1、 Reference number ISO 16175-3:2010(E) ISO 2010INTERNATIONAL STANDARD ISO 16175-3 First edition 2010-12-01 Information and documentation Principles and functional requirements for records in electronic office environments Part 3: Guidelines and functional requirements for records in business systems
2、Information et documentation Principes et exigences fonctionnelles pour les enregistrements dans les environnements lectroniques de bureau Partie 3: Lignes directrices et exigences fonctionnelles pour les enregistrements dans les systmes dentreprise ISO 16175-3:2010(E) PDF disclaimer This PDF file m
3、ay contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the res
4、ponsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creat
5、ion parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. COPYRIGHT PROTECTED DOCUMENT ISO 201
6、0 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the coun
7、try of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO 2010 All rights reservedISO 16175-3:2010(E) ISO 2010 All rights reserved iiiForeword ISO (the Internationa
8、l Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been es
9、tablished has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardi
10、zation. The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies cast
11、ing a vote. ISO 16175-3 was prepared by the International Council on Archives (as International Council on Archives and the Australasian Digital Recordkeeping Initiative Principles and Functional Requirements for Records in Electronic Office Environments Module 1: Overview and Statement of Principle
12、s) and was adopted, under a special “fast-track procedure”, by Technical Committee ISO/TC 46, Information and documentation, Subcommittee SC 11, Archives/records management, in parallel with its approval by the ISO member bodies. ISO 16175 consists of the following parts, under the general title Inf
13、ormation and documentation Principles and functional requirements for records in electronic office environments: Part 1: Overview and statement of principles Part 2: Guidelines and functional requirements for records in electronic office environments Part 3: Guidelines and functional requirements fo
14、r records in business systems ISO 16175-3:2010(E) iv ISO 2010 All rights reservedBlank page International Council on Archives Principles and functional requirements for records in digital office environments Module 3 Guidelines and functional requirements for records in business systems ISO 16175-3:
15、2010(E) ISO 2010 All rights reserved v Published by the International Council on Archives. This module was developed by the National Archives of Australia and Queensland State Archives in conjunction with a joint project team formed by members of the International Council on Archives and the Austral
16、asian Digital Recordkeeping Initiative. International Council on Archives 2008 ISBN: 978-2-918004-02-8 Reproduction by translation or reprinting of the whole or of parts for non-commercial purposes is allowed on condition that due acknowledgement is made. This publication should be cited as: Interna
17、tional Council on Archives, Principles and Functional Requirements for Records in Digital Office Environments Module 3: Guidelines and Functional Requirements for Records in Business Systems, 2008, published at www.ica.org. ISO 16175-3:2010(E) vi ISO 2010 All rights reservedInternational Council on
18、Archives Records in Business Systems CONTENTS 1 INTRODUCTION 1 1.1 Scope and purpose 1 1.2 Audience 2 1.3 Related standards 3 1.4 Terminology 3 1.5 Structure 4 2 GUIDELINES 5 2.1 Why is it important to have evidence of business processes and activities? 5 2.2 The business systems landscape and recor
19、ds 6 2.3 Determining needs for evidence of events, transactions and decisions in business systems 7 2.3.1 Analyse the work process 7 2.3.2 Identify requirements for evidence of the business 8 2.3.3 Identify the content and its associated management information that record this evidence 9 2.3.4 Ident
20、ify linkages and dependencies 15 2.3.5 Devise strategies to address core records processes based on an options assessment 16 2.3.6 Risk and options assessment 20 2.3.7 Implementation 21 2.4 Using the functional requirements 23 2.4.1 Key outcomes 24 2.4.2 Developing a software design specification fo
21、r a business system with records management functionality 25 2.4.3 Reviewing, assessing and auditing existing business systems 26 2.4.4 Undertaking the review process 27 2.5 Entity relationship models 29 2.5.1 Record categories and the records classification scheme 29 2.5.2 Aggregations of digital r
22、ecords 30 2.5.3 Digital records 31 2.5.4 Extracts 31 2.5.5 Components 31 3 FUNCTIONAL REQUIREMENTS 32 3.1 Creating records in context 34 3.1.1 Creating a fixed record 35 3.1.2 Record metadata 38 3.1.3 Managing of aggregations of digital records 39 3.1.4 Records classification 40 ISO 16175-3:2010(E)
23、ISO 2010 All rights reserved viiInternational Council on Archives Records in Business Systems 3.2 Managing and maintaining records 40 3.2.1 Metadata configuration 42 3.2.2 Record reassignment, reclassification, duplication and extraction 43 3.2.3 Reporting on records 44 3.2.4 Online security process
24、es 44 3.3 Supporting import, export and interoperability 47 3.3.1 Import 48 3.3.2 Export 48 3.4 Retaining and disposing of records as required 49 3.4.1 Compliance with disposition authorisation regimes 50 3.4.2 Disposition application 52 3.4.3 Review 54 3.4.4 Destruction 55 3.4.5 Disposition metadat
25、a 55 3.4.6 Reporting on disposition activity 56 4 APPENDICES 58 A Glossary 58 B Integrating records considerations into the systems development life cycle 67 1 Project initiation 67 3 Requirements analysis 68 4 Design 68 5 Implementation 69 6 Maintenance 69 7 Review and evaluation 70 C Further readi
26、ng 71 ISO 16175-3:2010(E) viii ISO 2010 All rights reservedInternational Council on Archives Records in Business Systems 1 INTRODUCTION Organisations implement business systems to automate business activities and transactions. As a result, the digital information generated by a business system incre
27、asingly serves as the only evidence or record of the process, despite the system not being designed for this purpose. Without evidence of these activities, organisations are exposed to risk and may be unable to meet legislative, accountability, business and community expectations. Because of the dyn
28、amic and manipulable nature of business systems, the capture of fixed records and the ongoing management of their authenticity, reliability, usability and integrity can be challenging. Organisations are therefore faced with a significant risk of mismanagement, inefficiency and unnecessary expenditur
29、e. While these same organisations may have an electronic records management system (ERMS), 1it may not capture all records of the organisation. This document is designed to address the records management gap caused by the increasing use of business systems. It provides guidelines on identifying and
30、addressing the needs for records, and a set of generic requirements for records management functionality within business systems software. It aims to: help organizations understand digital records management requirements; assist organisations to improve digital records management practices; reduce t
31、he duplication of effort and associated costs in identifying a minimum level of functionality for records in business systems; and establish greater standardisation of records management requirements for software vendors. The document does not prescribe a specific implementation approach. The intent
32、 of these specifications can be realised through interfacing or integrating the business system with an electronic records management system or by building the functionality into the business system. 1.1 Scope and purpose This document will help organisations to ensure that evidence (records) of bus
33、iness activities transacted through business systems are appropriately identified and managed. Specifically, it will assist organisations to: understand processes and requirements for identifying and managing records in business systems; 1An electronic records management system is a type of business
34、 system specifically designed to manage records. However, in the interests of clarify and brevity, for the purpose of this document, business system should be taken as excluding an electronic records management system. ISO 2010 All rights reserved 1 INTERNATIONAL STANDARD ISO 16175-3:2010(E)Internat
35、ional Council on Archives Records in Business Systems develop requirements for functionality for records to be included in a design specification when building, upgrading or purchasing business system software; evaluate the records management capability of proposed customised or commercial off-the-s
36、helf business system software; and review the functionality for records or assess compliance of existing business systems. It does not provide a complete specification but rather outlines a number of key records management requirements, with recommended levels of obligation, which can be used as a s
37、tarting point for further development. As outlined in the document, organisations will still need to assess, amend and select their requirements based on their business, technical and jurisdictional environments and constraints. This Module only addresses records management requirements and does not
38、 include general system management. Design requirements such as usability, reporting, searching, system administration and performance are beyond the scope of this document. It also assumes a level of knowledge about developing design specifications, procurement and evaluation processes, therefore t
39、hese related issues are not covered in any detail. Requirements for the long-term preservation of digital records are not explicitly covered within this document. However, the inclusion of requirements for export supports preservation by allowing the export of records to a system that is capable of
40、long-term preservation activities, or for the ongoing migration of records into new systems. While the guidance presented in this Module should be applicable to records management in highly integrated software environments based on service-oriented architectures, such scenarios are not explicitly ad
41、dressed. Similar principles and processes will apply in such environments, but additional analysis will be required to determine what processes and data constitute, across multiple systems, the required evidence or record of any particular transaction. Use of the term system in this document refers
42、to a computer or IT system. This is in contrast to the records management understanding of the term that encompasses the broader aspects of people, policies, procedures and practices. Organisations will need to consider these wider aspects, and to ensure that fundamental records management supportin
43、g tools such as disposition authorities, 2information security classifications and a records culture are in place, in order to ensure records from business systems can be appropriately managed. 1.2 Audience The primary audience for this document is staff responsible for designing, reviewing and/or i
44、mplementing business systems in organisations, such as business analysts 2A formal instrument that defines the retention periods and consequent actions authorised for classes of records described in the authority. ISO 16175-3:2010(E) 2 ISO 2010 All rights reservedInternational Council on Archives Re
45、cords in Business Systems and groups overseeing information and communications technologies procurement or investment decisions. The audience also includes records professionals who are involved in advising or assisting in such processes and software vendors and developers who wish to incorporate re
46、cords functionality within their products. Given the target audience for this document, the use of specific records management terminology has been kept to a minimum. Where the use of such terminology is necessary, definitions can be found in the Glossary at Appendix A. Some key definitions are also
47、 provided in Section 1.4: Key definitions. 1.3 Related standards Under its Electronic Records and Automation Priority Area, the International Council on Archives has developed a suite of guidelines and functional requirements as part of the Principles and Functional Requirements for Records in Digit
48、al Office Environments project: Module 1: Overview and Statement of Principles; Module 2: Guidelines and Functional Requirements for Records in Digital Office Environments; and Module 3: Guidelines and Functional Requirements for Records in Business Systems. This document is Module 3 of the broader
49、project. It has been developed with the support of the Australasian Digital Recordkeeping Initiative. While this Module may be used as a stand-alone resource, for a broader understanding of the context and principles that have informed its development, readers should also refer to Module 1. The functional requirements identified in Part 2 are based on the minimum requirements for records functionality as defined in the International Standard for Records Management, ISO 15489. The reference metadat
