SIST ISO 23081-2:2010

INTERNATIONAL ISO
STANDARD 23081-2
First edition
2009-07-01

Information and documentation —
Managing metadata for records —
Part 2:
Conceptual and implementation issues
Information et documentation — Gestion des métadonnées pour
l'information et les documents —
Partie 2: Concepts et mise en oeuvre




Reference number
ISO 23081-2:2009(E)
©
ISO 2009

---------------------- Page: 1 ----------------------
ISO 23081-2:2009(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.


COPYRIGHT PROTECTED DOCUMENT


©  ISO 2009
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland

ii © ISO 2009 – All rights reserved

---------------------- Page: 2 ----------------------
ISO 23081-2:2009(E)
Contents Page
Foreword .iv
Introduction.v
1 Scope.1
2 Normative references.1
3 Terms and definitions .1
4 Purpose and benefits of metadata.3
5 Policy and responsibilities .5
6 Metadata conceptual model .7
7 Concepts relating to metadata implementation .9
8 Metadata model for managing records .15
9 Generic metadata elements.17
10 Developing a metadata schema for managing records.24
11 Implementing metadata for managing records .27
Bibliography.33

© ISO 2009 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO 23081-2:2009(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
(ISO member bodies). The work of preparing International Standards is normally carried out through ISO
technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the
International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of technical committees is to prepare International Standards. Draft International Standards
adopted by the technical committees are circulated to the member bodies for voting. Publication as an
International Standard requires approval by at least 75 % of the member bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO 23081-2 was prepared by Technical Committee ISO/TC 46, Information and documentation,
Subcommittee SC 11, Archives/records management.
This first edition cancels and replaces ISO/TS 23081-2:2007, which has been technically revised.
ISO 23081 consists of the following parts, under the general title Information and documentation — Managing
metadata for records:
⎯ Part 1: Principles
⎯ Part 2: Conceptual and implementation issues
iv © ISO 2009 – All rights reserved

---------------------- Page: 4 ----------------------
ISO 23081-2:2009(E)
Introduction
The ISO 23081 series describes metadata for records. This part of ISO 23081 focuses on the framework for
defining metadata elements for managing records and provides a generic statement of metadata elements,
whether these are physical, analogue or digital, consistent with the principles of ISO 23081-1.
It provides an extended rationale for metadata for managing records in organizations, conceptual models for
metadata and a high-level element set of generic metadata types suitable for any records environment
encompassing, for example, current document or records management implementations or archival
implementations. It defines the generic metadata types both for records entities as well as other entities that
need to be managed in order to document and understand the context of records. This part of ISO 23081 also
identifies, for key entities, a minimum number of fixed aggregation layers that are required for interoperability
purposes. The models and generic metadata types outlined in this part of ISO 23081 are primarily focused on
the “records” entity. However, they are also relevant to the other entities.
This part of ISO 23081 does not prescribe a specific set of metadata elements. Rather, it identifies generic
types of metadata that are required to fulfil the requirements for managing records. This approach provides
organizations with the flexibility to select specific metadata to meet their business requirements for managing
their records for as long as they are required. It provides diagrams for determining the metadata elements that
may be defined in a particular implementation and the metadata that could apply to each aggregation of the
entities defined. It acknowledges that these entities can exist at different layers of aggregation. It defines
generic metadata types that are expected to apply at all layers of aggregation, while alerting implementers to
specific metadata elements that may only apply at particular layers of aggregation.
Implementing metadata for managing records in organizational and system settings involves a number of
choices, which are determined by the circumstances of the organization, the systems in place and the
requirements for managing records.
Building upon the principles of ISO 23081-1, this part of ISO 23081 provides further explanation on the
underlying concepts of metadata schemas for managing records, offers practical guidance for developing and
constructing those schemas from an organizational point of view and finally goes into issues relating to the
implementation and management of metadata over time.
This part of ISO 23081 is intended for
⎯ records professionals (or persons assigned within an organization for managing records in any
environment) responsible for defining metadata for managing records at any layer of aggregation in either
a business system or dedicated records application software,
⎯ systems/business analysts responsible for identifying metadata to manage records in business systems,
⎯ records professionals or systems analysts addressing system interoperability requirements involving
records, and
⎯ vendors, as suppliers of software applications that support and enable the creation, capture and
management of metadata over time.

© ISO 2009 – All rights reserved v

---------------------- Page: 5 ----------------------
INTERNATIONAL STANDARD ISO 23081-2:2009(E)

Information and documentation — Managing metadata for
records —
Part 2:
Conceptual and implementation issues
1 Scope
This part of ISO 23081 establishes a framework for defining metadata elements consistent with the principles
and implementation considerations outlined in ISO 23081-1. The purpose of this framework is to
a) enable standardized description of records and critical contextual entities for records,
b) provide common understanding of fixed points of aggregation to enable interoperability of records and
information relevant to records between organizational systems, and
c) enable reuse and standardization of metadata for managing records over time, space and across
applications.
It further identifies some of the critical decision points that need to be addressed and documented to enable
implementation of metadata for managing records. It aims to
⎯ identify the issues that need to be addressed in implementing metadata for managing records,
⎯ identify and explain the various options for addressing the issues, and
⎯ identify various paths for making decisions and choosing options in implementing metadata for managing
records.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
ISO/IEC 11179-1, Information technology — Metadata registries (MDR) — Part 1: Framework
ISO 15489-1:2001, Information and documentation — Records management — Part 1: General
ISO 23081-1:2006, Information and documentation — Records management processes — Metadata for
records — Part 1: Principles
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 15489-1, ISO 23081-1,
ISO/IEC 11179-1 and the following apply.
© ISO 2009 – All rights reserved 1

---------------------- Page: 6 ----------------------
ISO 23081-2:2009(E)
3.1
archival system
organized collection of hardware, software, policies, procedures and people, which maintains, stores,
manages and makes available records over time
3.2
attribute
characteristic of an object or entity
[ISO 11179-1:2004, definition 3.1.1]
3.3
business system
organized collection of hardware, software, supplies, policies, procedures and people, which stores,
processes and provides access to an organization’s business information
3.4
class
description of a set of objects that share the same attributes, operations, methods, relationships, and
semantics
[ISO/IEC 19501:2005, Glossary]
3.5
conceptual data model
data model that represents an abstract view of the real world
NOTE A conceptual model represents the human understanding of a system.
[ISO 11179-1:2004, definition 3.2.5]
3.6
entity
any concrete or abstract thing that exists, did exist, or may exist, including associations among these things
EXAMPLE A person, object, event, idea or process.
NOTE An entity exists whether data about it are available or not.
[ISO 11179-1:2004, definition 3.2.10; ISO/IEC 2382-17:1999, definition 17.02.05].
3.7
metadata for managing records
structured or semi-structured information, which enables the creation, management, and use of records
through time and within and across domains
NOTE See ISO 23081-1:2006, Clause 4.
3.8
records application software
specific application used to maintain, manage and provide access to an organization’s record resources
2 © ISO 2009 – All rights reserved

---------------------- Page: 7 ----------------------
ISO 23081-2:2009(E)
4 Purpose and benefits of metadata
4.1 Purposes of metadata for managing records
4.1.1 General
Organizations need information systems that capture and manage appropriate contextual information to aid
the use, understanding, management of, and access to, records over time. This information is critical for
asserting authenticity, reliability, integrity, usability and evidential qualities of records. Collectively, this
information is known as metadata for managing records.
Metadata for managing records can be used for a variety of purposes within an organization to support,
identify, authenticate, describe, locate and manage their resources in a systematic and consistent way to meet
business, accountability and societal requirements of organizations.
Records application software and business systems with records functionality manage records by capturing
and managing metadata about those records and the context of their creation and use.
Records, particularly in the form of electronic transactions, can exist outside of formal records application
software, often being created in business systems serving specific purposes (for example, licensing systems).
Records are used and understood by people who possess, or have access to, sufficient knowledge about the
processes being undertaken, the people involved in the transaction, the records generated and their
immediate context. Such records are not always robust, for reasons including the following.
a) Contextual linkages can be unwritten and dependent upon individual and group memory. Such reliance
on unwritten contextual understanding is not dependable; some people have access to more knowledge
than others, over time the usability of records will be compromised by staff movement and diminishing
corporate memory.
b) The records often lack explicit information needed to identify the components of a transaction outside the
specific business context and are therefore difficult to exchange with other related business systems for
interoperability purposes.
c) The management processes necessary to assure the sustainability of the records for as long as they are
required are not usually a feature of such systems.
4.1.2 Amount of metadata
There are practical limits to the amount of contextual information that can be made explicit and captured into a
given system in the form of metadata. Context is infinite, while a single information system has finite
boundaries. Further contextual information will always exist outside the boundaries of any one system.
A single records application software system only needs to capture as much metadata as is considered useful
for that system and its users to interpret and manage the records for as long as they are required within the
system and to enable migration of those records required outside the system. Good metadata regimes are
dynamic and can add additional metadata for managing records as and when necessary over time.
Much metadata for managing records can be obtained from other information systems. For them to be useful
in a system for managing records they need to be structured and organized in a standardized way.
Standardized metadata are an essential prerequisite for information system interoperability within and
between organizations.
4.2 Business benefits for metadata for managing records
4.2.1 General
Metadata for managing records not only describe the attributes of records in a way that enables their
management and use/reuse, they also document the relationships between records and the agents that make
and use them and the events or circumstances in which the records are made and used. Metadata support
the searching of information assets and the maintenance of their authenticity.
© ISO 2009 – All rights reserved 3

---------------------- Page: 8 ----------------------
ISO 23081-2:2009(E)
4.2.2 Capturing and managing records in business systems
Organizations need to create records of their transactions and maintain those records for as long as they are
needed. This can be done only if organizations’ business systems capture records metadata in accordance
with organizational requirements for managing records. How well a system manages records is largely
dependent on the metadata functionality of the system. The relationships between business systems and
specific records application software systems are subject to implementation decisions, as outlined in
Clause 11.
4.2.3 Interoperability
Interoperability refers to the ability of two or more automated systems to exchange information and to
recognize, process and use that information successfully. Interoperable systems need to be able to function
simultaneously at technical, semantic and syntactical levels. Standardized metadata are an essential
prerequisite for information system interoperability.
Standardized metadata for managing records assist in enabling interoperability as follows:
a) between business systems within an organization (for example, between systems that support one
business process and those that support other business processes across the organization);
b) between business systems that create records, and records application software that manage them as
records;
c) between business systems during system migration;
d) between multiple organizations involved in the conduct of business processes (for example, chain
management or electronic commerce transactions);
e) between organizations for a variety of other business purposes (for example in undertaking shared
transactions or transfer of records to a third party);
f) across time between business systems that create records and archival systems that preserve them.
In supporting interoperability, metadata for managing records enable resource discovery of records in
business systems as well as in records application software.
4.2.4 Risk management
Metadata schemas can be tailored to suit organizational requirements for risk aversion. Organizations will
specify elements that shall be present for records to be reliable, authentic and to have integrity. Other
elements will be optional, for inclusion at the discretion of sub-units of organizations or for particular business
systems within organizations.
When considering metadata implementation strategies, organizations should identify the risks that exist,
consider the degree of risk entailed, and ensure that the implementation strategy
a) provides access to critical business systems over time,
b) satisfies legal requirements for authenticity and reliability, and
c) is sustainable from a resource perspective over time.
4.2.5 Metadata for records as an organizational information asset
Structured metadata for managing records, in combination with good system search functionality, support
access and retrieval of records across organizations. This maximizes the ability of people to find relevant
records quickly and easily when they need to. In addition, structured records metadata enable information in
4 © ISO 2009 – All rights reserved

---------------------- Page: 9 ----------------------
ISO 23081-2:2009(E)
records to be retrieved within their business context, thus enhancing understanding and trust in the reliability
of information retrieved for reuse. A relatively small initial investment in good metadata can enhance quality
and reduce costs for retrieval of information to the organization.
4.2.6 Preventing unauthorized access to records
Metadata for managing records can be used to reduce the risk of unauthorized use of records. Metadata are
needed to specify if access to records is restricted. Only those with appropriate clearance should have access
to records. Any instances of access should be documented as metadata. Access control metadata are vital to
secure legal and business interests of the organization. They ensure the appropriate management of
confidentiality, and privacy of personal information, and other use and security restrictions identified in an
organization’s records.
4.2.7 Sustainability of business systems through administrative change
With the change of an organization's structure, function or work process, a shift in the responsibilities for
business activities takes place. Implementation of standardized and structured records metadata assists in
identifying appropriate records to be moved across systems and organizational boundaries. Such
standardized metadata also assist in extracting records from one system and importing them into other
systems, by preserving contextual linkage independently of any particular business system.
4.2.8 Long-term retention of digital records
Digital records depend upon metadata for their existence, management and future use. The characteristics of
records (ISO 15489-1:2001, 7.2) in all formats are defined in records metadata. Ensuring the preservation of
the records, including their metadata, in electronic form requires conformance to stable, structured and well
defined metadata standards to ensure their sustainability across software upgrades or changes. Preservation
of digital records as long as they are needed can involve a number of strategies (see Clause 11), but all
strategies are dependent upon the existence of standardized metadata for managing records.
4.2.9 Incorporation of metadata into archival systems
Much of the information that is needed to document and describe records and their context in archival
systems can be sourced from the metadata in records application software. This interconnection should be as
seamless as possible. Capturing metadata for managing records according to a standardized schema makes
this process easier to implement.
5 Policy and responsibilities
5.1 Policy decisions
As indicated in ISO 23081-1:2006, Clause 6, metadata strategies should be treated as an integral part of, or
explicitly related to, an organization's broader records and information management strategy. In this respect,
clear metadata-related policy should be created, either as a separate stand-alone policy area linked to the
existing records policy framework or as an integral yet distinct part of the existing organizational records
policies. In either case, organizations should:
a) identify and assign roles and responsibilities, including responsibilities for quality assurance of metadata;
b) identify requirements for metadata reliability, accessibility, retrieval, maintenance, and security;
c) select applicable metadata standards or schema;
d) identify and establish rules for applying metadata encoding schemes (controlled vocabularies, syntax
schemes);
e) determine technical standards to be used in implementation;
© ISO 2009 – All rights reserved 5

---------------------- Page: 10 ----------------------
ISO 23081-2:2009(E)
f) identify how the metadata policy for managing records relates to other metadata policies or schemas that
are in use in the organization;
g) identify evaluation criteria and methodology for determining compliance with, and effectiveness of, the
policy;
h) develop monitoring and evaluation strategies to accompany the policy;
i) determine how the policy will be kept up-to-date in line with business activities.
Any policy should allow for different levels of implementation. It should identify the level to be achieved and
how it is to be achieved.
A policy also should identify those areas that are most critical and require special attention with respect to
metadata deployment strategies, such as sustainability, accessibility, vital records identification, preservation
and risk analysis.
5.2 Responsibilities for implementing metadata for managing records
In line with the established framework of roles and responsibilities for records (see ISO 15489-1:2001, 6.3),
responsibility for developing, implementing and maintaining metadata frameworks for managing records
should be clearly assigned to records professionals in association with other organizational staff such as
information technology or legal professionals, as appropriate.
This responsibility includes:
a) analysing the needs of the organization for metadata for managing records based upon business
requirements;
b) monitoring and analysing developments within the organization relating to metadata, particularly
requirements for managing records;
c) ensuring that metadata schemas for managing records are developed in accordance with best practice
and applicable industry standards;
d) developing the metadata framework for managing records, including the metadata schema, and related
organizational standards and the rules for using them;
e) identifying or developing appropriate metadata encoding schemes, element refinements and qualifiers, for
example classification schemes;
f) keeping the metadata schema up-to-date and in line with business needs;
g) managing the metadata schema as a record in its own right;
h) maintaining the overall quality of both machine-generated and human-generated metadata, most
particularly its accuracy, integrity, authenticity, usability and reliability;
i) co-ordinating implementation issues between records and information technology staff;
j) co-ordinating with business system owners to ensure integration of metadata for managing records into
business systems as appropriate;
k) co-ordinating with archival authorities/processes to ensure interoperability between records application
software and archival environments for those records that have archival value;
l) setting up a training programme and subsequent training of agents on the use and application of the
metadata schema;
m) communicating about the metadata schema within the organization.
6 © ISO 2009 – All rights reserved

---------------------- Page: 11 ----------------------
ISO 23081-2:2009(E)
6 Metadata conceptual model
6.1 Entities
Systems designed to manage records require metadata to support processes for managing records or
archives. One of the main uses of metadata is to represent entities from the business environment in the
business system. Entities support the records perspective for understanding the business environment but
they are not in themselves always tangible objects.
Figure 1 specifies the conceptual entity model and supports any number of entities, but of particular
importance are the following:
a) the records themselves, whether an individual document or aggregations of records (known as record
entities);
b) the people or organizing structures in the business environment (known as agent entities);
c) the business transacted (known as business entities);
d) the rules governing the transaction and documentation of business (known as mandate entities).

NOTE See ISO 23081-1:2006, 9.1.
Figure 1 — Conceptual entity model: Main entities and their relationships
6.2 Relationships between entities
A key requirement of metadata for managing records is to capture evidence of relationships between entities
and persistently link it to record objects so that the resultant records can function as evidence of the business
and social activities in which they are created and used. Metadata for managing records shall also be capable
of capturing layers of aggregation in entities and the relationships among those layers. Relationships are
treated as a class of entity in the following entity framework model (Figure 2) due to their importance from a
records perspective.
© ISO 2009 – All rights reserved 7

---------------------- Page: 12 ----------------------
ISO 23081-2:2009(E)

[6]
Figure 2 — Entity model as unified modeling language (UML) class diagram showing
generalization/specialization relationships between entities
The diagram in Figure 2 represents the generalization/specialization associations between classes of
recordkeeping entities and their sub-classes. For example, this diagram shows Series as a type of Record
entity, Business rules as a type of Mandate entity and Records management business as a type of Business
entity. The generalization/specialization associations allow for common structure and behaviour of classes to
be identified.
The sub-classes include layers of aggregation for recordkeeping entities. The diagram does not illustrate the
aggregation relationships between the sub-classes (these are detailed in Clause 7) nor relationships between
the general classes (as illustrated in Figure 1). By default generalization/specialization sets are considered to
be incomplete, so the diagram in Figure 2 implies that the sets of sub-classes are extensible.
Including relationship as a separate class of entity allows for greater flexibility in the implementation of this
part of ISO 23081. Metadata schemas derived from this framework can choose to implement relationships as
a) a s
...