/ foreword .html.
This document was prepared by Technical Committee ISO/TC 46 Information and Documentation,
Working Group 13 Information Governance.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
iv © ISO 2021 – All rights reserved

---------------------- Page: 6 ----------------------
oSIST ISO/DIS 24143:2021
ISO/DIS 24143:2021(E)

Introduction
Information is a critical asset that is indispensable to support business processes and therefore, a
foundation for the success of any business activities. Due to numerous existing and emerging forms
and uses of information and information-related risks, organisations often struggle with implementing
consistent and comprehensive systems to store, retrieve, share and analyse information. Organisations.
The current global digital transformation and the general evolution of society increasingly demand
greater transparency, accountability, data protection, security, interoperability and information sharing
within and between organisations. This trend requires a solid strategy for information governance that
supports the business process at a strategic level. There is a need for a more strategic vision, known as
"Information Governance” that should play a key role in supporting digital transformation initiatives.
Many governmental and non-governmental organisations worldwide already perceive the necessity
and understand the benefits of coordinating at a strategic level the efforts of multiple information-,
data- and knowledge-related disciplines.
This International Standard defines concepts and principles for information governance.
This International Standard provides guiding principles for members of governing bodies of
organisations (which can comprise owners, directors, partners, executive managers, or similar) on
the effective, efficient, compliant, secure, transparent and accountable creation, use, maintenance,
preservation and disposition of information within their organisations.
Information Governance is an integral part of the overall governance of the organisation. It identifies
common high-level principles and provides a framework enabling effective and efficient cooperation of
all the information-related professionals, in support of the mission of an organisation and achievement
of its strategic goals. Areas for collaboration include but are not limited to:
• Data Management
• Information Management
• Records Management
• Knowledge Management
• Regulatory Compliance
• Digital Preservation
• Information Security
• Enterprise Architecture
• Data Protection
• Open data
• Big data
• Business processes
• Quality management.
Information Governance requires coherence and integration with relevant Management system
Standards, such as ISO 9000, ISO 27000 and ISO 30300 series.
Information Governance is a strategic framework for managing information assets across an entire
organisation to support its business outcomes and obtain assurance that the risks to its information,
and thereby the operational capabilities and integrity of the organisation, are adequately identified
and managed. Information governance includes but is not limited to policies, processes, procedures,
© ISO 2021 – All rights reserved v

---------------------- Page: 7 ----------------------
oSIST ISO/DIS 24143:2021
ISO/DIS 24143:2021(E)

roles and controls put in place to meet regulatory, legal, risk and operational requirements. Information
governance provides an overarching high-level framework that:
• aligns all information-related activities with the mission and goals of an organisation, and its
business, legal and societal obligations,
• ensures a comprehensive and systematic approach to information by integrating records and
information management, information security and privacy, compliance, business continuity,
disaster recovery, e-discovery and other aspects relevant to directing and controlling information,
• supports cooperation between professionals, and
• creates a high-level basis for managing information whatever its form, type and format, informs
education, professional development of the workforce and awareness about information-related
obligations, risks and possibilities.
vi © ISO 2021 – All rights reserved

---------------------- Page: 8 ----------------------
oSIST ISO/DIS 24143:2021
DRAFT INTERNATIONAL STANDARD ISO/DIS 24143:2021(E)
Information and documentation — Information
Governance — Concept and principles
1 Scope
This part of ISO 24143 establishes concepts and principles for information governance.
This International Standard applies to the governance of the organisation's past, current and future
information assets.
This International Standard applies to organisations of all sizes in all sectors, including public and
private companies, government entities, and not-for-profit organisations.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
3 Terms and definitions
3.1 Terms relating to the concept of information
3.1.1
authenticity
property of information (3.1.3) that can be proven to be what it purports to be
Note 1 to entry: Authenticity implies that information has been created or sent by the agent purported to have
created or sent it, and to have been created or sent when purported.
[SOURCE: ISO 30300:2020, 3.2.2, modified, “information” is taken place of “records”]
3.1.2
data
set of characters or symbols to which meaning is or could be assigned
[SOURCE: ISO 30300: 2020, 3.2.4]
3.1.3
information
data (3.1.2) in context with a particular meaning
[SOURCE: ISO 30300:2020, 3.2.7]
3.1.4
information asset
knowledge or data (3.1.2) that has value to the relevant stakeholder
[SOURCE: ISO/TS 17573-2:2020, 3.95]
3.1.5
integrity
property of information that is complete and unaltered
[SOURCE: ISO 30300:2020, 3.2.8, modified-“information” is taken place of “records”]
© ISO 2021 – All rights reserved 1

---------------------- Page: 9 ----------------------
oSIST ISO/DIS 24143:2021
ISO/DIS 24143:2021(E)

3.2 Terms relating to the concept of information governance
3.2.1
compliance
characteristic of conformance to rules, such as those defined by a law, a regulation, a standard, or a policy
[SOURCE: ISO/IEC 20924:2018, 3.1.10]
3.2.2
digital continuity
ability to use digital information (3.1.3) in the way that is needed, for whenever and wherever is needed
3.2.3
disposition
range of processes associated with implementing retention, destruction or transfer decisions about
information (3.1.3)
[SOURCE: ISO 30300:2020, 3.4.8, modified -“information” is taken place of “records”]
3.2.4
framework
particular set of beliefs and ideas referred to in order to describe a scenario or solve a problem
[SOURCE: ISO 15638-6:2014, 4.30]
3.2.5
governance
principles, policies and framework by which an organisation is directed and controlled
[SOURCE: ISO 21505:2017, 3.1]
3.2.6
information governance
strategic framework for governing information assets (3.1.4) across an entire organisation in order
to enhance coordinated support its business outcomes and obtain assurance that the risks to its
information (3.1.3), and thereby the operation capabilities and integrity (3.1.5) of the organisation, are
effectively identified and managed
Note 1 to entry: Information governance includes (but is not limited to) policies, processes, procedures, roles and
controls put in place to meet regulatory, legal, risk and operational requirements.
Note 2 to entry: Data is part of the information asset.
4 The Benefits of Information Governance
Information Governance is a strategic, multi-disciplinary framework that forms the foundation for
collaboration between all related professions. It considers information as a valuable corporate asset.
When information governance has been achieved via a collaborative effort with respect for cross-
discipline approaches, it has the potential to deliver the following benefits:
4.1 Strategic benefits
Information governance:
1. Provides an overarching high-level governance framework that supports an organisation’s mission
and resu
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.