oSIST ISO/DIS 16175-1:2019

SLOVENSKI STANDARD
oSIST ISO/DIS 16175-1:2019
01-oktober-2019
Informatika in dokumentacija - Procesi in funkcionalne zahteve za načrtovanje
programske opreme za upravljanje zapisov - 1. del: Funkcionalne zahteve in
navodilo za aplikacije, ki upravljajo digitalne zapise

Information and documentation - Processes and functional requirements for software for

managing records - Part 1: Functional requirements and associated guidance for any

enregistrements dans les environnements électroniques de bureau -- Partie 1: Aperçu et

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

Information et documentation — Principes et exigences fonctionnelles pour les enregistrements dans les

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

Foreword ..........................................................................................................................................................................................................................................v

Introduction ................................................................................................................................................................................................................................vi

1 Scope (mandatory) ............................................................................................................................................................................................. 1

2 Normative references (mandatory) .................................................................................................................................................. 1

3 Terms and definitions (mandatory) ................................................................................................................................................. 2

4 Key outcome areas and configuration options ...................................................................................................................... 2

4.1 Key outcome areas ............................................................................................................................................................................... 2

4.2 Key outcome areas in detail ......................................................................................................................................................... 3

4.2.1 Records capture and classification ................................................................................................................... 3

4.2.2 Records retention and disposition ................................................................................................................... 3

4.2.3 Records integrity and maintenance ................................................................................................................ 3

4.2.4 Records discovery, use and sharing ................................................................................................................. 3

4.3 Possible configuration options for managing records created in business applications ........ 3

5 Model high-level functional requirements for applications that manage digital records .......4

5.1 Requirements groupings ................................................................................................................................................................ 4

5.2 Obligation levels..................................................................................................................................................................................... 5

5.3 Requirements in detail ..................................................................................................................................................................... 5

6 Understanding the model functional requirements ....................................................................................................... 9

6.1 General ........................................................................................................................................................................................................... 9

6.2 Addressing records requirements in business applications ........................................................................10

6.2.1 The importance of records metadata ..........................................................................................................11

6.2.2 The meaning of ‘archiving’ ...................................................................................................................................11

6.3 Records characteristics that should be enabled by business applications ......................................11

6.3.1 Authenticity .......................................................................................................................................................................11

6.3.2 Reliability ............................................................................................................................................................................12

6.3.3 Integrity ................................................................................................................................................................................12

6.3.4 Useability .............................................................................................................................................................................12

6.4 Characteristics of business applications that manage records ..................................................................12

6.4.1 Secure .....................................................................................................................................................................................12

6.4.2 Compliant ............................................................................................................................................................................12

6.4.3 Comprehensive ...............................................................................................................................................................12

6.4.4 Systematic ...........................................................................................................................................................................12

6.5 Records entities and relationships .....................................................................................................................................12

6.5.1 Entity relationship models ...................................................................................................................................12

6.5.2 Business classification scheme .........................................................................................................................13

6.5.3 Aggregations of digital records ........................................................................................................................13

6.5.4 Digital records .................................................................................................................................................................14

6.5.5 Extracts .................................................................................................................................................................................14

6.5.6 Components ......................................................................................................................................................................14

7 Using the model functional requirements ..............................................................................................................................15

7.1 General ........................................................................................................................................................................................................15

7.2 Determining needs for evidence of events, transactions and decisions in business

applications (identifying the needs for records) ....................................................................................................15

7.2.1 Identify requirements for evidence of the business .......................................................................16

7.2.2 Analyse the work process .....................................................................................................................................16

record the required evidence .............................................................................................................................16

7.2.4 Identify linkages and dependencies .............................................................................................................19

7.3 Reviewing, assessing and auditing existing business applications ........................................................20

7.3.1 Undertaking the review process .....................................................................................................................20

7.4 Risk assessment ..................................................................................................................................................................................21

design specification .........................................................................................................................................................................22

7.6 Assessing options f or deploying functionality in one or more software applications ...........23

Annex A (informative) Example template for functional requirements.......................................................................27

Annex B (informative) Mapping of records principles to model functional requirements ......................31

Bibliography .............................................................................................................................................................................................................................32

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

Any trade name used in this document is information given for the convenience of users and does not

For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following

This document was prepared by Technical Committee [or Project Committee] ISO/TC 46 Information and

This second edition cancels and replaces the first edition (ISO 16175-2:2011 and ISO 16175-3:2010),

Good management of records and information is fundamental to a well-functioning organization.

It supports business activity and provides a basis for efficient service delivery. It also provides the

mechanism for organizations to retain evidence of their decisions and actions for future reference and

to support business continuity. Good records practice is simply good business practice.

a) efficiency, by making information readily available when needed for decision-making and

b) sound use of financial resources, by allowing timely disposition of non-current records;

c) accountability, by enabling the creation of complete and authoritative records of activities;

e) risk mitigation, by managing the risks associated with unlawful loss or destruction of records, and

Today in most organizations business is transacted and enabled by a variety of software applications. If

organizations are to capture and manage reliable records of their business activities it is vital that their

line-of-business applications incorporate good records functionality as part of their design. Making and

This document provides model, high-level functional requirements, with associated explanatory

information and usage guidance, for any software applications that are intended to manage digital

records. Part 2 (the companion document to this Part) provides process guidance on how to select/

design, implement and maintain software for managing records within organizations.

For the purpose of presenting model functional requirements, this document makes no distinction

between software applications that are used for any business purpose and those applications

specifically intended and designed to manage records. Examples of the former include Enterprise

Content Management Systems and applications which create records as one part of their functionality

such as Contracts Management Systems, Case Management Systems or transactional systems. The

term used throughout is therefore “Business application”, which is intended to encapsulate the totality

of applications that manage records as part of their usual functioning. It is assumed that almost all

business applications will generate data that will need to serve as evidence of business activity for

future reference and as such will, inter alia, need to create, store and manage records. The purpose of

this document is to assist the developers and implementers of those applications to identify and deploy

functional requirements that will help ensure that the data generated and held in such applications can

Many business applications generate and store data that may be subject to constant updating (dynamic),

able to be transformed (manipulable) and only contain current data (non-redundant). While business

requirements for dynamic, manipulable and non-redundant data may be entirely legitimate, if records

are to serve as reliable evidence of business activity they need to be fixed and inviolable. That is,

systems and processes need to be able to guarantee the reliability and authenticity of the records as

Organizations deploy software applications to automate business activities and transactions. The

digital information generated by an application may serve as the only evidence or record of the process

or transaction, despite the application not being designed specifically for the purpose of managing

records. Without evidence of these activities, organizations are exposed to risk and may be unable

to meet legislative, accountability, business and community expectations. Because of the dynamic

and manipulable nature of the data in business applications, the capture of records and the ongoing

management of their fixity, authenticity, reliability, integrity and useability can be challenging.

The functional requirements presented in this document do not necessarily all need to be met by a

single software application. It may be more cost effective for the requirements to be satisfied by

multiple software applications that collectively work together within an organization, or across

multiple organizations, to enable the conduct of business. Guidance on these issues can be found in

Clause 8.5. In addition, some requirements could be satisfied outside applications through processes

In addition to providing model high-level functional requirements for records in business applications,

this document provides guidance on identifying and addressing the needs for records. It aims to:

— help organizations understand requirements for managing digital records as they relate to software

— assist IT and business specialists to include records considerations in applications design and/or

— assess the capabilities of existing business applications to manage records, including helping to

identify gaps or areas of risk in the current functionality of those applications.

This document is part of a suite of records system implementation guidance that supports the core

international records management standard, ISO 15489-1:2016. The utility and characteristics of

The primary audience for this document is professionals responsible for designing, developing,

procuring, reviewing and/or implementing software applications, such as business analysts,

applications developers, solution architects and IT procurement decision-makers. The audience also

includes records professionals who are involved in advising or assisting in such processes.

Solution architects/ Ensure IT applications infrastructure supports the RM requirements.

Developers Build application and support system tester during functional specification de-

Business Analysts Develop technical specifications; initiate/collate feedback and walkthrough.

to specification after sign-off (e.g. changes that are agreed during test phase),

Application testers Develop test plans, test conditions/cases and execute tests. Analyse test results,

log any failures and retest once fix has been applied and built to test environment.

Business owners For solution-specific requirements. Review and confirm application requirements

the business analyst during the software specification development and test phases.

Records management Advising and assisting the business in the processes of defining RM requirements

Given the target audience for this document, the use of terminology that is specific to records

professionals has been minimised as far as possible. Where the use of such terminology is unavoidable

Sections 1-4 (Introduction; Scope; Normative References; Terms and Definitions) are standard ISO

sections. Key concepts and requirements are set out in Sections 5 and 6, while Sections 7 and 8 provide

more context and information on how the requirements might be used. Annex A provides a template for

This document provides model, high-level functional requirements and associated guidance for

software applications that are intended to manage digital records (including digital copies of analogue

source records), either as the main purpose of the application or as a part of an application that is

— generic design requirements such as reporting, application administration and performance

— requirements for the long-term preservation of digital records in a dedicated preservation

environment. It should be noted, however, that the model requirements are intended to encourage

the deployment of applications that do not hinder long-term preservation of records. As such, some

— implementation guidance for applications that will capture and/or manage records. Such guidance

The requirements in this standard assume that the organization has undertaken or will undertake

precursor business analysis as outlined in Section 8.1 Determining needs for evidence of events,

transactions and decisions in business applications. Not all information contained in a business application

will necessarily be required to be recorded as evidence. Before reviewing, designing, building or

purchasing business applications, it is necessary to determine the organization’s needs for records in

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO 15489-1:2016, Information and documentation — Records management — Part 1: Concepts and

ISO/TR 21946:2019, Information and documentation — Records management – Appraisal for records

ISO 23081-1:2017, Information and documentation — Records management processes — Metadata for

ISO 23081-2:2009, Information and documentation — Managing metadata for records — Part 2:

ISO 30300, Information and documentation — Management systems for records — Fundamentals and

vocabulary[Note: this publication is in the process of being revised and updated]

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

The functional requirements in this standard focus on the outcomes required to ensure records are

managed appropriately. How to achieve the outcomes will depend on the type of application being used.

Software applications that enable business activities or transactions should be able to capture and/or

import/ingest evidence of those activities. This involves identifying sets of digital information to serve

Records shall be kept and remain accessible to authorized users for as long as required for legislative,

community and business needs. In conformance with authorized disposition authorities, records

Business applications should be able to register any interactions with or changes to the records. This

includes the responsible agent, a timestamp and details on the changes. The registered events should

Business applications should enable searching, retrieval, rendering, use, sharing and redaction of

records for authorized users. They should also support interoperability across platforms and domains

Before using the functional requirements, organizations should consider the extent to which

functionality for records will be provided through internal mechanisms within a business application

itself, or whether the requirements will be met by interacting with external software applications that

The mandatory functional requirements in this document outline the core records processes that shall

1. designing the business application to internally perform the records management functions;

2. integrating with a dedicated records management application, such as an electronic records