SIST ISO 16175-2:2013

INTERNATIONAL ISO
STANDARD 16175-2
First edition
2011-04-15

Information and documentation —
Principles and functional requirements
for records in electronic office
environments —
Part 2:
Guidelines and functional requirements
for digital records management systems
Information et documentation — Principes et exigences fonctionnelles
pour les enregistrements dans les environnements électroniques de
bureau —
Partie 2: Lignes directrices et exigences fonctionnelles pour les
systèmes de management des enregistrements numériques




Reference number
ISO 16175-2:2011(E)
©
ISO 2011

---------------------- Page: 1 ----------------------
ISO 16175-2:2011(E)


COPYRIGHT PROTECTED DOCUMENT


©  ISO 2011
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland

ii © ISO 2011 – All rights reserved

---------------------- Page: 2 ----------------------
ISO 16175-2:2011(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
(ISO member bodies). The work of preparing International Standards is normally carried out through ISO
technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the
International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The main task of technical committees is to prepare International Standards. Draft International Standards
adopted by the technical committees are circulated to the member bodies for voting. Publication as an
International Standard requires approval by at least 75 % of the member bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO 16175-2 was prepared by the International Council on Archives (as International Council on Archives and
the Australasian Digital Recordkeeping Initiative Principles and functional requirements for records in
electronic office environments — Module 2: Guidelines and functional requirements for digital records
management systems) and was adopted, under a special “fast-track procedure”, by Technical Committee
ISO/TC 46, Information and documentation, Subcommittee SC 11, Archives/records management, in parallel
with its approval by the ISO member bodies.
ISO 16175 consists of the following parts, under the general title Information and documentation — Principles
and functional requirements for records in electronic office environments:
⎯ Part 1: Overview and statement of principles
⎯ Part 2: Guidelines and functional requirements for digital records management systems
⎯ Part 3: Guidelines and functional requirements for records in business systems
© ISO 2011 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO 16175-2:2011(E)













(Blank page)
iv © ISO 2011 – All rights reserved

---------------------- Page: 4 ----------------------
ISO 16175-2:2011(E)

International Council on Archives


Information and documentation - Principles
and functional requirements for records in
electronic office environments



Part 2
Guidelines and functional
requirements for digital
records management
systems

© ISO 2011 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO 16175-2:2011(E)










Published by the International Council on Archives. This part was developed by Archives New Zealand in
conjunction with a joint project team formed by members of the International Council on Archives and the
Australasian Digital Recordkeeping Initiative.
© International Council on Archives 2008
ISBN: 978-2-918004-01-1
Reproduction by translation or reprinting of the whole or of parts for non-commercial purposes is allowed on
condition that due acknowledgement is made.
This publication should be cited as: International Council on Archives, Principles and Functional
Requirements for Records in Electronic Office Environments – Module 2: Guidelines and Functional
Requirements for Electronic Records Management Systems, 2008, published at www.ica.org
vi © ISO 2011 – All rights reserved

---------------------- Page: 6 ----------------------
ISO 16175-2:2011(E)
ICA/ADRI Guidelines and Functional Requirements for Digital Records Management Systems
CONTENTS
1
1. SCOPE
2. RELATED STANDARDS 2
3. TERMS AND DEFINITIONS 3
4. GUIDELINES 9
4.3.1 Create 141414
4.3.2 Maintain 18
4.3.3 Disseminate 20
4.3.4 Administer 20
5. FUNCTIONAL REQUIRMENTS 22
5.1 CREATE 23
5.1.1 Capture 23
5.2 Identification 29
5.3 Classification 3030
5.4 MAINTAIN
35
5.4.1 Access and security 35
5.5 Hybrid records management 42
5.6 Retention and disposition 44
5.7 DISSEMINATE 51
5.7.1 Search, retrieve and render 51
5.8 ADMINISTER 56
5.8.1 Administration 56
6. APPENDICES                                                    59
Appendix A - Sample checklist of requirements for reviewing an existing
digital records management system                     59
Appendix B - Bibliography 61

© ISO 2011 – All rights reserved vii

---------------------- Page: 7 ----------------------
ISO 16175-2:2011(E) ISO 16175-2:2011(E)
ICA/ADRI Guidelines and Functional Requirements for Digital Records Management Systems
INTRODUCTION

Effective management of records and information is fundamental to a well-functioning
organisation as it supports business activity and provides a basis for efficient service
delivery. It also provides the mechanism whereby organisations can account for their
decisions and actions and retain corporate memory. Moreover, good records
management is simply good business practice.
Digital records management systems facilitate:
a) efficiency, by making information readily available when needed
for decision-making and operational activities;
b) sound use of financial resources, by allowing timely disposition of
non-current records;
c) accountability, by enabling the creation of a complete and
authoritative record of activities;
d) compliance, by demonstrating that legal requirements have been
met; and
e) risk mitigation, by managing the risks associated with illegal loss or
destruction of records, and from inappropriate or unauthorised
access to records.
A fundamental underlying principle for this document, Principles and functional
requirements for records in electronic office environments – Part 2: Guidelines and
functional requirements for digital records management systems. (hereafter the term
‘part’ is used) is the distinction between business systems (or business information
systems) and digital (or electronic) records management systems. Business systems
contain data that is commonly subject to constant updates (dynamic), able to be
transformed (manipulable) and contain data in current business use (non-redundant).
By contrast, digital records management systems contain data that is not dynamically
linked to business activity (fixed), unable to be altered (inviolable), and may be non-
current (redundant). Therefore business systems are beyond the scope of this part
(see ISO1617-3: 2010, Information and documentation - Principles and functional
requirements for records in electronic office environments – Part 3: Guidelines and
functional requirements for records in business systems.).
The records within a digital records management system are, however, still dynamic
in the sense that they can be (re)used in new business activity/contexts, so new
metadata will be added through the ongoing use of the record content. Digital records
management systems provide the technological component of a framework for the
systematic and structured management of records; they link digital and non-digital
records to business activities, retain records of past actions, and fix the content and
structure of records over time.
The primary audience for this document is staff responsible for designing, reviewing
and/or implementing digital records management systems in organisations – whether
viii © ISO 2011 – All rights reserved

---------------------- Page: 8 ----------------------
ISO 16175-2:2011(E)
ICA/ADRI Guidelines and Functional Requirements for Digital Records Management Systems
those systems are commercial off-the-shelf digital records management software
applications, or custom-built applications.
This part primarily addresses the requirements of organisational records/information
managers or system procurement project leaders, but will be relevant for
jurisdictional standard-setters and the wider records management community.
Another key audience is software vendors and developers who market and/or
develop digital records management system products. This part is intended to inform
their decision-making when designing records management functionality within digital
records management products.



© ISO 2011 – All rights reserved ix

---------------------- Page: 9 ----------------------
ISO 16175-2:2011(E)
ICA/ADRI Guidelines and Functional Requirements for Digital Records Management Systems
1. SCOPE
The scope of this part is limited to products that are often termed ‘electronic records
management systems’ or ‘enterprise content management systems’. This part will
use the term digital records management systems for those software applications
whose primary function is records management. It does not seek to set requirements
for records still in use and held within business systems. Digital objects created by
email, word processing, spreadsheet and imaging applications (such as text
documents, and still or moving images), where they are identified to be of business
value, should be managed within digital records management systems which meet
the functional requirements set out in this part.
Records managed by a digital records management system may be stored on a
variety of different media formats, and may be managed in hybrid record
aggregations that include both digital and non-digital elements.
This part does not attempt to include requirements that are not specific to, or
necessary for, records management, for example, general system management and
design requirements. Nor does it include requirements common to all software
applications, such as performance, scalability and usability. Given the target
audience of this document, it also assumes a level of knowledge about developing
design specifications, procurement and evaluation processes, and therefore these
issues are not covered in this part. Although not included in this part’s requirements,
the importance of non-records management functional requirements for records
management systems is recognised through their inclusion in the high-level model
outlined in Section 4.2: Overview of functional requirements.
Specifications for the long-term preservation of digital records are also beyond the
scope of this part; this issue should be addressed separately within a dedicated
framework for digital preservation or ‘digital archiving’ at a strategic level. These
digital preservation considerations transcend the life of systems and are system
independent; they should be assessed in a specific migration and conversion plan at
the tactical level. However, recognition of the need to maintain records for as long as
they are required shall be addressed, and potential format obsolescence issues
should also be considered when applying the functional requirements.
This part articulates a set of functional requirements for digital records management
systems. These requirements apply to records irrespective of the media in which they
were created and/or stored. The requirements are intended to:
a) set out the processes and requirements for identifying and managing
records in digital records management systems;
b) set out the records management functionality to be included in a design
specification when building, upgrading or purchasing digital records
management systems software;
c) inform records management functional requirements in the selection of
commercially available digital records management systems; and
d) review the records management functionality of, or assess the compliance
of, an existing digital records management system.
© ISO 2011 – All rights reserved 1

---------------------- Page: 10 ----------------------
ISO 16175-2:2011(E)
ICA/ADRI Guidelines and Functional Requirements for Digital Records Management Systems
2. RELATED STANDARDS
The following documents are referenced for the application of this document.

ISO 15489-1:2001, Information and documentation — Records management — Part
1: General
ISO/TR 15801:2009, Document management — Information stored electronically —
Part 2: Recommendations for trustworthiness and reliability
ISO16175-1:2010, Information and documentation — Principles and functional
requirements for records in electronic office environments — Part 1: Overview and
statement of principles.
ISO1617-3:2010, Information and documentation - Principles and functional
requirements for records in electronic office environments – Part 3: Guidelines and
functional requirements for records in business systems.
ISO 23081-1:2006, Information and documentation — Records management
processes — Metadata for records — Part 1: Principles
ISO 23081-2:2009, Information and documentation — Managing metadata for
records — Part 2: Conceptual and implementation issues.
ISO 2788:1986, Documentation — Guidelines for the establishment and
development of monolingual thesauri.
ISO 5964:1985, Documentation — Guidelines for the establishment and
development of multilingual thesauri.
International Council on Archives, Principles and Functional Requirements for
Records in Electronic Office Environments, Part 1 — Overview and Statement of
Principles, 2008.
International Council on Archives, Principles and Functional requirements for
Records in Electronic Office Environments, Part 3 — Guidelines and Functional
Requirements for Records in Business information systems, 2008.
© ISO 2011 – All rights reserved
2

---------------------- Page: 11 ----------------------
ISO 16175-2:2011(E)
ICA/ADRI Guidelines and Functional Requirements for Digital Records Management Systems
3. TERMS AND DEFINITIONS

For the purposes of this document, the terms and definitions in ISO 15489-1:2001,
ISO/TR 15801:2009, ISO 23081-1:2006 and ISO 23081-2:2009, and the following
apply.

Term Definition
Activity The second level of a business classification scheme.
(business

activity)
NOTE 1 Activities are the major tasks performed by an
organisation to accomplish each of its functions. An activity is
identified by the name it is given and its scope note. The scope
of the activity encompasses all the transactions that take place
in relation to it. Depending on the nature of the transactions
involved, an activity may be performed in relation to one
function, or it may be performed in relation to many functions.

Aggregation Any accumulation of record entities at a level above record
object.

Business Business classification scheme
classification
The conceptual, hierarchical, representation of the functions
scheme (BCS)
and activities performed by an organisation.

NOTE 1 A Business classification scheme is usually a
taxonomy derived from the analysis of business activity.

Business An umbrella term covering all the functions, processes,
activity activities and transactions of an organisation and its
employees. Includes public administration as well as
commercial business.

© ISO 2011 – All rights reserved 3

---------------------- Page: 12 ----------------------
ISO 16175-2:2011(E)
ICA/ADRI Guidelines and Functional Requirements for Digital Records Management Systems
Term Definition
Business An automated system that creates or manages data about an
information organisation’s activities.
system
NOTE 1 Business information systems are (often multiple or

related) applications whose primary purpose is to facilitate
transactions between an organisational unit and its customers,
for example, an e-commerce system. client-relationship
management system, purpose-built or customised database,
finance or human resources systems.
NOTE 2 Business information systems typically contain
dynamic data, that is commonly subject to constant updates,
able to be manipulated and holds ‘current’ data.
NOTE 3 Although digital records management systems are
business information they differ from most others in that their
primary function is the management of records rather than to
facilitate a business process.

Classification The systematic identification and arrangement of business
activities and/or records into categories according to logically
structured conventions, methods and procedural rules
represented in a classification system.

NOTE 1 Classification includes determining document or file
naming conventions, user permissions and security restrictions
on records.

Component A set of constituent parts that comprises a digital record.

Compound A record that comprises multiple digital objects.
record

Destruction The process of eliminating or deleting records, beyond any
possible reconstruction.

NOTE 1 Destruction of digital records is a disposition process
whereby digital records and their metadata are permanently
removed, erased or obliterated as authorised and approved by
a disposition authority schedule.

Digital file A set of related digital records held in a tightly bound
relationship within the business system and managed as a
single object.

NOTE 1 A type of aggregation of digital records, also referred
to as a ‘container’.

© ISO 2011 – All rights reserved
4

---------------------- Page: 13 ----------------------
ISO 16175-2:2011(E)
ICA/ADRI Guidelines and Functional Requirements for Digital Records Management Systems
Term Definition
Digital object An object that can be represented by a computer, such as a file
type generated by a particular system or software application.

NOTE 1 A digital record may comprise one or more digital
objects.

Digital records An automated system whose primary function is to manage the
management creation, use, maintenance and disposition of digitally created
system records for the purposes of providing evidence of business
activities.

NOTE 1 These systems maintain appropriate contextual
information (metadata) and links between records.

Disposition A range of processes associated with implementing retention,
destruction or transfer decisions which are documented in
disposition or other instruments.

Function The highest level of a business classification scheme.

NOTE 1 Functions represent the major responsibilities that are
managed by the organisation to fulfil its goals.

Hybrid file A set of related digital files and physical files managed as a
single entity.

Hybrid record A record consisting of digital and non-digital components.

NOTE 1 The digital record and its associated records
management metadata is maintained within the digital records
management system together with the records management
metadata relating to the non-digital record.

© ISO 2011 – All rights reserved 5

---------------------- Page: 14 ----------------------
ISO 16175-2:2011(E)
ICA/ADRI Guidelines and Functional Requirements for Digital Records Management Systems
Term Definition
Marker Marker
A metadata profile of a record physically held outside of a
digital system.

NOTE 1 A marker may denote a physical record (such as a
large bound volume or building plan) or a digital record stored
on removable media (such as a CD-ROM or video).

NOTE 2 A marker may act as a representational link to a
relevant record within the digital records management system
to alert users to the existence of a relevant record that is
required to be accessible in more than one location.

Metadata Structured or semi-structured information, which enables the
creation, management and use of records through time and
within and across domains.

Record (noun) Information in any format created, received and maintained as
evidence and information by an organisation or person, in

pursuance of legal obligations or in the transaction of business.

Record A subdivision of the records classification scheme, which may
category be further subdivided into one or more lower-level record
categories.

NOTE 1 A record category is constituted of metadata which
may be inherited from the parent and passed on to a child.

NOTE 2 The full set of record categories, at all levels, together
constitutes the records classification scheme.

Records The field of management responsible for the efficient and
management systematic control of the creation, receipt, maintenance, use
and disposition of records, including processes for capturing
and maintaining evidence of, and information about, business
activities and transactions in the form of records.

Records Data that identifies authenticates and contextualises records
management and the people, processes and systems that create, manage,
metadata maintain and use them, and the policies that govern them.

© ISO 2011 – All rights reserved
6

---------------------- Page: 15 ----------------------
ISO 16175-2:2011(E)
ICA/ADRI Guidelines and Functional Requirements for Digital Records Management Systems
Term Definition
Records A framework to capture, maintain and provide access to
management evidence over time, as required by the jurisdiction in which it is
system implemented and in accordance with common business
practices.

NOTE 1 Records management systems include both records
practitioners and records users; a set of authorised policies,
assigned responsibilities, delegations of authority, procedures
and practices; policy statements, procedures manuals, user
guidelines and other documents which are used to authorise
and promulgate the policies, procedures and practices; the
records themselves; specialised information and records
systems used to control the records; and software, hardware
and other equipment, and stationery.

Redaction The process of masking or deleting information in a record.

System A user role with designated responsibility for configuring,
administrator monitoring and managing the business system and its use.

Thesaurus A records classification tool comprising an alphabetical
presentation of a controlled list of terms linked together by
semantic, hierarchical, associative or equivalence relationships.

NOTE 1 In a thesaurus, the meaning of a term is specified and
relationships to other terms are shown. A thesaurus should
provide sufficient entry points to allow users to navigate from
non-preferred terms to preferred terms adopted by the
organisation.

Taxonomy The classification of entities in an ordered system that indicates
natural relationships.

Tracking Creating, capturing and maintaining information about the
movement and use of records.

Transaction 1 The smallest unit of business activity. Uses of records are
themselves transactions.


NOTE 1 The third or lowest level in a business classification
scheme.

© ISO 2011 – All rights reserved 7

---------------------- Page: 16 ----------------------
ISO 16175-2:2011(E)
ICA/ADRI Guidelines and Functional Requirements for Digital Records Management Systems
Term Definition
Transfer A disposition process consisting of an export of digital records
and associated metadata to another system, application
organisation or agent,

NOTE 1 Records may be transferred from one organisation to
another following administrative change, from an organisation
to archival custody, from an organisation to a service provider,
from the government to the private sector or from one
government to another.

Volume A sub-division of a digital or non-digital aggregation.

NOTE 1 Also referred to as a ‘part’.

NOTE 2 A volume is usually a file part closed off due to size or
time period constraints, for example, ‘Expense claim forms
2007–2008’.





© ISO 2011 – All rights reserved
8

---------------------- Page: 17 ----------------------
ISO 16175-2:2011(E)
ICA/ADRI Guidelines and Functional Requirements for Digital Records Management Systems
4. GUIDELINES
4.1 Why implement a digital records management system?
4.1.1 What are record attributes?
A record is not just a collection of data, but is the consequence or product of an
event, business action or transaction, and therefore inextricably linked to business
activities. A distinguishing feature of records is that their content exists in a fixed
form, that is, a fixed representation of the business transaction. Records comprise
not only the informational content but also information about the context and
structure of the record. ISO 15489-1:2001, Information and documentation —
Records management — Part 1: General sets out the key attributes of a record and
the high level considerations and processes for managing records effectively and
should be a key reference document for implementing this part. The essential
records attributes can be summarised as;
a) Authenticity – the record can be proven to be what it purports to be, to
have been created or sent by the person that created or sent it, and to have
been created or sent at the time it is purported to have occurred.
b) Reliability – the record can be trusted as a full and accurate representation
of the transaction(s) to which they attest, and can be depended on in the
course of subsequent transactions.
c) Integrity – the record is complete and unaltered, and is fixed. This
characteristic is also referred to as ‘inviolability’.
d) Usability – the record can be located, retrieved, preserved and interpreted.
To maintain these records attributes effectively and reliably over time it is necessary
to implement a digital records management system.
4.1.2 What are digital records management system attributes?
The use of the term ’system’ in this document refers to a collection of computer
hardware and/or software and includes plug-ins or other Information Technology
system components. This is in contrast to the records management understanding of
the term, which encompasses the broader aspects of people, policies, procedures
and practices that combine to form an overall systematic approach. While the focus
of this part is primarily digital records management systems software applications,
organisations will need to pay attention to the wider aspects of records management
frameworks, policies and tools to ensure records can be appropriately managed. For
example, for a digital records management system to function effectively,
fundamental records management tools, such as disposition authorities and
information security classifications, have to be in place and operate within an
established records management culture within an organisation.
Typically, digital records management systems have the following attributes that seek
to ensure that key records characteristics are maintained:
a) creating and capturing records in context
© ISO 2011 – All rights reserved 9

---------------------- Page: 18 ----------------------
ISO 16175-2:2011(E)
ICA/ADRI Guidelines and Functional Requirements for Digital Records Management Systems
b) managing and maintaining records controls
c) maintaining records for as long as they are required
d) implementing records disposition.
e) the management of records management metadata.

4.1.3 Risks and benefits of implementing digital records management systems
4.1.3.1 Risks of not implementing digital records management systems
The risks of not implementing a digital records management system include:
− failure to meet legislative and regulatory requirements;
− embarrassment to your chief executive, brand, organisation, the
government and/or private individuals, especially if inability to manage
information competently is highlighted in the news media;
− poor strategic planning and poor decisions based on inaccurate
information;
− business critical information not accessible for the conduct of business,
dispute resolution, legal challenge or evidential purposes;
− loss of credibility, lowered public confidence, or financial or legislative
penalties through inability to produce records or provide evidence of
business activity when required in a timely manner;
− inability to provide evidence of the organisation’s activities or undertakings
with external organisations, clients or contractors;
− inconsistent and inefficient conduct of business;
− inability to exploit organisational information and knowledge to full
potential;
− unlawful disposition of records and inability to fully exploit corporate
knowledge and data;
− duplication of effort, and poor resource and asset management;
− reduced capability of demonstrating good perform
...