ISO 23081-2:2021

INTERNATIONAL ISO
STANDARD 23081-2
Second edition
2021-08
Information and documentation —
Metadata for managing records —
Part 2:
Conceptual and implementation
issues
Reference number
©
ISO 2021
© ISO 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2021 – All rights reserved

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Purpose and benefits of metadata . 2
4.1 Purposes of metadata for managing records . 2
4.1.1 General. 2
4.1.2 Amount of metadata . 2
4.2 Business benefits for metadata for managing records . 3
4.2.1 General. 3
4.2.2 Capturing and managing records in business systems . 3
4.2.3 Interoperability . 3
4.2.4 Risk management . 3
4.2.5 Metadata for records as an organizational information asset . 4
4.2.6 Preventing unauthorized access to records . 4
4.2.7 Sustainability of business systems through administrative change . 4
4.2.8 Long-term retention of digital records . 4
4.2.9 Incorporation of metadata into archival systems . 4
5 Policy and responsibilities . 4
5.1 Policy decisions . 4
5.2 Responsibilities for implementing metadata for managing records . 5
6 Metadata conceptual model . 6
6.1 Entities . 6
6.2 Relationships between entities . 6
6.3 Flattening the entity model . 8
7 Concepts relating to metadata implementation . 8
7.1 Aggregation . 8
7.1.1 General. 8
7.1.2 Entity class aggregation scheme . 9
7.2 Inheritance .12
7.3 Reuse of metadata values .13
7.4 Interdependence of metadata elements .14
7.5 Extensibility and modularity .14
8 Metadata model for managing records .14
8.1 Metadata model .14
8.2 Dynamic metadata model .15
8.3 Metadata as a record .16
9 Generic metadata elements .17
9.1 Identity metadata .17
9.2 Description metadata .17
9.3 Use metadata .18
9.4 Event plan metadata.20
9.5 Event history metadata .21
9.6 Relation metadata .22
10 Developing a metadata schema for managing records .23
10.1 Metadata schema .23
10.2 Metadata registries .23
10.3 Designing metadata schemas for managing records .24
10.3.1 Selecting elements to form a schema .24
10.3.2 Structuring elements and establishing relationships .24
10.3.3 Encoding schemes .25
10.3.4 Rules for syntax, obligation levels, default values and repeatability .25
10.3.5 Reusing existing metadata schemas for the purposes of managing records .25
10.4 Metadata schema presentation .26
10.4.1 Documenting a metadata schema for managing records .26
10.4.2 Machine readable presentations .26
11 Implementing metadata for managing records .27
11.1 General .27
11.2 Storage and management .27
11.2.1 Centralized versus decentralized storage and management .27
11.2.2 Metadata repository .28
11.3 Metadata capture .28
11.4 Creating a metadata record for managing records .28
11.5 Registration .29
11.6 Metadata as control tools for managing records .29
11.7 Linking metadata .30
11.8 Appraisal .30
11.9 Transferring records .31
11.10 Preservation and storage formats .31
11.10.1 General.31
11.10.2 Storage in specified formats.32
11.10.3 Encapsulating .32
11.11 Ensuring management of metadata over time .32
Bibliography .33
iv © ISO 2021 – All rights reserved

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/
iso/ foreword .html.
This document was prepared by Technical Committee ISO/TC 46, Information and documentation,
Subcommittee SC 11, Archives/records management.
This second edition cancels and replaces the first edition (ISO 23081-2:2009), of which it constitutes a
minor revision.
The changes compared to the previous edition are as follows:
— the second element of the title has been changed from "Managing metadata for records" to "Metadata
for managing records";
— in Clause 2, ISO 30300 has been added as a normative reference;
— in Clause 3, a reference to ISO 30300 has been added and the terminological entries have been
deleted;
— dated references have been updated;
— minor editorial changes have been applied for clarification.
A list of all parts in the ISO 23081 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
Introduction
The ISO 23081 series describes metadata for records. This document focuses on the framework for
defining metadata elements for managing records and provides a generic statement of metadata
elements, whether these are physical, analogue or digital, consistent with the principles of ISO 23081-1.
It provides an extended rationale for metadata for managing records in organizations, conceptual
models for metadata and a high-level element set of generic metadata types suitable for any records
environment encompassing, for example, current document or records management implementations
or archival implementations. It defines the generic metadata types both for records entities as well as
other entities that need to be managed in order to document and understand the context of records.
This document also identifies, for key entities, a minimum number of fixed aggregation layers that
are required for interoperability purposes. The models and generic metadata types outlined in this
document are primarily focused on the “records” entity. However, they are also relevant to the other
entities.
This document does not prescribe a specific set of metadata elements. Rather, it identifies generic types
of metadata that are required to fulfil the requirements for managing records. This approach provides
organizations with the flexibility to select specific metadata to meet their business requirements
for managing their records for as long as they are required. It provides diagrams for determining
the metadata elements that can be defined in a particular implementation and the metadata that
could apply to each aggregation of the entities defined. It acknowledges that these entities can exist
at different layers of aggregation. It defines generic metadata types that are expected to apply at all
layers of aggregation, while alerting implementers to specific metadata elements that can only apply at
particular layers of aggregation.
Implementing metadata for managing records in organizational and system settings involves a number
of choices, which are determined by the circumstances of the organization, the systems in place and the
requirements for managing records.
Building upon the principles of ISO 23081-1, this document provides further explanation on the
underlying concepts of metadata schemas for managing records, offers practical guidance for
developing and constructing those schemas from an organizational point of view and finally goes into
issues relating to the implementation and management of metadata over time.
This document is intended for
— records professionals (or persons assigned within an organization for managing records in any
environment) responsible for defining metadata for managing records at any layer of aggregation
in either a business system or dedicated records application software;
— systems/business analysts responsible for identifying metadata to manage records in business
systems;
— records professionals or systems analysts addressing system interoperability requirements
involving records; and
— vendors, as suppliers of software applications that support and enable the creation, capture and
management of metadata over time.
vi © ISO 2021 – All rights reserved

INTERNATIONAL STANDARD ISO 23081-2:2021(E)
Information and documentation — Metadata for managing
records —
Part 2:
Conceptual and implementation issues
1 Scope
This document establishes a framework for defining metadata elements consistent with the principles
and implementation considerations outlined in ISO 23081-1. The purpose of this framework is to:
a) enable standardized description of records and critical contextual entities for records;
b) provide common understanding of fixed points of aggregation to enable interoperability of records
and information relevant to records between organizational systems; and
c) enable reuse and standardization of metadata for managing records over time, space and across
applications.
It further identifies some of the critical decision points that need to be addressed and documented to
enable implementation of metadata for managing records. It aims to:
— identify the issues that need to be addressed in implementing metadata for managing records;
— identify and explain the various options for addressing the issues; and
— identify various paths for making decisions and choosing options in implementing metadata for
managing records.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 11179-1, Information technology — Metadata registries (MDR) — Part 1: Framework
ISO 15489-1:2016, Information and documentation — Records management — Part 1: Concepts and
principles
ISO 23081-1:2017, Information and documentation — Records management processes — Metadata for
records — Part 1: Principles
ISO 30300, Information and documentation — Records management — Core concepts and vocabulary
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 23081-1, ISO/IEC 11179-1 and
ISO 30300 apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
4 Purpose and benefits of metadata
4.1 Purposes of metadata for managing records
4.1.1 General
Organizations need information systems that capture and manage appropriate contextual information
to aid the use, understanding, management of, and access to, records over time. This information is
critical for asserting authenticity, reliability, integrity, useability and evidential qualities of records.
Collectively, this information is known as metadata for managing records.
Metadata for managing records can be used for a variety of purposes within an organization to support,
identify, authenticate, describe, locate and manage their resources in a systematic and consistent way
to meet business, accountability and societal requirements of organizations.
Records application software and business systems with records functionality manage records by
capturing and managing metadata about those records and the context of their creation and use.
Records, particularly in the form of electronic transactions, can exist outside of a formal records
application software, often being created in business systems serving specific purposes (for example,
licensing systems). Records are used and understood by people who possess, or have access to, sufficient
knowledge about the processes being undertaken, the people involved in the transaction, the records
generated and their immediate context. Such records are not always robust, for reasons including the
following.
a) Contextual linkages can be unwritten and dependent upon individual and group memory. Such
reliance on unwritten contextual understanding is not dependable; some people have access to
more knowledge than others, over time the useability of records will be compromised by staff
movement and diminishing corporate memory.
b) The records often lack explicit information needed to identify the components of a transaction
outside the specific business context and are therefore difficult to exchange with other related
business systems for interoperability purposes.
c) The management processes necessary to assure the sustainability of the records for as long as they
are required are not usually a feature of such systems.
4.1.2 Amount of metadata
There are practical limits to the amount of contextual information that can be made explicit and
captured into a given system in the form of metadata. Context is infinite, while a single information
system has finite boundaries. Further contextual information will always exist outside the boundaries
of any one system. A single records application software system only needs to capture as much metadata
as is considered useful for that system and its users to interpret and manage the records for as long
as they are required within the system and to enable migration of those records required outside the
system. Good metadata regimes are dynamic and can add additional metadata for managing records as
and when necessary over time.
Much metadata for managing records can be obtained from other information systems. For them to be
useful in a system for managing records, they need to be structured and organized in a standardized
way. Standardized metadata are an essential prerequisite for information system interoperability
within and between organizations.
2 © ISO 2021 – All rights reserved

4.2 Business benefits for metadata for managing records
4.2.1 General
Metadata for managing records not only describe the attributes of records in a way that enables their
management and use/reuse, they also document the relationships between records and the agents that
make and use them and the events or circumstances in which the records are made and used. Metadata
support the searching of information assets and the maintenance of their authenticity.
4.2.2 Capturing and managing records in business systems
Organizations need to create records of their transactions and maintain those records for as long as
they are needed. This can be done only if organizations’ business systems capture records metadata
in accordance with organizational requirements for managing records. How well a system manages
records is largely dependent on the metadata functionality of the system. The relationships between
business systems and specific records application software systems are subject to implementation
decisions, as outlined in Clause 11.
4.2.3 Interoperability
Interoperability refers to the ability of two or more automated systems to exchange information and
to recognize, process and use that information successfully. Interoperable systems need to be able to
operate simultaneously at technical, semantic and syntactical levels. Standardized metadata are an
essential prerequisite for information system interoperability.
Standardized metadata for managing records assist in enabling interoperability as follows:
a) between business systems within an organization (for example, between systems that support one
business process and those that support other business processes across the organization);
b) between business systems that create records, and records application software that manage them
as records;
c) between business systems during system migration;
d) between multiple organizations involved in the conduct of business processes (for example, chain
management or electronic commerce transactions);
e) between organizations for a variety of other business purposes (for example in undertaking shared
transactions or transfer of records to a third party);
f) across time between business systems that create records and archival systems that preserve
them.
In supporting interoperability, metadata for managing records enable resource discovery of records in
business systems as well as in records application software.
4.2.4 Risk management
Metadata schemas can be tailored to suit organizational requirements for risk aversion. Organizations
specify elements that shall be present for records to be reliable, authentic and to have integrity. Other
elements are optional, for inclusion at the discretion of sub-units of organizations or for particular
business systems within organizations.
When considering metadata implementation strategies, organizations should identify the risks that
exist, consider the degree of risk entailed, and ensure that the implementation strategy:
a) provides access to critical business systems over time;
b) satisfies legal requirements for authenticity and reliability; and
c) is sustainable from a resource perspective over time.
4.2.5 Metadata for records as an organizational information asset
Structured metadata for managing records, in combination with good system search functionality,
support access and retrieval of records across organizations. This maximizes the ability of people to find
relevant records quickly and easily when they need to. In addition, structured records metadata enable
information in records to be retrieved within their business context, thus enhancing understanding
and trust in the reliability of information retrieved for reuse. A relatively small initial investment in
good metadata can enhance quality and reduce costs for retrieval of information to the organization.
4.2.6 Preventing unauthorized access to records
Metadata for managing records can be used to reduce the risk of unauthorized use of records.
Metadata are needed to specify if access to records is restricted. Only those with appropriate clearance
should have access to records. Any instances of access should be documented as metadata. Access
control metadata are vital to secure legal and business interests of the organization. They ensure the
appropriate management of confidentiality, and privacy of personal information, and other use and
security restrictions identified in an organization’s records.
4.2.7 Sustainability of business systems through administrative change
With the change of an organization's structure, function or work process, a shift in the responsibilities
for business activities takes place. Implementation of standardized and structured records metadata
assists in identifying appropriate records to be moved across systems and organizational boundaries.
Such standardized metadata also assist in extracting records from one system and importing them into
other systems, by preserving contextual linkage independently of any particular business system.
4.2.8 Long-term retention of digital records
Digital records depend upon metadata for their existence, management and future use. The
characteristics of authoritative records (see ISO 15489-1:2016, 5.2.2) in all formats are defined in
records metadata. Ensuring the preservation of the records, including their metadata, in electronic
form requires conformance to stable, structured and well-defined metadata standards to ensure their
sustainability across software upgrades or changes. Preservation of digital records as long as they are
needed can involve a number of strategies (see Clause 11), but all strategies are dependent upon the
existence of standardized metadata for managing records.
4.2.9 Incorporation of metadata into archival systems
Much of the information that is needed to document and describe records and their context in archival
systems can be sourced from the metadata in records application software. This interconnection should
be as seamless as possible. Capturing metadata for managing records according to a standardized
schema makes this process easier to implement.
5 Policy and responsibilities
5.1 Policy decisions
As indicated in ISO 23081-1:2017, Clause 6, metadata strategies should be treated as an integral part
of, or explicitly related to, an organization's broader records and information management strategy. In
this respect, clear metadata-related policy should be created, either as a separate stand-alone policy
area linked to the existing records policy framework or as an integral yet distinct part of the existing
organizational records policies. In either case, organizations should:
a) identify and assign roles and responsibilities, including responsibilities for quality assurance of
metadata;
4 © ISO 2021 – All rights reserved

b) identify requirements for metadata reliability, accessibility, retrieval, maintenance, and security;
c) select applicable metadata standards or schema;
d) identify and establish rules for applying metadata encoding schemes (controlled vocabularies,
syntax schemes);
e) determine technical standards to be used in implementation;
f) identify how the metadata policy for managing records relates to other metadata policies or
schemas that are in use in the organization;
g) identify evaluation criteria and methodology for determining compliance with, and effectiveness
of, the policy;
h) develop monitoring and evaluation strategies to accompany the policy;
i) determine how the policy will be kept up-to-date in line with business activities.
Any policy should allow for different levels of implementation. It should identify the level to be achieved
and how it is to be achieved.
A policy should also identify those areas that are most critical and require special attention with respect
to metadata deployment strategies, such as sustainability, accessibility, vital records identification,
preservation and risk analysis.
5.2 Responsibilities for implementing metadata for managing records
In line with the established framework of roles and responsibilities for records (see ISO 15489-1:2016,
6.3), responsibility for developing, implementing and maintaining metadata frameworks for managing
records should be clearly assigned to records professionals in association with other organizational
staff such as information technology or legal professionals, as appropriate.
This responsibility includes:
a) analysing the needs of the organization for metadata for managing records based upon business
requirements;
b) monitoring and analysing developments within the organization relating to metadata, particularly
requirements for managing records;
c) ensuring that metadata schemas for managing records are developed in accordance with best
practice and applicable industry standards;
d) developing the metadata framework for managing records, including the metadata schema, and
related organizational standards and the rules for using them;
e) identifying or developing appropriate metadata encoding schemes, element refinements and
qualifiers, for example classification schemes;
f) keeping the metadata schema up-to-date and in line with business needs;
g) managing the metadata schema as a record in its own right;
h) maintaining the overall quality of both machine-generated and human-generated metadata, most
particularly its accuracy, integrity, authenticity, useability and reliability;
i) co-ordinating implementation issues between records and information technology staff;
j) co-ordinating with business system owners to ensure integration of metadata for managing
records into business systems as appropriate;
k) co-ordinating with archival authorities/processes to ensure interoperability between records
application software and archival environments for those records that have archival value;
l) setting up a training programme and subsequent training of agents on the use and application of
the metadata schema;
m) communicating about the metadata schema within the organization.
6 Metadata conceptual model
6.1 Entities
Systems designed to manage records require metadata to support processes for managing records or
archives. One of the main uses of metadata is to represent entities from the business environment in the
business system. Entities support the records perspective for understanding the business environment
but they are not in themselves always tangible objects.
Figure 1 specifies the conceptual entity model and supports any number of entities, but of particular
importance are the following:
a) the records themselves, whether an individual document or aggregations of records (known as
record entities);
b) the people or organizing structures in the business environment (known as agent entities);
c) the business transacted (known as business entities);
d) the rules governing the transaction and documentation of business (known as mandate entities).
NOTE See ISO 23081-1:2017, 9.1.
Figure 1 — Conceptual entity model: Main entities and their relationships
6.2 Relationships between entities
A key requirement of metadata for managing records is to capture evidence of relationships between
entities and persistently link it to record objects so that the resultant records can serve as evidence of
the business and social activities in which they are created and used. Metadata for managing records
6 © ISO 2021 – All rights reserved

shall also be capable of capturing layers of aggregation in entities and the relationships among those
layers. Relationships are treated as a class of entity in the following entity framework model (see
Figure 2) due to their importance from a records perspective.
[6]
Figure 2 — Entity model as unified modeling language (UML) class diagram showing
generalization/specialization relationships between entities
The diagram in Figure 2 represents the generalization/specialization associations between classes
of entities associated with managing records and their subclasses. For example, this diagram shows
Series as a type of Record entity, Business rules as a type of Mandate entity and Records management
business as a type of Business entity. The generalization/specialization associations allow for common
structure and behaviour of classes to be identified.
The subclasses include layers of aggregation for entities associated with managing records. The
diagram does not illustrate the aggregation relationships between the subclasses (these are detailed
in Clause 7) nor relationships between the general classes (as illustrated in Figure 1). By default,
generalization/specialization sets are considered to be incomplete, so the diagram in Figure 2 implies
that the sets of subclasses are extensible.
Including relationship as a separate class of entity allows for greater flexibility in the implementation of
this document. Metadata schemas derived from this framework can choose to implement relationships
as:
a) a separate class;
b) a relation attribute of record, agent, business, and mandate classes; or
c) other attributes of record, agent, business, and mandate classes.
Where relationship is defined as a separate class of entity, each of the entities participating in the
relationship will contain a relation element which points to a relationship entity. This relationship entity
describes the relationship type and the members of the relationship. It also contains any contextual
information about the relationship, for example the history of the relationship. In the description of
the relationship entity, the identity and nature of the relationship needs to be captured, along with
the roles that each entity making up the relationship plays. Event metadata relating to the relationship
capture the dates of these associations.
Where relationships are captured as attributes of other entities, they can be handled by a generic
composite element which allows for the type, dates and roles of the relationship to be captured in the
instances.
Modelling relationships in this way makes the properties of the relationship distinguishable from the
properties of the entities. This provides a pathway to interoperability as the different ways metadata
schemas handle relationships can be mapped to this more generic model.
6.3 Flattening the entity model
It is not expected that all implementations of this document will directly implement all the classes
of entities described. Such decisions depends on the ability to ensure persistent links between the
various classes of entity descriptions. Uncertainties about persistence can lead to “records-centric”
implementations, where metadata about other classes of entities are brought explicitly within the
boundaries of the record class itself.
Such implementations “flatten” the entity model and include the information about the missing classes
of entities within other entities. For example, an implementation that did not contain agent, mandate,
or business classes can include the necessary information in the implementation of the record class. See
Figure 3.
Figure 3 — Expression as multiple classes of entities or as a single, “flattened”,
records-centric entity class
7 Concepts relating to metadata implementation
7.1 Aggregation
7.1.1 General
Each of the entities' classes identified in ISO 23081-1 (i.e. record, agent, mandate, business, records
management business) exist at different layers of aggregation. For example, within the entity “agent”, an
individual, a work unit, a department/division/branch or the organization as a whole can be described.
Within the entity class “record”, an item, a folder, a file, a series, etc. can be described. Each of these
layers is referred to as an aggregation. See Figure 4. Each implementation can define them differently.
8 © ISO 2021 – All rights reserved

Figure 4 — Layers of aggregation
It is important to determine precisely which layers of aggregation are being defined because of the
following.
a) Metadata about each layer of aggregation within an entity can be different. While some elements
can be common elements to all layers, some can be specific to particular layers of aggregation.
b) Systems exporting or importing records need to have the layer of aggregation clearly identified to
assign appropriate meaning and functionality to the object in the inheriting system.
Defining the entities and layers of aggregation in this way, provides significant advantages in allowing
the metadata schema to be implemented and managed over time.
7.1.2 Entity class aggregation scheme
7.1.2.1 Scheme of entity classes represented in business systems or records application
software
This scheme codifies containment relationships within the same class of entity as specified in Tables 1
to 4. Each implementation includes its own unique mix of entities, based on the processes it needs to
support.
The purpose of defining a scheme is to facilitate:
— sharing of information about the business environment between systems;
— reuse of entities and metadata from one business system to another; and
— migration of entities and metadata from one records application software system to another.
The interoperability of metadata for managing records is dependent on business systems (including
records application software) using the same entity class types and metadata elements and on the
meaning (semantics) embodied in the way specific data values have been used
...