oSIST ISO/DIS 16175-1:2019
(Main)This document provides model, high-level functional requirements and associated guidance for software applications that are intended to manage digital records (including digital copies of analogue source records), either as the main purpose of the application or as a part of an application that is primarily intended to enable other business functions and processes.
It does not include:
— functional requirements for applications that manage analogue records;
— generic design requirements such as reporting, application administration and performance;
— requirements for the long-term preservation of digital records in a dedicated preservation environment;
NOTE The model requirements are intended to encourage the deployment of applications that do not hinder long-term preservation of records. As such, some of the requirements support long-term digital preservation outcomes.
— implementation guidance for applications that manages analogue and/or digital records. Such guidance can be found in ISO/TS 16175-2:—[1].
[1] Under development. Stage at the time of publication: ISO/DTS 16175-2:2020.
Information et documentation -- Principes et exigences fonctionnelles pour les enregistrements dans les environnements électroniques de bureau -- Partie 1: Aperçu et déclaration de principes
Le présent document fournit des exigences fonctionnelles modélisées d'ordre général ainsi que des recommandations concernant des applications logicielles conçues pour gérer des documents d'activité numériques (y compris des copies numériques de documents sources analogiques), soit pour des applications remplissant essentiellement cette fonction, soit pour des applications conçues pour soutenir d'autres fonctions et processus métier et qui intčgrent cette fonctionnalité.
Il ne couvre pas:
— les exigences fonctionnelles des applications de gestion de documents analogiques;
— les exigences de conception génériques, telles que la génération de rapports, l'administration des applications et les performances;
— les exigences relatives ŕ la conservation ŕ long terme des documents d'activité numériques dans un environnement de conservation dédié;
NOTE Les exigences du modčle visent ŕ encourager le déploiement d'applications qui ne font en aucun cas obstacle ŕ une conservation ŕ long terme des documents. Ŕ cet effet, certaines exigences produisent des résultats qui viennent ŕ l'appui d'une conservation numérique ŕ long terme;
— des recommandations de mise en œuvre d'applications qui gčrent des enregistrements analogiques et/ou numériques. Ces conseils peuvent ętre trouvés dans l'ISO/TS 16175-2:— [1].
[1] En cours d'elaboration. (Stade au moment de la publication ISO/DTR 16175-2:2020).
Informatika in dokumentacija - Procesi in funkcionalne zahteve za načrtovanje programske opreme za upravljanje zapisov - 1. del: Funkcionalne zahteve in navodilo za aplikacije, ki upravljajo digitalne zapise
General Information
RELATIONS
Standards Content (sample)
SLOVENSKI STANDARD
oSIST ISO/DIS 16175-1:2019
01-oktober-2019
Informatika in dokumentacija - Procesi in funkcionalne zahteve za načrtovanje
programske opreme za upravljanje zapisov - 1. del: Funkcionalne zahteve in
navodilo za aplikacije, ki upravljajo digitalne zapise
Information and documentation - Processes and functional requirements for software for
managing records - Part 1: Functional requirements and associated guidance for any
applications that manage digital recordsInformation et documentation -- Principes et exigences fonctionnelles pour les
enregistrements dans les environnements électroniques de bureau -- Partie 1: Aperçu et
déclaration de principesTa slovenski standard je istoveten z: ISO/DIS 16175-1:2019
ICS:
01.140.20 Informacijske vede Information sciences
35.080 Programska oprema Software
oSIST ISO/DIS 16175-1:2019 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
---------------------- Page: 1 ----------------------oSIST ISO/DIS 16175-1:2019
---------------------- Page: 2 ----------------------
oSIST ISO/DIS 16175-1:2019
DRAFT INTERNATIONAL STANDARD
ISO/DIS 16175-1
ISO/TC 46/SC 11 Secretariat: SA
Voting begins on: Voting terminates on:
2019-01-21 2019-04-15
Information and documentation — Processes and
functional requirements for software for managing
records —
Part 1:
Functional requirements and associated guidance for any
applications that manage digital records
Information et documentation — Principes et exigences fonctionnelles pour les enregistrements dans les
environnements électroniques de bureau —Partie 1: Aperçu et déclaration de principes
ICS: 01.140.20
THIS DOCUMENT IS A DRAFT CIRCULATED
FOR COMMENT AND APPROVAL. IT IS
THEREFORE SUBJECT TO CHANGE AND MAY
NOT BE REFERRED TO AS AN INTERNATIONAL
STANDARD UNTIL PUBLISHED AS SUCH.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL,
This document is circulated as received from the committee secretariat.
TECHNOLOGICAL, COMMERCIAL AND
USER PURPOSES, DRAFT INTERNATIONAL
STANDARDS MAY ON OCCASION HAVE TO
BE CONSIDERED IN THE LIGHT OF THEIR
POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN
Reference number
NATIONAL REGULATIONS.
ISO/DIS 16175-1:2019(E)
RECIPIENTS OF THIS DRAFT ARE INVITED
TO SUBMIT, WITH THEIR COMMENTS,
NOTIFICATION OF ANY RELEVANT PATENT
RIGHTS OF WHICH THEY ARE AWARE AND TO
PROVIDE SUPPORTING DOCUMENTATION. ISO 2019
---------------------- Page: 3 ----------------------
oSIST ISO/DIS 16175-1:2019
ISO/DIS 16175-1:2019(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2019
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2019 – All rights reserved
---------------------- Page: 4 ----------------------
oSIST ISO/DIS 16175-1:2019
ISO/DIS 16175-1:2019(E)
Contents Page
Foreword ..........................................................................................................................................................................................................................................v
Introduction ................................................................................................................................................................................................................................vi
1 Scope (mandatory) ............................................................................................................................................................................................. 1
2 Normative references (mandatory) .................................................................................................................................................. 1
3 Terms and definitions (mandatory) ................................................................................................................................................. 2
4 Key outcome areas and configuration options ...................................................................................................................... 2
4.1 Key outcome areas ............................................................................................................................................................................... 2
4.2 Key outcome areas in detail ......................................................................................................................................................... 3
4.2.1 Records capture and classification ................................................................................................................... 3
4.2.2 Records retention and disposition ................................................................................................................... 3
4.2.3 Records integrity and maintenance ................................................................................................................ 3
4.2.4 Records discovery, use and sharing ................................................................................................................. 3
4.3 Possible configuration options for managing records created in business applications ........ 3
5 Model high-level functional requirements for applications that manage digital records .......4
5.1 Requirements groupings ................................................................................................................................................................ 4
5.2 Obligation levels..................................................................................................................................................................................... 5
5.3 Requirements in detail ..................................................................................................................................................................... 5
6 Understanding the model functional requirements ....................................................................................................... 9
6.1 General ........................................................................................................................................................................................................... 9
6.2 Addressing records requirements in business applications ........................................................................10
6.2.1 The importance of records metadata ..........................................................................................................11
6.2.2 The meaning of ‘archiving’ ...................................................................................................................................11
6.3 Records characteristics that should be enabled by business applications ......................................11
6.3.1 Authenticity .......................................................................................................................................................................11
6.3.2 Reliability ............................................................................................................................................................................12
6.3.3 Integrity ................................................................................................................................................................................12
6.3.4 Useability .............................................................................................................................................................................12
6.4 Characteristics of business applications that manage records ..................................................................12
6.4.1 Secure .....................................................................................................................................................................................12
6.4.2 Compliant ............................................................................................................................................................................12
6.4.3 Comprehensive ...............................................................................................................................................................12
6.4.4 Systematic ...........................................................................................................................................................................12
6.5 Records entities and relationships .....................................................................................................................................12
6.5.1 Entity relationship models ...................................................................................................................................12
6.5.2 Business classification scheme .........................................................................................................................13
6.5.3 Aggregations of digital records ........................................................................................................................13
6.5.4 Digital records .................................................................................................................................................................14
6.5.5 Extracts .................................................................................................................................................................................14
6.5.6 Components ......................................................................................................................................................................14
7 Using the model functional requirements ..............................................................................................................................15
7.1 General ........................................................................................................................................................................................................15
7.2 Determining needs for evidence of events, transactions and decisions in business
applications (identifying the needs for records) ....................................................................................................15
7.2.1 Identify requirements for evidence of the business .......................................................................16
7.2.2 Analyse the work process .....................................................................................................................................16
7.2.3 Identify the content and its associated management information thatrecord the required evidence .............................................................................................................................16
7.2.4 Identify linkages and dependencies .............................................................................................................19
7.3 Reviewing, assessing and auditing existing business applications ........................................................20
7.3.1 Undertaking the review process .....................................................................................................................20
7.4 Risk assessment ..................................................................................................................................................................................21
© ISO 2019 – All rights reserved iii---------------------- Page: 5 ----------------------
oSIST ISO/DIS 16175-1:2019
ISO/DIS 16175-1:2019(E)
7.5 Determining functional requirements for managing records in an application
design specification .........................................................................................................................................................................22
7.6 Assessing options f or deploying functionality in one or more software applications ...........23
Annex A (informative) Example template for functional requirements.......................................................................27
Annex B (informative) Mapping of records principles to model functional requirements ......................31
Bibliography .............................................................................................................................................................................................................................32
iv © ISO 2019 – All rights reserved---------------------- Page: 6 ----------------------
oSIST ISO/DIS 16175-1:2019
ISO/DIS 16175-1:2019(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/patents).Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following
URL: www .iso .org/iso/foreword .html.This document was prepared by Technical Committee [or Project Committee] ISO/TC 46 Information and
documentation Subcommittee SC 11, Archives/records management.This second edition cancels and replaces the first edition (ISO 16175-2:2011 and ISO 16175-3:2010),
which has been technically revised.A list of all parts in the ISO ##### series can be found on the ISO website.
© ISO 2019 – All rights reserved v
---------------------- Page: 7 ----------------------
oSIST ISO/DIS 16175-1:2019
ISO/DIS 16175-1:2019(E)
Introduction
1.1 The case for management of records
Good management of records and information is fundamental to a well-functioning organization.
It supports business activity and provides a basis for efficient service delivery. It also provides the
mechanism for organizations to retain evidence of their decisions and actions for future reference and
to support business continuity. Good records practice is simply good business practice.
Managing records facilitates:a) efficiency, by making information readily available when needed for decision-making and
operational purposes and to support information reuse and innovation;b) sound use of financial resources, by allowing timely disposition of non-current records;
c) accountability, by enabling the creation of complete and authoritative records of activities;
d) compliance, by demonstrating that legal requirements have been met; ande) risk mitigation, by managing the risks associated with unlawful loss or destruction of records, and
from inappropriate or unauthorised access to records.Today in most organizations business is transacted and enabled by a variety of software applications. If
organizations are to capture and manage reliable records of their business activities it is vital that their
line-of-business applications incorporate good records functionality as part of their design. Making and
keeping records should be an organic and natural part of business processes.1.2 Purpose of this document
This document provides model, high-level functional requirements, with associated explanatory
information and usage guidance, for any software applications that are intended to manage digital
records. Part 2 (the companion document to this Part) provides process guidance on how to select/
design, implement and maintain software for managing records within organizations.
For the purpose of presenting model functional requirements, this document makes no distinction
between software applications that are used for any business purpose and those applications
specifically intended and designed to manage records. Examples of the former include Enterprise
Content Management Systems and applications which create records as one part of their functionality
such as Contracts Management Systems, Case Management Systems or transactional systems. The
term used throughout is therefore “Business application”, which is intended to encapsulate the totality
of applications that manage records as part of their usual functioning. It is assumed that almost all
business applications will generate data that will need to serve as evidence of business activity for
future reference and as such will, inter alia, need to create, store and manage records. The purpose of
this document is to assist the developers and implementers of those applications to identify and deploy
functional requirements that will help ensure that the data generated and held in such applications can
serve as adequate records of business activity.Many business applications generate and store data that may be subject to constant updating (dynamic),
able to be transformed (manipulable) and only contain current data (non-redundant). While business
requirements for dynamic, manipulable and non-redundant data may be entirely legitimate, if records
are to serve as reliable evidence of business activity they need to be fixed and inviolable. That is,
systems and processes need to be able to guarantee the reliability and authenticity of the records as
evidence of past business activity.Organizations deploy software applications to automate business activities and transactions. The
digital information generated by an application may serve as the only evidence or record of the process
or transaction, despite the application not being designed specifically for the purpose of managing
records. Without evidence of these activities, organizations are exposed to risk and may be unable
to meet legislative, accountability, business and community expectations. Because of the dynamic
vi © ISO 2019 – All rights reserved---------------------- Page: 8 ----------------------
oSIST ISO/DIS 16175-1:2019
ISO/DIS 16175-1:2019(E)
and manipulable nature of the data in business applications, the capture of records and the ongoing
management of their fixity, authenticity, reliability, integrity and useability can be challenging.
The functional requirements presented in this document do not necessarily all need to be met by a
single software application. It may be more cost effective for the requirements to be satisfied by
multiple software applications that collectively work together within an organization, or across
multiple organizations, to enable the conduct of business. Guidance on these issues can be found in
Clause 8.5. In addition, some requirements could be satisfied outside applications through processes
and procedures.In addition to providing model high-level functional requirements for records in business applications,
this document provides guidance on identifying and addressing the needs for records. It aims to:
— help organizations understand requirements for managing digital records as they relate to software
applications used by organizations;— assist IT and business specialists to include records considerations in applications design and/or
procurement; and— assess the capabilities of existing business applications to manage records, including helping to
identify gaps or areas of risk in the current functionality of those applications.
This document is part of a suite of records system implementation guidance that supports the core
international records management standard, ISO 15489-1:2016. The utility and characteristics of
records systems are explained in that standard.1.3 Audience
The primary audience for this document is professionals responsible for designing, developing,
procuring, reviewing and/or implementing software applications, such as business analysts,
applications developers, solution architects and IT procurement decision-makers. The audience also
includes records professionals who are involved in advising or assisting in such processes.
Role PurposeSolution architects/ Ensure IT applications infrastructure supports the RM requirements.
designersIT Procurement deci- Ensure procurement process meets these requirements
sion-makers
Developers Build application and support system tester during functional specification de-
velopment and test phase. Includes software vendors and developers who wishto incorporate records functionality within their products, both commercial or
open source
Business Analysts Develop technical specifications; initiate/collate feedback and walkthrough.
Submit specification for sign-off and pass over to developer. Update any changesto specification after sign-off (e.g. changes that are agreed during test phase),
if required.Application testers Develop test plans, test conditions/cases and execute tests. Analyse test results,
log any failures and retest once fix has been applied and built to test environment.
Business owners For solution-specific requirements. Review and confirm application requirements
meet business objectives. Provide the business rules/processes/requirements tothe business analyst during the software specification development and test phases.
Records management Advising and assisting the business in the processes of defining RM requirements
professionalsGiven the target audience for this document, the use of terminology that is specific to records
professionals has been minimised as far as possible. Where the use of such terminology is unavoidable
it is explained and/or defined (in clause 4 below).© ISO 2019 – All rights reserved vii
---------------------- Page: 9 ----------------------
oSIST ISO/DIS 16175-1:2019
ISO/DIS 16175-1:2019(E)
1.4 Structure of this document
Sections 1-4 (Introduction; Scope; Normative References; Terms and Definitions) are standard ISO
sections. Key concepts and requirements are set out in Sections 5 and 6, while Sections 7 and 8 provide
more context and information on how the requirements might be used. Annex A provides a template for
developing requirements for use in an implementation context in an organization.viii © ISO 2019 – All rights reserved
---------------------- Page: 10 ----------------------
oSIST ISO/DIS 16175-1:2019
DRAFT INTERNATIONAL STANDARD ISO/DIS 16175-1:2019(E)
Information and documentation — Processes and
functional requirements for software for managing
records —
Part 1:
Functional requirements and associated guidance for any
applications that manage digital records
1 Scope (mandatory)
This document provides model, high-level functional requirements and associated guidance for
software applications that are intended to manage digital records (including digital copies of analogue
source records), either as the main purpose of the application or as a part of an application that is
primarily intended to enable other business activities.It does not include:
— functional requirements for applications that manage analogue records
— generic design requirements such as reporting, application administration and performance
— requirements for the long-term preservation of digital records in a dedicated preservation
environment. It should be noted, however, that the model requirements are intended to encourage
the deployment of applications that do not hinder long-term preservation of records. As such, some
of the requirements support long-term digital preservation outcomes.— implementation guidance for applications that will capture and/or manage records. Such guidance
can be found in Part 2 of ISO 16175.Assumption:
The requirements in this standard assume that the organization has undertaken or will undertake
precursor business analysis as outlined in Section 8.1 Determining needs for evidence of events,
transactions and decisions in business applications. Not all information contained in a business application
will necessarily be required to be recorded as evidence. Before reviewing, designing, building or
purchasing business applications, it is necessary to determine the organization’s needs for records in
order to develop and deploy appropriate strategies.2 Normative references (mandatory)
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 15489-1:2016, Information and documentation — Records management — Part 1: Concepts and
principlesISO/TR 21946:2019, Information and documentation — Records management – Appraisal for records
ISO 23081-1:2017, Information and documentation — Records management processes — Metadata for
records — Part 1: Principles© ISO 2019 – All rights reserved 1
---------------------- Page: 11 ----------------------
oSIST ISO/DIS 16175-1:2019
ISO/DIS 16175-1:2019(E)
ISO 23081-2:2009, Information and documentation — Managing metadata for records — Part 2:
Conceptual and implementation issuesISO 30300, Information and documentation — Management systems for records — Fundamentals and
vocabulary[Note: this publication is in the process of being revised and updated]
3 Terms and definitions (mandatory)ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform : available at http: //www .iso .org/obp— IEC Electropedia : available at http: //www .electropedia .org
4 Key outcome areas and configuration options
4.1 Key outcome areas
The functional requirements in this standard focus on the outcomes required to ensure records are
managed appropriately. How to achieve the outcomes will depend on the type of application being used.
Figure 1 — Key outcome areas2 © ISO 2019 – All rights reserved
---------------------- Page: 12 ----------------------
oSIST ISO/DIS 16175-1:2019
ISO/DIS 16175-1:2019(E)
4.2 Key outcome areas in detail
4.2.1 Records capture and classification
Software applications that enable business activities or transactions should be able to capture and/or
import/ingest evidence of those activities. This involves identifying sets of digital information to serve
as records. Records have to be linked to their business context using metadata.4.2.2 Records retention and disposition
Records shall be kept and remain accessible to authorized users for as long as required for legislative,
community and business needs. In conformance with authorized disposition authorities, records
should be retained and disposed of in a managed, systematic and auditable way.4.2.3 Records integrity and maintenance
Business applications should be able to register any interactions with or changes to the records. This
includes the responsible agent, a timestamp and details on the changes. The registered events should
be persistently linked to the records for as long as these exist.4.2.4 Records discovery, use and sharing
Business applications should enable searching, retrieval, rendering, use, sharing and redaction of
records for authorized users. They should also support interoperability across platforms and domains
and over time.4.3 Possible configuration options for managing records created in business
applications
Before using the functional requirements, organizations should consider the extent to which
functionality for records will be provided through internal mechanisms within a business application
itself, or whether the requirements will be met by interacting with external software applications that
are capable of providing the necessary records management functionality.The mandatory functional requirements in this document outline the core records processes that shall
be addressed. Options to implement these requirements may include:1. designing the business application to internally perform the records management functions;
2. integrating with a dedicated records management application, such as an electronic records
management system (ERMS); or3. designing export functionality i
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.