National Records of Scotland

Preserving the past, Recording the present, Informing the future

Standards and Requirements for Electronic Records Management

Standards and Requirements for Electronic Records Management

Content due for review

ISO 15489 Records Management
ISO 15489 is the international standard for records management. It derives from the Australian Standard AS 4390: 1996 and was published in two parts in 2001. The standard applies to the management of records in all formats and provides a framework for organisations establishing a records management system or auditing existing policies and procedures. Other standards for electronic records management reference it.

ISO 15489 describes the characteristics of electronic records and the systems needed to manage them, but it does not constitute a set of requirements for an electronic records management system.

ISO 15489-1:2001, Part 1: General, describes at high level a best practice framework for records management.

ISO 15489-2:2001, Part 2: Guidelines, provides practical guidance for the design and implementation of the framework described in Part 1, based on the DIRKS methodology.

ISO 30300 Management Systems for Records - Fundamentals and Vocabulary

ISO 30301 Management Systems for Records - Requirements
The ISO 30300 series standards apply to management systems for records (MSR). A MSR is a management system used to direct and control how records are managed within an organisation at a strategic level. The standards are aimed at any organisation which wants to implement and maintain a MSR to support its business. They set out the objectives for using a MSR and describe a process approach, specifying roles for senior management. The standards do not alter the operational records management processes defined in ISO 15489, but upgrade the approach that senior management should take to the management of records at a policy and risk assessment level by managing procedures and technology, conducting routine audits and utilising continual improvement processes.

ISO 23081-1:2006 Metadata for records - Part 1: Principles

ISO 23081-2:2009 Managing metadata for records - Part 2: Conceptual and implementation issues

ISO 23081-3:2011 Managing metadata for records - Part 3: Self assessment method
ISO 23081 provides a guide to understanding, implementing and using the metadata needed to manage records within the framework of ISO 15489. It focuses on the relevance of records management metadata to business processes. The standard establishes a framework for defining metadata elements and provides guidance on conducting a self-assessment on records metadata in relation to the creation, capture and control of records. It does not define a mandatory set of records management metadata, but instead assesses the main existing metadata sets (including Dublin Core, ISAD(G) EAD, ISAAR) against the requirements of ISO 15489 and considers their ability to support business and records management processes.

ISO 16175 Principles and functional requirements for records in electronic office environments
ISO 16175 is an international standard of principles and functional requirements for software used to create and manage electronic records in office environments. It was published in three parts in 2010-11 and derives from the International Council on Archives (ICA) 'Principles and functional requirements for records in electronic office environments'. It is based on the records functionality outlined in ISO 15489 and can be used to identify and evaluate records management functionality in systems. Although ISO 16175 is an international standard it will not be implemented as a British Standard.

ISO 16175-1:2010, Part 1: Overview and statement of principles, provides a high level overview of background information and fundamental principles.

ISO 16175-2:2011, Part 2: Guidelines and functional requirements for digital records management systems, describes requirements for software systems used to manage records.

ISO 16175-3:2010, Part 3: Guidelines and functional requirements for records in business systems, sets out requirements for the management of records held in business systems (e.g. case management, financial management, etc.). It provides a starting point rather than a complete specification. Organisations will need to factor in their own business, technical and regulatory requirements.

The ICA Principles and functional requirements for records in electronic office environments are available on the website of the co-sponsor, the Australasian Digital Recordkeeping Initiative (ADRI).

MoReq2010 (Modular Requirements for Records Systems)
MoReq2010 is the most recent European specification of requirements for electronic records management systems. The MoReq2010 specification has been developed by the DLM Forum (a community of public archives and other parties interested in archives, records and information management throughout the European Union), with the support of the European Commission. It builds on MoReq2 to deliver a more adaptable and scalable set of requirements for an electronic records management system, which can be adopted by all types of organisation in both the public and private sectors. The Core Services and Plug-in Modules were published in 2011 and further modules, dealing with specific types of record formats, are currently being written. Modules specific to records functionality in single sectors may also be forthcoming.
Whereas MoReq2 specifies for a single record system that will embrace all the records an organisation creates, MoReq2010 accepts that records are generally created in many different systems within an organisation and instead seeks to specify the minimum requirements for a single application to manage its records and the common set of core services that are shared by many different types of records system. MoReq2010 introduces several new concepts including entities, aggregations, and event histories.

BS 10008:2014 Evidential weight and legal admissibility of electronic information. Specification
BS 10008 specifies the requirements for the implementation and operation of electronic information management systems, encompassing data processing and the exchange of data between computers and electronic storage. It addresses issues relating to the authenticity and integrity of records, which will help organisations to meet standards of legal admissibility. The standard also covers the process of electronic identity verification, including electronic signatures and electronic copyright. It provides best practice guidelines, which will help organisations manage electronic information and data security over time and through technology changes. The standard covers policies, security, procedures, technology requirements and the auditability of electronic document management (EDM) systems.

BS 10008 is supported by four other documents:

BIP 0008-1:2014 Evidential Weight and Legal Admissibility of Information Stored Electronically. Code of Practice for the Implementation of BS 10008

BIP 0008-2:2014 Evidential Weight and Legal Admissibility of Information Transferred Electronically. Code of Practice for the Implementation of BS 10008

BIP 0008-3:2014 Evidential Weight and Legal Admissibility of Linking Electronic Identity to Information

BIP 0009:2015 PDF Evidential Weight and Legal Admissibility of Electronic Information. Compliance Workbook for Use with BS 10008

If you encounter difficulties opening linked websites listed on this page please contact us at [email protected].