SIST ISO 16175-1:2013

INTERNATIONAL ISO
STANDARD 16175-1
First edition
2010-12-01

Information and documentation —
Principles and functional requirements
for records in electronic office
environments —
Part 1:
Overview and statement of principles
Information et documentation — Principes et exigences fonctionnelles
pour les enregistrements dans les environnements électroniques de
bureau —
Partie 1: Aperçu et déclaration de principes




Reference number
ISO 16175-1:2010(E)
©
ISO 2010

---------------------- Page: 1 ----------------------
ISO 16175-1:2010(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.


COPYRIGHT PROTECTED DOCUMENT


©  ISO 2010
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland

ii © ISO 2010 – All rights reserved

---------------------- Page: 2 ----------------------
ISO 16175-1:2010(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
(ISO member bodies). The work of preparing International Standards is normally carried out through ISO
technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the
International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The main task of technical committees is to prepare International Standards. Draft International Standards
adopted by the technical committees are circulated to the member bodies for voting. Publication as an
International Standard requires approval by at least 75 % of the member bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO 16175-1 was prepared by the International Council on Archives (as International Council on Archives and
the Australasian Digital Recordkeeping Initiative Principles and Functional Requirements for Records in
Electronic Office Environments — Module 1: Overview and Statement of Principles) and was adopted, under a
special “fast-track procedure”, by Technical Committee ISO/TC 46, Information and documentation,
Subcommittee SC 11, Archives/records management, in parallel with its approval by the ISO member bodies.
ISO 16175 consists of the following parts, under the general title Information and documentation — Principles
and functional requirements for records in electronic office environments:
⎯ Part 1: Overview and statement of principles
⎯ Part 2: Guidelines and functional requirements for records in electronic office environments
⎯ Part 3: Guidelines and functional requirements for records in business systems
© ISO 2010 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO 16175-1:2010(E)
Blank page
iv © ISO 2010 – All rights reserved

---------------------- Page: 4 ----------------------
ISO 16175-1:2010(E)

International Council on Archives




Principles and functional requirements for
records in digital office environments
Module 1
Overview and statement
of principles

© ISO 2010 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO 16175-1:2010(E)










Published by the International Council on Archives. This module was developed by a joint project team
formed by members of the International Council on Archives and the Australasian Digital Recordkeeping
Initiative.
© International Council on Archives 2008
ISBN: 978-2-918004-00-4
Reproduction by translation or reprinting of the whole or of parts for non-commercial purposes is allowed on
condition that due acknowledgement is made.
vi © ISO 2010 – All rights reserved

---------------------- Page: 6 ----------------------
ISO 16175-1:2010(E)
International Council on Archives Overview and statement of principles

CONTENTS
1 INTRODUCTION 1
1.1 Scope and purpose 1
1.2 Audience 2
1.3 Related standards 2
1.4 Structure and use 3
2 GOOD PRACTICE: DIGITAL RECORDS AND
THE ROLE OF SOFTWARE 4
3 GUIDING PRINCIPLES
3.1 Records-related principles 5
3.2 Systems-related principles 6
4 IMPLEMENTATION ISSUES 7
4.1 Components of successful digital business
information management 7
4.2 Risks and mitigations 9
4.3 Financial and organisational sustainability of digital systems 11
5 OTHER FUNCTIONAL REQUIREMENTS
REFERENCED AND EVALUATED 12
6 GLOSSARY 15

© ISO 2010 – All rights reserved vii

---------------------- Page: 7 ----------------------
INTERNATIONAL STANDARD      ISO 16175-1:2010(E)

International Council on Archives Overview and statement of principles
1 INTRODUCTION
A variety of functional specifications for records management software has been
developed in the international community. In 2006, the International Council on
Archives agreed to develop a harmonised, generic suite of functional requirements
for software products for making and keeping records based on existing jurisdiction-
specific specifications, and to do so in a manner consistent with the International
Standard on Records Management, ISO 15489. It is hoped that this suite of
guidelines and functional requirements will assist jurisdictions that are developing, or
looking to adopt, their own functional specifications, as well as inform the update and
revision of previously existing standards. The application of this set of functional
requirements is meant to not only inform the development of electronic records
management software, but also to aid in the incorporation of records functionality into
generic business information systems software products, as well as specific line-of-
business systems. These specifications can also be used by the private sector (for
example, multinational corporations) as a stand-alone tool.
Principles and Functional Requirements for Records in Digital Office Environments
was sponsored by the International Council on Archives as a project in its Electronic
Records and Automation Priority Area, lead by George Mackenzie, Director of the
National Archives of Scotland. Adrian Cunningham (National Archives of Australia)
was Project Coordinator. Archives New Zealand (Stephen Clarke) acted as the
Secretariat for the project. Other participating countries included Cayman Islands
(Sonya Sherman), United Kingdom – England and Wales (Richard Blake), Germany
(Andrea Hänger and Frank Bischoff), Malaysia (Mahfuzah Yusuf and Azimah Mohd
Ali), Netherlands (Hans Hofman), Scotland (Rob Mildren and Steve Bordwell), South
Africa (Louisa Venter), Sweden (Göran Kristiansson), France (Olivier de Solan) and
the United States (Mark Giguere). The project was also supported by the
Australasian Digital Recordkeeping Initiative, a collaborative venture sponsored by
the Council of Australasian Archives and Records Authorities. ADRI member
Queensland State Archives (Rowena Loo and Anna Morris) contributed to the
drafting of Module 3.
1.1 Scope and purpose
The aim of the Principles and Functional Requirements for Records in Digital Office
Environments project is to produce globally harmonised principles and functional
requirements for software used to create and manage digital records in office
environments. There currently exist a number of jurisdiction-specific functional
requirements and software specifications. The project’s objective is to synthesise this
existing work into requirements and guidelines to meet the needs of the international
archives, records and information management community and to enable that
community to liaise, in a consolidated manner, with the global software industry.
The objectives of the project are to:
• enable better management of records in organisations;

© ISO 2010 – All rights reserved 1

---------------------- Page: 8 ----------------------
ISO 16175-1:2010(E)
International Council on Archives Overview and statement of principles
• support the business needs of an organisation by enabling greater
effectiveness and efficiency of the operations;
• provide, through wider deployment of automated records functionality,
enhanced abilities to support auditing activities;
• improve capabilities to comply with statutory mandates specified in various
information-related legislation (for example, data protection and privacy);
• ensure good governance (for example, accountability, transparency and
enhanced service delivery) through good management of records;
• increase general awareness of automated records management capabilities
via the dissemination of key principles; and
• maximise cross-jurisdictional consistency regarding the articulation of
functional requirements for managing records and to enable the global
archives, records and information management community to speak with one
voice to the software vendor community.
The primary focus of this suite of guidelines and requirements is the creation and
management of digital records. While the modules support the long-term
preservation of digital records, processes to achieve this are beyond the scope of the
project. It is anticipated that the application of the requirements will be global in
nature. Therefore, it is impossible, given the wide juridical range of potential
applications, to include detailed implementation guidelines. In addition, as the
ultimate testing environment for the basis of these modules is yet to be determined,
inclusion of specific software test cases or scripts was deemed beyond the scope of
the modules.
1.2 Audience
There are four key audiences for these modules:
• software developers and vendors – including non-records management
software, so this document can serve as a universal benchmark for records
management compliance;
• jurisdictional standard-setters – so these modules can serve as either the
baseline for nascent standards development efforts, or as a basis for
evaluating the already existing digital records management standards;
• government agencies – so that all business functions can be evaluated
against, and facilitated via, the incorporation of automated records
management capabilities; and
• private-sector organisations – so that they can incorporate automated digital
records management into their business operations.
1.3 Related standards
The requirements are aligned with the records management principles in the
International Standard on Information and Documentation – Records Management –
Part 1: General, ISO 15489, which sets out the records management requirements

2 © ISO 2010 – All rights reserved

---------------------- Page: 9 ----------------------
ISO 16175-1:2010(E)
International Council on Archives Overview and statement of principles
that also apply when records are captured and managed within electronic records
management systems.
The reference metadata standard for these requirements is ISO 23081 – 1: 2006,
Information and Documentation – Records Management Processes – Metadata for
Records, Part 1 – Principles. The high-level metadata element set found in ISO
23081 – 2: 2009, Information and Documentation – Records Management Processes
– Metadata for Records, Part 2 – Conceptual and Implementation Issues provides
the basis for the requirements.
Useful implementation guidance can be found in ISO/TR 15489 – 2: 2001,
Information and Documentation – Records Management – Part 2: Guidelines and in
ISO/TR 26122:2008 Information and Documentation – Work Process Analysis for
Records.
The requirements are core, high-level and generic requirements for records. Readers
seeking guidance in other areas of software functionality not addressed in this
document should refer to other more detailed specifications such as US DoD 5015.2
and MoReq2. Readers should also take account of other relevant jurisdiction-specific
standards, statements of requirements and specifications.
1.4 Structure and use
The suite of guidelines and functional requirements is organised into three modules:
• Module 1: Overview and Statement of Principles: background information,
organisation, fundamental principles and additional context;
• Module 2: Guidelines and Functional Requirements for Records in Digital
Office Environments: a global high-level statement of core and optional
requirements, including application guidelines and a compliance checklist;
and
• Module 3: Guidelines and Functional Requirements for Records in Business
Systems: guidelines and generic core and optional functional requirements for
records in business systems.
Module 2 is intended for use by organisations seeking to implement dedicated
electronic records management systems. It is meant to be read in conjunction with
Module 1.
Module 3 is intended for use by organisations wishing to incorporate records
functionality into business systems. It is meant to be read in conjunction with
Module 1.
Several non-mutually exclusive use scenarios are presented below to exemplify how
these modules might be used:
• Reviewing records functionality in existing software – an organisation could
use these modules as a checklist to establish which required and desirable
records management functions are present in deployed, non-records
management software.

© ISO 2010 – All rights reserved 3

---------------------- Page: 10 ----------------------
ISO 16175-1:2010(E)
International Council on Archives Overview and statement of principles
• Integrating electronic records management software into a business system –
an organisation could use Module 3 to selectively incorporate specific records
management functionality into existing business systems.
• Using a design specification for in-house software development – an
organisation’s IT staff could use Module 3 during their software design and
testing documentation of software development efforts.
• Evaluating software considered for purchase – an organisation could use
Module 2 as a basis for evaluating and comparing capabilities of commercial,
off-the-shelf electronic records management software.
• Procuring, deploying and configuring electronic records management
software – an organisation could use Module 2 to form the basis of a
functional requirements statement in formulating a request for proposal for
electronic records management software procurement and implementation.
The requirements presented in these modules may be tailored to suit the
individual requirements of organisations, depending on their business needs.
• Designing/re-designing software products during software enhancement
cycles – software developers could use Modules 2 and/or 3 as a checklist of
potential functionalities that may warrant consideration and/or inclusion in
upcoming planned releases of established software products (not necessarily
limited to digital records management software products).
• Developing jurisdiction-specific specifications and standards – an
organisation could use these modules as either the basis of its own juridical
digital records management specification or as a comparative resource when
considering the revision of existing local digital records management
standards. Jurisdiction-specific requirements may be added to the generic
requirements presented in these modules.
2 GOOD PRACTICE: DIGITAL RECORDS AND THE ROLE
OF SOFTWARE
As organisations introduce new technologies and new methods for undertaking work,
older methods and procedures for controlling records may become less effective. In
many organisations, valuable records are kept in centralised databases or shared
directories. Alternatively, and not mutually exclusively, they may be widely distributed
and stored on the decentralised hard drives of individuals’ personal computers or in
the so-called ‘cloud’ of third party-controlled Web-based services and facilities.
Further complicating the situation, in either of these scenarios not all of the stored
information may constitute records.
In either case, measures needed for integrity and authenticity may be overlooked and
the digital records may not be available, understandable and usable to the
organisation or the relevant archival institution.
Organisations that already rely on digital records to conduct and document business,
or that are interested in eliminating paper records from their systems, are seeking

4 © ISO 2010 – All rights reserved

---------------------- Page: 11 ----------------------
ISO 16175-1:2010(E)
International Council on Archives Overview and statement of principles
solutions to issues of authenticity, management and retention of digital records. The
decisions that organisations make today about the capability of their information
systems, the organisation and structure of their information resources, and the
policies and practices for managing records in the digital environment will have a
significant impact on the types of strategies and methods that archival institutions can
employ to ensure long-term preservation of records with archival value.
Because the issues of archival management, especially in the digital environment,
are closely linked to the design of systems and the establishment of new information
policies, archivists have been driven to examine a broader set of records
management issues in order to carry out the archival function in the digital
environment. Software provides business process owners, records managers and
archivists with substantial means of complying with the practice of good digital
records management.
3 GUIDING PRINCIPLES
Successful organisations need information systems for making, keeping and using
authentic evidence (that is, records) of business activity to meet their business needs
and legal obligations. In the digital environment, the development and
implementation of such systems should both be driven by the organisation’s business
needs and informed by the following principles:
3.1 Records-related principles
1 Digital business information has to be actively managed and reliably
maintained as authentic evidence of business activity.
As business processes become more completely automated, the digital
information generated by such activities may serve as the only evidence of
specific transactions or decisions. Maintenance of this evidence in the form of
fixed records is necessary for operational viability and accountability of the
organisation. This involves identifying a set of digital information that will serve as
the record.
2 Business information has to be linked to its business context through the
use of metadata.
In order for information to have the capability of functioning as a record, it is
necessary to augment that information with additional data (that is, metadata) that
places it in the context of the business operations and computing environment in
which it was created. In the case of line-of-business systems accomplishing
uniform transactions, this context is derived from the system and its
documentation. In other systems, however, such contextual information must be
appended to the record as it is necessary to provide the record with sufficient
longevity for interpretation and to maximise its value and utility as evidence of
business activity.
3 Business information has to be kept and must remain accessible to
authorised users for as long as required.
Design and deployment of business information software must ensure that

© ISO 2010 – All rights reserved 5

---------------------- Page: 12 ----------------------
ISO 16175-1:2010(E)
International Council on Archives Overview and statement of principles
records can be searched for, retrieved and rendered in accessible formats and
media for as long as is required for business and legal purposes. In this context,
organisations should avoid the misuse of digital rights management technology
and encryption, which may result in records either being destroyed when they
should be retained or may render records unreadable.
4 Business information has to be able to be disposed of in a managed,
systematic and auditable way.
A hallmark of appropriate records management is the retention and appropriate
disposition of records generated by business processes according to specified
rules. Systems need to be able to dispose of records in a systematic, auditable
and accountable way in line with operational and legal requirements.
3.2 Systems-related principles
5 Systems should support good business information management as an
organic part of the business process.
Although it is not necessarily appreciated as such, good records management
practices are an integral part of any business process. When automating any
business process, one should always evaluate the advisability of simultaneous
integration of records management software.
6 Systems for capturing and managing business information should rely on
1
standardised metadata as an active, dynamic and integral part of the
processes for making and managing records.
Automated records solutions offer powerful capabilities to access and attach
standardised contextual information, via standardised vocabularies and
taxonomies, to record content at different times during the life of the record.
7 Systems should ensure interoperability across platforms and domains and
over time.
Digital evidence, in the form of records, often has operational or juridical
requirements for persistence over periods of time that may exceed the lifespan of
the hardware or software that created it. As such, record information must be able
to be presented in a manner that is understood and able to be modified, if
necessary, for migration to other technology platforms.
8 Systems should rely as far as possible on open standards and
technological neutrality.
Many software products that create or manage records are developed using
proprietary implementations. Hardware or software dependencies can have
adverse effects on access and preservation of record material in the long term.
Use of open standards ameliorates these technological dependencies.
9 Systems should have the capacity for bulk import and export using open
formats.
Digital records resulting from a business process and managed by records

1
‘Standardised’ may refer to an agreed organisational metadata schema or to the adoption/
adaptation of a jurisdictional, national or international metadata standard.

6 © ISO 2010 – All rights reserved

---------------------- Page: 13 ----------------------
ISO 16175-1:2010(E)
International Council on Archives Overview and statement of principles
software may involve hardware or software dependencies. Records software
should ideally incorporate capabilities to remove these dependencies via support
for bulk re-formatting as part of ingest or export capability or, at a minimum, via
non-proprietary encoding of record metadata.
10 Systems must maintain business information in a secure environment.
For security purposes, systems automating a business process often incorporate
safeguards that limit which actions particular individuals can take with digital
information (for example, viewing, printing, editing, copying or transmitting).
Systems must not allow unauthorised modifications to any records (including
metadata), and where authorised modifications are performed, they must be fully
documented.
11 As much metadata as possible should be system generated.
Users are typically unwilling to interrupt their workflow more than three times in
the accomplishment of tasks ancillary to executing the primary activity. It may be
impractical and/or unnecessary to expect end-users to supply much of the
metadata. Systems should be designed and implemented in a manner that allows
automatic population of record metadata fields.
12 It should be as easy as possible for users to create/capture records of
business activity.
It is necessary to design systems/software that automate records management in
a way, ideally, that makes such activity largely ‘invisible’ to the end-users.
4 IMPLEMENTATION ISSUES
4.1 Components of successful digital business information management
Good software is only one component of successful digital business information
management in organisations. Other components include:
• Policy frameworks – in addition to deploying software with records
functionality, it is necessary to conduct an analysis of existing information
management and security policies and laws to address areas where policy
revision may need to occur due to gaps in software capabilities. This includes
policies relating to records responsibilities for different categories of
employees, records retention and disposal. Associated with the policy
frameworks that guide and support good business information management
software may be tools such as classification schemes and metadata models.
• Business process analysis – it is a preferred practice that process analysis
should ideally precede any IT deployment. This includes identifying,
articulating and potentially reallocating roles and responsibilities.
• Project management – any IT deployment requires careful planning and
monitoring across a series of discrete stages. Project management
techniques are powerful tools that provide both temporal and fiscal
accountability for such efforts.

© ISO 2010 – All rights reserved 7

---------------------- Page: 14 ----------------------
ISO 16175-1:2010(E)
International Council on Archives Overview and statement of principles
• Change management – deployment of automation within an organisation
changes not only the manner in which business processes are accomplished,
but the roles and responsibilities of end-users of the system. Care must be
taken to adequately prepare the human component of any IT deployment for
these changes. Failures in the implementation of records software often result
primarily from shortcomings in change management rather than from any
shortcomings in the technology.
• Risk management – Business records contain information that may be
business-critical. Therefore, the decision to automate records management
should be informed by an analysis of risks associated with an analysis of
alternatives that are formulated as part of the business case. Ongoing post-
implementation risk assessment should be incorporated into the
organisation’s overall risk management framework.
• Sustainability – development and maintenance of automated systems
generally straddle organisations’ budgeting cycles. When automating the
management of records, care must be taken, as part of the development of a
business case for the automation effort, to provide for the ongoing viability,
operations and maintenance of the system.
• Capability development – software automation requires organisations to
develop or enhance the technical capabilities of affected line staff, as well as
others in the organisation, who in some cases may have no familiarity with
the technology. Care must be taken to develop these capabilities, as well as
the technical capabilities of the organisation necessary to support and
maintain automation efforts.
• Quality management – deployment of automated solutions requires the
development within an organisation of the capability to evaluate and accept
software performance according to a variety of criteria. Additionally, criteria
related to the impact of software deployment to a business process must be
developed and evaluated.
• Configuration management – it is necessary to ensure that the software not
only has the necessary records capabilities, but that the capabilities are
configured correctly and in such a way that enables it to operate appropriately
in an organisation’s IT infrastructure.
• Corporate culture – it is vital that the culture of the organisation reinforces
the value and importance of good management of records and that it is
something that is a standard expectation of all employees. Such expectations
need to be regularly articulated by the chief executive through line
management channels.

8 © ISO 2010 – All rights reserved

---------------------- Page: 15 ----------------------
ISO 16175-1:2010(E)
International Council on Archives Overview and statement of principles
2
4.2 Risks and mitigations
Risks typi
...