BS ISO 30302-2015 Information and documentation Management systems for records Guidelines for implementation《信息与文献 记录用管理系统 实施指南》.pdf

1、BSI Standards PublicationBS ISO 30302:2015Information anddocumentation Management systems forrecords Guidelines forimplementationBS ISO 30302:2015 BRITISH STANDARDNational forewordThis British Standard is the UK implementation of ISO 30302:2015.The UK participation in its preparation was entrusted t

2、o TechnicalCommittee IDT/2/17, Archives/records management.A list of organizations represented on this committee can beobtained on request to its secretary.This publication does not purport to include all the necessaryprovisions of a contract. Users are responsible for its correctapplication. The Br

3、itish Standards Institution 2015.Published by BSI Standards Limited 2015ISBN 978 0 580 86122 2ICS 01.140.20Compliance with a British Standard cannot confer immunity fromlegal obligations.This British Standard was published under the authority of theStandards Policy and Strategy Committee on 30 Novem

4、ber 2015.Amendments/corrigenda issued since publicationDate T e x t a f f e c t e dBS ISO 30302:2015 ISO 2015Information and documentation Management systems for records Guidelines for implementationInformation et documentation Systme de gestion des documents dactivit Lignes directrices de mise en o

5、euvreINTERNATIONAL STANDARDISO30302First edition2015-09-15Reference numberISO 30302:2015(E)BS ISO 30302:2015ISO 30302:2015(E)ii ISO 2015 All rights reservedCOPYRIGHT PROTECTED DOCUMENT ISO 2015, Published in SwitzerlandAll rights reserved. Unless otherwise specified, no part of this publication may

6、be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the r

7、equester.ISO copyright officeCh. de Blandonnet 8 CP 401CH-1214 Vernier, Geneva, SwitzerlandTel. +41 22 749 01 11Fax +41 22 749 09 47copyrightiso.orgwww.iso.orgBS ISO 30302:2015ISO 30302:2015(E)Foreword ivIntroduction v1 Scope . 12 Normative references 13 Terms and definitions . 14 Context of the org

8、anization . 14.1 Understanding of the organization and its context . 14.2 Business, legal and other requirements 24.3 Defining the scope of the MSR . 35 Leadership 45.1 Management commitment 45.2 Policy . 45.3 Organizational roles, responsibilities and authorities 55.3.1 General 55.3.2 Management re

9、sponsibilities 65.3.3 Operational responsibilities . 76 Planning . 76.1 Actions to address risks and opportunities . 76.2 Records objectives and plans to achieve them 97 Support 107.1 Resources 107.2 Competence 117.3 Awareness and training 127.4 Communication . 137.5 Documentation 147.5.1 General. 1

10、47.5.2 Control of documentation . 158 Operation 168.1 Operational planning and control . 168.2 Design of records processes . 168.3 Implementation of records systems 199 Performance evaluation 219.1 Monitoring, measurement, analysis and evaluation 219.1.1 Determining what and how to monitor, measure,

11、 analyse and evaluate .219.1.2 Evaluation of the performance of records processes, systems and the effectiveness of the MSR . 229.1.3 Assessing effectiveness .229.2 Internal system audit 239.3 Management review 2410 Improvement .2510.1 Nonconformity control and corrective actions 2510.2 Continual im

12、provement . 26Annex A (informative) Examples of sources of information and requirements supporting the analysis of organizational context 27Bibliography .30 ISO 2015 All rights reserved iiiContents PageBS ISO 30302:2015ISO 30302:2015(E)ForewordISO (the International Organization for Standardization)

13、 is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be repre

14、sented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.The procedures used to devel

15、op this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/

16、IEC Directives, Part 2 (see www.iso.org/directives).Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during th

17、e development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.For an explanation on the meaning o

18、f ISO specific terms and expressions related to conformity assessment, as well as information about ISOs adherence to the WTO principles in the Technical Barriers to Trade (TBT) see the following URL: Foreword - Supplementary informationThe committee responsible for this document is ISO/TC 46, Infor

19、mation and documentation, Subcommittee SC 11, Archives/records management.iv ISO 2015 All rights reservedBS ISO 30302:2015ISO 30302:2015(E)IntroductionISO 30302 is part of a series of International Standards, under the general title Information and documentation Management systems for records: ISO 3

20、0300, Information and documentation Management systems for records Fundamentals and vocabulary ISO 30301, Information and documentation Management systems for records Requirements ISO 30302, Information and documentation Management systems for records Guidelines for implementationISO 30300 specifies

21、 the terminology for the Management systems for records (MSR) series of standards and the objectives and benefits of a MSR; ISO 30301 specifies the requirements for a MSR where an organization needs to demonstrate its ability to create and control records from its business activities for as long as

22、they are required; ISO 30302 provides guidance for the implementation of a MSR.The purpose of this International Standard is to provide practical guidance on how to implement a management system for records (MSR) within an organization in accordance with ISO 30301. This International Standard covers

23、 what is needed to establish and maintain a MSR.The implementation of a MSR is generally executed as a project. A MSR can be implemented in organizations with existing records systems or programmes to review and improve the management of those systems or programmes or in organizations planning to im

24、plement a systematic and verifiable approach to records creation and control for the first time. Guidance described in this International Standard can be used in both situations.It is assumed that organizations that decide to implement a MSR have made a preliminary assessment of their existing recor

25、ds and records systems and have identified risks to be addressed and opportunities for major improvements. For example, the decision to implement a MSR can be taken as a risk-reduction measure for undertaking a major information technology platform change or outsourcing business processes identified

26、 as high risk. Alternatively, the MSR can provide a standardized management framework for major improvements such as integrating records processes with specific business processes or improving control and management of records of online transactions or business use of social media.The use of this gu

27、idance is necessarily flexible. It depends on the size, nature and complexity of the organization and the level of maturity of the MSR if one is already in place. Each organizations context and complexity is unique and its specific contextual requirements will drive the MSR implementation. Smaller o

28、rganizations will find that the activities described in this International Standard can be simplified. Large or complex organizations might find that a layered management system is needed to implement and manage the activities in this International Standard effectively.Guidance in this International

29、 Standard follows the same structure as ISO 30301, describing the activities to be undertaken to meet the requirements of ISO 30301 and how to document those activities.Clause 4 deals with how to perform the analysis needed to implement a MSR. From this analysis, the scope of the MSR is defined and

30、the relationship between implementing a MSR and other management systems is identified.Clause 5 explains how to gain the commitment of top management. The commitment is expressed in a records policy, the assignment of responsibilities, planning the implementation of the MSR and adopting records obje

31、ctives.Clause 6 deals with planning, which is informed by high-level risk analysis, the contextual analysis (see Clause 4), and the resources available (see Clause 7). Clause 7 outlines the support needed for the MSR, such as resources, competence, training and communication, and documentation. ISO

32、2015 All rights reserved vBS ISO 30302:2015ISO 30302:2015(E)Clause 8 deals with defining or reviewing and planning the records processes to be implemented. It draws on the contextual requirements and scope (see Clause 4) and is based on the records policy (see 5.2), the risk analysis (see 6.1) and r

33、esources needed (see 7.1) to meet the records objectives (see 6.2) in the planned implementation. Clause 8 explains what records processes and systems need to be implemented for a MSR.Clauses 9 and 10 deal with performance evaluation and improvement against planning, objectives and requirements defi

34、ned in ISO 30301.For each of ISO 30301:2011, Clauses 4 to 10 , this International Standard provides the following:a) the activities necessary to meet the requirements of ISO 30301 activities can be done sequentially, while some will need to be done simultaneously using the same contextual analysis;b

35、) inputs to the activities these are the starting points and can be outputs from previous activities;c) outputs of the activities these are the results or deliverables on completion of the activities.This International Standard is intended to be used by those responsible for leading the implementati

36、on and maintenance of the MSR. It can also help top management in making decisions on the establishment, scope and implementation of management systems in their organization. It is to be used by people responsible for leading the implementation and maintenance of the MSR. The concepts of how to desi

37、gn the operational records processes are based on the principles established by ISO 15489-1. Other International Standards and Technical Reports developed by ISO/TC 46/SC 11 are the principal tools for designing, implementing, monitoring and improving records processes, controls and systems, and can

38、 be used in conjunction with this International Standard for implementing the detailed operational elements of the MSR.Organizations that have already implemented ISO 15489-1 can use this International Standard to develop an organizational infrastructure for managing records under the systematic and

39、 verifiable approach of the MSR.vi ISO 2015 All rights reservedBS ISO 30302:2015INTERNATIONAL STANDARD ISO 30302:2015(E)Information and documentation Management systems for records Guidelines for implementation1 ScopeThis International Standard gives guidance for the implementation of a MSR in accor

40、dance with ISO 30301. This International Standard is intended to be used in conjunction with ISO 30300 and ISO 30301. This International Standard does not modify and/or reduce the requirements specified in ISO 30301. It describes the activities to be undertaken when designing and implementing a MSR.

41、This International Standard is intended to be used by any organization implementing a MSR. It is applicable to all types of organization (e.g. commercial enterprises, government agencies, non-profit organizations) of all sizes.2 Normative referencesThe following documents, in whole or in part, are n

42、ormatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.ISO 30300, Information and documentation Management systems

43、 for records Fundamentals and vocabularyISO 30301:2011, Information and documentation Management systems for records Requirements3 Terms and definitionsFor the purposes of this document, the terms and definitions given in ISO 30300 apply.4 Context of the organization4.1 Understanding of the organiza

44、tion and its contextThe context of the organization should determine and drive the implementation and improvement of a MSR. The requirements of this Clause are intended to ensure the organization has considered its context and needs as part of the implementation of a MSR. These requirements are met

45、by analysing the organizations context. This analysis should be performed as the first step of the implementation toa) identify internal and external factors (see 4.1),b) identify business, legal and other requirements (see 4.2), andc) define the scope of the MSR (see 4.3) and identify risks (see Cl

46、ause 6).NOTE 1 When the scope of the MSR is stated by top management at the starting point, before identifying factors and the need for records, the extent of the contextual analysis is defined by the scope as stated.NOTE 2 This MSS approach for context analysis and identification of requirements is

47、 compatible with the analysis process (appraisal) proposed by ISO 15489-1 which also includes elements of planning (see Clause 6) and identification of needs of records (see Clause 8).Contextual information needs to be from a reliable source, accurate, up to date and complete. Regular review of the

48、sources of this information ensures the accuracy and reliability of the contextual analysis. ISO 2015 All rights reserved 1BS ISO 30302:2015ISO 30302:2015(E)A.1 provides examples of sources of information about the organizations internal and external context and examples of potential stakeholders.In

49、 identifying how the context affects the MSR, examples of important factors can be1) how a competitive market affects the need to demonstrate efficient processes,2) how external stakeholders values or perceptions affect records retention decisions or information access decisions,3) how the information technology infrastructure and information architecture can affect the availability of records systems or records,4) how the skills and competencies within the organization can affect the need for training or externa