ISO 15489

ISO 15489 is a standard for information and documentation, specifically focusing on records management, developed by the International Organization for Standardization in collaboration with the Australian Government, National Archives of Australia, and other international organizations such as the United Nations, World Bank, and European Union. This standard provides a framework for managing records in a way that supports business continuity, compliance with regulations like the General Data Protection Regulation and Freedom of Information Act 2000, and accountability as demonstrated by Enron scandal and WikiLeaks. The development of ISO 15489 involved input from experts in the field of records management, including those from the National Archives and Records Administration and the Society of American Archivists, as well as consideration of existing standards such as ISO 9001 and ISO 14001.

Introduction to ISO 15489

ISO 15489 was first published in 2001, with the aim of providing a comprehensive framework for managing records in a way that supports organizational governance, risk management, and information security as outlined in COBIT and NIST Cybersecurity Framework. The standard was developed in response to the growing need for effective records management practices, particularly in the wake of high-profile cases such as the Watergate scandal and Iran–Contra affair, which highlighted the importance of proper record-keeping and transparency as advocated by Julian Assange and Edward Snowden. The standard has since been adopted by organizations around the world, including the United States Department of Defense, NASA, and the European Commission, and has been influential in shaping records management practices in a variety of contexts, including healthcare and finance as regulated by Food and Drug Administration and Securities and Exchange Commission.

Scope and Application

The scope of ISO 15489 is broad, covering all types of records, regardless of their format or medium, including paper records, digital records, and audio-visual records as defined by Library of Congress and Internet Archive. The standard applies to all organizations, regardless of their size or type, including private sector organizations like Google and Microsoft, as well as public sector organizations like the National Health Service and United States Federal Government, and non-profit organizations like the Red Cross and Amnesty International. The standard is particularly relevant to organizations that are subject to regulatory requirements, such as the Sarbanes-Oxley Act and Health Insurance Portability and Accountability Act, and those that require high levels of information security and business continuity as demonstrated by Equifax and Target Corporation.

Key Principles and Concepts

ISO 15489 is based on several key principles and concepts, including the importance of records management as a key component of organizational governance, the need for a records management policy and procedures as outlined in ISO 9001 and ISO 14001, and the importance of training and awareness among staff as emphasized by International Council on Archives and Society of American Archivists. The standard also emphasizes the need for metadata and classification systems, such as the Dublin Core Metadata Initiative and Library of Congress Subject Headings, to support the management and retrieval of records, and for disaster recovery and business continuity planning as required by Federal Emergency Management Agency and National Institute of Standards and Technology. Additionally, the standard highlights the importance of compliance with regulatory requirements, such as the General Data Protection Regulation and Freedom of Information Act 2000, and the need for auditing and monitoring to ensure that records management practices are effective and compliant as audited by KPMG and PricewaterhouseCoopers.

Implementation and Compliance

Implementing ISO 15489 requires a thorough understanding of the standard and its requirements, as well as a commitment to change management and process improvement as guided by ISO 9001 and Lean manufacturing. Organizations must develop a records management policy and procedures that meet the requirements of the standard, and must provide training and awareness programs for staff as provided by Society of American Archivists and National Archives and Records Administration. The standard also requires organizations to establish a records management system that includes metadata and classification systems, and to implement disaster recovery and business continuity planning as required by Federal Emergency Management Agency and National Institute of Standards and Technology. Compliance with the standard can be demonstrated through certification or self-assessment as certified by International Organization for Standardization and British Standards Institution.

Relationship to Other Standards

ISO 15489 is related to other standards and frameworks, including ISO 9001 and ISO 14001, which provide a framework for quality management and environmental management as implemented by Toyota and Coca-Cola. The standard is also related to ISO 27001, which provides a framework for information security management as required by Payment Card Industry Data Security Standard and Health Insurance Portability and Accountability Act. Additionally, ISO 15489 is related to other records management standards, such as the DoD 5015.2-STD and the MoReq2 standard, which provide a framework for managing records in specific contexts, such as the United States Department of Defense and the European Union as regulated by National Archives and Records Administration and European Commission. The standard is also influenced by the principles and concepts of archival science and information management as studied by University of Oxford and University of California, Berkeley. Category:Information management