231

An International Standard on Records

Management: An Opportunity for
Librarians
JOHANNA GUNNLAUGSDOTTIR
Department of Library and Information Sciences. University of Iceland, Reykjavik, Iceland
The first International Standard on Records Management
ISO 15489: 2001: Information and Documentation Records
Management and the accompanying guidelines on how to
use and implement the standard were officially launched at
the Annual Conference of ARMA International in October
2001. These two publications are a collection of best prac-
tices in the field of records management and should be wel-
comed by all those who are responsible for records manage-
ment and all those who create and keep records. This article
traces first the origin of the standard. The standard, which is
wide in scope, covers records management in all organisa-
tions, large or small, public or private. It applies to records
in any format and on any media. It offers guidance on the
design and implementation of records management systems
and is a benchmark for best practices in the field. The article
discusses the benefits of records management, the principles
of records management programmes, what is involved in
the design and implementation of a records system and as
the longest part of the standard and the guidelines is the dis-
cussion of records management processes and controls, the
article devotes similarly much space to the discussion of
these topics.
Introduction
Librarians are well-trained in classification, in-
dexing and the registration of the content of
documents. These topics are fundamental to rec-
ords management. Various library schools have,
therefore, started to offer courses in records man-
agement as part of their programme. Records
management is also offering librarians new job
opportunities and placing an increasing demand
for their skills.
The growing importance of records manage-
ment has now been highlighted by a new inter-
national standard on the subject which was
launched at the annual conference of the inter-
national association of records mangers, ARMA
International. The conference was held in Mont-
real, Canada, on October 3, 2001. The conference
hosted the launch of the new international rec-
ords management standard, ISO 15489, which is
now an accepted international standard.
Such a standard, which can truly be described
as a landmark in the history of records manage-
ment, does not appear on the scene fully created
in one instance as did Athena when jumping out
of the head of Zeus. The standard is the culmina-
tion of a long development in the history of rec-
ords management.
This article covers the origin and the con-
struction of the standard. Secondly, the extensive
scope of the standard is explained. The standard
covers all aspects of records management and it
is applicable to all records of organisations with-
out regard to form. Thirdly, the article discusses
the benefits which can be derived from records
management. Although the standard mentions
many benefits, a few are added to that list. The
principles of records management programmes
are discussed, then the design and implementa-
tion of a records system, and finally, records man-
agement processes and controls are evaluated.
This article ties together directives from the stand-
Copyright Saur 2002
_____________________________________________
Libri
ISSN 0024-2667
Libri, 2002, vol. 52, pp. 231240
Printed in Germany All rights reserved
Johanna Gunnlaugsdottir is Assistant Professor at the Department of Library and Information Sciences, University of Iceland.
Oddi v/Sturlugotu. IS-101 Reykjavik, Iceland. Tel.: +354 525 4201. E-mail: jg@hi.is
Johanna Gunnlaugsdottir
232
ard and the topical discussion in the guidelines
which is a technical report which accompanies
the standard. The article is a critical evaluation of
the standard based on many years of experience
in records management.
The origin
The origin of the standard can be traced back to
the year 1996, but on February 5 1996, the Aus-
tralians published the first standard on records
management (AS 4390.1 - AS 4390.6 - 1996 1996).
The Australian standard was written for Aus-
tralia, but it immediately received international
attention. ARMA International for example pro-
claimed in 1997 that AS 4390 is technically sound
and provides a good foundation on which to
build a record management program (Carlisle
1997). This was the reaction of ARMA Inter-
national to the ideas put forward by the Aus-
tralian Standards authority to make AS 4390 into
an international standard. The International Stand-
ards Organisation (ISO) assumed the leadership
and in the spring of 1997, ISOs Technical Com-
mittee 46 (TC 46) put it to the vote of the member
countries whether to adopt the Australian Stand-
ard unchanged as the international standard.
That was, however, not the conclusion and the
decision became to write a new standard based
on the Australian version (Gunnlaugsdottir 1997).
TC 46 deals with information and documentation
matters. The discussions in the TC 46, soon re-
vealed that writing a standard covering the prin-
ciples of records management with guidance on
how to attain the goals of best practice in the field
was no easy task. That task was, however, given
to SC 11, that is the 11
th
subcommittee of TC 46
which deals with archives and records manage-
ment. This work was carried out under the chair-
manship of David Moldrich who is also of the
Standards Australia AS 4390 authoring commit-
tee (Steemson 2001b).
It soon became apparent that there was not
universal agreement on all the concepts. New
Zealand, for example, does not embrace the Aus-
tralians concept of the records continuum
(Kennedy & Schauder 1998, 1011) which assumes
that a record remains active until it is destroyed,
as opposed to the life-cycle concept which dif-
ferentiates between active and stored documents.
It was, therefore, at the subcommittees meeting
in May 1999 that the work was split into two
parts, and two ad hoc groups were formed, one
to create a high level standard and the other to
write the technical report that is the guidelines
which accompany the standard (Steemson 2001b).
At the committee meeting in Berlin the year after,
in May 2000, a draft standard was distributed.
The number of versions were, however, greater.
In total, 317 documents were reviewed and com-
ments were received from committees from over
eighty countries in order to finalise the new stand-
ard which is of 7.800 words on 26 A4 size pages.
The guidelines on the other hand are a longer
document, 46 pages, which provides a more de-
tailed discussion and explanations of the various
issues in the standard. All this work has taken
five years since the publication of the Australian
standard, but it was unquestionably necessary
to ensure a firm foundation of international co-
operation and understanding (Bower 2001).
The scope
The standard covers records management in all
organisations, large or small, public or private.
It applies to records in any format and on any
media. The standard provides guidance on the re-
sponsibility of organisations for records and rec-
ords policies, procedures, systems and processes
and it supports quality management for certifica-
tion under the ISO 9000 quality management
(ISO 9001:2000 2000) and ISO 14000 environmen-
tal standards (ISO 14001:1996 1996). The standard
provides guidance on the design and implementa-
tion records management system, but it does not
cover the management of archival records in ar-
chival institutions. Last but not least, the stand-
ard is a benchmark on best practises which all
those involved with records should adopt, man-
agers of organisations, records managers and all
those who create and keep records.
The standard defines records as information
created, received, and maintained as evidence
and information by an organization or person, in
pursuance of legal obligations or in the trans-
action of business. A document, on the other
hand, is recorded information or object which
can be treated as a unit. Finally, records manage-
ment is the field of management responsible for
the efficient and systematic control of the cre-
ation, receipt, maintenance, use and disposition
An International Standard on Records Management
233
of records, including processes for capturing and
maintaining evidence of and information about
business activities and transactions in the form of
records (ISO 15489-1:2001 2001, 3).
Records have three distinctive characteristics as
explained in section 7.2 of the standard. They
have content which must be linked to the meta-
data which are necessary to document the other
two characteristics, that is the structure (the for-
mat and relationship between the elements com-
prising the record) and the context in which the
record was created, receive or used, that is when
and by whom and under which circumstances,
and what links there are to other documents
making up the total record. In short, a record
must reflect accurately the message, the decision
or what was done. It must support the needs of
the organisation of which it is a part and be of use
to determine who is accountable for the trans-
action which is being described (ISO 15489-1:2001
2001, 7).
Nowadays, when electronic record-keeping sys-
tem are prevalent and a document and its meta-
data are often physically separated from one
another, it is all the more important to secure that
things are done right. Now, more that ever, we
need to secure that records are:
authentic, that is not forged and truly created or sent by
the person purported to have created or sent them and
at the given time. Organisations need to introduce rec-
ords management policies and procedures to provide
the necessary control on the creation, receipt, transmis-
sion, maintenance and disposition of records to ensure
that records creators are identified and have the needed
authorisation. Furthermore, organisations need to pro-
tect records against additions, deletions, alterations,
uses and concealment which is unauthorised.
reliable, that is their content can be trusted as a full and
accurate account of the transaction, activity or facts to
which they attest and can be depended upon. To fulfil
this, records must be created at the time of the event or
soon afterwards and by individuals who have direct
knowledge of the transaction or incident.
integral or whole, that is complete and unaltered. It is
necessary to protect records against unauthorised al-
terations, and those authorised must be explicitly in-
dicated and traceable.
useable or useful, that is capable of being used and in
order to be used, the record needs to be located, re-
trieved, presented and interpreted. The connection to
the business activity or transaction which produced it
should be clear. To retrieve electronic records can be-
come almost impossible if they are not stored on the
computer in a systematic manner. It should also be
mentioned that it may prove a problem to keep to-
gether e-mails and their attachments (ISO 15489-1:2001
2001, 7).
The standard is divided into eleven chapters or
sections which are:
1. Scope which outlines the coverage of the standard.
2. Normative references which are among others the ISO
9000 quality management standards and the ISO 14000
environmental standards.
3. Terms and definitions which defines the major records
management concepts, including those mentioned here
earlier. For further reference the reader can consult
another standard, ISO 5127 (ISO 5127:2001 2001).
4. Benefits of records management. This chapter discusses
thirteen of the greatest benefits which can be derived
from a good records management system.
5. Regulatory environment covers the laws, regulations,
work rules, codes of ethics and standards which ap-
ply to the organisation and to records management.
6. Policy and responsibility emphasises that the aim of a
records management policy should be that the organi-
sation creates and manages authentic, reliable and
useful records which support the activities of the or-
ganisation as long as they are needed. It must be identi-
fied who is responsible for records management in the
organisation, but all employees must also keep ac-
curate and complete records of their activities.
7. Records management requirement covers the basic princi-
ples of records management programmes in section 7.1,
and in section 7.2 the characteristic of a record which
was discussed here above.
8. Design and implementation of a records system covers
that subject matter in a detailed way.
9. Records management processes and controls is the longest
and most detailed chapter in the standard. It covers
on six pages the many issues in the creation, use and
storage of a record during its life cycle.
10. Monitoring and auditing discusses briefly that compli-
ance monitoring should be regularly undertaken to en-
sure that organisation policies and requirements are
being met. This should be documented and reports
should be maintained.
11. Finally, training, is a necessary part of the records man-
agement programme.
Accompanying the standard, that is Part 1:
General, is Part 2: Guidelines which were written
to explain the many ways, work rules and proce-
dures which are good practice under the stand-
ard. When the standard says thou shalt the
guidelines provide guidance on how to reach the
Johanna Gunnlaugsdottir
234
goal. The guidelines also contain two annexes
which are of great assistance to the reader. Annex
A enumerates the sections of the standard and
connects them to the appropriate section in the
guidelines where further explanations can be
found. Annex B, on the other hand, ties the sec-
tions in the guidelines to those in the standards.
This division into the standard and the guide-
lines is quite appropriate. Each country has its
traditions and ways of doing things. The goal can
be universal, but we travel different roads to reach
it. I mentioned earlier the difference of opinion
regarding the records continuum and the life
cycle concept in New Zealand and Australia.
Some countries are not custom to use retention
and disposition programmes (Conelly 2001) which
we use in Iceland and in many countries. Due to
these differences, the conclusion was to have the
aims of sound records management in one part,
the standard, and the guidelines on how to reach
these goals in another.
The benefits of records management
Definite benefits can be derived from records
management. Chapter four of the standard, states
thirteen direct benefits to be gained from rec-
ords management. It is emphasised that a well
designed records management programme will
produce various economic benefits for any or-
ganisation. To the list we can also add the four-
teenth benefit which is the saving of valuable
office space and reduction of off-site storage cost
because records are being stored in a more efficient
way and redundant and outdated records are
being destroyed when no longer needed. Such
savings can add up to large amounts.
A well designed and executed records man-
agement programme will facilitate:
To manage the organisation in an efficient and account-
able way. Records are also proof of business actions
and preserve historical accounts for posterity.
To manage risk by insuring that the organisation can
survive despite events of disaster. Records security
and emergency planning is an important part in rec-
ords management. This should not be underestimated
in these uncertain times when organisations which are
very unlikely to suffer natural disasters are all of a
sudden caught in calamities engineered by humans.
Investigations in the USA show that 90% of companies
go out of business if they suffer a serious loss of data
in their computer centres and do not have any emer-
gency plan and back-up (Njalsson 2001). A new stand-
ard on information security management covers this
field in detail (ISO/IEC 17799:2000 2000).
An initiative in quality and environmental management.
Good records management is necessary if organisa-
tions are to fulfil the demands of the ISO 9000 quality
standards and ISO 14000 environmental standards.
Research in Iceland and abroad shows that problems
in records management is the main reason why organi-
sations fail to attain certification. Problems in this field
emerge again during regular reviews when the auditor
comes looking. The standard is therefore a welcomed
help in meeting these requirements.
Protection of interests. Records can provide support and
protection in litigation directed against the organisa-
tion, and can show that the organisation has followed
the appropriate rules and acted in a responsible man-
ner. A retention and disposition plan, written in accord-
ance with the appropriate laws and regulations and
the needs of the organisation can also prove beneficial
if an organisation is to be proven guilty by summoning
its own records. Good records management has fre-
quently been of great help when the interests of the
organisation, its employees or its customers have to be
defended in the press or in a court of law.
To meet demands made by law. Records which meet the
requirements of the standard are proof that the organi-
sation abides by the law and meets regulatory require-
ments and codes of conduct. Good records management
facilitates audit and oversight activities.
To meet the wishes of customers and needs of employees. Rec-
ords management makes it easier for an organisation
to provide a good service in a consistent and equitable
manner. Such a place of work is also more likely to
offer employees an interesting job and a pleasant work
environment. Such organisations should also be able to
offer better remuneration for a job well done as the
energy of the workforce is devoted to constructive
things like offering a good service instead of searching
for records and putting out forest fires (ISO 15489-
1:2001 2001, 4).
It is obvious from the above that records man-
agement has many benefits which should lead
organisations to become interested in record man-
agement programmes and thereby in the ISO
15489 standard. Records are an important asset in
any business, although perhaps the assets which
far too many managers neglect to protect. On a
closer look, however, few organisations can attain
their goals and service their customers without
records. It is, therefore, appropriate that the Brit-
ish Standards Institute will be publishing three
short publications directed at senior management
covering why managers should be interested in
An International Standard on Records Management
235
the standard, what they can expect if they imple-
ment it and how they can measure the benefits
derived from its use (McLean 2001).
Principles of records management
programmes
Section 7.1 of chapter seven of the standard cov-
ers the main principles of records management
programmes. Records are created, received and
used in all economic activity. In order to support
the pursuit of this activity, organisations create
records which should be authentic, reliable and
useful, and need to protect the integrity of these
record as long as they are needed to pursue busi-
ness interests, hold employees accountable for
their actions, preserve its history for posterity or
to comply with the regulatory environment. In
order to do this, organisations need a com-
prehensive records management programme.
In such a programme certain principles must
be observed. For the first thing, it must be de-
termined which records should be created and
what information they must contain. Secondly,
the form and structure of created and captured
records must be determined and what technolo-
gies will be used for that purpose. What metadata
need to be created and linked to these records
must be decided. The requirements for retrieving,
using and transmitting records between different
users must be determined and for how long rec-
ords must be kept to satisfy that need.
It is important to organise the records collec-
tion in such a way that records management is
facilitated and records made accessible, without
permitting unauthorised access. Records must also
be kept in a safe and secure environment, but
should only be retained as long as they are re-
quired by the organisation or have to be retained
by law. The risk of not being able to retrieve au-
thoritative records regarding events or transac-
tions must be assessed. Here risk avoidance, that
is continuity planning comes into play, and con-
tingency measures should be taken to insure that
records which are vital to the organisation are
protected and can be recovered in the event of
disaster. Back-up of computer software kept off
site is an example of such measures. The useful
life of records is, however, variable and records
should only be preserved as long as they are use-
ful or required by law. Historical records are on
the other hand kept indefinitely as dictated by
their nature.
Finally, I should mention the main principle
which the standard borrows from quality manage-
ment. Even if the organisation possesses a satis-
factory records management programme, proc-
esses can always be improved. It is, therefore,
important to identify opportunities for improve-
ment resulting in greater effectiveness and effi-
ciency of processes and procedures (ISO 15489-
1:2001 2001, 6).
Design and implementation of a records
system
The standard mentions in section 8.2 five char-
acteristics of a good records system:
Reliability. The system needs to capture routinely all
records which are part of it, and organise them in
accordance with the nature of the business, protect
them from unauthorised changes or disposition and be
a primary source of information about the documented
transactions. The records need to be accessible and tied
to their metadata.
Integrity. To insure that the records are not destroyed,
altered, removed or accessed by unauthorised parties
controls such as access monitoring, user verification,
authorised destruction and security has to be imple-
mented.
Compliance. The system should the managed in accord-
ance with the expectations of the organisation and the
community which it is a part and comply with their
needs and regulations.
Comprehensive. The system should cover the total or-
ganisation which it serves.
Systematic. Record should be created, maintained and
managed systematically. In order to do so, a docu-
mented policy is needed, spelling out methods and
detailing who carries responsibility for the different
functions (ISO 15489-1:2001 2001, 89).
These demands which the standard makes on a
records system are in full accordance with my
experience as a consultant on records manage-
ment for more than 15 years. The work rules and
procedures on designing and implementing a
records system which can be found in section 8.4
of the standard, and the guidelines on methodol-
ogy which accompany them in sections 3.2.2 to
3.2.9 in the guidelines is also a work process
which is familiar:
The first step is preliminary investigation. During
this step information is gathered to gain an under-
Johanna Gunnlaugsdottir
236
standing of the administrative, legal, business
and social context in which the organisation ex-
ists to discern those factors which influence its
need to create and maintain records. The next
step is an analysis of the economic activity which
the organisation pursues. The standard uses, how-
ever, the more narrow term business activity
which it then defines to embrace not only com-
mercial activity, but also public administration,
non-profit organisations and other activities. Those
working in the organisation often tend to believe
that their operation is quite unique and special,
but experience shows that the main functions in
all economic activity are for all practical purposes
more or less the same, even if the service pro-
vided or the product sold is quite different. This
difference is, however, sufficient to warrant mak-
ing different demands on records management in
a timber yard versus a firm producing pharma-
ceuticals.
The first two steps lead to the third, the identifi-
cation of requirements for records. The nature of the
economic activity and various outside demands
dictated by the social environment produces dif-
ferent needs for an organisation to create, receive
and maintain records. One organisation must fol-
low laws specifying required procedures and
practice in public administration when dealing
with various client cases or coming to decisions.
Another organisation must take special care to
safeguard records covering information which is
personal in nature. Laws on accounting and taxa-
tion make special records requirements on busi-
ness firms and so on.
The identification of requirements usually turns
up four documents:
A listing of the various sources producing records per-
taining to the organisation.
Another listing of the various demands made on rec-
ords management in the organisation by itself, the
legislature or society in general.
A risk analysis of the importance of records for the or-
ganisation.
A formal report to management on the needs of the
organisation to maintain records.
The fourth step, although it may not necessarily
be taken in this order, is the assessment of existing
systems. Most organisations have some sort of a
records management system. During this step the
records management requirements are compared
to the existing system. The analysis shows where
improvements are needed and leads directly to
the fifth step, the identification of strategies for satis-
fying records requirements. What is needed most
often is a uniform file classification system based
on subject matter. In writing such a plan a good
analysis during the first two steps is of great help.
We need to ask which records should be main-
tained, where, how, for how long and in the cus-
tody of whom? What we often find out is that the
equipment used to store records is insufficient, the
storage of records in computer systems is not sys-
tematic, and no retention and disposition sched-
ule is available. The organisation is therefore keep-
ing more records and longer than needed, and
often without being able to retrieve them. Rec-
ords security and contingency planning is also
frequently lacking.
The design of a records system is the sixth step. It
is no easy task as we can see by reading the guide-
lines. Section 3.2.7 in the guidelines identifies
13 reports and plans which may be produced
during this step. The most complicated work and
the most time consuming is to design a uniform
file classification plan for the organisation. This
section is very brief on the subject, the two words
file plan are just mentioned in the listing of the
reports and plans, but section 4.2.2.2 devotes
more space to the development of a business ac-
tivity classification scheme (ISO/TR 15489-2:2001
2001, 9).
Good project planning is necessary to ensure
the seventh step, the implementation of a records
system. Many organisations fail on this test. Noth-
ing happens of itself. The system must be put in-
to use and the work force must be trained on
how to work in the system and how to use it to
the greatest advantage. If that is not done, a lot of
work and valuable time has been wasted.
Finally, there is the often neglected eighth step,
the post-implementation review. Those organisations
which have been most successful in their records
management have not ignored this review. What
is involved is to measure the performance of the
records system, assess where improvements are
needed and take the necessary corrective action.
All systems can be improved. Continuous im-
provement should be introduced by monitoring
the system in use, and through interviewing man-
agement and staff and by conducting surveys,
An International Standard on Records Management
237
performance improvements can be discovered
(ISO 15489-1:2001 2001, 10-11; ISO/TR 15489-
2:2001 2001, 37).
Records management processes and controls
In chapter nine which is the longest chapter of
the standard (6 pages), and in chapter four of the
guidelines (15 pages), the main work processes
and controls in records management are dis-
cussed. When we study these sections of the
standard, Annex A in the guidelines proves very
useful as it directs the reader to further explana-
tions to be found in the guidelines.
The most important records management tools
are:
A uniform file classification plan which is written with
the nature and functions of the organisation in mind.
A retention and disposition schedule which deter-
mines for how long records are to be kept, how they
shall be stored, and when and how they shall be dis-
posed of.
An access and security plan which covers who will
have access to specified records, how the records col-
lection shall be maintained and what records fall under
contingency planning and must be copied for security
reasons and the copy kept offsite.
A thesaurus or an index is also often composed in
order to facilitate the selection of the subject for rec-
ords.
The subject classification in the file plan is de-
scriptive of the activities and functions of the or-
ganisation, but does not take notice of the names
of divisions or fields within it. The subject classifi-
cation is functional. It contains several levels
which move from the general to the specific, but
the refinement or number of sub-classes is de-
termined by what is useful in each case. It is im-
portant to use unambiguous terms and discrete
groupings in order for there to be little doubt
where to file records. The classification plan is
written in consultation with those who create the
records and it should be regularly updated to re-
flect changes in the functions of the organisation.
The subject classification is supposed to insure
that records which belong together are filed in
the same place in the plan. Records relating to the
same case or subject are all filed in the same sub-
ject folder. The classification facilitates also to al-
locate different access codes to records by staff
and have security measures for records differ by
subject. Employee records should, for example,
not be open to all and production recipes may be
trade secrets where only a limited few have ac-
cess, an example being the Coca-Cola formula.
The usefulness and preservation value of rec-
ords varies. The classification makes it easy to de-
cide on different retention periods for records or
the retention can be permanent in some cases. In
order to file records, their subject must be deter-
mined and a subject name chosen for classifica-
tion. Guidance on the choice of subject names can
be found in a standard from 1985 (ISO 5963: 1985
1985). An index makes it easier for the user to
find records on a particular subject in the system
and to decide where to file certain records.
In the guidelines there is a example from a
classification system. The example is a numeric
system with infinite possibilities for extension. It
provides, unfortunately, only a limited insight
into what is the most difficult and time consum-
ing task of introducing a records system, that is
writing a uniform file classification plan (ISO/TR
15489-2:2001 2001, 9). Textbooks on records man-
agement are also not any great help in this pursuit.
Information and Records Management offers, how-
ever, some valuable additional information on
the subject (Robeck et. al. 1996, 98130).
In order to write a retention and disposition
schedule one must first decide which records are
to be captured into the system, but the retention
period is determined by the needs of the organisa-
tion as well as external demands. Organisations
need to maintain records of decisions, transactions,
agreements and actions as long as it serves a busi-
ness purpose, but records should be eliminated in
an authorised, systematic manner when no longer
needed. Notice must be taken of legal require-
ments when retention periods are chosen, but
some records do also have permanent value. These
are, for example, records of historic value and
other records of continuous value, like agree-
ments, contracts and evidence of actions and
policies.
A security and access policy contains formal
rules on who is to have access to specified rec-
ords and under what circumstances. It also in-
volves that records are to be maintained in such a
manner that their usefulness, reliability and au-
thenticity is secured as long as they are needed.
Storage conditions and handling of records must
Johanna Gunnlaugsdottir
238
ensure that records do not get lost, and are pro-
tected from unauthorised access, destruction, theft
or natural disaster. Electronic records need spe-
cial care and attention to be accessible in case of
system change and must be migrated to the new
system. Records can easily become not accessible
due to changes in computer software and hard-
ware if that is not done.
A thesaurus is more than a simple index of
terms. It is a systematic list of words and con-
cepts which are linked together in a systematic
way according to relationships, connections, hier-
archy, classes or levels. Rules on how to construct
a thesaurus can be found in still another stand-
ard, ISO 2788 (ISO 2788:1986 1986). A thesaurus is
great help in constructing a classification scheme
and in allocating classification terms to records.
Chapter nine of the standard also covers the
main work processes in records management, and
chapter four of the guidelines provides a more
detailed coverage.
Records capture
This is the process of deciding which records are
to be made and kept. This decision covers also
received records. It is not necessary to maintain
records which do not demand any action by the
organisation, document no obligation nor respon-
sibility and hold the organisation in no way ac-
countable. Part of the capture process is also to
capture the metadata associated with the record
so that the record maintains its context, content
and structure. The importance of these factors
has become more obvious with the growing num-
ber of electronic records which are not meaning-
ful if this is lacking.
Various electronic records, and often constantly
changing, can be found in public domains like on
the Internet. ISO 690-2 covers how we refer to
such records (ISO 690-2:1997 1997) but the stand-
ard covers how we can ensure the reliability of
these records, what Web page information should
be maintained, and how we can prove what was
on the Web at each particular time (Steemson
2001a).
The purpose of capturing records into a rec-
ords system is not only to connect the author to
the record and put it into context, but also to
connect it to other records relating to the same
subject matter. The methods used are subject
classification and subject registration which make
it possible to link records by subject matter, de-
termine access to records by subject and decide
time of disposition, if appropriate.
Registration
Registration offers proof that a record has been
created and or captured into the records system.
The register into which records are registered is a
separate record. It contains the following meta-
data: date, time of registration, subject, title or an
abbreviated description, name of author, sender
or recipient, and a unique identifier, like a number
which is given to the record when it is registered.
If the organisation has a classification scheme for
records, the record is classified and the classifica-
tion registered as well.
The importance of registration has increased
with the growing number of computer based rec-
ords management software. By using such soft-
ware it is very easy to monitor the status of
errands, who is acting upon them, when must an
answer be ready and so on.
Storage
The standard lays down some main rules on the
storing of records. It is, however, not as detailed
on this subject as the Australian standard which
devotes one part of six to the subject, including
very practical guidelines (AS 4390.6 - 1996 1996).
Records should be stored on media which ensure
their usefulness, reliability, authenticity and pres-
ervation for as long as they are needed. Storage
conditions should be such that records are pro-
tected against unauthorised access, theft and un-
timely destruction by man or nature. Special
storage consideration are for electronic records,
like maintaining off site back-up in order not to
loose the copy with the original, and hardware
and software obsolescence should be kept in
mind.
The guidelines mention several factors which
are important when selecting storage and han-
dling options and equipment. These factors are
the volume and growth rate of records, their use,
security and sensitivity needs, physical charac-
teristics, retrieval requirements, access needs and
the relative cost of records storage (ISO/TR
An International Standard on Records Management
239
15489-2: 2001 2001, 18). Records often waste valu-
able office space when stored in binders on
shelves instead of in lateral files, and they should
be packed and sent to a lower cost off site storage
when no longer in active use. Active records
should, however, be stored where they are cen-
trally accessible to those who have authorised ac-
cess. Never should records be stored where they
can be destroyed due to water leakage, unstable
heat, fire or vermin.
Use and tracking.
It is necessary to be able to locate records which
are in use, what is their status and who is acting
upon them. Not all employees have access to all
records. It is, therefore important to identify the
access and security status of different records. Ac-
cess by outside parties is sometimes permitted by
law but the access is nevertheless regulated. Pri-
vacy protection measures in many countries re-
quire that access to such records be restricted and
the use of such records must be recorded. Com-
puterised records management systems register
such use automatically. These systems make it
also easier to track records and determine their
place and status and who is acting on them. It is
easy to discern what action is needed on a par-
ticular record and when. When many persons
have access to records in a paper form, it is nec-
essary to use some sort of lending cards which
can be placed in file folders to show who is using
that record and when it was taken from the file.
The storing of lending cards in the file can also
serve as proof of who has been using the record,
but then the responsibility for the central file has
to rest with one person which authorises and reg-
isters the lending of records.
Implementing disposition
Only historic documents and records vital to the
organisation are preserved permanently. Other
records are all disposed of sooner or later. De-
struction of records should, however, always be
authorised. The year of disposition is usually
placed on files of accounting records when they
are taken out of active use based on business and
legal requirements.
The storage time of records is thus dependent
upon their nature and their value to the organisa-
tion. Disposition is determined from that fact.
Records which may have a bearing on an actual
or pending lawsuit may never be disposed of.
Records destruction should also always be per-
formed in such a way that the confidentiality of
those records is preserved. The frantic two-week
effort to destroy thousands of e-mail messages
and documents related to the audit of Enron
Corp. directed by David B. Duncan, the lead
partner on the Enron account at Arthur Andersen,
then the fifth largest accounting firm in the USA,
has lead to more than his job dismissal. On May 6,
2002 Andersen went to trial on charges of federal
obstruction of justice and the odds are that the
firm may end up in bankruptcy court (Weber
2002a, 2002b). And on the topic of destruction, it
is, for example, not always sufficient to use the
delete command to erase computer records. Such
records have been know to come to live again
(ISO 15489-1:2001 2001, 11-17; ISO/TR 15489-
2:2001 2001, 721).
Conclusion
Records management has come a long way to at-
tain its present status. The publication of the ISO
15489 standard in October 2001 is the highlight of
a long journey. A wealth of experience has been
gathered in the standard and the guidelines and
it is a good example of best practices.
The standard covers records in any form. It
covers also all aspects of records management,
but not archival records within archival institu-
tions. The standard puts forward a standardised
but unconditional way to manage the flow of
records during an age of information. It is also a
help in making records a reliable and authentic
account of what actually happened for the benefit
of posterity. Organisations can have an eternal
live. It is, therefore, important that records pre-
serve their history in tact, are available in case of
legal disputes, fulfil the requirements of laws and
regulations, but last but not least, are readily
available to facilitate our daily work in servicing
our customers.
Bibliography
AS 4390.1 AS 4390.6 1996: records management
(part 1: general, part 2: responsibilities, part 3: strat-
Johanna Gunnlaugsdottir
240
egies, part 4: control, part 5: appraisal and disposal,
part 6: storage). 1996. Homebush, NSW: Standards
Association of Australia.
Bower, L. 2001. ARMA 2001: an information odyssey.
Records Management Bulletin 105(December): 1923.
Carlisle, DK. 1997. ARMA votes for international stand-
ard. NNQ: news, notes, and quotes 21(March): 8.
Connelly, JC. 2001. The new international records
management standard: its content and how it can be
used. Information Management Journal 35(3): 2636.
Gunnlaugsdottir, J. 1997. stralskur staall fyrir skja-
lastjrn [Australian standard on records manage-
ment]. Frttabrf Flags um skjalastjrn 10(3): 3.
ISO 15489-1:2001: information and documentation
records management: part 1: general. 2001. Geneva:
ISO International Organization for Standardiza-
tion.
ISO 2788:1986: documentation guidelines for the es-
tablishment and development of monolingual the-
sauri. 1986. 2
nd
ed. Geneva: ISO International
Organization for Standardization.
ISO 690-2:1997: information and documentation bib-
liographic references: part 2: electronic documents
or parts thereof. 1997. Geneva: ISO International
Organization for Standardization.
ISO 5127:2001: information and documentation vo-
cabulary. 2001. Geneva: ISO International Organi-
zation for Standardization.
ISO/TR 15489-2:2001: information and documentation
records management: part 2: guidelines. 2001. Ge-
neva: ISO International Organization for Stand-
ardization.
ISO 14001:1996: environmental management systems
specifications with guidance for use. 1996. Geneva:
ISO International Organization for Standardiza-
tion.
ISO 9001:2000: quality management systems require-
ments. 2000. 3
rd
ed. Geneva: ISO International Or-
ganization for Standardization.
ISO 5963:1985: documentation methods for examining
documents, determining their subjects, and selecting
indexing terms. 1985. Geneva: ISO International
Organization for Standardization.
ISO/IEC 17799:2000: information technology code of
practice for information security management. 2000.
Geneva: ISO International Organization for Stand-
ardization.
Jones, P. 2001. ISO 15489 launched at ARMA 2001. Rec-
ords Management Bulletin 105(December): 38.
Kennedy, J., & Schauder, C. 1998. Records manage-
ment: a guide to corporate record keeping. Frenchs
Forest NSW, Australia: Longman.
McLean, B. 2001. BSI ISO 15489: will you be a standard
bearer in the 21
st
century? Records Management Bul-
letin 104(October): 311.
Njalsson, MG. 2001. ryggi upplsinga er mikilvgt
[Information security is important]. Morgunblai
(December 1): 54.
Robek, MF., Brown, GF., & Stephens, DO. 1996. In-
formation and records management: document-
based information systems. 4
th
ed. New York: Clen-
coe McGraw-Hill.
Steemson, M. 2001a. Global experiences: what we can
learn from other people. Records Management Bul-
letin 105(December): 2536.
Steemson, M. 2001b. ISO 15489: youre gonna need it
so remember it! Accessible at: http://www.
caldeson.com/iso15489.html (received August 10).
Weber, J. 2002a. Can Andersen survive? Business Week
(January 28): 4647.
Weber, J. 2002b. Why Andersen is making a last stand.
Business Week (May 13): 56.
Editorial history:
Paper received 13 February 2002;
Final version received 19 June 2002;
Accepted 26 June 2002.