BS ISO 30301-2011 Information and documentation Management systems for records Requirements《情报管理 记录管理系统 要求》.pdf

1、raising standards worldwideNO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAWBSI Standards PublicationBS ISO 30301:2011Information anddocumentation Management systems forrecords RequirementsBS ISO 30301:2011 BRITISH STANDARDNational forewordThis British Standard is the UK impleme

2、ntation of ISO 30301:2011.The UK participation in its preparation was entrusted to TechnicalCommittee IDT/2/17, Archives/records management.A list of organizations represented on this committee can beobtained on request to its secretary.This publication does not purport to include all the necessaryp

3、rovisions of a contract. Users are responsible for its correctapplication. BSI 2011ISBN 978 0 580 68206 3ICS 01.140.20Compliance with a British Standard cannot confer immunity fromlegal obligations.This British Standard was published under the authority of theStandards Policy and Strategy Committee

4、on 30 November 2011.Amendments issued since publicationDate Text affectedBS ISO 30301:2011Reference numberISO 30301:2011(E)ISO 2011INTERNATIONAL STANDARD ISO30301First edition2011-11-15Information and documentation Management systems for records Requirements Information et documentation Systmes de g

5、estion des documents dactivit Exigences BS ISO 30301:2011ISO 30301:2011(E) COPYRIGHT PROTECTED DOCUMENT ISO 2011 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying an

6、d microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii

7、 ISO 2011 All rights reservedBS ISO 30301:2011ISO 30301:2011(E) ISO 2011 All rights reserved iiiContents Page Foreword iv Introduction . v 1 Scope 1 2 Normative references 1 3 Terms and definitions . 1 4 Context of the organization 2 4.1 Understanding of the organization and its context . 2 4.2 Busi

8、ness, legal and other requirements . 2 4.3 Defining the scope of the MSR 3 5 Leadership . 3 5.1 Management commitment 3 5.2 Policy 3 5.3 Organizational roles, responsibilities and authorities 4 6 Planning . 5 6.1 Actions to address risks and opportunities . 5 6.2 Records objectives and plans to achi

9、eve them . 5 7 Support . 6 7.1 Resources 6 7.2 Competence . 6 7.3 Awareness and training 6 7.4 Communication . 7 7.5 Documentation 7 8 Operation 8 8.1 Operational planning and control 8 8.2 Design of records processes . 8 8.3 Implementation of records systems 9 9 Performance evaluation 9 9.1 Monitor

10、ing, measurement, analysis and evaluation 9 9.2 Internal system audit . 11 9.3 Management review 11 10 Improvement 12 10.1 Nonconformity control and corrective actions 12 10.2 Continual improvement 12 Annex A (normative) Processes and controls . 13 Annex B (informative) Interrelationships between IS

11、O 9001, ISO 14001, ISO/IEC 27001 and ISO 30301 . 16 Annex C (informative) Checklist for self-assessment . 20 Bibliography 22 BS ISO 30301:2011ISO 30301:2011(E) iv ISO 2011 All rights reservedForeword ISO (the International Organization for Standardization) is a worldwide federation of national stand

12、ards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International orga

13、nizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. International Standards are drafted in accordance with the rules given

14、in the ISO/IEC Directives, Part 2. The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75

15、% of the member bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO 30301 was prepared by Technical Committee ISO/TC 46, Infor

16、mation and documentation, Subcommittee SC 11, Archives/records management. ISO 30301 is part of a series of International Standards under the general title Information and documentation Management systems for records: ISO 30300, Information and documentation Management systems for records Fundamenta

17、ls and vocabulary ISO 30301, Information and documentation Management systems for records Requirements ISO 30300 specifies the terminology for the Management systems for records (MSR) series of standards, and the objectives and benefits of a MSR; ISO 30301 specifies requirements for a MSR where an o

18、rganization needs to demonstrate its ability to create and control records from its business activities for as long as they are required. BS ISO 30301:2011ISO 30301:2011(E) ISO 2011 All rights reserved vIntroduction Organizational success largely depends upon implementing and maintaining a managemen

19、t system that is designed to continually improve performance while addressing the needs of all stakeholders. Management systems offer methodologies to make decisions and manage resources in order to achieve the organizations goals. Creation and management of records are integral to any organizations

20、 activities, processes and systems. They enable business efficiency, accountability, risk management and business continuity. They also enable organizations to capitalize on the value of their information resources as business, commercial and knowledge assets, and to contribute to the preservation o

21、f collective memory, in response to the challenges of the global and digital environment. Management System Standards (MSS) provide tools for top management to implement a systematic and verifiable approach to organizational control in an environment that encourages good business practices. The stan

22、dards on management systems for records prepared by ISO/TC 46/SC 11 are designed to assist organizations of all types and sizes, or groups of organizations with shared business activities, to implement, operate and improve an effective management system for records (hereafter referred to as a MSR).

23、The MSR directs and controls an organization for the purposes of establishing a policy and objectives with regard to records and achieving those objectives. This is done through the use of: a) defined roles and responsibilities; b) systematic processes; c) measurement and evaluation; d) review and i

24、mprovement. Implementation of a records policy and objectives soundly based on the organizations requirements will ensure that authoritative and reliable information about, and evidence of, business activities is created, managed and made accessible to those who need it for as long as required. Succ

25、essful implementation of good records policy and objectives results in records and records systems adequate for all of an organizations purposes. Implementing a MSR in an organization also guarantees the transparency and traceability of decisions made by responsible management and the recognition of

26、 public interest. The standards on MSR prepared by ISO/TC 46/SC 11 are developed within the MSS framework to be compatible and to share elements and methodology with other MSS. ISO 15489, and other International Standards and Technical Reports also developed by ISO/TC 46/SC 11, are the principal too

27、ls for designing, implementing, monitoring and improving records processes and controls, which operate under the governance of the MSR where organizations decide to implement MSS methodology. NOTE ISO 15489 is the foundation standard which codifies best practice for records management operations. Th

28、e structure of standards on MSR prepared by ISO/TC 46/SC 11, either published or under preparation, is shown in Figure 1. BS ISO 30301:2011ISO 30301:2011(E) vi ISO 2011 All rights reservedPart 2 - GuidelinesISO 15489Records managementPart 1 -GeneralISO/TR 26122Work process analysis for recordsISO 13

29、008Digital records conversion and migration processISO/TR 13028Implement-ation guidelines for digitization of recordsRelated International Standardsand Technical ReportsImplementation of records processesPart 3 - Self assessment methodPart 2 - Conceptual and implementationissuesISO 23081Metadata for

30、 records. Part 1 - PrinciplesISO 30300Management systems for records - Fundamentals and vocabularyRequirementsFundamentals people responsible for implementation of MSR, such as professionals in the areas of risk management, auditing, records, information technology and information security. The MSR

31、determines the records management requirements and expectations of the interested parties (customers and stakeholders) and, through the necessary processes, produces records that meet those requirements and expectations. Figure 2 shows the structure of the MSR and the relationship with customers and

32、 stakeholders. BS ISO 30301:2011ISO 30301:2011(E) ISO 2011 All rights reserved viiRecords managementrequirements and expectations Customersand stakeholdersContext of the organizationCustomersand stakeholdersRightmanagerialdecisions toachieve policyandexpectationsLeadershipPlanningSupportOperationPer

33、formance evaluationImprovementInputOutputQuality recordsFigure 2 Structure of MSR BS ISO 30301:2011BS ISO 30301:2011INTERNATIONAL STANDARD ISO 30301:2011(E) ISO 2011 All rights reserved 1Information and documentation Management systems for records Requirements 1 Scope This International Standard spe

34、cifies requirements to be met by a MSR in order to support an organization in the achievement of its mandate, mission, strategy and goals. It addresses the development and implementation of a records policy and objectives and gives information on measuring and monitoring performance. A MSR can be es

35、tablished by an organization or across organizations that share business activities. Throughout this International Standard, the term “organization” is not limited to one organization but also includes other organizational structures. This International Standard is applicable to any organization tha

36、t wishes to: a) establish, implement, maintain and improve a MSR to support its business; b) assure itself of conformity with its stated records policy; c) demonstrate conformity with this International Standard by 1) undertaking a self-assessment and self-declaration, or 2) seeking confirmation of

37、its self-declaration by a party external to the organization, or 3) seeking certification of its MSR by an external party. This International Standard can be implemented with other Management System Standards (MSS). It is especially useful to demonstrate compliance with the documentation and records

38、 requirements of other MSS. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies

39、. ISO 30300, Information and documentation Management systems for records Fundamentals and vocabulary 3 Terms and definitions For the purposes of this document, the terms and definitions given in ISO 30300 apply. BS ISO 30301:2011ISO 30301:2011(E) 2 ISO 2011 All rights reserved4 Context of the organ

40、ization 4.1 Understanding of the organization and its context When establishing and reviewing its MSR, an organization shall take into account all external and internal factors that are relevant. The external and internal factors identified and taken into account when establishing and reviewing the

41、MSR shall be documented. Understanding the organizations external context may include, but is not limited to: a) the social and cultural, legal, regulatory, financial, technological, economic, natural and competitive environment, whether international, national, regional or local; b) key drivers and

42、 trends which can have an impact on the objectives of the organization; c) relationships with, and perceptions, values and expectations of, external stakeholders. Understanding the organizations internal context may include, but is not limited to: 1) governance, organizational structure, roles and a

43、ccountabilities; 2) policies, objectives and the strategies that are in place to achieve them; 3) capabilities, understood in terms of resources and knowledge (e.g. capital, time, people, processes, systems and technologies); 4) information systems, information flows and decision making processes (b

44、oth formal and informal); 5) relationships with, and perceptions and values of, internal stakeholders and the organizations culture; 6) standards, guidelines and models adopted by the organization; 7) the form and extent of contractual relationships. 4.2 Business, legal and other requirements When e

45、stablishing and reviewing its records objectives, an organization shall take into account the business, legal, regulatory and other requirements related to the creation and control of records. The organization shall assess and document business, legal, regulatory and other requirements affecting its

46、 business operations with which it shall comply and for which it requires evidence of compliance. Business requirements include all the requirements for the proper performance of the operations or business of the organization. Requirements arise from current business performance, future planning and

47、 development, risk management and business continuity planning. Legal requirements include requirements related to the creation and control of records. Sources of legal requirements are: a) statute and case law, including law and regulations governing the sector-specific and general business environ

48、ment; b) laws and regulations relating specifically to evidence, records and archives, access, privacy, data and information protection, and electronic commerce; BS ISO 30301:2011ISO 30301:2011(E) ISO 2011 All rights reserved 3c) the constitutional rules of organizations, charters or agreements to w

49、hich the organization is a party; d) treaties and other instruments the organization is legally bound to uphold. Other requirements include non-legal voluntary commitments made by the organization: voluntary codes of best practice; voluntary codes of conduct and ethics; identifiable expectations of the community about what is acceptable behaviour for the specific sector or organization, including good governance, the proper control of fraudulent or malicious behaviour and transparency in decision