Information and documentation -- Management systems for records -- Requirements

This document specifies requirements to be met by a management system for records (MSR) in order
to support an organization in the achievement of its mandate, mission, strategy and goals. It addresses
the development and implementation of a records policy and objectives and gives information on
measuring and monitoring performance.
An MSR can be established by an organization or across organizations that share business activities.
Throughout this document, the term “organization” is not limited to one organization but also includes
other organizational structures.
This document is applicable to any organization that wishes to:
— establish, implement, maintain and improve an MSR to support its business;
— ensure itself of conformity with its stated records policy;
— demonstrate conformity with this document by
a) undertaking a self-assessment and self-declaration, or
b) seeking confirmation of its self-declaration by a party external to the organization, or
c) seeking certification of its MSR by an external party.

Information et documentation -- Systèmes de gestion des documents d'activité -- Exigences

Le pr�sent document sp�cifie les exigences relatives � un syst�me de gestion des documents d'activit� (SGDA) visant � soutenir un organisme dans la r�alisation de son mandat, de sa mission, de sa strat�gie et de ses objectifs. Il traite du d�veloppement et de la mise en œuvre d'une politique et de finalit�s relatives aux documents d'activit� et donne des informations sur le mesurage et la surveillance des performances.
Un SGDA peut �tre �tabli par un organisme ou plusieurs organismes lorsque ceux-ci partagent des activit�s. Tout au long du pr�sent document, le terme � organisme � ne se limite pas � un seul organisme, mais inclut �galement d'autres structures organisationnelles.
Le pr�sent document s'applique � tout organisme souhaitant:
— �tablir, mettre en œuvre, tenir � jour et am�liorer un SGDA venant en support de ses activit�s;
— s'assurer lui-m�me de la conformit� � sa politique d�clar�e en mati�re de documents d'activit�;
— d�montrer sa conformit� au pr�sent document en:  
r�alisant une auto-�valuation et une auto-d�claration; ou
demandant une confirmation de son auto-d�claration par une partie externe � l'organisme; ou
demandant une certification de son SGDA par une partie externe.

Informatika in dokumentacija - Sistemi upravljanja zapisov - Zahteve

Ta dokument določa zahteve, ki jih mora izpolnjevati sistem za upravljanje zapisov (MSR),
da lahko podpira organizacijo pri izvajanju njenih pooblastil, poslanstva, strategije in ciljev. Obravnava
pripravo in uvedbo pravilnika o zapisih in ciljev ter podaja informacije
o merjenju in nadzoru delovanja.
Sistem upravljanja zapisov lahko oblikuje organizacija ali skupina organizacij, ki si delijo poslovne dejavnosti.
V tem dokumentu izraz »organizacija« ni omejen na eno organizacijo, ampak vključuje tudi
druge organizacijske strukture.
Ta dokument lahko uporabi vsaka organizacija, ki želi:
– vzpostaviti, izvajati, vzdrževati in izboljševati sistem upravljanja zapisov za podporo poslovanja;
– zagotoviti skladnost s pravilnikom upravljanja zapisov, za katerega se je opredelila;
– izkazati skladnost s tem dokumentom, tako da:
a) sprejme samooceno in izda lastno izjavo; ali
b) pridobi potrditev lastne izjave pri zunanji stranki; ali
c) pridobi potrdilo o sistemu upravljanja zapisov pri zunanji stranki.

General Information

Status
Published
Publication Date
03-Sep-2019
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
05-Aug-2019
Due Date
10-Oct-2019
Completion Date
04-Sep-2019

RELATIONS

Buy Standard

Standard
ISO 30301:2019 - Information and documentation -- Management systems for records -- Requirements
English language
16 pages
sale 15% off
Preview
sale 15% off
Preview
Standard
SIST ISO 30301:2019 - BARVE na PDF-str 8,9
English language
23 pages
sale 10% off
Preview
sale 10% off
Preview

e-Library read for
1 day
Standard
ISO 30301:2019 - Information et documentation -- Systemes de gestion des documents d'activité -- Exigences
French language
18 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

INTERNATIONAL ISO
STANDARD 30301
Second edition
2019-02
Information and documentation —
Management systems for records —
Requirements
Information et documentation — Systèmes de gestion des documents
d'activité — Exigences
Reference number
ISO 30301:2019(E)
ISO 2019
---------------------- Page: 1 ----------------------
ISO 30301:2019(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2019

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2019 – All rights reserved
---------------------- Page: 2 ----------------------
ISO 30301:2019(E)
Contents Page

Foreword ........................................................................................................................................................................................................................................iv

Introduction ..................................................................................................................................................................................................................................v

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

4 Context of the organization ....................................................................................................................................................................... 4

4.1 Understanding the organization and its context ....................................................................................................... 4

4.1.1 General...................................................................................................................................................................................... 4

4.1.2 Records requirements ................................................................................................................................................. 5

4.2 Understanding the needs and expectations of interested parties .............................................................. 5

4.3 Determining the scope of the MSR ......................................................................................................................................... 6

4.4 Management system for records ............................................................................................................................................. 6

5 Leadership .................................................................................................................................................................................................................. 6

5.1 Leadership and commitment ..................................................................................................................................................... 6

5.2 Policy ............................................................................................................................................................................................................... 6

5.3 Organization roles, responsibilities and authorities .............................................................................................. 7

6 Planning ......................................................................................................................................................................................................................... 7

6.1 Actions to address risks and opportunities ................................................................................................................... 7

6.2 Records objectives and planning to achieve them ................................................................................................... 8

7 Support ........................................................................................................................................................................................................................... 8

7.1 Resources ..................................................................................................................................................................................................... 8

7.2 Competence ............................................................................................................................................................................................... 9

7.3 Awareness ................................................................................................................................................................................................... 9

7.4 Communication ...................................................................................................................................................................................... 9

7.5 Documented information ............................................................................................................................................................... 9

7.5.1 General...................................................................................................................................................................................... 9

7.5.2 Creating and updating ..............................................................................................................................................10

7.5.3 Control of documented information ............................................................................................................10

8 Operation ..................................................................................................................................................................................................................10

8.1 Operational planning and control .......................................................................................................................................10

8.2 Determining records to be created .....................................................................................................................................11

8.3 Designing and implementing records processes, controls and systems ............................................11

9 Performance evaluation ............................................................................................................................................................................11

9.1 Monitoring, measurement, analysis and evaluation ............................................................................................11

9.2 Internal audit .........................................................................................................................................................................................11

9.3 Management review ........................................................................................................................................................................12

10 Improvement .........................................................................................................................................................................................................12

10.1 Nonconformity and corrective actions ............................................................................................................................12

10.2 Continual improvement ...............................................................................................................................................................13

Annex A (normative) Operational requirements for records processes, control and systems ............14

Bibliography .............................................................................................................................................................................................................................16

© ISO 2019 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO 30301:2019(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www .iso .org/patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso

.org/iso/foreword .html.

This document was prepared by Technical Committee ISO/TC 46, Information and documentation,

Subcommittee SC 11, Archives/records management.

This second edition cancels and replaces the first edition (ISO 30301:2011), which has been technically

revised to fully follow the common text of the high level structure (HLS) for all ISO management

systems standards (MSS), and to align operational requirements with the guidelines in ISO 15489.

The main changes compared to the previous edition are as follows:
— a new subclause, 4.1.2 Records requirements, has been added;
— subclauses 8.2 and 8.3 have been redrafted;

— the requirements in Annex A have been renamed and reordered. Requirements numbered A.1.1.1

and A.1.1.2 are now included in 8.2, A.2.5.7 has been deleted from Annex A.

ISO 30301 is part of a family of International Standards on management systems for records.

A list of all products in the ISO 30300 series can be found on the ISO website.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www .iso .org/members .html.
iv © ISO 2019 – All rights reserved
---------------------- Page: 4 ----------------------
ISO 30301:2019(E)
Introduction
0.1 General

Organizational success largely depends upon implementing and maintaining a management system that

is designed to continually improve performance while addressing the needs of all interested parties.

Management systems offer methodologies to make decisions and manage resources in order to achieve

the organization's goals.

Creation and management of records are integral to any organization's activities, processes and

systems. They enable business efficiency, accountability, risk management and business continuity.

They also enable organizations to capitalize on the value of their information resources as strategic

assets, and to contribute to the preservation of collective memory, in response to the challenges of the

global and digital environment.
0.2 Management system

Management system standards (MSS) provide tools for top management to implement a systematic

and verifiable approach to organizational control in an environment that encourages good business

practices.

The standards on management systems for records are designed to assist organizations of all types and

sizes, or groups of organizations with shared business activities, to implement, operate and improve an

effective management system for records (MSR). The MSR directs and controls an organization for the

purposes of establishing a policy and objectives with regard to records and achieving those objectives.

This is done through the use of:
— defined roles and responsibilities;
— systematic processes;
— measurement and evaluation;
— review and improvement.

Implementation of a records policy and objectives soundly based on the organization's requirements

will ensure that authoritative and reliable information about, and evidence of, business activities

is created, managed and made accessible to those who need it for as long as required. Successful

implementation of good records policy and objectives results in records and records systems adequate

for all of an organization's purposes.

Implementing an MSR in an organization also guarantees the transparency and traceability of decisions

made by responsible management and the recognition of public interest.
0.3 Relationship with other records standards

The standards on MSR are developed within the MSS framework to be compatible and to share

elements and methodology with other MSS. ISO 15489-1, together with other International Standards

and Technical Reports, are the principal tools for designing, implementing, monitoring and improving

records processes and controls, which operate under the governance of the MSR where organizations

decide to implement MSS methodology.

NOTE ISO 15489 is the foundation standard which codifies best practice for records management operations.

The structure of standards on MSR and the most relevant products for implementing records processes

and controls, either published or under preparation, is shown in Figure 1.
© ISO 2019 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO 30301:2019(E)

NOTE Titles of some products and technical reports are susceptible to change when they are revised. Titles

in this figure represent the subject or domain, not the complete official titles of published standards and technical

reports. An updated figure with new products is available at https: //committee .iso .org/home/tc46sc11.

Figure 1 — Standards on MSR and related International Standards and Technical Reports

0.4 MSR family of standards
This family of standards is intended to be used in support of:

a) top management who make decisions regarding the establishment and implementation of

management systems within their organization;

b) people responsible for the implementation of MSR, such as professionals in the areas of risk

management, auditing, management of records, information technology and information security.

The process approach incorporated to a management system for records emphasizes the importance of:

— identifying the organization's records requirements, including interested parties' needs and

expectations, and establishing policy and objectives for records;

— implementing and operating controls for managing an organization’s risks in relation to its records,

in the context of its overall business risks;
— monitoring and reviewing the performance and effectiveness of the MSR;
— continual improvement based on objective measurement.
Figure 2 represents the structure of this document in process approach.
vi © ISO 2019 – All rights reserved
---------------------- Page: 6 ----------------------
ISO 30301:2019(E)
Figure 2 — Structure of MSR in process approach
0.5 Relationship and compatibility with other management system standards

This document conforms to ISO’s requirements for management system standards. These requirements

include a high-level structure, identical core text, common terms with core definitions, designed to

benefit users implementing multiple ISO management system standards.

The term “documented information” is one of the core terms for MSS. Requirements related to

documented information are given in 7.5. in all MSS. This document, apart from constituting a MSS

itself, can support organizations to implement the documented information requirements of other

management systems. For more information, see https: //committee .iso .org/home/tc46sc11).

© ISO 2019 – All rights reserved vii
---------------------- Page: 7 ----------------------
INTERNATIONAL STANDARD ISO 30301:2019(E)
Information and documentation — Management systems
for records — Requirements
1 Scope

This document specifies requirements to be met by a management system for records (MSR) in order

to support an organization in the achievement of its mandate, mission, strategy and goals. It addresses

the development and implementation of a records policy and objectives and gives information on

measuring and monitoring performance.

An MSR can be established by an organization or across organizations that share business activities.

Throughout this document, the term “organization” is not limited to one organization but also includes

other organizational structures.
This document is applicable to any organization that wishes to:
— establish, implement, maintain and improve an MSR to support its business;
— ensure itself of conformity with its stated records policy;
— demonstrate conformity with this document by
a) undertaking a self-assessment and self-declaration, or

b) seeking confirmation of its self-declaration by a party external to the organization, or

c) seeking certification of its MSR by an external party.
2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO 30300, Information and documentation — Management systems for records — Fundamentals and

vocabulary
3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO 30300 and the following apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https: //www .iso .org/obp
— IEC Electropedia: available at http: //www .electropedia .org/
3.1
organization

person or group of people that has its own functions with responsibilities, authorities and relationships

to achieve its objectives (3.8)

Note 1 to entry: The concept of organization includes, but is not limited to sole-trader, company, corporation, firm,

enterprise, authority, partnership, charity or institution, or part or combination thereof, whether incorporated

or not, public or private.
© ISO 2019 – All rights reserved 1
---------------------- Page: 8 ----------------------
ISO 30301:2019(E)
3.2
interested party
stakeholder

person or organization (3.1) that can affect, be affected by, or perceive itself to be affected by a decision

or activity
3.3
requirement
need or expectation that is stated, generally implied or obligatory

Note 1 to entry: “Generally implied” means that it is custom or common practice for the organization and

interested parties that the need or expectation under consideration is implied.

Note 2 to entry: A specified requirement is one that is stated, for example in documented information.

3.4
management system

set of interrelated or interacting elements of an organization (3.1) to establish policies (3.7) and

objectives (3.8) and processes (3.12) to achieve those objectives

Note 1 to entry: A management system can address a single discipline or several disciplines.

Note 2 to entry: The system elements include the organization’s structure, roles and responsibilities, planning

and operation.

Note 3 to entry: The scope of a management system may include the whole of the organization, specific and

identified functions of the organization, specific and identified sections of the organization, or one or more

functions across a group of organizations.
3.5
top management

person or group of people who directs and controls an organization (3.1) at the highest level

Note 1 to entry: Top management has the power to delegate authority and provide resources within the

organization.

Note 2 to entry: If the scope of the management system (3.4) covers only part of an organization, then top

management refers to those who direct and control that part of the organization.
3.6
effectiveness
extent to which planned activities are realized and planned results achieved
3.7
policy

intentions and direction of an organization (3.1), as formally expressed by its top management (3.5)

3.8
objective
result to be achieved
Note 1 to entry: An objective can be strategic, tactical, or operational.

Note 2 to entry: Objectives can relate to different disciplines (such as financial, health and safety, and

environmental goals) and can apply at different levels [such as strategic, organization-wide, project, product and

process (3.12)].

Note 3 to entry: An objective can be expressed in other ways, e.g. as an intended outcome, a purpose, an

operational criterion, as an MSR objective, or by the use of other words with similar meaning (e.g. aim, goal, or

target).

Note 4 to entry: In the context of MSR, MSR objectives are set by the organization, consistent with the MSR policy,

to achieve specific results.
2 © ISO 2019 – All rights reserved
---------------------- Page: 9 ----------------------
ISO 30301:2019(E)
3.9
risk
effect of uncertainty

Note 1 to entry: An effect is a deviation from the expected — positive or negative.

Note 2 to entry: Uncertainty is the state, even partial, of deficiency of information related to, understanding or

knowledge of, an event, its consequence, or likelihood.

Note 3 to entry: Risk is often characterized by reference to potential “events” (as defined in ISO Guide 73:2009,

3.5.1.3) and “consequences” (as defined in ISO Guide 73:2009, 3.6.1.3), or a combination of these.

Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including

changes in circumstances) and the associated “likelihood” (as defined in ISO Guide 73:2009, 3.6.1.1) of occurrence.

3.10
competence
ability to apply knowledge and skills to achieve intended results
3.11
documented information

information required to be controlled and maintained by an organization (3.1) and the medium on

which it is contained

Note 1 to entry: Documented information can be in any format and media, and from any source.

Note 2 to entry: Documented information can refer to:
— the management system (3.4), including related processes (3.12);
— information created in order for the organization to operate (documentation);
— evidence of results achieved (records).
3.12
process

set of interrelated or interacting activities which transforms inputs into outputs

3.13
performance
measurable result

Note 1 to entry: Performance can relate either to quantitative or qualitative findings.

Note 2 to entry: Performance can relate to the management of activities, processes (3.12), products (including

services), systems or organizations (3.1).
3.14
outsource, verb

make an arrangement where an external organization (3.1) performs part of an organization’s function

or process (3.12)

Note 1 to entry: An external organization is outside the scope of the management system (3.4), although the

outsourced function or process is within the scope.
3.15
monitoring
determining the status of a system, a process (3.12) or an activity

Note 1 to entry: To determine the status, there may be a need to check, supervise or critically observe.

3.16
measurement
process (3.12) to determine a value
© ISO 2019 – All rights reserved 3
---------------------- Page: 10 ----------------------
ISO 30301:2019(E)
3.17
audit

systematic, independent and documented process (3.12) for obtaining audit evidence and evaluating it

objectively to determine the extent to which the audit criteria are fulfilled

Note 1 to entry: An audit can be an internal audit (first party) or an external audit (second party or third party),

and it can be a combined audit (combining two or more disciplines).

Note 2 to entry: An internal audit is conducted by the organization itself, or by an external party on its behalf.

Note 3 to entry: “Audit evidence” and “audit criteria” are defined in ISO 19011.
3.18
conformity
fulfilment of a requirement (3.3)
3.19
nonconformity
non-fulfilment of a requirement (3.3)
3.20
corrective action

action to eliminate the cause of a nonconformity (3.19) and to prevent recurrence

3.21
continual improvement
recurring activity to enhance performance (3.13)
4 Context of the organization
4.1 Understanding the organization and its context
4.1.1 General

The organization shall determine external and internal issues that are relevant to its purpose and that

affect its ability to achieve the intended outcome(s) of its MSR.

External issues in the organization's context may include, but is not limited to:

— the social and cultural, legal, regulatory, financial, technological, economic, natural and competitive

environment, whether international, national, regional or local;

— key drivers and trends which can have an impact on the objectives of the organization;

— relationships with, and perceptions, values and expectations of, external interested parties (see 4.2).

Internal issues in the organization's context may include, but is not limited to:

a) governance, organizational structure, roles and accountabilities;
b) policies, objectives and the strategies that are in place to achieve them;

c) capabilities, understood in terms of resources and knowledge (e.g. capital, time, people, processes,

systems and technologies);

d) information systems, information flows and decision-making processes (both formal and informal);

e) technological context, including technologies that are maintained solely by the organization, as

well as technologies used for collaboration with other parties;
4 © ISO 2019 – All rights reserved
---------------------- Page: 11 ----------------------
ISO 30301:2019(E)

f) relationships with, and perceptions and values of, internal interested parties and the organization's

culture;
g) standards, guidelines and models adopted by the organization;
h) the form and extent of contractual relationships.
4.1.2 Records requirements

The organization shall identify and document the business need for records in order to understand

what records should be created, captured and managed.

The organization shall identify, assess and document records requirements affecting its business

operations with which it shall comply and for which it requires evidence of compliance. These

requirements can be business, legal, regulatory or other requirements.

Business requirements include all the requirements for the performance of the operations or business

of the organization. Requirements arise from current business performance, future planning and

development, risk management and business continuity planning.

Legal requirements include requirements related to the creation, capture and management of records.

Sources of legal requirements are:

— statute and case law, including law and regulations governing the sector-specific and general

business environment;

— laws and regulations relating specifically to evidence, records and archives, access, privacy, data

and information protection, and electronic commerce;

— the constitutional rules of organizations, charters or agreements to which the organization is a party;

— treaties and other instruments the organization is legally bound to uphold.

Other requirements include non-legal voluntary commitments made by the organization:

a) voluntary codes of best practice;
b) voluntary codes of conduct and ethics.
4.2 Understanding the needs and expectations of interested parties
The organization shall determine:
— the interested parties that are relevant to the MSR;
— the requirements of these interested parties.

In relation to records, interested parties expect organizations to be accountable for their actions and

retain and make records available when needed. Requirements of the interested parties, may include,

but is not limited to:

a) identifiable expectations about what is acceptable behaviour for the specific sector or organization,

including good governance, the proper control of fraudulent or malicious behaviour and

transparency in decision making;

b) protection of involved agents or other interested parties’ rights and entitlements;

c) expectations that infor
...

SLOVENSKI STANDARD
SIST ISO 30301:2019
01-oktober-2019
Nadomešča:
SIST ISO 30301:2013
Informatika in dokumentacija - Sistemi upravljanja zapisov - Zahteve
Information and documentation -- Management systems for records -- Requirements
Information et documentation -- Systèmes de gestion des documents d'activité --
Exigences
Ta slovenski standard je istoveten z: ISO 30301:2019
ICS:
01.140.20 Informacijske vede Information sciences
03.100.70 Sistemi vodenja Management systems
SIST ISO 30301:2019 en,fr,de

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST ISO 30301:2019
---------------------- Page: 2 ----------------------
SIST ISO 30301:2019
INTERNATIONAL ISO
STANDARD 30301
Second edition
2019-02
Information and documentation —
Management systems for records —
Requirements
Information et documentation — Systèmes de gestion des documents
d'activité — Exigences
Reference number
ISO 30301:2019(E)
ISO 2019
---------------------- Page: 3 ----------------------
SIST ISO 30301:2019
ISO 30301:2019(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2019

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2019 – All rights reserved
---------------------- Page: 4 ----------------------
SIST ISO 30301:2019
ISO 30301:2019(E)
Contents Page

Foreword ........................................................................................................................................................................................................................................iv

Introduction ..................................................................................................................................................................................................................................v

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

4 Context of the organization ....................................................................................................................................................................... 4

4.1 Understanding the organization and its context ....................................................................................................... 4

4.1.1 General...................................................................................................................................................................................... 4

4.1.2 Records requirements ................................................................................................................................................. 5

4.2 Understanding the needs and expectations of interested parties .............................................................. 5

4.3 Determining the scope of the MSR ......................................................................................................................................... 6

4.4 Management system for records ............................................................................................................................................. 6

5 Leadership .................................................................................................................................................................................................................. 6

5.1 Leadership and commitment ..................................................................................................................................................... 6

5.2 Policy ............................................................................................................................................................................................................... 6

5.3 Organization roles, responsibilities and authorities .............................................................................................. 7

6 Planning ......................................................................................................................................................................................................................... 7

6.1 Actions to address risks and opportunities ................................................................................................................... 7

6.2 Records objectives and planning to achieve them ................................................................................................... 8

7 Support ........................................................................................................................................................................................................................... 8

7.1 Resources ..................................................................................................................................................................................................... 8

7.2 Competence ............................................................................................................................................................................................... 9

7.3 Awareness ................................................................................................................................................................................................... 9

7.4 Communication ...................................................................................................................................................................................... 9

7.5 Documented information ............................................................................................................................................................... 9

7.5.1 General...................................................................................................................................................................................... 9

7.5.2 Creating and updating ..............................................................................................................................................10

7.5.3 Control of documented information ............................................................................................................10

8 Operation ..................................................................................................................................................................................................................10

8.1 Operational planning and control .......................................................................................................................................10

8.2 Determining records to be created .....................................................................................................................................11

8.3 Designing and implementing records processes, controls and systems ............................................11

9 Performance evaluation ............................................................................................................................................................................11

9.1 Monitoring, measurement, analysis and evaluation ............................................................................................11

9.2 Internal audit .........................................................................................................................................................................................11

9.3 Management review ........................................................................................................................................................................12

10 Improvement .........................................................................................................................................................................................................12

10.1 Nonconformity and corrective actions ............................................................................................................................12

10.2 Continual improvement ...............................................................................................................................................................13

Annex A (normative) Operational requirements for records processes, control and systems ............14

Bibliography .............................................................................................................................................................................................................................16

© ISO 2019 – All rights reserved iii
---------------------- Page: 5 ----------------------
SIST ISO 30301:2019
ISO 30301:2019(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www .iso .org/patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso

.org/iso/foreword .html.

This document was prepared by Technical Committee ISO/TC 46, Information and documentation,

Subcommittee SC 11, Archives/records management.

This second edition cancels and replaces the first edition (ISO 30301:2011), which has been technically

revised to fully follow the common text of the high level structure (HLS) for all ISO management

systems standards (MSS), and to align operational requirements with the guidelines in ISO 15489.

The main changes compared to the previous edition are as follows:
— a new subclause, 4.1.2 Records requirements, has been added;
— subclauses 8.2 and 8.3 have been redrafted;

— the requirements in Annex A have been renamed and reordered. Requirements numbered A.1.1.1

and A.1.1.2 are now included in 8.2, A.2.5.7 has been deleted from Annex A.

ISO 30301 is part of a family of International Standards on management systems for records.

A list of all products in the ISO 30300 series can be found on the ISO website.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www .iso .org/members .html.
iv © ISO 2019 – All rights reserved
---------------------- Page: 6 ----------------------
SIST ISO 30301:2019
ISO 30301:2019(E)
Introduction
0.1 General

Organizational success largely depends upon implementing and maintaining a management system that

is designed to continually improve performance while addressing the needs of all interested parties.

Management systems offer methodologies to make decisions and manage resources in order to achieve

the organization's goals.

Creation and management of records are integral to any organization's activities, processes and

systems. They enable business efficiency, accountability, risk management and business continuity.

They also enable organizations to capitalize on the value of their information resources as strategic

assets, and to contribute to the preservation of collective memory, in response to the challenges of the

global and digital environment.
0.2 Management system

Management system standards (MSS) provide tools for top management to implement a systematic

and verifiable approach to organizational control in an environment that encourages good business

practices.

The standards on management systems for records are designed to assist organizations of all types and

sizes, or groups of organizations with shared business activities, to implement, operate and improve an

effective management system for records (MSR). The MSR directs and controls an organization for the

purposes of establishing a policy and objectives with regard to records and achieving those objectives.

This is done through the use of:
— defined roles and responsibilities;
— systematic processes;
— measurement and evaluation;
— review and improvement.

Implementation of a records policy and objectives soundly based on the organization's requirements

will ensure that authoritative and reliable information about, and evidence of, business activities

is created, managed and made accessible to those who need it for as long as required. Successful

implementation of good records policy and objectives results in records and records systems adequate

for all of an organization's purposes.

Implementing an MSR in an organization also guarantees the transparency and traceability of decisions

made by responsible management and the recognition of public interest.
0.3 Relationship with other records standards

The standards on MSR are developed within the MSS framework to be compatible and to share

elements and methodology with other MSS. ISO 15489-1, together with other International Standards

and Technical Reports, are the principal tools for designing, implementing, monitoring and improving

records processes and controls, which operate under the governance of the MSR where organizations

decide to implement MSS methodology.

NOTE ISO 15489 is the foundation standard which codifies best practice for records management operations.

The structure of standards on MSR and the most relevant products for implementing records processes

and controls, either published or under preparation, is shown in Figure 1.
© ISO 2019 – All rights reserved v
---------------------- Page: 7 ----------------------
SIST ISO 30301:2019
ISO 30301:2019(E)

NOTE Titles of some products and technical reports are susceptible to change when they are revised. Titles

in this figure represent the subject or domain, not the complete official titles of published standards and technical

reports. An updated figure with new products is available at https: //committee .iso .org/home/tc46sc11.

Figure 1 — Standards on MSR and related International Standards and Technical Reports

0.4 MSR family of standards
This family of standards is intended to be used in support of:

a) top management who make decisions regarding the establishment and implementation of

management systems within their organization;

b) people responsible for the implementation of MSR, such as professionals in the areas of risk

management, auditing, management of records, information technology and information security.

The process approach incorporated to a management system for records emphasizes the importance of:

— identifying the organization's records requirements, including interested parties' needs and

expectations, and establishing policy and objectives for records;

— implementing and operating controls for managing an organization’s risks in relation to its records,

in the context of its overall business risks;
— monitoring and reviewing the performance and effectiveness of the MSR;
— continual improvement based on objective measurement.
Figure 2 represents the structure of this document in process approach.
vi © ISO 2019 – All rights reserved
---------------------- Page: 8 ----------------------
SIST ISO 30301:2019
ISO 30301:2019(E)
Figure 2 — Structure of MSR in process approach
0.5 Relationship and compatibility with other management system standards

This document conforms to ISO’s requirements for management system standards. These requirements

include a high-level structure, identical core text, common terms with core definitions, designed to

benefit users implementing multiple ISO management system standards.

The term “documented information” is one of the core terms for MSS. Requirements related to

documented information are given in 7.5. in all MSS. This document, apart from constituting a MSS

itself, can support organizations to implement the documented information requirements of other

management systems. For more information, see https: //committee .iso .org/home/tc46sc11).

© ISO 2019 – All rights reserved vii
---------------------- Page: 9 ----------------------
SIST ISO 30301:2019
---------------------- Page: 10 ----------------------
SIST ISO 30301:2019
INTERNATIONAL STANDARD ISO 30301:2019(E)
Information and documentation — Management systems
for records — Requirements
1 Scope

This document specifies requirements to be met by a management system for records (MSR) in order

to support an organization in the achievement of its mandate, mission, strategy and goals. It addresses

the development and implementation of a records policy and objectives and gives information on

measuring and monitoring performance.

An MSR can be established by an organization or across organizations that share business activities.

Throughout this document, the term “organization” is not limited to one organization but also includes

other organizational structures.
This document is applicable to any organization that wishes to:
— establish, implement, maintain and improve an MSR to support its business;
— ensure itself of conformity with its stated records policy;
— demonstrate conformity with this document by
a) undertaking a self-assessment and self-declaration, or

b) seeking confirmation of its self-declaration by a party external to the organization, or

c) seeking certification of its MSR by an external party.
2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO 30300, Information and documentation — Management systems for records — Fundamentals and

vocabulary
3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO 30300 and the following apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https: //www .iso .org/obp
— IEC Electropedia: available at http: //www .electropedia .org/
3.1
organization

person or group of people that has its own functions with responsibilities, authorities and relationships

to achieve its objectives (3.8)

Note 1 to entry: The concept of organization includes, but is not limited to sole-trader, company, corporation, firm,

enterprise, authority, partnership, charity or institution, or part or combination thereof, whether incorporated

or not, public or private.
© ISO 2019 – All rights reserved 1
---------------------- Page: 11 ----------------------
SIST ISO 30301:2019
ISO 30301:2019(E)
3.2
interested party
stakeholder

person or organization (3.1) that can affect, be affected by, or perceive itself to be affected by a decision

or activity
3.3
requirement
need or expectation that is stated, generally implied or obligatory

Note 1 to entry: “Generally implied” means that it is custom or common practice for the organization and

interested parties that the need or expectation under consideration is implied.

Note 2 to entry: A specified requirement is one that is stated, for example in documented information.

3.4
management system

set of interrelated or interacting elements of an organization (3.1) to establish policies (3.7) and

objectives (3.8) and processes (3.12) to achieve those objectives

Note 1 to entry: A management system can address a single discipline or several disciplines.

Note 2 to entry: The system elements include the organization’s structure, roles and responsibilities, planning

and operation.

Note 3 to entry: The scope of a management system may include the whole of the organization, specific and

identified functions of the organization, specific and identified sections of the organization, or one or more

functions across a group of organizations.
3.5
top management

person or group of people who directs and controls an organization (3.1) at the highest level

Note 1 to entry: Top management has the power to delegate authority and provide resources within the

organization.

Note 2 to entry: If the scope of the management system (3.4) covers only part of an organization, then top

management refers to those who direct and control that part of the organization.
3.6
effectiveness
extent to which planned activities are realized and planned results achieved
3.7
policy

intentions and direction of an organization (3.1), as formally expressed by its top management (3.5)

3.8
objective
result to be achieved
Note 1 to entry: An objective can be strategic, tactical, or operational.

Note 2 to entry: Objectives can relate to different disciplines (such as financial, health and safety, and

environmental goals) and can apply at different levels [such as strategic, organization-wide, project, product and

process (3.12)].

Note 3 to entry: An objective can be expressed in other ways, e.g. as an intended outcome, a purpose, an

operational criterion, as an MSR objective, or by the use of other words with similar meaning (e.g. aim, goal, or

target).

Note 4 to entry: In the context of MSR, MSR objectives are set by the organization, consistent with the MSR policy,

to achieve specific results.
2 © ISO 2019 – All rights reserved
---------------------- Page: 12 ----------------------
SIST ISO 30301:2019
ISO 30301:2019(E)
3.9
risk
effect of uncertainty

Note 1 to entry: An effect is a deviation from the expected — positive or negative.

Note 2 to entry: Uncertainty is the state, even partial, of deficiency of information related to, understanding or

knowledge of, an event, its consequence, or likelihood.

Note 3 to entry: Risk is often characterized by reference to potential “events” (as defined in ISO Guide 73:2009,

3.5.1.3) and “consequences” (as defined in ISO Guide 73:2009, 3.6.1.3), or a combination of these.

Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including

changes in circumstances) and the associated “likelihood” (as defined in ISO Guide 73:2009, 3.6.1.1) of occurrence.

3.10
competence
ability to apply knowledge and skills to achieve intended results
3.11
documented information

information required to be controlled and maintained by an organization (3.1) and the medium on

which it is contained

Note 1 to entry: Documented information can be in any format and media, and from any source.

Note 2 to entry: Documented information can refer to:
— the management system (3.4), including related processes (3.12);
— information created in order for the organization to operate (documentation);
— evidence of results achieved (records).
3.12
process

set of interrelated or interacting activities which transforms inputs into outputs

3.13
performance
measurable result

Note 1 to entry: Performance can relate either to quantitative or qualitative findings.

Note 2 to entry: Performance can relate to the management of activities, processes (3.12), products (including

services), systems or organizations (3.1).
3.14
outsource, verb

make an arrangement where an external organization (3.1) performs part of an organization’s function

or process (3.12)

Note 1 to entry: An external organization is outside the scope of the management system (3.4), although the

outsourced function or process is within the scope.
3.15
monitoring
determining the status of a system, a process (3.12) or an activity

Note 1 to entry: To determine the status, there may be a need to check, supervise or critically observe.

3.16
measurement
process (3.12) to determine a value
© ISO 2019 – All rights reserved 3
---------------------- Page: 13 ----------------------
SIST ISO 30301:2019
ISO 30301:2019(E)
3.17
audit

systematic, independent and documented process (3.12) for obtaining audit evidence and evaluating it

objectively to determine the extent to which the audit criteria are fulfilled

Note 1 to entry: An audit can be an internal audit (first party) or an external audit (second party or third party),

and it can be a combined audit (combining two or more disciplines).

Note 2 to entry: An internal audit is conducted by the organization itself, or by an external party on its behalf.

Note 3 to entry: “Audit evidence” and “audit criteria” are defined in ISO 19011.
3.18
conformity
fulfilment of a requirement (3.3)
3.19
nonconformity
non-fulfilment of a requirement (3.3)
3.20
corrective action

action to eliminate the cause of a nonconformity (3.19) and to prevent recurrence

3.21
continual improvement
recurring activity to enhance performance (3.13)
4 Context of the organization
4.1 Understanding the organization and its context
4.1.1 General

The organization shall determine external and internal issues that are relevant to its purpose and that

affect its ability to achieve the intended outcome(s) of its MSR.

External issues in the organization's context may include, but is not limited to:

— the social and cultural, legal, regulatory, financial, technological, economic, natural and competitive

environment, whether international, national, regional or local;

— key drivers and trends which can have an impact on the objectives of the organization;

— relationships with, and perceptions, values and expectations of, external interested parties (see 4.2).

Internal issues in the organization's context may include, but is not limited to:

a) governance, organizational structure, roles and accountabilities;
b) policies, objectives and the strategies that are in place to achieve them;

c) capabilities, understood in terms of resources and knowledge (e.g. capital, time, people, processes,

systems and technologies);

d) information systems, information flows and decision-making processes (both formal and informal);

e) technological context, including technologies that are maintained solely by the organization, as

well as technologies used for collaboration with other parties;
4 © ISO 2019 – All rights reserved
---------------------- Page: 14 ----------------------
SIST ISO 30301:2019
ISO 30301:2019(E)

f) relationships with, and perceptions and values of, internal interested parties and the organization's

culture;
g) standards, guidelines and models adopted by the organization;
h) the form and extent of contractual relationships.
4.1.2 Records requirements

The organization shall identify and document the business need for records in order to understand

what records should be created, captured and managed.

The organization shall identify, assess and document records requirements affecting its business

operations with which it shall comply and for which it requires evidence of compliance. These

requirements can be business, legal, regulatory or other requirements.

Business requirements include all the requirements for the performance of the operations or business

of the organization. Requirements arise from current business performance, future planning and

development, risk management and business continuity planning.

Legal requirements include requirements related to the creation, capture and management of records.

Sources of legal requirements are:

— statute and case law, including law and regulations governing the sector-specific and general

business environment;

— laws and regulations relating specifically to evidence, records and archives, access, privacy, data

and information protection, and electronic commerce;
— the constitutional rules of organizations, ch
...

NORME ISO
INTERNATIONALE 30301
Deuxième édition
2019-02
Information et documentation —
Systèmes de gestion des documents
d'activité — Exigences
Information and documentation — Management systems for records
— Requirements
Numéro de référence
ISO 30301:2019(F)
ISO 2019
---------------------- Page: 1 ----------------------
ISO 30301:2019(F)
DOCUMENT PROTÉGÉ PAR COPYRIGHT
© ISO 2019

Tous droits réservés. Sauf prescription différente ou nécessité dans le contexte de sa mise en œuvre, aucune partie de cette

publication ne peut être reproduite ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique,

y compris la photocopie, ou la diffusion sur l’internet ou sur un intranet, sans autorisation écrite préalable. Une autorisation peut

être demandée à l’ISO à l’adresse ci-après ou au comité membre de l’ISO dans le pays du demandeur.

ISO copyright office
Case postale 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Genève
Tél.: +41 22 749 01 11
Fax: +41 22 749 09 47
E-mail: copyright@iso.org
Web: www.iso.org
Publié en Suisse
ii © ISO 2019 – Tous droits réservés
---------------------- Page: 2 ----------------------
ISO 30301:2019(F)
Sommaire Page

Avant-propos ..............................................................................................................................................................................................................................iv

Introduction ..................................................................................................................................................................................................................................v

1 Domaine d'application ................................................................................................................................................................................... 1

2 Références normatives ................................................................................................................................................................................... 1

3 Termes et définitions ....................................................................................................................................................................................... 1

4 Contexte de l'organisme................................................................................................................................................................................ 4

4.1 Compréhension de l'organisme et de son contexte ................................................................................................. 4

4.1.1 Généralités ............................................................................................................................................................................ 4

4.1.2 Exigences relatives aux documents d’activité ........................................................................................ 5

4.2 Compréhension des besoins et attentes des parties intéressées ................................................................ 6

4.3 Détermination du périmètre d'application du système de gestion des documents

d’activité ....................................................................................................................................................................................................... 6

4.4 Système de gestion des documents d’activité .............................................................................................................. 7

5 Leadership .................................................................................................................................................................................................................. 7

5.1 Leadership et engagement............................................................................................................................................................ 7

5.2 Politique ........................................................................................................................................................................................................ 7

5.3 Rôles, responsabilités et autorités au sein de l'organisme ............................................................................... 8

6 Planification .............................................................................................................................................................................................................. 8

6.1 Actions à mettre en œuvre face aux risques et opportunités ......................................................................... 8

6.2 Objectifs concernant les documents d'activité et planification des actions pour les

atteindre ....................................................................................................................................................................................................... 8

7 Support ........................................................................................................................................................................................................................... 9

7.1 Ressources .................................................................................................................................................................................................. 9

7.2 Compétences ............................................................................................................................................................................................. 9

7.3 Sensibilisation ......................................................................................................................................................................................10

7.4 Communication ...................................................................................................................................................................................10

7.5 Informations documentées .......................................................................................................................................................10

7.5.1 Généralités .........................................................................................................................................................................10

7.5.2 Création et mise à jour .............................................................................................................................................10

7.5.3 Maîtrise des informations documentées ..................................................................................................11

8 Réalisation des activités opérationnelles ................................................................................................................................11

8.1 Planification et contrôle opérationnels ..........................................................................................................................11

8.2 Détermination des documents d’activité devant être créés ..........................................................................11

8.3 Conception et mise en œuvre des processus, de la maîtrise et des systèmes

documentaires ......................................................................................................................................................................................12

9 Évaluation des performances ...............................................................................................................................................................12

9.1 Surveillance, mesure, analyse et évaluation ...............................................................................................................12

9.2 Audit interne ..........................................................................................................................................................................................12

9.3 Revue de direction ............................................................................................................................................................................13

10 Amélioration ..........................................................................................................................................................................................................13

10.1 Non-conformité et actions correctives ............................................................................................................................13

10.2 Amélioration continue ...................................................................................................................................................................14

Annexe A (normative) Exigences opérationnelles relatives aux processus liés aux

documents d’activité, à la maîtrise et aux systèmes documentaires ..........................................................15

Bibliographie ...........................................................................................................................................................................................................................18

© ISO 2019 – Tous droits réservés iii
---------------------- Page: 3 ----------------------
ISO 30301:2019(F)
Avant-propos

L'ISO (Organisation internationale de normalisation) est une fédération mondiale d'organismes

nationaux de normalisation (comités membres de l'ISO). L'élaboration des Normes internationales est

en général confiée aux comités techniques de l'ISO. Chaque comité membre intéressé par une étude

a le droit de faire partie du comité technique créé à cet effet. Les organisations internationales,

gouvernementales et non gouvernementales, en liaison avec l'ISO participent également aux travaux.

L'ISO collabore étroitement avec la Commission électrotechnique internationale (IEC) en ce qui

concerne la normalisation électrotechnique.

Les procédures utilisées pour élaborer le présent document et celles destinées à sa mise à jour sont

décrites dans les Directives ISO/IEC, Partie 1. Il convient, en particulier, de prendre note des différents

critères d'approbation requis pour les différents types de documents ISO. Le présent document a été

rédigé conformément aux règles de rédaction données dans les Directives ISO/IEC, Partie 2 (voir www

.iso .org/directives).

L'attention est attirée sur le fait que certains des éléments du présent document peuvent faire l'objet de

droits de propriété intellectuelle ou de droits analogues. L'ISO ne saurait être tenue pour responsable

de ne pas avoir identifié de tels droits de propriété et averti de leur existence. Les détails concernant

les références aux droits de propriété intellectuelle ou autres droits analogues identifiés lors de

l'élaboration du document sont indiqués dans l'Introduction et/ou dans la liste des déclarations de

brevets reçues par l'ISO (voir www .iso .org/brevets).

Les appellations commerciales éventuellement mentionnées dans le présent document sont données

pour information, par souci de commodité, à l’intention des utilisateurs et ne sauraient constituer un

engagement.

Pour une explication de la nature volontaire des normes, la signification des termes et expressions

spécifiques de l'ISO liés à l'évaluation de la conformité, ou pour toute information au sujet de l'adhésion

de l'ISO aux principes de l’Organisation mondiale du commerce (OMC) concernant les obstacles

techniques au commerce (OTC), voir www .iso .org/avant -propos.

Le présent document a été élaboré par le comité technique ISO/TC 46, Information et documentation,

sous-comité SC 11, Archives/Gestion des documents d'activité.

Cette deuxième édition annule et remplace la première édition (ISO 30301:2011), qui a fait l’objet

d’une révision technique afin de se conformer pleinement au texte commun de la structure de niveau

supérieur (HLS) applicable à toutes les normes de système de management, et d’aligner les exigences

opérationnelles avec les lignes directrices de l’ISO 15489.

Les principales modifications par rapport à l’édition précédente sont les suivantes:

— ajout d’un nouveau paragraphe, 4.1.2 Exigences relatives aux documents d’activité;

— refonte des paragraphes 8.2 et 8.3;

— les exigences de l’Annexe A ont été renommées et reclassées. Les exigences numérotées A.1.1.1

et A.1.1.2 sont à présent incluses dans le paragraphe 8.2 et le paragraphe A.2.5.7 a été supprimé de

l’Annexe A.

L'ISO 30301 fait partie d'une famille de Normes internationales traitant des systèmes de gestion des

documents d’activité.

Une liste de toutes les parties de la série ISO 30300 se trouve sur le site de l’ISO.

Il convient que l’utilisateur adresse tout retour d’information ou toute question concernant le présent

document à l’organisme national de normalisation de son pays. Une liste exhaustive desdits organismes

se trouve à l’adresse www .iso .org/fr/members .html.
iv © ISO 2019 – Tous droits réservés
---------------------- Page: 4 ----------------------
ISO 30301:2019(F)
Introduction
0.1 Généralités

Le succès organisationnel dépend dans une large mesure de la mise en œuvre et de la maintenance

d'un système de management conçu dans l'optique d'une amélioration continue des performances tout

en répondant aux besoins de toutes les parties intéressées. Les systèmes de management offrent des

méthodologies pour prendre des décisions et gérer les ressources en vue d'atteindre les objectifs de

l'organisme.

La création et la gestion des documents d'activité font partie intégrante de toutes les activités, processus

et systèmes d'un organisme. Les documents d'activité contribuent à l’efficience, à la responsabilité, au

management du risque et à la continuité des activités. Ils permettent également aux organismes de tirer

profit de la valeur de leurs informations comme actifs stratégiques, tout en contribuant à la conservation

de la mémoire collective et en répondant aux défis de l'environnement mondial et numérique.

0.2 Système de management

Les normes de systèmes de management fournissent des outils à la direction pour développer une

approche systématique et vérifiable du contrôle organisationnel dans un environnement qui favorise

les bonnes pratiques opérationnelles.

Les normes relatives aux systèmes de gestion des documents d'activité sont conçues pour aider les

organismes de tous types et de toutes tailles, ou les groupements d'organismes partageant des activités

opérationnelles, à mettre en œuvre, exploiter et améliorer un système de gestion des documents

d'activité efficace (SGDA). Le SGDA oriente et assure la maîtrise des actions de l’organisme qui visent

à établir une politique et des objectifs de gestion des documents d'activité de façon à atteindre lesdits

objectifs, au moyen:
— de rôles et responsabilités définis;
— de processus systématiques;
— de mesures et d’évaluations;
— de revues et d’améliorations.

La mise en œuvre d'une politique et d'objectifs relatifs aux documents d'activité, solidement fondés sur

les exigences de l'organisme, assurera que des informations fiables et qui font autorité, concernant les

activités opérationnelles de l'organisme, ainsi que les preuves associées, sont créées, gérées et mises à

disposition de ceux qui en ont besoin, aussi longtemps que nécessaire. La mise en œuvre réussie de la

politique et des objectifs relatifs aux documents d'activité conduit à l’existence de systèmes de gestion

des documents d'activité et de documents d’activité adéquats.

La mise en œuvre d'un SGDA au sein d'un organisme garantit également la transparence et la traçabilité

des décisions prises pour un management responsable et la prise en compte de l’intérêt collectif.

0.3 Relation avec les autres normes relatives aux documents d'activité

Les normes relatives aux SGDA sont développées dans le cadre des normes de systèmes de management

afin d'être compatibles et de partager des éléments et une méthodologie avec d'autres normes de

systèmes de management. L’ISO 15489-1 et les autres Normes internationales et Rapports techniques

sont les principaux outils pour concevoir, mettre en œuvre, surveiller et améliorer les processus de

gestion des documents d'activité et leurs contrôles, ce qui permet d'agir dans le cadre de la gouvernance

du SGDA quand les organismes décident de déployer une méthodologie fondée sur une norme de

système de management.

NOTE L’ISO 15489 est la norme de base qui définit les bonnes pratiques en matière d'opérations de gestion

des documents d'activité.
© ISO 2019 – Tous droits réservés v
---------------------- Page: 5 ----------------------
ISO 30301:2019(F)

La structure des normes relatives au SGDA et les produits les mieux adaptés à la mise en œuvre de

processus de gestion des documents d'activité et leurs contrôles, les normes étant publiées ou en

préparation, sont indiqués à la Figure 1.

NOTE Les titres de certains produits et rapports techniques sont susceptibles de changer lorsqu’ils seront

révisés. Les titres indiqués dans la figure représentent le sujet ou le domaine, et ne sont pas les titres complets

officiels de normes et rapports techniques publiés. Une figure mise à jour avec de nouveaux produits est

disponible à l'adresse suivante: https: //committee .iso .org/home/tc46sc11.

Figure 1 — Normes relatives au SGDA et Normes internationales et Rapports techniques

associés
0.4 La famille de normes du SGDA
Cette famille de normes est destinée à être utilisée pour aider:

a) les dirigeants des organismes qui prennent des décisions pour établir et mettre en œuvre des

systèmes de management dans leur organisme;

b) les responsables de la mise en œuvre du SGDA, tels que les professionnels de la gestion des risques,

de l’audit, de la gestion des documents d’activité, des systèmes d’informations et de la sécurité de

l’information.

L’approche processus intégrée à un système de gestion des documents d’activité met l’accent sur:

— l’identification des exigences de l'organisme en matière de documents d’activité, y compris les

besoins et attentes des parties intéressées, et l’établissement d'une politique et d'objectifs de gestion

des documents d’activité;

— la mise en œuvre et l'application de contrôles afin de gérer les risques de l'organisme associés à ses

documents d’activité, dans le contexte des risques globaux liés à l'activité de l'organisme;

— la surveillance et la revue des performances et de l'efficacité du SGDA;
vi © ISO 2019 – Tous droits réservés
---------------------- Page: 6 ----------------------
ISO 30301:2019(F)
— l’amélioration continue sur la base de mesures objectives.

La Figure 2 représente la structure du présent document selon une approche processus.

Figure 2 — Structure du SGDA selon une approche processus
0.5 Relation et compatibilité avec les autres normes de système de management

Le présent document est conforme aux exigences des normes de système de management de l’ISO.

Ces exigences contiennent la structure de niveau supérieur, le texte de base identique, les termes et

définitions de base communs, conçus pour bénéficier aux utilisateurs mettant en œuvre plusieurs

normes ISO de système de management.

Le terme « information documentée » est un des termes de base des normes de système de management.

Les exigences relatives à une information documentée sont indiquées en 7.5 dans toutes les normes de

système de management. Outre le fait de constituer lui-même une norme de système de management, le

présent document peut aider les organismes à mettre en œuvre les exigences relatives aux informations

documentées d’autres systèmes de management. Pour toutes informations complémentaires, voir https:

//committee .iso .org/home/tc46sc11).
© ISO 2019 – Tous droits réservés vii
---------------------- Page: 7 ----------------------
NORME INTERNATIONALE ISO 30301:2019(F)
Information et documentation — Systèmes de gestion des
documents d'activité — Exigences
1 Domaine d'application

Le présent document spécifie les exigences relatives à un système de gestion des documents d'activité

(SGDA) visant à soutenir un organisme dans la réalisation de son mandat, de sa mission, de sa stratégie

et de ses objectifs. Il traite du développement et de la mise en œuvre d'une politique et de finalités

relatives aux documents d’activité et donne des informations sur le mesurage et la surveillance des

performances.

Un SGDA peut être établi par un organisme ou plusieurs organismes lorsque ceux-ci partagent des

activités. Tout au long du présent document, le terme « organisme » ne se limite pas à un seul organisme,

mais inclut également d'autres structures organisationnelles.
Le présent document s'applique à tout organisme souhaitant:

— établir, mettre en œuvre, tenir à jour et améliorer un SGDA venant en support de ses activités;

— s'assurer lui-même de la conformité à sa politique déclarée en matière de documents d'activité;

— démontrer sa conformité au présent document en:
a) réalisant une auto-évaluation et une auto-déclaration; ou

b) demandant une confirmation de son auto-déclaration par une partie externe à l’organisme; ou

c) demandant une certification de son SGDA par une partie externe.
2 Références normatives

Les documents suivants sont cités dans le texte de sorte qu’ils constituent, pour tout ou partie de leur

contenu, des exigences du présent document. Pour les références datées, seule l’édition citée s’applique.

Pour les références non datées, la dernière édition du document de référence s'applique (y compris les

éventuels amendements).

ISO 30300, Information et documentation — Systèmes de gestion des documents d'activité — Principes

essentiels et vocabulaire
3 Termes et définitions

Pour les besoins du présent document, les termes et définitions donnés dans l’ISO 30300 ainsi que les

suivants s’appliquent.

L'ISO et l'IEC tiennent à jour des bases de données terminologiques destinées à être utilisées en

normalisation, consultables aux adresses suivantes:

— ISO Online browsing platform: disponible à l'adresse https: //www .iso .org/obp

— IEC Electropedia: disponible à l'adresse http: //www .electropedia .org/
© ISO 2019 – Tous droits réservés 1
---------------------- Page: 8 ----------------------
ISO 30301:2019(F)
3.1
organisme

personne ou groupe de personnes ayant un rôle avec les responsabilités, l’autorité et les relations lui

permettant d’atteindre ses objectifs (3.8)

Note 1 à l'article: Le concept d’organisme englobe sans s'y limiter, les travailleurs indépendants, les compagnies,

les sociétés, les firmes, les entreprises, les administrations, les partenariats, les organisations caritatives ou les

institutions, ou bien une partie ou une combinaison des entités précédentes, à responsabilité limitée ou ayant un

autre statut, de droit public ou privé.
3.2
partie intéressée
partie prenante

personne ou organisme (3.1) qui peut soit influer sur une décision ou une activité, soit être influencée

ou s’estimer influencée par une décision ou une activité
3.3
exigence
besoin ou attente formulé généralement implicite ou obligatoire

Note 1 à l'article: « Généralement implicite » signifie qu’il est habituel ou courant, pour l’organisme et les parties

intéressées, que le besoin ou l’attente en question soit implicite.

Note 2 à l'article: Une exigence spécifiée est une exigence formulée, par exemple une information documentée.

3.4
système de management

ensemble d’éléments corrélés ou en interaction d’un organisme (3.1) utilisés pour établir des politiques

(3.7) et des objectifs (3.8), et des processus (3.12) de façon à atteindre lesdits objectifs

Note 1 à l'article: Un système de management peut traiter d'un seul ou de plusieurs domaines.

Note 2 à l'article: Les éléments du système comprennent la structure, les rôles et responsabilités, la planification

et le fonctionnement de l'organisme.

Note 3 à l'article: Le périmètre d’un système de management peut comprendre l’ensemble de l’organisme, des

fonctions ou des sections spécifiques et identifiées de l’organisme, ou une ou plusieurs fonctions dans un groupe

d’organismes.
3.5
direction

personne ou groupe de personnes qui oriente et dirige un organisme (3.1) au plus haut niveau

Note 1 à l'article: La direction a le pouvoir de déléguer son autorité et de fournir des ressources au sein de

l’organisme.

Note 2 à l'article: Si le périmètre du système de management (3.4) ne couvre qu'une partie de l’organisme, alors la

direction s'adresse à ceux qui orientent et dirigent cette partie de l’organisme.

3.6
efficacité

niveau de réalisation des activités planifiées et d'obtention des résultats escomptés

3.7
politique

intentions et orientations d’un organisme (3.1), telles qu’elles sont officiellement formulées par

sa direction (3.5)
3.8
objectif
résultat à atteindre
Note 1 à l'article: Un objectif peut être stratégique, tactique ou opérationnel.
2 © ISO 2019 – Tous droits réservés
---------------------- Page: 9 ----------------------
ISO 30301:2019(F)

Note 2 à l'article: Les objectifs peuvent se rapporter à différents domaines (tels que finance, santé, sécurité,

et environnement) et peuvent s’appliquer à divers niveaux [au niveau stratégique, à un niveau concernant

l'organisme dans son ensemble ou afférant à un projet, un produit ou un processus (3.12), par exemple].

Note 3 à l'article: Un objectif peut être exprimé de différentes manières, par exemple par un résultat escompté,

un besoin, un critère opérationnel, en tant qu’objectif de SGDA ou par l'utilisation d'autres termes ayant la même

signification (par exemple finalité, but ou cible).

Note 4 à l'article: Dans le contexte des SGDA, les objectifs du SGDA sont fixés par l’organisme, en cohérence avec

sa politique en matière de SGDA, en vue d’obtenir des résultats spécifiques.
3.9
risque
effet de l’incertitude

Note 1 à l'article: Un effet est un écart, positif ou négatif, par rapport à une attente.

Note 2 à l'article: L’incertitude est l’état, même partiel, de manque d’information qui entrave la compréhension ou

la connaissance d’un événement, de ses conséquences ou de sa vraisemblance.

Note 3 à l'article: Un risque est souvent caractérisé par référence à des événements potentiels (tels que définis

dans le Guide ISO 73:2009, 3.5.1.3) et à des conséquences également potentielles (telles que définies dans le

Guide ISO 73:2009, 3.6.1.3), ou par référence à une combinaison des deux.

Note 4 à l'article: Un risque est souvent exprimé en termes de combinaison des conséquences d’un événement (y

compris des changements de circonstances) et de la vraisemblance de son occurrence (telle que définie dans le

Guide ISO 73:2009, 3.6.1.1).
3.10
compétence

aptitude à mettre en œuvre des connaissances et des savoir-faire pour obtenir les résultats escomptés

3.11
information documentée

information devant être maîtrisée et tenue à jour par un organisme (3.1) ainsi que le support sur lequel

elle figure

Note 1 à l'article: Les informations documentées peuvent se présenter sous n'importe quel format et sur tous

supports et peuvent provenir de toute source.
Note 2 à l'article: Les informations documentées peuvent se rapporter:
— au système de management (3.4), y compris les processus (3.12) connexes;

— aux informations créées en vue du fonctionnement de l’organisme (documentation);

— aux preuves des résultats obtenus (enregistrements) ou documents d’activité
3.12
processus

ensemble d'activités corrélées ou en interaction qui transforme des éléments d'entrée en éléments

de sortie
3.13
performance
résultat mesurable

Note 1 à l'article: Les performances peuvent être liées à des résultats quantitatifs ou qualitatifs.

Note 2 à l'article: Les performances peuvent concerner le management d’activités, de processus (3.12), de produits

(y compris de services), de systèmes ou d’organismes (3.1).
© ISO 2019 – Tous droits réservés 3
---------------------- Page: 10 ----------------------
ISO 30301:2019(F)
3.14
externaliser

passer un accord selon lequel un organisme (3.1) externe assure une partie de la fonction, ou met en

œuvre une partie du processus (3.12) d'un organisme

Note 1 à l'article: L’organisme externe n’est pas inclus dans le périmètre du système de management (3.4),

contrairement à la fonction ou au processus externalisé qui en font partie intégrante.

3.15
surveillance
détermination de l’état d'un système, d'un processus (3.12) ou d’une activité

Note 1 à l'article: Pour déterminer cet état, il peut être nécessaire de vérifier, de superviser ou d'observer d'un

point de vue critique.
3.16
mesure
processus (3.12) visant à déterminer une valeur
3.17
audit

processus (3.12) méthodique, indépendant et documenté, permettant d'obtenir des preuves d'audit et de

les évaluer de manière objective pour déterminer dans quelle mesure les critères d'audit sont satisfaits

Note 1 à l'article: Un audit peut être interne (de première partie) ou externe (de seconde ou tierce partie), et il

peut être combiné (s’il associe deux domaines ou plus).

Note 2 à l'article: Un audit interne est réalisé par l'organisme lui-même ou par une partie externe pour le compte

de celui-ci.

Note 3 à l'article: Les termes « preuves d’audit » et « critères d’audit » sont définis dans l’ISO 19011.

3.18
conformité
satisfaction d'une exigence (3.3)
3.19
non-conformité
non-satisfaction d'une exigence (3.3)
3.20
action corrective

action visant à éliminer la cause d'une non-conformité (3.19) et à éviter qu’elle ne réapparaisse

3.21
amélioration continue
activité récurrente menée pour améliorer les performances (3.13)
4 Contexte de l'organisme
4.1 Compréhension de l'organisme et de son contexte
4.1.1 Généralités

L’organisme doit déterminer les enjeux externes et internes pertinents par rapport à sa finalité, et qui

influent sur sa capacité à atteindre le ou les résultats at
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.