SIST ISO 30301:2013

INTERNATIONAL ISO
STANDARD 30301
First edition
2011-11-15


Information and documentation —
Management systems for records —
Requirements
Information et documentation — Systèmes de gestion des documents
d'activité — Exigences




Reference number
ISO 30301:2011(E)
©
ISO 2011

---------------------- Page: 1 ----------------------
ISO 30301:2011(E)

COPYRIGHT PROTECTED DOCUMENT


©  ISO 2011
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56  CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland

ii © ISO 2011 – All rights reserved

---------------------- Page: 2 ----------------------
ISO 30301:2011(E)
Contents Page
Foreword . iv
Introduction . v
1  Scope . 1
2  Normative references . 1
3  Terms and definitions . 1
4  Context of the organization . 2
4.1  Understanding of the organization and its context . 2
4.2  Business, legal and other requirements . 2
4.3  Defining the scope of the MSR . 3
5  Leadership . 3
5.1  Management commitment . 3
5.2  Policy . 3
5.3  Organizational roles, responsibilities and authorities . 4
6  Planning . 5
6.1  Actions to address risks and opportunities . 5
6.2  Records objectives and plans to achieve them . 5
7  Support . 6
7.1  Resources . 6
7.2  Competence . 6
7.3  Awareness and training . 6
7.4  Communication . 7
7.5  Documentation . 7
8  Operation . 8
8.1  Operational planning and control . 8
8.2  Design of records processes . 8
8.3  Implementation of records systems . 9
9  Performance evaluation . 9
9.1  Monitoring, measurement, analysis and evaluation . 9
9.2  Internal system audit . 11
9.3  Management review . 11
10  Improvement . 12
10.1  Nonconformity control and corrective actions . 12
10.2  Continual improvement . 12
Annex A (normative) Processes and controls . 13
Annex B (informative) Interrelationships between ISO 9001, ISO 14001, ISO/IEC 27001 and
ISO 30301 . 16
Annex C (informative) Checklist for self-assessment . 20
Bibliography . 22

© ISO 2011 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO 30301:2011(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
(ISO member bodies). The work of preparing International Standards is normally carried out through ISO
technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the
International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of technical committees is to prepare International Standards. Draft International Standards
adopted by the technical committees are circulated to the member bodies for voting. Publication as an
International Standard requires approval by at least 75 % of the member bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO 30301 was prepared by Technical Committee ISO/TC 46, Information and documentation, Subcommittee
SC 11, Archives/records management.
ISO 30301 is part of a series of International Standards under the general title Information and
documentation — Management systems for records:
 ISO 30300, Information and documentation — Management systems for records — Fundamentals and
vocabulary
 ISO 30301, Information and documentation — Management systems for records — Requirements
ISO 30300 specifies the terminology for the Management systems for records (MSR) series of standards, and
the objectives and benefits of a MSR; ISO 30301 specifies requirements for a MSR where an organization
needs to demonstrate its ability to create and control records from its business activities for as long as they
are required.

iv © ISO 2011 – All rights reserved

---------------------- Page: 4 ----------------------
ISO 30301:2011(E)
Introduction
Organizational success largely depends upon implementing and maintaining a management system that is
designed to continually improve performance while addressing the needs of all stakeholders. Management
systems offer methodologies to make decisions and manage resources in order to achieve the organization's
goals.
Creation and management of records are integral to any organization's activities, processes and systems.
They enable business efficiency, accountability, risk management and business continuity. They also enable
organizations to capitalize on the value of their information resources as business, commercial and knowledge
assets, and to contribute to the preservation of collective memory, in response to the challenges of the global
and digital environment.
Management System Standards (MSS) provide tools for top management to implement a systematic and
verifiable approach to organizational control in an environment that encourages good business practices.
The standards on management systems for records prepared by ISO/TC 46/SC 11 are designed to assist
organizations of all types and sizes, or groups of organizations with shared business activities, to implement,
operate and improve an effective management system for records (hereafter referred to as a MSR). The MSR
directs and controls an organization for the purposes of establishing a policy and objectives with regard to
records and achieving those objectives. This is done through the use of:
a) defined roles and responsibilities;
b) systematic processes;
c) measurement and evaluation;
d) review and improvement.
Implementation of a records policy and objectives soundly based on the organization's requirements will
ensure that authoritative and reliable information about, and evidence of, business activities is created,
managed and made accessible to those who need it for as long as required. Successful implementation of
good records policy and objectives results in records and records systems adequate for all of an
organization's purposes.
Implementing a MSR in an organization also guarantees the transparency and traceability of decisions made
by responsible management and the recognition of public interest.
The standards on MSR prepared by ISO/TC 46/SC 11 are developed within the MSS framework to be
compatible and to share elements and methodology with other MSS. ISO 15489, and other International
Standards and Technical Reports also developed by ISO/TC 46/SC 11, are the principal tools for designing,
implementing, monitoring and improving records processes and controls, which operate under the governance
of the MSR where organizations decide to implement MSS methodology.
NOTE ISO 15489 is the foundation standard which codifies best practice for records management operations.
The structure of standards on MSR prepared by ISO/TC 46/SC 11, either published or under preparation, is
shown in Figure 1.
© ISO 2011 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO 30301:2011(E)
Management systems for records
Related International Standards
standards
and Technical Reports
Governance framework for records
Implementation of records processes
ISO 30300
ISO 15489
ISO 23081 ISO/TR
Fundamentals
Management systems for
Records
Metadata for 26122
records - Fundamentals
& terminology
management
records. Work
and vocabulary
Part 1 -
Part 1 - Principles process
General
analysis for
Part 2 - Conceptual
records
Part 2 -
ISO 30301
and implementation
Guidelines
Management systems for
Requirements
issues
records - Requirements
Part 3 - Self
ISO 30303 assessment method
Management systems for
records - Requirements for
bodies providing audit and
ISO 13008 ISO 16175
ISO/TR
certification
Digital records Principles and
13028
conversion and functional
Implement-
migration requirements for
ation
ISO 30302
Guidelines
process records in
guidelines
Management systems for
Support high level
electronic office
for
records - Guidelines for
structure elements environments
digitization
implementation
Part 1 - Overview
of records
and statement of
ISO 30304
Management systems for principles
records - Assessment
guide
Part 2 - Guidelines
and functional
requirements for
digital records
management
systems
Part 3 -
Guidelines
and functional
requirements
for records in
business
systems

Figure 1 — Standards on MSR prepared by ISO/TC 46/SC 11
and related International Standards and Technical Reports
These standards are intended to be used by:
 top management who make decisions regarding the establishment and implementation of management
systems within their organization;
 people responsible for implementation of MSR, such as professionals in the areas of risk management,
auditing, records, information technology and information security.
The MSR determines the records management requirements and expectations of the interested parties
(customers and stakeholders) and, through the necessary processes, produces records that meet those
requirements and expectations.
Figure 2 shows the structure of the MSR and the relationship with customers and stakeholders.
vi © ISO 2011 – All rights reserved

---------------------- Page: 6 ----------------------
ISO 30301:2011(E)
Records Customers
Context of the organization
Input
management and
requirements stakeholders
and
expectations
Leadership
Planning Improvement
Performance
Support
evaluation
Operation
Right
managerial
Quality records
decisions to
Customers achieve policy
and and
Output
stakeholders expectations

Figure 2 — Structure of MSR

© ISO 2011 – All rights reserved vii

---------------------- Page: 7 ----------------------
INTERNATIONAL STANDARD ISO 30301:2011(E)

Information and documentation — Management systems for
records — Requirements
1 Scope
This International Standard specifies requirements to be met by a MSR in order to support an organization in
the achievement of its mandate, mission, strategy and goals. It addresses the development and
implementation of a records policy and objectives and gives information on measuring and monitoring
performance.
A MSR can be established by an organization or across organizations that share business activities.
Throughout this International Standard, the term “organization” is not limited to one organization but also
includes other organizational structures.
This International Standard is applicable to any organization that wishes to:
a) establish, implement, maintain and improve a MSR to support its business;
b) assure itself of conformity with its stated records policy;
c) demonstrate conformity with this International Standard by
1) undertaking a self-assessment and self-declaration, or
2) seeking confirmation of its self-declaration by a party external to the organization, or
3) seeking certification of its MSR by an external party.
This International Standard can be implemented with other Management System Standards (MSS). It is
especially useful to demonstrate compliance with the documentation and records requirements of other MSS.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
ISO 30300, Information and documentation — Management systems for records — Fundamentals and
vocabulary
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 30300 apply.
© ISO 2011 – All rights reserved 1

---------------------- Page: 8 ----------------------
ISO 30301:2011(E)
4 Context of the organization
4.1 Understanding of the organization and its context
When establishing and reviewing its MSR, an organization shall take into account all external and internal
factors that are relevant.
The external and internal factors identified and taken into account when establishing and reviewing the MSR
shall be documented.
Understanding the organization's external context may include, but is not limited to:
a) the social and cultural, legal, regulatory, financial, technological, economic, natural and competitive
environment, whether international, national, regional or local;
b) key drivers and trends which can have an impact on the objectives of the organization;
c) relationships with, and perceptions, values and expectations of, external stakeholders.
Understanding the organization's internal context may include, but is not limited to:
1) governance, organizational structure, roles and accountabilities;
2) policies, objectives and the strategies that are in place to achieve them;
3) capabilities, understood in terms of resources and knowledge (e.g. capital, time, people, processes,
systems and technologies);
4) information systems, information flows and decision making processes (both formal and informal);
5) relationships with, and perceptions and values of, internal stakeholders and the organization's
culture;
6) standards, guidelines and models adopted by the organization;
7) the form and extent of contractual relationships.
4.2 Business, legal and other requirements
When establishing and reviewing its records objectives, an organization shall take into account the business,
legal, regulatory and other requirements related to the creation and control of records.
The organization shall assess and document business, legal, regulatory and other requirements affecting its
business operations with which it shall comply and for which it requires evidence of compliance.
Business requirements include all the requirements for the proper performance of the operations or business
of the organization. Requirements arise from current business performance, future planning and development,
risk management and business continuity planning.
Legal requirements include requirements related to the creation and control of records. Sources of legal
requirements are:
a) statute and case law, including law and regulations governing the sector-specific and general business
environment;
b) laws and regulations relating specifically to evidence, records and archives, access, privacy, data and
information protection, and electronic commerce;
2 © ISO 2011 – All rights reserved

---------------------- Page: 9 ----------------------
ISO 30301:2011(E)
c) the constitutional rules of organizations, charters or agreements to which the organization is a party;
d) treaties and other instruments the organization is legally bound to uphold.
Other requirements include non-legal voluntary commitments made by the organization:
 voluntary codes of best practice;
 voluntary codes of conduct and ethics;
 identifiable expectations of the community about what is acceptable behaviour for the specific sector or
organization, including good governance, the proper control of fraudulent or malicious behaviour and
transparency in decision making.
4.3 Defining the scope of the MSR
The organization shall define and document the scope of its MSR.
The scope of the MSR may include the whole of the organization, specific functions of the organization,
specific sections of the organization, or one or more functions across a group of organizations.
When a MSR is established for one or more specific functions across a group of organizations, the scope shall
include relationships between, and roles of, each entity.
Where an organization outsources any process that affects conformity with MSR requirements, the
organization shall ensure control over such processes. Control of contractors and outsourced processes shall
be identified as within the scope of the MSR.
5 Leadership
5.1 Management commitment
Top management shall demonstrate its commitment by
 ensuring the MSR is compatible with the strategic direction of the organization,
 integrating the MSR requirements into the organization's business processes,
 providing the resources to establish, implement, maintain and continually improve the MSR,
 communicating the importance of an effective MSR and conforming to the MSR requirements,
 ensuring that the MSR achieves its intended outcomes, and
 directing and supporting continual improvement.
NOTE Reference to “business” in this International Standard is interpreted broadly to mean those activities that are
core to the purposes of the organization's existence.
5.2 Policy
Top management shall establish a records policy. The policy shall
 be appropriate to the purpose of the organization,
 provide the framework for setting records objectives,
© ISO 2011 – All rights reserved 3

---------------------- Page: 10 ----------------------
ISO 30301:2011(E)
 include a commitment to satisfy applicable requirements,
 include a commitment to continual improvement of the MSR,
 be communicated within the organization, and
 be available to interested parties, as appropriate.
The organization shall retain documented information about the records policy.
The records policy shall include the high-level strategies with regard to the creation and control of authentic,
reliable and useable records capable of supporting the organization's functions and activities and protecting
the integrity of those records for as long as they are required.
The organization shall ensure that the records policy is communicated and implemented at all levels in the
organization, and to entities or individuals (such as partners or contractors) working with it, or on its behalf.
5.3 Organizational roles, responsibilities and authorities
5.3.1 General
Top management shall ensure that records management roles, responsibilities and authorities are defined,
assigned and communicated throughout the organization and to entities or individuals working with the
organization, or on its behalf.
The assignment of responsibilities shall be appropriately allocated to all personnel at relevant functions and
levels within the organization, in particular top management, programme managers, records professionals,
information technology professionals, system administrators and all others who create and control records as
part of their work.
Leadership to implement the MSR shall be allocated to a specific representative of top management. Where
the size and complexity of the organization and its records processes require it, a records operational
representative with specific training and competences shall be appointed to a specific role. The assignment of
responsibilities and their interrelationships shall be documented.
5.3.2 Management responsibilities
A specific management representative shall be designated from the top management who, irrespective of
other responsibilities, shall be accountable and responsible for ensuring
a) that the MSR is established, implemented and maintained in accordance with the requirements of this
International Standard,
b) the promotion of awareness of the MSR throughout the organization, and
c) that the roles and responsibilities defined in the MSR are properly assigned and that the personnel
performing these roles are competent to perform them.
NOTE Responsibilities could be assigned to a specific position or to a designated group as appropriate to the
complexity of the organization.
4 © ISO 2011 – All rights reserved

---------------------- Page: 11 ----------------------
ISO 30301:2011(E)
5.3.3 Operational responsibilities
The organization's top management shall appoint a specific records operational representative who shall have
a defined role, responsibility and authority, which includes
a) implementing the MSR at the operational level,
b) reporting to the top management on the effectiveness of the MSR for review, including recommendations
for improvement, and
c) establishing liaison with external parties on matters relating to the MSR.
NOTE The roles of management representative and records operational representative could be performed by the
same person or group.
6 Planning
6.1 Actions to address risks and opportunities
The organization shall consider the issues referred to in 4.1 and the requirements referred to in 4.2 and
determine the risks and opportunities that need to be addressed in order to
a) assure the MSR can achieve its intended outcome(s),
b) prevent undesired effects, and
c) realize opportunities for improvement.
The organization shall evaluate the need to plan actions to address these risks and opportunities and, where
applicable,
 integrate and implement these actions into its MSR processes (see 8.1),
 ensure information will be available to evaluate whether the actions have been effective (see 9.1).
6.2 Records objectives and plans to achieve them
Top management shall ensure that records objectives are established and communicated for relevant
functions and levels within the organization.
The records objectives shall
a) be consistent with the records policy,
b) be measurable (if practicable),
c) take into account applicable requirements, and
d) be monitored and updated as appropriate.
The records objectives shall be derived from an analysis of the organization's activities. They shall define the
areas where legislation, regulations, other standards and best practices have the greatest application to the
creation of records connected to activities.
The records objectives shall take into account the size of the organization, the nature of its activities, products
and services and the location, conditions, juridical/administrative system and cultural environment in which it
functions.
© ISO 2011 – All rights reserved 5

---------------------- Page: 12 ----------------------
ISO 30301:2011(E)
The organization shall retain documented information about the records objectives.
To achieve its records objectives, the organization shall determine
 who will be responsible,
 what will be done,
 what resources will be required,
 when it will be completed,
 how the results will be evaluated.
7 Support
7.1 Resources
Top management shall allocate and maintain the resources needed for the MSR.
Resources management includes
a) assigning responsibility to personnel competent to perform the roles assigned in the MSR,
b) periodic review of the competencies and training of those personnel, and
c) maintenance and sustainability of resources and technical infrastructure.
7.2 Competence
The organization shall
a) determine the necessary competence of person(s) doing work under its control that affects the
performance of its records processes and systems,
b) ensure these persons are competent on the basis of appropriate education, training, and experience,
c) where applicable, take actions to acquire the necessary competence and evaluate the effectiveness of
the actions taken, and
d) retain appropriate documented information as evidence of competence.
NOTE Applicable actions can include, for instance, the provision of training to, the mentoring of, or the re-assignment
of current employees, or the hiring or contracting of competent persons.
7.3 Awareness and training
The organization shall ensure that its personnel are aware of
a) the relevance and importance of their individual activities and how they contribute to the achievement of
the MSR objectives,
b) the importance of conformity with the MSR policy and procedures and with the requirements of the
management system,
6 © ISO 2011 – All rights reserved

---------------------- Page: 13 ----------------------
ISO 30301:2011(E)
c) the significant MSR issues and related actual or potential impacts associated with their work and the
benefits of improved personal performance,
d) their roles and responsibilities in achieving conformity with the requirements of the MSR, and
e) the potential consequences of departure from specified procedures.
The organization shall establish an ongoing programme for training in records creation and control.
Programmes for training in the requirements and practices for managing records shall be provided to all levels
of staff in the organization, including contractors and staff of other organizations where relevant. The required
competencies and skills of these different roles, with respect to managing records, shall be assessed and
identified and built into the training programmes developed and provided by the organization.
7.4 Communication
The organization shall establish, implement, document and maintain procedures for internal communication
about the MSR and its records policy and objectives. Internal communication for the effective implementation
of the MSR shall include responsibilities, operational procedures and access to documentation.
The organization shall decide whether or not to communi
...

SLOVENSKI STANDARD
SIST ISO 30301:2013
01-julij-2013
Informatika in dokumentacija - Sistemi upravljanja zapisov - Zahteve
Information and documentation -- Management systems for records -- Requirements
Information et documentation -- Systèmes de gestion des documents d'activité --
Exigences
Ta slovenski standard je istoveten z: ISO 30301:2011
ICS:
01.140.20 Informacijske vede Information sciences
SIST ISO 30301:2013 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST ISO 30301:2013

---------------------- Page: 2 ----------------------

SIST ISO 30301:2013

INTERNATIONAL ISO
STANDARD 30301
First edition
2011-11-15


Information and documentation —
Management systems for records —
Requirements
Information et documentation — Systèmes de gestion des documents
d'activité — Exigences




Reference number
ISO 30301:2011(E)
©
ISO 2011

---------------------- Page: 3 ----------------------

SIST ISO 30301:2013
ISO 30301:2011(E)

COPYRIGHT PROTECTED DOCUMENT


©  ISO 2011
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56  CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland

ii © ISO 2011 – All rights reserved

---------------------- Page: 4 ----------------------

SIST ISO 30301:2013
ISO 30301:2011(E)
Contents Page
Foreword . iv
Introduction . v
1  Scope . 1
2  Normative references . 1
3  Terms and definitions . 1
4  Context of the organization . 2
4.1  Understanding of the organization and its context . 2
4.2  Business, legal and other requirements . 2
4.3  Defining the scope of the MSR . 3
5  Leadership . 3
5.1  Management commitment . 3
5.2  Policy . 3
5.3  Organizational roles, responsibilities and authorities . 4
6  Planning . 5
6.1  Actions to address risks and opportunities . 5
6.2  Records objectives and plans to achieve them . 5
7  Support . 6
7.1  Resources . 6
7.2  Competence . 6
7.3  Awareness and training . 6
7.4  Communication . 7
7.5  Documentation . 7
8  Operation . 8
8.1  Operational planning and control . 8
8.2  Design of records processes . 8
8.3  Implementation of records systems . 9
9  Performance evaluation . 9
9.1  Monitoring, measurement, analysis and evaluation . 9
9.2  Internal system audit . 11
9.3  Management review . 11
10  Improvement . 12
10.1  Nonconformity control and corrective actions . 12
10.2  Continual improvement . 12
Annex A (normative) Processes and controls . 13
Annex B (informative) Interrelationships between ISO 9001, ISO 14001, ISO/IEC 27001 and
ISO 30301 . 16
Annex C (informative) Checklist for self-assessment . 20
Bibliography . 22

© ISO 2011 – All rights reserved iii

---------------------- Page: 5 ----------------------

SIST ISO 30301:2013
ISO 30301:2011(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
(ISO member bodies). The work of preparing International Standards is normally carried out through ISO
technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the
International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of technical committees is to prepare International Standards. Draft International Standards
adopted by the technical committees are circulated to the member bodies for voting. Publication as an
International Standard requires approval by at least 75 % of the member bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO 30301 was prepared by Technical Committee ISO/TC 46, Information and documentation, Subcommittee
SC 11, Archives/records management.
ISO 30301 is part of a series of International Standards under the general title Information and
documentation — Management systems for records:
 ISO 30300, Information and documentation — Management systems for records — Fundamentals and
vocabulary
 ISO 30301, Information and documentation — Management systems for records — Requirements
ISO 30300 specifies the terminology for the Management systems for records (MSR) series of standards, and
the objectives and benefits of a MSR; ISO 30301 specifies requirements for a MSR where an organization
needs to demonstrate its ability to create and control records from its business activities for as long as they
are required.

iv © ISO 2011 – All rights reserved

---------------------- Page: 6 ----------------------

SIST ISO 30301:2013
ISO 30301:2011(E)
Introduction
Organizational success largely depends upon implementing and maintaining a management system that is
designed to continually improve performance while addressing the needs of all stakeholders. Management
systems offer methodologies to make decisions and manage resources in order to achieve the organization's
goals.
Creation and management of records are integral to any organization's activities, processes and systems.
They enable business efficiency, accountability, risk management and business continuity. They also enable
organizations to capitalize on the value of their information resources as business, commercial and knowledge
assets, and to contribute to the preservation of collective memory, in response to the challenges of the global
and digital environment.
Management System Standards (MSS) provide tools for top management to implement a systematic and
verifiable approach to organizational control in an environment that encourages good business practices.
The standards on management systems for records prepared by ISO/TC 46/SC 11 are designed to assist
organizations of all types and sizes, or groups of organizations with shared business activities, to implement,
operate and improve an effective management system for records (hereafter referred to as a MSR). The MSR
directs and controls an organization for the purposes of establishing a policy and objectives with regard to
records and achieving those objectives. This is done through the use of:
a) defined roles and responsibilities;
b) systematic processes;
c) measurement and evaluation;
d) review and improvement.
Implementation of a records policy and objectives soundly based on the organization's requirements will
ensure that authoritative and reliable information about, and evidence of, business activities is created,
managed and made accessible to those who need it for as long as required. Successful implementation of
good records policy and objectives results in records and records systems adequate for all of an
organization's purposes.
Implementing a MSR in an organization also guarantees the transparency and traceability of decisions made
by responsible management and the recognition of public interest.
The standards on MSR prepared by ISO/TC 46/SC 11 are developed within the MSS framework to be
compatible and to share elements and methodology with other MSS. ISO 15489, and other International
Standards and Technical Reports also developed by ISO/TC 46/SC 11, are the principal tools for designing,
implementing, monitoring and improving records processes and controls, which operate under the governance
of the MSR where organizations decide to implement MSS methodology.
NOTE ISO 15489 is the foundation standard which codifies best practice for records management operations.
The structure of standards on MSR prepared by ISO/TC 46/SC 11, either published or under preparation, is
shown in Figure 1.
© ISO 2011 – All rights reserved v

---------------------- Page: 7 ----------------------

SIST ISO 30301:2013
ISO 30301:2011(E)
Management systems for records
Related International Standards
standards
and Technical Reports
Governance framework for records
Implementation of records processes
ISO 30300
ISO 15489
ISO 23081 ISO/TR
Fundamentals
Management systems for
Records
Metadata for 26122
records - Fundamentals
& terminology
management
records. Work
and vocabulary
Part 1 -
Part 1 - Principles process
General
analysis for
Part 2 - Conceptual
records
Part 2 -
ISO 30301
and implementation
Guidelines
Management systems for
Requirements
issues
records - Requirements
Part 3 - Self
ISO 30303 assessment method
Management systems for
records - Requirements for
bodies providing audit and
ISO 13008 ISO 16175
ISO/TR
certification
Digital records Principles and
13028
conversion and functional
Implement-
migration requirements for
ation
ISO 30302
Guidelines
process records in
guidelines
Management systems for
Support high level
electronic office
for
records - Guidelines for
structure elements environments
digitization
implementation
Part 1 - Overview
of records
and statement of
ISO 30304
Management systems for principles
records - Assessment
guide
Part 2 - Guidelines
and functional
requirements for
digital records
management
systems
Part 3 -
Guidelines
and functional
requirements
for records in
business
systems

Figure 1 — Standards on MSR prepared by ISO/TC 46/SC 11
and related International Standards and Technical Reports
These standards are intended to be used by:
 top management who make decisions regarding the establishment and implementation of management
systems within their organization;
 people responsible for implementation of MSR, such as professionals in the areas of risk management,
auditing, records, information technology and information security.
The MSR determines the records management requirements and expectations of the interested parties
(customers and stakeholders) and, through the necessary processes, produces records that meet those
requirements and expectations.
Figure 2 shows the structure of the MSR and the relationship with customers and stakeholders.
vi © ISO 2011 – All rights reserved

---------------------- Page: 8 ----------------------

SIST ISO 30301:2013
ISO 30301:2011(E)
Records Customers
Context of the organization
Input
management and
requirements stakeholders
and
expectations
Leadership
Planning Improvement
Performance
Support
evaluation
Operation
Right
managerial
Quality records
decisions to
Customers achieve policy
and and
Output
stakeholders expectations

Figure 2 — Structure of MSR

© ISO 2011 – All rights reserved vii

---------------------- Page: 9 ----------------------

SIST ISO 30301:2013

---------------------- Page: 10 ----------------------

SIST ISO 30301:2013
INTERNATIONAL STANDARD ISO 30301:2011(E)

Information and documentation — Management systems for
records — Requirements
1 Scope
This International Standard specifies requirements to be met by a MSR in order to support an organization in
the achievement of its mandate, mission, strategy and goals. It addresses the development and
implementation of a records policy and objectives and gives information on measuring and monitoring
performance.
A MSR can be established by an organization or across organizations that share business activities.
Throughout this International Standard, the term “organization” is not limited to one organization but also
includes other organizational structures.
This International Standard is applicable to any organization that wishes to:
a) establish, implement, maintain and improve a MSR to support its business;
b) assure itself of conformity with its stated records policy;
c) demonstrate conformity with this International Standard by
1) undertaking a self-assessment and self-declaration, or
2) seeking confirmation of its self-declaration by a party external to the organization, or
3) seeking certification of its MSR by an external party.
This International Standard can be implemented with other Management System Standards (MSS). It is
especially useful to demonstrate compliance with the documentation and records requirements of other MSS.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
ISO 30300, Information and documentation — Management systems for records — Fundamentals and
vocabulary
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 30300 apply.
© ISO 2011 – All rights reserved 1

---------------------- Page: 11 ----------------------

SIST ISO 30301:2013
ISO 30301:2011(E)
4 Context of the organization
4.1 Understanding of the organization and its context
When establishing and reviewing its MSR, an organization shall take into account all external and internal
factors that are relevant.
The external and internal factors identified and taken into account when establishing and reviewing the MSR
shall be documented.
Understanding the organization's external context may include, but is not limited to:
a) the social and cultural, legal, regulatory, financial, technological, economic, natural and competitive
environment, whether international, national, regional or local;
b) key drivers and trends which can have an impact on the objectives of the organization;
c) relationships with, and perceptions, values and expectations of, external stakeholders.
Understanding the organization's internal context may include, but is not limited to:
1) governance, organizational structure, roles and accountabilities;
2) policies, objectives and the strategies that are in place to achieve them;
3) capabilities, understood in terms of resources and knowledge (e.g. capital, time, people, processes,
systems and technologies);
4) information systems, information flows and decision making processes (both formal and informal);
5) relationships with, and perceptions and values of, internal stakeholders and the organization's
culture;
6) standards, guidelines and models adopted by the organization;
7) the form and extent of contractual relationships.
4.2 Business, legal and other requirements
When establishing and reviewing its records objectives, an organization shall take into account the business,
legal, regulatory and other requirements related to the creation and control of records.
The organization shall assess and document business, legal, regulatory and other requirements affecting its
business operations with which it shall comply and for which it requires evidence of compliance.
Business requirements include all the requirements for the proper performance of the operations or business
of the organization. Requirements arise from current business performance, future planning and development,
risk management and business continuity planning.
Legal requirements include requirements related to the creation and control of records. Sources of legal
requirements are:
a) statute and case law, including law and regulations governing the sector-specific and general business
environment;
b) laws and regulations relating specifically to evidence, records and archives, access, privacy, data and
information protection, and electronic commerce;
2 © ISO 2011 – All rights reserved

---------------------- Page: 12 ----------------------

SIST ISO 30301:2013
ISO 30301:2011(E)
c) the constitutional rules of organizations, charters or agreements to which the organization is a party;
d) treaties and other instruments the organization is legally bound to uphold.
Other requirements include non-legal voluntary commitments made by the organization:
 voluntary codes of best practice;
 voluntary codes of conduct and ethics;
 identifiable expectations of the community about what is acceptable behaviour for the specific sector or
organization, including good governance, the proper control of fraudulent or malicious behaviour and
transparency in decision making.
4.3 Defining the scope of the MSR
The organization shall define and document the scope of its MSR.
The scope of the MSR may include the whole of the organization, specific functions of the organization,
specific sections of the organization, or one or more functions across a group of organizations.
When a MSR is established for one or more specific functions across a group of organizations, the scope shall
include relationships between, and roles of, each entity.
Where an organization outsources any process that affects conformity with MSR requirements, the
organization shall ensure control over such processes. Control of contractors and outsourced processes shall
be identified as within the scope of the MSR.
5 Leadership
5.1 Management commitment
Top management shall demonstrate its commitment by
 ensuring the MSR is compatible with the strategic direction of the organization,
 integrating the MSR requirements into the organization's business processes,
 providing the resources to establish, implement, maintain and continually improve the MSR,
 communicating the importance of an effective MSR and conforming to the MSR requirements,
 ensuring that the MSR achieves its intended outcomes, and
 directing and supporting continual improvement.
NOTE Reference to “business” in this International Standard is interpreted broadly to mean those activities that are
core to the purposes of the organization's existence.
5.2 Policy
Top management shall establish a records policy. The policy shall
 be appropriate to the purpose of the organization,
 provide the framework for setting records objectives,
© ISO 2011 – All rights reserved 3

---------------------- Page: 13 ----------------------

SIST ISO 30301:2013
ISO 30301:2011(E)
 include a commitment to satisfy applicable requirements,
 include a commitment to continual improvement of the MSR,
 be communicated within the organization, and
 be available to interested parties, as appropriate.
The organization shall retain documented information about the records policy.
The records policy shall include the high-level strategies with regard to the creation and control of authentic,
reliable and useable records capable of supporting the organization's functions and activities and protecting
the integrity of those records for as long as they are required.
The organization shall ensure that the records policy is communicated and implemented at all levels in the
organization, and to entities or individuals (such as partners or contractors) working with it, or on its behalf.
5.3 Organizational roles, responsibilities and authorities
5.3.1 General
Top management shall ensure that records management roles, responsibilities and authorities are defined,
assigned and communicated throughout the organization and to entities or individuals working with the
organization, or on its behalf.
The assignment of responsibilities shall be appropriately allocated to all personnel at relevant functions and
levels within the organization, in particular top management, programme managers, records professionals,
information technology professionals, system administrators and all others who create and control records as
part of their work.
Leadership to implement the MSR shall be allocated to a specific representative of top management. Where
the size and complexity of the organization and its records processes require it, a records operational
representative with specific training and competences shall be appointed to a specific role. The assignment of
responsibilities and their interrelationships shall be documented.
5.3.2 Management responsibilities
A specific management representative shall be designated from the top management who, irrespective of
other responsibilities, shall be accountable and responsible for ensuring
a) that the MSR is established, implemented and maintained in accordance with the requirements of this
International Standard,
b) the promotion of awareness of the MSR throughout the organization, and
c) that the roles and responsibilities defined in the MSR are properly assigned and that the personnel
performing these roles are competent to perform them.
NOTE Responsibilities could be assigned to a specific position or to a designated group as appropriate to the
complexity of the organization.
4 © ISO 2011 – All rights reserved

---------------------- Page: 14 ----------------------

SIST ISO 30301:2013
ISO 30301:2011(E)
5.3.3 Operational responsibilities
The organization's top management shall appoint a specific records operational representative who shall have
a defined role, responsibility and authority, which includes
a) implementing the MSR at the operational level,
b) reporting to the top management on the effectiveness of the MSR for review, including recommendations
for improvement, and
c) establishing liaison with external parties on matters relating to the MSR.
NOTE The roles of management representative and records operational representative could be performed by the
same person or group.
6 Planning
6.1 Actions to address risks and opportunities
The organization shall consider the issues referred to in 4.1 and the requirements referred to in 4.2 and
determine the risks and opportunities that need to be addressed in order to
a) assure the MSR can achieve its intended outcome(s),
b) prevent undesired effects, and
c) realize opportunities for improvement.
The organization shall evaluate the need to plan actions to address these risks and opportunities and, where
applicable,
 integrate and implement these actions into its MSR processes (see 8.1),
 ensure information will be available to evaluate whether the actions have been effective (see 9.1).
6.2 Records objectives and plans to achieve them
Top management shall ensure that records objectives are established and communicated for relevant
functions and levels within the organization.
The records objectives shall
a) be consistent with the records policy,
b) be measurable (if practicable),
c) take into account applicable requirements, and
d) be monitored and updated as appropriate.
The records objectives shall be derived from an analysis of the organization's activities. They shall define the
areas where legislation, regulations, other standards and best practices have the greatest application to the
creation of records connected to activities.
The records objectives shall take into account the size of the organization, the nature of its activities, products
and services and the location, conditions, juridical/administrative system and cultural environment in which it
functions.
© ISO 2011 – All rights reserved 5

---------------------- Page: 15 ----------------------

SIST ISO 30301:2013
ISO 30301:2011(E)
The organization shall retain documented information about the records objectives.
To achieve its records objectives, the organization shall determine
 who will be responsible,
 what will be done,
 what resources will be required,
 when it will be completed,
 how the results will be evaluated.
7 Support
7.1 Resources
Top management shall allocate and maintain the resources needed for the MSR.
Resources management includes
a) assigning responsibility to personnel competent to perform the roles assigned in the MSR,
b) periodic review of the competencies and training of those personnel, and
c) maintenance and sustainability of resources and technical infrastructure.
7.2 Competence
The organization shall
a) determine the necessary competence of person(s) doing work under its control that affects the
performance of its records processes and systems,
b) ensure these persons are competent on the basis of appropriate education, training, and experience,
c) where applicable, take actions to acquire the necessary competence and evaluate the effectiveness of
the actions taken, and
d) retain appropriate documented information as evidence of competence.
NOTE Applicable actions can include, for instance, the provision of training to, the mentoring of, or the re-assignment
of current employees, or the hiring or contracting of competent persons.
7.3 Awareness and training
The organization shall ensure that its personnel are aware of
a) the relevance and importance of their individual activities and how they contribute to the achievement of
the MSR objectives,
b) the importance of conformity with the MSR policy and procedures and with the requirements of the
management system,
6 © ISO 2011 – All rights reserved

---------------------- Page: 16 ----------------------

SIST ISO 30301:2013
ISO 30301:2011(E)
c) the significant MSR issues and related actual or potential impacts associated with their work and the
benefits of improved personal performance,
d) their roles and
...

NORME ISO
INTERNATIONALE 30301
Première édition
2011-11-15



Information et documentation —
Systèmes de gestion des documents
d'activité — Exigences
Information and documentation — Management systems for records —
Requirements




Numéro de référence
ISO 30301:2011(F)
©
ISO 2011

---------------------- Page: 1 ----------------------
ISO 30301:2011(F)

DOCUMENT PROTÉGÉ PAR COPYRIGHT


©  ISO 2011
Droits de reproduction réservés. Sauf prescription différente, aucune partie de cette publication ne peut être reproduite ni utilisée sous
quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie et les microfilms, sans l'accord écrit
de l'ISO à l'adresse ci-après ou du comité membre de l'ISO dans le pays du demandeur.
ISO copyright office
Case postale 56  CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Publié en Suisse

ii © ISO 2011 – Tous droits réservés

---------------------- Page: 2 ----------------------
ISO 30301:2011(F)
Sommaire Page
Avant-propos . iv
Introduction . v
1  Domaine d'application . 1
2  Références normatives . 1
3  Termes et définitions . 1
4  Contexte de l'organisme . 2
4.1  Compréhension de l'organisme et de son contexte . 2
4.2  Exigences opérationnelles, exigences légales et autres exigences . 2
4.3  Détermination du domaine d'application du SGDA . 3
5  Leadership . 3
5.1  Engagement de la direction . 3
5.2  Politique . 4
5.3  Rôles, responsabilités et habilitations au sein de l'organisme . 4
6  Planification . 5
6.1  Actions à mener pour prendre en compte les risques et opportunités . 5
6.2  Objectifs à atteindre pour les documents d'activité et moyens à mettre en œuvre . 5
7  Support . 6
7.1  Ressources . 6
7.2  Compétences . 6
7.3  Sensibilisation et formation . 7
7.4  Communication . 7
7.5  Documentation . 7
8  Réalisation . 8
8.1  Planification et contrôle de la réalisation . 8
8.2  Conception des processus liés aux documents d'activité . 9
8.3  Mise en œuvre des systèmes documentaires . 10
9  Évaluation des performances . 10
9.1  Surveillance, mesurage, analyse et évaluation des performances . 10
9.2  Audit interne du système. 11
9.3  Revue de direction . 12
10  Amélioration . 12
10.1  Contrôle des non-conformités et actions correctives . 12
10.2  Amélioration continue . 13
Annexe A (informative) Processus et contrôles . 14
Annexe B (informative) Relations entre l'ISO 9001, l'ISO 14001, ISO 27001 et l'ISO 30301 . 18
Annexe C (informative) Liste de contrôle pour une auto-évaluation . 22
Bibliographie . 24

© ISO 2011 – Tous droits réservés iii

---------------------- Page: 3 ----------------------
ISO 30301:2011(F)
Avant-propos
L'ISO (Organisation internationale de normalisation) est une fédération mondiale d'organismes nationaux de
normalisation (comités membres de l'ISO). L'élaboration des Normes internationales est en général confiée
aux comités techniques de l'ISO. Chaque comité membre intéressé par une étude a le droit de faire partie du
comité technique créé à cet effet. Les organisations internationales, gouvernementales et non
gouvernementales, en liaison avec l'ISO participent également aux travaux. L'ISO collabore étroitement avec
la Commission électrotechnique internationale (CEI) en ce qui concerne la normalisation électrotechnique.
Les Normes internationales sont rédigées conformément aux règles données dans les Directives ISO/CEI,
Partie 2.
La tâche principale des comités techniques est d'élaborer les Normes internationales. Les projets de Normes
internationales adoptés par les comités techniques sont soumis aux comités membres pour vote. Leur
publication comme Normes internationales requiert l'approbation de 75 % au moins des comités membres
votants.
L'attention est appelée sur le fait que certains des éléments du présent document peuvent faire l'objet de
droits de propriété intellectuelle ou de droits analogues. L'ISO ne saurait être tenue pour responsable de ne
pas avoir identifié de tels droits de propriété et averti de leur existence.
L'ISO 30301 a été élaborée par le comité technique ISO/TC 46, Information et documentation, sous-comité
SC 11, Gestion des archives courantes et intermédiaires.
L'ISO 30301 fait partie d'une série de Normes internationale, présentée sous le titre général Information et
documentation — Systèmes de gestion des documents d'activité:
 ISO 30300, Information et documentation — Systèmes de gestion des documents d'activité — Principes
essentiels et vocabulaire
 ISO 30301, Information et documentation — Systèmes de gestion des documents d'activité — Exigences
L'ISO 30300 spécifie la terminologie employée dans la série de normes relatives aux systèmes de gestion des
documents d'activité, ainsi que les objectifs et les avantages d'un tel système; l'ISO 30301 spécifie les
exigences relatives à un système de gestion des documents d'activité lorsqu'un organisme démontre son
aptitude à créer et à contrôler les documents de ses activités aussi longtemps que ces documents sont
nécessaires.
iv © ISO 2011 – Tous droits réservés

---------------------- Page: 4 ----------------------
ISO 30301:2011(F)
Introduction
Le succès organisationnel dépend dans une large mesure de la mise en œuvre et du maintien d'un système
de management conçu dans l'optique d'une amélioration continue des performances tout en répondant aux
besoins de toutes les parties prenantes. Les systèmes de management offrent des méthodologies pour
prendre des décisions et gérer les ressources en vue d'atteindre les objectifs de l'organisme.
La création et la gestion des documents d'activité font partie intégrante de toutes les activités, processus et
systèmes d'un organisme. Les documents d'activité contribuent à la performance, à la responsabilité, à la
gestion des risques et à la continuité des opérations. Ils permettent également aux organismes de tirer profit
de la valeur de leurs ressources documentaires comme actifs opérationnels, commerciaux et informationnels,
tout en contribuant à la conservation de la mémoire collective et en répondant aux défis de l'environnement
mondial et numérique.
Les normes de systèmes de management (MSS) fournissent des outils à la direction pour développer une
approche systématique et vérifiable du contrôle organisationnel dans un environnement qui favorise les
bonnes pratiques opérationnelles.
Les normes relatives aux systèmes de gestion des documents d'activité préparées par l'ISO/TC 46/SC 11
sont conçues pour aider les organismes de tous types et de toutes tailles, ou les groupements d'organismes
partageant des activités opérationnelles, à mettre en œuvre, exploiter et améliorer un système de gestion des
documents d'activité efficace (que l'on désignera par la suite par SGDA). Le SGDA oriente et contrôle les
actions d'un organisme visant à établir une politique et des objectifs de gestion des documents d'activité et à
atteindre ces objectifs, au moyen de:
a) rôles et responsabilités définis;
b) processus systématiques;
c) mesure et évaluation;
d) revue et amélioration.
La mise en œuvre d'une politique et d'objectifs relatifs aux documents d'activité, solidement fondés sur les
exigences de l'organisme assurera que des informations fiables et qui font autorité concernant les activités
opérationnelles de l'organisme, ainsi que les preuves associées, sont créées, gérées et mises à disposition
de ceux qui en ont besoin, aussi longtemps que nécessaire. Des processus et des systèmes adéquats de
gestion des documents d'activité adéquats sont nécessaires à la mise en œuvre réussie de la politique et des
objectifs relatifs aux documents d'activité.
La mise en œuvre d'un SGDA au sein d'un organisme garantit également la transparence et la traçabilité des
décisions prises par les autorités responsables, ainsi qu'au respect de l'obligation de rendre compte.
Les normes relatives aux SGDA préparées par l'ISO/TC 46/SC 11 sont développées dans le cadre des
normes de systèmes de management afin d'être compatibles et de partager des éléments et une
méthodologie avec d'autres normes de systèmes de management. L'ISO 15489 et les autres Normes
internationales et Rapports techniques également élaborés par l'ISO TC 46/SC 11 sont les principaux outils
pour concevoir, mettre en œuvre, gérer et améliorer les processus de gestion des documents d'activité et
leurs contrôles, ce qui permet d'agir dans le cadre de la gouvernance du SGDA quand les organismes
décident de déployer une méthodologie normée de système de management.
NOTE L'ISO 15489 est la norme de base qui définit les bonnes pratiques en matière d'opérations de gestion des
documents d'activité.
© ISO 2011 – Tous droits réservés v

---------------------- Page: 5 ----------------------
ISO 30301:2011(F)
La structure des normes de système de management préparées par l'ISO/TC 46/SC 11 est indiquée à la
Figure 1, les normes étant publiées ou en préparation.
Normes de systèmes de gestion des Normes internationales et
documents d’activité Rapports techniques connexes
Cadre pour la gouvernance des documents d’activité Mise en œuvre des processus liés aux documents
d’activité
ISO 23081
ISO/TR
ISO 15489
Métadonnées 26122
Records
ISO 30300
pour les
management Analyse du
Principes
Systèmes de gestion des
enregistrements
processus
essentiels et documents d'activité -
Partie 1 -
Partie 1 - des «records»
Principes essentiels et
terminologie Principes
Principes
vocabulaire
directeurs
Partie 2 -
Partie 2 -
Concepts et mise

Guide pratique
en œuvre
Partie 3 -
ISO 30301
Méthode d’auto-
Systèmes de gestion des
Exigences
évaluation
documents d'activité –
Exigences
ISO 30303
ISO 16175
Systèmes de gestion des ISO 13008
ISO/TR 13028
documents d’activité – Processus de Principes et
Mise en œuvre
conversion et exigences
Exigences relatives aux
des lignes
migration fonctionnelles
organismes d’audit et de
directrices
des documents pour les
certification
pour la
enregistrements
d’activité
numérisation
numériques dans les
des
environnements
enregistrements
électroniques
Lignes
de bureau
ISO 30302
directrices
Partie 1 - Aperçu
Systèmes de gestion des
Éléments à l'appui
et déclaration de
documents d’activité - Guide
d'une structure de
principes
de mise en œuvre
haut niveau
Partie 2 - Lignes
directrices et
exigences
fonctionnelles
ISO 30304
pour les
Systèmes de gestion des
systèmes de
documents d’activité - Guide
management
d’évaluation
des
enregistrements
numériques
Partie 3 - Lignes
directrices et
exigences
fonctionnelles
pour les
enregistrements
dans les
systèmes
d'entreprise

Figure 1 — Normes de système de management préparées par l'ISO/TC 46/SC 11,
et Normes internationales et Rapports techniques associés
vi © ISO 2011 – Tous droits réservés

---------------------- Page: 6 ----------------------
ISO 30301:2011(F)
Ces normes sont destinées à être utilisées par
 les dirigeants des organismes qui prennent des décisions pour établir et mettre en œuvre des systèmes
de management dans leur organisme, et
 les responsables de la mise en œuvre du SGDA, tels que les professionnels de la gestion des risques, de
l'audit, des documents d'activité, des systèmes d'informations et de la sécurité de l'information.
Le SGDA détermine les exigences de management des informations et des documents et les attentes des
parties intéressées (clients et parties intéressées) et, par les processus nécessaires, produit des informations
et des documents satisfaisants en tant que résultats satisfaisant aux exigences et répondant aux attentes.
La Figure 2 montre le modèle du SGDA et les relations avec les clients et les parties prenantes.
Exigences et
attentes en Informations
Clients et
Contexte de l’organisme
matière de
entrantes
parties
gestion des
intéressées
documents
d’activité
Direction
(de projet)
Amélioration
Planification
Évaluation des
performances
Support
Décisions
appropriées
Fonctionnement
de la direction

pour se
conformer à
Enregistrements
la politique et
Clients et
qualité
répondre aux
parties
attentes
intéressées
Résultats

Figure 2 — Structure du SGDA
© ISO 2011 – Tous droits réservés vii

---------------------- Page: 7 ----------------------
NORME INTERNATIONALE ISO 30301:2011(F)

Information et documentation — Systèmes de gestion des
documents d'activité — Exigences
1 Domaine d'application
La présente Norme internationale spécifie les exigences relatives à un système de gestion des documents
d'activité (SGDA) visant à soutenir un organisme dans la réalisation de son mandat, de sa mission, de sa
stratégie et de ses objectifs par le développement et la mise en œuvre d'une politique et d'objectifs relatifs aux
documents des activités et donne des informations sur le mesurage et la surveillance des performances.
Un SGDA peut être établi par un organisme ou plusieurs organismes lorsque ceux-ci partagent des activités.
Tout au long de la présente Norme internationale, le terme «organisme» ne se limite pas à un seul organisme,
mais inclut également d'autres structures organisationnelles.
La présente Norme internationale s'applique à tout organisme souhaitant
a) établir, mettre en œuvre, maintenir et améliorer un SGDA venant à l'appui de ses activités,
b) s'assurer lui-même de la conformité à sa politique déclarée en matière de documents d'activité, et
c) démontrer sa conformité à la présente Norme internationale en
1) réalisant une auto-évaluation et une auto-déclaration, ou
2) demandant une confirmation de son auto-déclaration par un organisme extérieur, ou
3) demandant une certification de son SGDA par un organisme extérieur.
La présente Norme internationale peut être mise en œuvre avec d'autres normes de systèmes de
management (MSS). Il est particulièrement utile de démontrer la conformité aux exigences relatives aux
documents des activités des autres MSS.
2 Références normatives
Les documents de référence suivants sont indispensables pour l'application du présent document. Pour les
références datées, seule l'édition citée s'applique. Pour les références non datées, la dernière édition du
document de référence s'applique (y compris les éventuels amendements).
ISO 30300, Information et documentation — Systèmes de gestion des documents d'activités — Principes
essentiels et vocabulaire
3 Termes et définitions
Pour les besoins du présent document, les termes et définitions donnés dans l'ISO 30300 s'appliquent.
© ISO 2011 – Tous droits réservés 1

---------------------- Page: 8 ----------------------
ISO 30301:2011(F)
4 Contexte de l'organisme
4.1 Compréhension de l'organisme et de son contexte
Lors de l'établissement et de la revue de son système de gestion des documents d'activité, un organisme doit
tenir compte de tous les facteurs externes et internes pertinents.
Les facteurs externes et internes identifiés et pris en compte lors de l'établissement et de la revue du SGDA
doivent être documentés.
La compréhension du contexte externe de l'organisme peut inclure, sans toutefois s'y limiter,
a) l'environnement socioculturel, juridique, réglementaire, financier, technologique, économique, naturel et
concurrentiel, qu'il soit international, national, régional ou local,
b) les indicateurs clés et les principales tendances ayant un impact sur les objectifs de l'organisme, et
c) les relations avec les parties prenantes externes, ainsi que leurs perceptions, leurs valeurs et leurs
attentes.
La compréhension du contexte interne de l'organisme peut inclure, sans toutefois s'y limiter,
1) gouvernance, structure organisationnelle, rôles et responsabilités,
2) politiques, objectifs et stratégies mises en place pour les réaliser,
3) capacités, en termes de ressources et de connaissances (par exemple capital, temps, personnes,
processus, systèmes et technologies),
4) systèmes d'information, flux d'information et processus décisionnels (aussi bien formels qu'informels),
5) relations avec les parties prenantes internes, ainsi que leurs perceptions et valeurs, et culture de
l'organisme,
6) normes, lignes directrices et modèles adoptés par l'organisme, et
7) forme et étendue des relations contractuelles.
4.2 Exigences opérationnelles, exigences légales et autres exigences
Lors de l'établissement et de la revue de ses objectifs en matière de documents d'activité, un organisme doit
tenir compte des besoins opérationnels, des exigences légales, réglementaires, et d'autres exigences
relatives à la création et à la maîtrise des documents d'activité.
L'organisme doit évaluer et documenter les exigences opérationnelles, légales, réglementaires et les autres
exigences affectant ses activités auxquelles il doit se conformer et pour lesquelles des preuves de conformité
sont exigées.
Les besoins opérationnels comprennent toutes les exigences relatives à la bonne réalisation des opérations
ou des activités de l'organisme. Les exigences sont liées aux performances actuelles de l'entreprise, à la
planification et au développement futurs, à la gestion des risques et au plan de continuité des activités.
Les exigences légales comprennent les exigences liées à la création et à la maîtrise des documents d'activité.
Les sources d'exigences légales sont:
a) la législation et la jurisprudence, y compris les lois et réglementations propres à l'activité en général et au
secteur d'activité concerné;
2 © ISO 2011 – Tous droits réservés

---------------------- Page: 9 ----------------------
ISO 30301:2011(F)
b) les lois et réglementations relatives à la notion de preuve, aux documents d'activité et aux archives, à
l'accès, au respect de la vie privée, à la protection des données et des informations et au commerce
électronique;
c) les règles constitutionnelles des organismes, les chartes ou les conventions auxquelles adhère
l'organisme;
d) les traités et autres instruments que l'organisme est légalement tenu d'observer.
Les autres exigences comprennent les engagements volontaires juridiquement non contraignants pris par
l'organisme:
 les codes de bonnes pratiques adoptés volontairement;
 les codes de conduite et d'éthique adoptés volontairement;
 les attentes identifiées de la société en matière de comportement acceptable dans le secteur d'activité ou
l'organisme spécifique, y compris une bonne gouvernance, un contrôle approprié des comportements
frauduleux ou malveillants et une transparence dans la prise de décision.
4.3 Détermination du domaine d'application du SGDA
L'organisme doit définir et documenter le domaine d'application de son SGDA.
Le domaine d'application du SGDA peut inclure la totalité de l'organisme, des fonctions spécifiques et
identifiées de l'organisme, des sections spécifiques et identifiées de l'organisme ou une ou plusieurs fonctions
dans un groupe d'organismes.
Lorsqu'un SGDA est établi pour une ou plusieurs fonctions spécifiques dans un groupe d'organismes, le
domaine d'application doit indiquer les relations entre eux et les rôles de chaque entité.
Lorsqu'un organisme externalise des processus affectant la conformité aux exigences du SGDA, l'organisme
doit assurer un contrôle de ces processus. Le contrôle des sous-traitants et des processus externalisés doit
être identifié comme dans le domaine d'application du SGDA.
5 Leadership
5.1 Engagement de la direction
La direction doit prouver son implication en
 assurant la compatibilité du SGDA avec l'orientation stratégique de l'entreprise,
 intégrant les exigences du SGDA dans les processus métier de l'entreprise,
 s'assurant de la disponibilité des ressources nécessaires à la mise en œuvre, à l'implémentation, au
maintien et au développement continu du SGDA,
 sensibilisant, par des actions de communication, à l'importance d'avoir un SGDA performant et de se
conformer aux exigences du SGDA,
 s'assurant que les objectifs relatifs aux documents d'activité sont atteints,
 soutenant une politique d'amélioration continue.
NOTE La référence à «métier» dans la présente Norme internationale est largement interprétée pour signifier ces
activités qui sont primordiales pour les besoins de l'existence de l'entreprise.
© ISO 2011 – Tous droits réservés 3

---------------------- Page: 10 ----------------------
ISO 30301:2011(F)
5.2 Politique
La direction doit établir une politique concernant les documents d'activité. Cette politique doit
 correspondre à la finalité de l'entreprise,
 fournir un cadre pour la définition des objectifs et des cibles du SGDA,
 inclure un engagement à satisfaire les exigences en vigueur,
 inclure un engagement à œuvrer dans le sens d'une amélioration continue du SGDA,
 faire l'objet d'une communication à l'ensemble de l'organisme,
 être mise à la disposition des parties intéressées, si nécessaire.
L'organisme doit conserver une information documentée sur la politique relative aux documents d'activité.
Cette politique doit inclure les stratégies de haut niveau en ce qui concerne la création et le contrôle de
documents authentiques, fiables et exploitables, capables de servir d'appui aux fonctions et aux activités de
l'organisme, et en ce qui concerne la protection de l'intégrité de ces documents aussi longtemps que
nécessaire.
Les organismes doivent s'assurer que la politique relative aux documents d'activité fait l'objet d'une
communication et d'une mise en œuvre à tous les niveaux de l'organisme ainsi qu'aux entités ou individus
(tels que partenaires ou sous-traitants) travaillant avec lui ou pour son compte.
5.3 Rôles, responsabilités et habilitations au sein de l'organisme
5.3.1 Aspects généraux
La direction doit s'assurer que les rôles, les responsabilités et les habilitations en matière de SGDA sont
définis et assignés et qu'ils font l'objet d'une communication à l'ensemble de l'organisme ainsi qu'aux entités
ou individus travaillant avec lui ou pour son compte.
Les responsabilités doivent être affectées de manière appropriée à l'ensemble du personnel occupant les
fonctions et niveaux pertinents au sein de l'organisme, en particulier aux cadres supérieurs, aux responsables
de programmes, aux responsables des documents d'activité, aux professionnels de l'information, aux
administrateurs système ainsi qu'à toute autre personne amenée à créer des documents dans le cadre de son
activité.
Le leadership pour mettre en œuvre le SGDA doit être attribué à un représentant spécifique issu de la
direction. Lorsque la taille et la complexité de l'organisme et ses processus liés aux documents d'activité
l'exigent, un responsable d'exploitation des documents d'activité, ayant une formation et des compétences
spécifiques doit être désigné pour assumer ce rôle. L'attribution des responsabilités et leurs interrelations
doivent être documentées.
5.3.2 Responsabilités de la direction
Un représentant de la direction doit être spécifiquement désigné par celle-ci afin de rendre compte et
d'assumer la responsabilité des opérations suivantes, quelles que soient par ailleurs ses autres
responsabilités:
a) s'assurer que le SGDA est établi, mis en œuvre et maintenu conformément aux exigences de la présente
Norme internationale;
b) assurer la promotion du SGDA dans tout l'organisme à travers des actions de sensibilisation;
4 © ISO 2011 – Tous droits réservés

---------------------- Page: 11 ----------------------
ISO 30301:2011(F)
c) s'assurer que les rôles et les responsabilités définis dans le SGDA sont convenablement attribués et que
le personnel assumant ces rôles possède les compétences requises.
NOTE Des responsabilités pourraient être attribuées à un poste spécifique ou à un groupe désigné comme approprié
selon la complexité de l'organisme.
5.3.3 Responsabilités opérationnelles
La direction doit désigner un représentant opérationnel dédié aux documents d'activité. Ses rôle,
responsabilité et habilitation doivent être définis. Ceux-ci incluent:
a) la mise en œuvre du SGDA au niveau opérationnel;
b) l'établissement de rapports sur les performances du SGDA pour examen, y compris des propositions
d'amélioration;
c) l'établissement d'une liaison avec les parties extérieures sur les sujets en rapport avec le SGDA.
NOTE Les rôles du représentant de la direction et du représentant opérationnel pour les documents d'activité
peuvent être assumés par la même personne ou le même groupe.
6 Planification
6.1 Actions à mener pour prendre en compte les risques et opportunités
L'organisme doit prendre en considération les points listés en 4.1 et les exigences mentionnées en 4.2 et
déterminer les risques et opportunités qui nécessitent qu'une réponse soit apportée, afin de
a) s'assurer que les objectifs visés par le SGDA sont bien atteints,
b) prévenir d'effets indésirables, et
c) offrir des opportunités d'améliorations.
L'organisme doit évaluer le besoin de planifier des actions pour permettre de faire face à ces risques et
opportunités, là où ces actions sont applicables:
 intégrer et mettre en œuvre ces actions dans leurs procédures de SGDA (voir 8.1);
 s'assurer que les informations permettront d'évaluer si les actions ont été efficaces (voir 9.1).
6.2 Objectifs à atteindre pour les documents d'activité et moyens à mettre en œuvre
La direction doit s'assurer que les objectifs à attendre pour les documents d'activité sont établis et
communiqués auprès des personnes occupant des fonctions et niveaux hiérarchiques pertinents au sein de
l'organisme.
Ces objectifs doivent
a) être en cohérence avec la politique relative aux documents d'activité,
b) être mesurables (si cela est réalisable),
c) prendre en considération les exigences en vigueur, et
d) être surveillés et mis à jour si nécessaire.
© ISO 2011 – Tous droits réservés 5

---------------------- Page: 12 ----------------------
ISO 30301:2011(F)
Les objectifs concernant les documents d'activité doivent découler d'une analyse des activités de l'organisme.
Ils doivent définir le périmètre dans lequel
...