IMS 5047 MANAGING BUSINESS RECORDS

Similar documents
IMS 5047 MANAGING BUSINESS RECORDS

TOPIC 5. Design and Implementation of a Recordkeeping System

Sydney Opera House Policy

A tool for assessing your agency s information and records management

AS/NZS ISO and AS/NZS ISO Management systems for records. Presented by Judith Ellis

Recordkeeping Standards

Records Management Policy

Relationship between ISO/TC 46/SC 11 Archives/records management and IT-021 Records and Document Management Systems committees in standardisation

Records and Information Management Framework. Government Records Office Archives of Manitoba

AS/NZS ISO 30301:2012

ISO/TR TECHNICAL REPORT. Information and documentation Records management Part 2: Guidelines

Lecture 8 Functional Analysis and Record Keeping

Marketing Best Practice Records Management. Kemal Hasandedic MBII GDDM MRMA National President RMAA

RECORDS MANAGEMENT FRAMEWORK

What is ISO 30300? Who, when, where, why and how to implement

AS/NZS 10002:2014. Australian/New Zealand Standard. Guidelines for complaint management in organizations AS/NZS 10002:2014

Archivists at Risk: Accountability and the Role of the Professional Society. Glenda Acland and Sue McKemmish

TRANSLINK RECORDS MANAGEMENT POLICY

Recordkeeping for Good Governance Toolkit. GUIDELINE 13: Digital Recordkeeping Readiness Self-assessment Checklist for Organisations

NUS RECORDS MANAGEMENT POLICY. Ver 1.6

Standards for Establishing

Integrated information and records systems, processes and practices

Introduction. Regulatory Programme Overview

ISO Information and documentation Management systems for records Fundamentals and vocabulary

The National Archives Records Management Guides

RECORDS MANAGEMENT KNOWLEDGE MANAGEMENT INFORMATION MANAGEMENT

Monitoring recordkeeping performance

Information and documentation Records management. Part 1: Concepts and principles

STEP F DESIGN OF A RECORDKEEPING SYSTEM

Records Disposal Schedule Charles Darwin University Procurement Services Charles Darwin University

Roche Group Records Management Directive V2.0

INFORMATION AND RECORDS MANAGEMENT POLICY

ISO 14001:2015. EMS Manual.

Title: Corrected Frequently asked questions on ISO/DIS and ISO/DIS documents.

University College Cork National University of Ireland, Cork Records Management Policy Version 1.0

PROOF/ÉPREUVE A ISO INTERNATIONAL STANDARD. Environmental management systems Specification with guidance for use

Australian/New Zealand Standard

Implementation Practices for the Archiving and Compliance Infrastructure

Maintain business records

Records Disposal Schedule Higher Education Teaching and Learning Charles Darwin University

Author McKemmish, Sue Year 1997 Title Yesterday, Today and Tomorrow: A Continuum of Responsibility Publication Details

One consolidated view of information management references

RISK MANAGEMENT GUIDELINES

RECORDS MANAGEMENT AND THE ARCHIVING AND RETENTION OF PRIME DOCUMENTS AND BUSINESS RECORDS

Establishing a high standard for electronic records management within the Australian public sector

NATO UNCLASSIFIED Releasable to ALBANIA/CROATIA 6 February 2009 DOCUMENT C-M(2009)0021 (INV) Silence Procedure ends: 2 Mar :00

Quality Sign off for Internal Audit Engagement. Name of Audit

A Unified Model of the Life Cycle of Records: Bringing Together Different Perspectives. Hans Hofman

Asset management Management systems Requirements

This document is a preview generated by EVS

Systems and software engineering Software life cycle processes

AS AS Australian Standard. Fire safety audits. This is a free 7 page sample. Access the full version online.

This document is a preview generated by EVS

ISO/IEC JTC 1 N 10998

Technical Specification

R. Scott Murchison, CRM Kaizen InfoSource LLC SVP, Information Management Services

Records Management Procedures Manual

POLICY. TITLE POLICY Records Management Policy. roxbycouncil POLICY RECORDS MANAGEMENT Policy Date Latest Review Changes

SQF 2000 Guidance. Guidance for Food Sector Category 4 Fresh Produce Pack House Operations. 1st Edition

Adult Migrant English Program Research Centre Quality Assurance Policy

Records Management Policy

Virginia Department of Environmental Quality EMS Manual

Specific Accreditation Criteria

Stellenbosch University Records Management Policy

Audit Committee Charter

DOCUMENTS AND RECORDS MANAGEMENT COMPLIANCE

Aligning Records Management with ICT/ e-government and Freedom of Information in East Africa

INTERNATIONAL STANDARD

Guideline Asset Management

UK Research and Innovation (UKRI) Records Management Policy

General Accreditation Guidance. ISO/IEC 17025:2017 Gap analysis. April 2018

Energy management systems Requirements with guidance for use

Records Management Policy

Information Governance and Records Management Policy March 2014

Manchester Metropolitan University. Records Management. Policy

AUSTRALIAN SOCIETY OF ARCHIVISTS ARCHIVES AND LIBRARIES IN THE DIGITAL AGE

The RIM Professional s Bookshelf

TECHNICAL GOVERNANCE AND ADVISORY STRUCTURES FOR THE STANDARDS DEVELOPMENT PROCESS

Specific Accreditation Criteria Infrastructure and Asset Integrity ISO/IEC and ISO/IEC Annex. Lifting equipment assessment

Australian/New Zealand Standard

TasNetworks. Asset Management Policy. August 2016 Version Number 2.0. Trusted by our customers to deliver today and create a better tomorrow.

ONRSR Guideline. Asset Management

Records disposal schedule

AUGMENTED REALITY & VIRTUALITY WORKSHOP

Australian Standard. Guidelines for the selection of quality management system consultants and use of their services AS ISO ISO 10019:2005

AS/NZS 4804:2001. Occupational health and safety management systems. General guidelines on principles, systems and supporting techniques

Long-Term Preservation (LTP) of Digital Information: City of Toronto Case Study

Introduction GUIDELINES FOR THE SELECTION OF AN ELECTRONIC DOCUMENTS AND RECORDS MANAGEMENT SYSTEM

Records Management Policy

AS/NZS ISO 9001:2016. Quality management systems Requirements AS/NZS ISO 9001:2016. Australian/New Zealand Standard. Superseding AS/NZS ISO 9001:2008

COMPLIANCE MANAGEMENT FRAMEWORK FOR VICTORIA UNIVERSITY

ISO & ISO TRAINING DAY 4 : Certifying ISO 37001

ONRSR Guideline. Investigation Reports by Rail Transport Operators

Quality Improvement Policy

Internal Control Policy of IDGC of Centre, JSC

Government Online. Online Survey Round 4. Government Online Survey: Round 4. Introduction

Asset management Overview, principles and terminology

Certified Information Professional 2016 Update Outline

AS/NZS ISO 9000:2000 Quality management systems Fundamentals and vocabulary

Corporate Information CMP

Transcription:

1 IMS 5047 MANAGING BUSINESS RECORDS TOPIC 1 - Introduction to the Course and to Recordkeeping Frameworks Week Two: The Framework Standards and the Records Continuum Model: - The Records Continuum - AS ISO 15489.1 & 2 Records Management - DIRKS methodology - Other standards. Reading Definitely read: Sue McKemmish, Yesterday, Today and Tomorrow: A Continuum of Responsibility, 1997 http://www.sims.monash.edu.au/research/rcrg/publications/recordscontinuum/smckp2.html If you want to look at this further, see Frank s article written for records and information managers: F.Upward, Modelling the continuum as paradigm shift in recordkeeping and archiving processes, and beyond a personal reflection. Submitted & unchanged draft Records Management Journal, Vol 10, No 3, Dec 2000, UK. Plus: Frank Upward, 'Structuring the Records Continuum, Part One: Postcustodial Principles and Properties', Archives and Manuscripts, Vol. 24, No. 2, Nov. 1996, pp.268-285. http://www.sims.monash.edu.au/research/rcrg/publications/recordscontinuum/fupp1.html Frank Upward, 'Structuring the Records Continuum, Part Two: Structuration Theory and the Records Continuum', Archives and Manuscripts, Vol. 25, No.1, May 1997, pp.10-35 http://www.sims.monash.edu.au/research/rcrg/publications/recordscontinuum/fupp2.html You should have a look at: AS ISO 15489.1 2002 & AS ISO 15489.2 2002: Records Management. State Records NSW - DIRKS manual 2003 http://www.records.nsw.gov.au/ The Records Continuum Extracts from Sue McKemmish s paper, 1997. Continuum: A continuing thing, quantity, or substance; a continuous series of elements passing into each other. (The Shorter Oxford English Dictionary)

2 recordkeeping regimes capture, manage, preserve and re-present records as evidence of social and business activity for business, social and cultural purposes for as long as they are of value, whether that be for a nanosecond or a millenium. In contrast, The life cycle model argues that there are clearly definable stages in recordkeeping, and creates a sharp distinction between current and historical recordkeeping. The records continuum, on the other hand, has provided Australian records managers and archivists with a way of thinking about the integration of recordkeeping and archiving processes. The life cycle model sees records passing through stages until they eventually 'die', except for the 'chosen ones' that are reincarnated as archives. A continuum-based approach suggests integrated time- space dimensions. Records are 'fixed' in time and space from the moment of their creation, but recordkeeping regimes carry them forward and enable their use for multiple purposes by delivering them to people living in different times and spaces. In Australia, the records continuum has provided a way of articulating a mission that brings together records managers and archivists under the recordkeeping umbrella. Records continuum thinking focuses on the unifying purposes shared by all recordkeeping professionals, defined as to do with the delivery of frameworks for accountable recordkeeping regimes that enable access to essential, useable evidence of social and business activity in the business, social and cultural domains. Two articles for you to read on this Sue s very clear explanation of the recordkeeping continuum, and for more experienced students see Frank s articles in the reading list. You will see how the recordkeeping continuum model informs the shape of AS ISO 15489, DIRKS, and our later discussion about the functionality of recordkeeping systems. Standards Different kinds of standards 1. Those issued by a standards body, eg. Standards Aust, or ISO. - They are the outcome of a defined industry need. - They are developed by industry. - They are agreed to by industry. Standards are accepted specifications or codes of practice which define materials, methods, processes and practices. They provide a basis for determining consistent and acceptable minimum levels of quality, performance, safety and reliability. We know about Design Standards (or Codes) eg, engineering and building projects. Or Safety Standards which provide guidance on safety in health, life and property matters. There are also competency standards setting benchmarks for qualifications in certain disciplines (see below) AS ISO 15489 = a System Standard which specifies requirements for the development and implementation of management systems. 2. Those issued by an industry.

3 3. Those issued by a regulatory authority or under a regulatory requirement, eg. TGA, or a public record office, eg. PROV, State Records NSW, food management standards under the Food Act. 4. Those issued by an organisation for its own use. Week 1 we looked at multiple reasons for using a corporate recordkeeping framework, eg. business reasons, compliance reasons, R & D, etc. A standards framework, such as AS ISO 15489 or those issued by Public Records Offices provides the basis for developing that corporate recordkeeping framework. AS ISO 15489.1 & 2 Records Management Role of AS ISO 15489 Corporate information is captured. A consistent recordkeeping regime supports day-to-day business operations. Info is captured, accessible, re-usable. Work does not need to be redone. You can account for what you said or did last week, or last year. Records can be found when needed, discovery is not based on who knows what. Links with using information to build & share knowledge. It provides the infrastructure for keeping adequate evidence of business, evidence which : Can be used for improving your business - performance, R&D, customer service, etc. Supports your policy development & decision-making Enables you to meet regulatory requirements, audit & protects you in litigation or other dispute. 15489 is also a framework for organisational & individual efficiency. You know what you should be creating, it is captured into a system, it is findable, it can be related to other relevant information, you can share info, you can reduce duplication of effort. It lets you: Identify what are your compliance requirements Define what records should you be creating & managing, and for how long. Do you need a corporate system (technol) to support this? Identifies what business rules are required. AS ISO 15489 supports other standards: Where legislation, standards or codes require evidence of an activity, eg. appropriate manufacturing process, or correct training of staff, or asset purchase/sales, or health case management, etc. then 15489 provides the framework of how to create, store, manage, access, & retain that evidence for the appropriate length of time. Many standards are used to guide aspects of an organisation s operations, eg. AS/NZ ISO 9000: 2000 Quality Management Systems. And they say that records must be kept. But they don t say what, or how, or what to do with them for how long. Records are proof of compliance with other standards. AS ISO 15489 framework for recordkeeping meets the records or document management requirements of other standards.

4 EG. AS/NZ ISO 9000: 2000 Quality Management Systems. Scope(p1) shows that when implementing a quality system, organisations are wanting to achieve: the ability to demonstrate compliance the ability to improve business process & meet accountability requirements. Records are one of the prime means by which an organisation can demonstrate its ability to consistently provide product (or service) that meets customer and applicable regulatory requirements. EG. New Corporate Governance Standard (AS 8000-8004: 2003) cover : good governance principles, fraud & corruption control, organisational codes of conduct, corporate social responsibility, whistleblowing systems for org ns. This set of docs clearly requires good r/keeping as evidence of the organisation s compliance activities, including violations & the steps to fix them. AS ISO 15489 = 2 parts: Pt 1 = General (the actual standard) 27+ pp Pt 2 = Guidelines (the methodology for implementation of Pt 1). A more detailed version of the how to and essentially based on a methodology from NSW & C/W Govt (DIRKS). 47+pp AS ISO 15489 - Core components. s.1 = Scope s.2 = References s.3 = Terms & definitions s.4 = Benefits of RM s.5 = knowing your regulatory environment & the recordkeeping imperatives arising from that. s.6 = having high level policy for adequate recordkeeping across the org n, supported by appropriate procedures. s.7 = Principles of an RM program + Characteristics of a record - ie, authenticity, reliability, integrity, useability. s.8 = Characteristics of a records system. A system can be enterprise-wide or for a specific function or area of the org n. + Designing & implementing records systems. + Storage media & protection + Conversion & migration + Retention & disposal s.9 = What records to capture into a system and how + How long to keep them + How to identify/catalogue records (using taxonomies) + Managing access + Tracking & auditing of records s.10 = Monitoring & auditing the use, quality & performance of records systems & programs s.11 = Org s should have a recordkeeping training program - so staff understand their responsibilities.

5 Core methodology & principles in AS ISO 15489 = functional analysis. Functional analysis.= analysis of the business functions & activities of the org n + the environment in which it operates. Purpose of functional analysis for recordkeeping? to determine what it is the business does, what its accountabilities are, & therefore what records it should be generating, capturing, managing and making accessible to ensure that the org s recordkeeping activities are placed in its broader legal & social context, so we know what records need to be kept to comply with legal, business & stakeholder expectations. This is also fundamental in DIRKS and will be covered in more detail in Week 4. Example: Section 6 of 15489 is Policy & Responsibilities. It says: An org n seeking to conform to this part of AS ISO 15489 should establish, document, maintain & promulgate policies, procedures & practices for records management to ensure that its business need for evidence, accountability & information about its activities are met. Section 6.2 Policy says: Organisations should define a policy for RM. Organisations should ensure that the policy is communicated & implemented at all levels in the organisation. The policy should be adopted & endorsed at the highest decision-making level. Responsibility for compliance should be assigned. The policy should be derived from an analysis of business activities. Policies should be regularly reviewed Section 2 Policies and Responsibilities, of the supporting Technical Report (AS ISO 15489:2) explains: What the policy statement is. What it relates to. Employee obligations. The need for monitoring of compliance with the policy. Draft compliance standard to AS ISO 15489 (Assignment 1 set around this) Available possibly late 2004 - for industry & public comment as an Interim Standard Market test - feedback to IT 21 Review of standard within 2 years Initially it is planned to produce an interim standard, to test the Australian market and to enable participation in some parallel work in this area at the international level through ISO TC 46/SC11. Purpose of the Compliance Standard 15489 pts 1 & 2 provide the how to do good recordkeeping to meet whatever your business imperatives are. The compliance standard lets you check, assess, measure that in fact you have done the how to.

6 So, the compliance standard : Is a tool to enable organisations to demonstrate compliance with 15489. It provides a benchmark for measuring the quality of a records management program and its application in any organisation. It is for use in the Australian context. It applies to public, private and not for profit organisations. Small or large org s It could be used by any organisation for self auditing purposes, or by a 3rd party conducting an independent audit using the same tool. Structure of the compliance standard Structured according to recordkeeping processes. Cross referenced to 15489. Modelled on AS3806: Compliance Programs - looks at compliance at both an organisation-wide level, and a system level. Could be an enterprise system, or a single function system. Includes clarification of terminology For each section it gives: - The criteria you are trying to meet - Level of application (ie org n or system) - Explanation of the criteria - Examples of verification, ie what evidence is there that you have met the criteria - Sample (audit) questions you might ask. EXAMPLE of Assessment Questions relating to section 9.7 of AS ISO 15489 : AS ISO 15489, s.9.7 ACCESS says: COMPLIANCE Standard - will have Criteria, Explanation, Examples of Verification, and Questions to be asked in an audit. Examples of questions might be: (Email Task #2) Access rules should be formalised. Regulatory requirements must be considered when determining access requirements. Metadata or descriptive information about records may have to be withheld from access. Access restrictions should only be imposed for a specified period. Access decisions must be assigned to both records and individuals. Records must only be used by authorised personnel. Encrypted records must be accessible when required. Recordkeeping processes are only to be undertaken by those with permission to perform them User permissions and job responsibilities must be assessed on an ongoing basis to determine the ongoing applicability of access decisions. Has the organisation analysed its regulatory framework including legally enforceable rights of and restrictions on access? Does the organisation have formal guidelines governing access? Do the guidelines reflect the results of the organisation s analysis of its regulatory environment, business activities and risk? Do the guidelines apply to individual users (including external users) and functional areas of responsibility within the organisation as well as to records? Are the guidelines regularly reviewed? Do the guidelines assign responsibility for managing, monitoring and evaluating access? Do the guidelines manage user permissions specific to the records system itself? Is access managed, monitored and evaluated? Are records only released to those who are authorised to see them? Can encrypted records be read as and when required and authorised? Are records processes and transactions undertaken by those authorised to perform them?

7 What might we use the Compliance Standard for? Can be used for specific RM assessments, does not have to be enterprise wide, eg might just be interested in one area of the business, eg. for quality certification, or risk mgt purposes. Use as a benchmark measurement tool - to see where your org n is, or where it is compared to other organisations. Use for a gap analysis, looking at where you are & where you should be. Use it to identify areas for corrective action. Use it to develop broad based strategies for recordkeeping. Other Standards relevant to Recordkeeping AS 5090-2003 Work Process Analysis Available via Library Standards On-line Premium Database. All organisations create records from their business or work processes. To identify what records need to be created for those work processes, and to manage those records, the work processes themselves need to be analysed from a recordkeeping viewpoint The technical report is a guide to undertaking work process analysis for recordkeeping purposes. (Preface) Work process analysis enables a precise mapping of work processes in relation to the organisation s functions, its systems and rules. (Foreword) We will revisit this is Weeks 4 & 5. AS 5044.1 2002, AGLS Metadata Element Set & AS 5044.1 2002 AGLS This two part Standard has been adapted from the AGLS (Australian Government Locator Service) metadata standard prepared by the AGLS Working Group for use in government agencies. It has been available on the National Archives of Australia website since 1998. The members of IT-021, Records Management decided that it should be expanded to cover non government sectors and published as an Australian Standard and invited the AGLS Working Group to become a subcommittee of IT-021..The AGLS metadata element set provides a set of metadata elements and associated usage guidelines designed to improve the visibility, accessibility and interoperability of online information and services, through the provision of standardised Web-based resource descriptions which enable users of search engines to locate the information of service that they require. (AS 5044.1 2002, pages 2 & 4)...It is intended for use by any organisation or individual creating or managing information sources or services that are locatable via the Internet. (AS 5044.1 2002, page 5). We will look at this again in Week 8. Draft ISO Technical Report - Information and documentation Records Management Processes Metadata for Records This Technical Report provides guidance in understanding, implementing and using metadata within the framework of ISO 15489. It addresses the relevance of records management metadata in business processes and the different functions of records management metadata in managing records.

8 It will consist of three parts, as follows: Part 1: Principles Part 2: Implementation issues Part 3: Evaluation of existing metadata sets and initiatives to ISO 15489. Again, we will look at this in Week 8. AS 13335.1-2003 to AS 13335.5-2003 Information Technology Guidelines for the management of IT security (5 parts from concepts to techniques. Not required reading, but may be of interest to info systems students.) What is interesting and useful about this standard is that it uses concepts such as: accountability, authenticity, availability, integrity, reliability, risk & risk management. Do these sound familiar? AS 8000-8004: 2003, Corporate Governance Standards AS 8000 Good Governance Principles AS 8001 Fraud and Corruption Control AS 8002 Organizational Codes of Conduct AS 8003 Corporate Social Responsibility (- in the Monash Library) AS 8004 Whistleblowing Protection Programs We will look at the implications of this set of standards in Week 3. Draft ISO Standard: Document Management Long term electronic preservation Use of PDF - PDF(A), 2003 Specifies the use of the PDF format for the long term preservation of black and white and colour compound documents as electronic data..it specifies methods for creation from these data of an exact visual reproduction of the document as it appeared at the time it was submitted for preservation. It also enables the preservation of retrieval of appropriate metadata. (p.1) Lots of other standards relating to storage, system interoperability etc. Industry Standards Standard for the Management of Electronic Records - the Victorian Electronic Records Strategy (VERS#2). www.prov.vic.gov.au/vers DIRKS - State Records NSW http://www.records.nsw.gov.au/ Or National Archives of Australia - http://www.naa.gov.au National Archives of Australia, Recordkeeping Metadata Standard for Commonwealth Agencies http://www.naa.gov.au/recordkeeping/control/rkms/summary.htm Lots of subject/activity specific standards of practice on the websites of the State Public Records Offices. Eg. physical storage of records, transfer of records, etc. Have a look at Adequate Records Management: Meeting the Standard, State Records of South Australia, May 2002. http://www.archives.sa.gov.au/

9 Competency Standards See BSB01 Business Services Training Package Units of Competency in Recordkeeping, 2001. http://www.ntis.gov.au Outlines the scope and skill requirements to achieve a defined set of tasks, and performance criteria. DIRKS Methodology Summaries from the NSW DIRKS Manual: DIRKS is an acronym that stands for 'designing and implementing recordkeeping systems'. DIRKS is about building more efficient and accountable business practices through the design and encouragement of good recordkeeping across an organisation. The DIRKS methodology is a structured process for designing and implementing recordkeeping systems. It is contained in AS ISO 15489. Comprises 8 steps: Step A - Preliminary investigation Step B- Analysis of business activity Step C - Identification of recordkeeping requirements Step D - Assessment of existing systems Step E - Identification of strategies for recordkeeping Step F - Design of a recordkeeping system Step G - Implementation of a recordkeeping system Step H - Post implementation review DIRKS does not have to be implemented in a linear way. Although the steps are called A, B, C etc, you may choose to start with Step B: Analysis of business activity move on to Step C: Identification of recordkeeping requirements and then jump to Step F: Design of recordkeeping systems. Depending on the nature of your project, it can also make sense to work through some of the steps concurrently, rather than thinking of them as self contained, fixed points in a process. We will revisit this from an implementation point of view in Weeks 11-12. COMMONWEALTH OF AUSTRALIA Copyright Regulations 1969 WARNING This material has been reproduced and communicated to you by or on behalf of Monash University pursuant to Part VB of the Copyright Act 1968 (the Act). The material in this communication may be subject to copyright under the Act. Any further reproduction or communication of this material by you may be the subject of copyright protection under the Act. Do not remove this notice.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback