ICT role in 21st century education and it's challenges.pdf
Iso30300seminar16062014
1. Understanding ISO 30300 series
of standards Management
systems for records
carlota@carlotabustelo.com
Oslo, 16th June 2014
2. carlota@carlotabustelo.com
Seminar planning
Subject Activity Time
schedule
1. Introduction to ISO
30300 series of standards:
Recordkeeping as a tool for
management
Presentation by the speaker 20 minutes
Discussion with participants 20 minutes
2.Users of ISO 30300,
benefits. How to convince
management?
Presentation by the speaker 20 minutes
Discussion with participants 20 minutes
3.Relationship with other
MSS. Quality assurance
and ISO 30300.
Certification of ISO 30300
Presentation by the speaker 20 minutes
Discussion with participants 20 minutes
3. carlota@carlotabustelo.com
Index
1. Introduction to ISO 30300 series of
standards: Recordkeeping as a tool for
management
2. Users of ISO 30300, benefits. How to
convince management?
3. Relationship with other MSS. Quality
assurance and ISO 30300. Certification of ISO
30300
5. carlota@carlotabustelo.com
What is a record?
1. Documents
2. Records
3. Archives
DEFINITION
Translation
problems
Records : information created, received and maintained as evidence and as an asset by
an organization or person, in pursuit of legal obligations or in the transaction of
business
Dokumentasjon: informasjon som en organisasjon eller person skaper, mottar og
vedlikeholder som bevis og som et aktivum, som et ledd i å oppfylle rettslige
forpliktelser eller i en forretningstransaksjon
A changing
world
1. Paper document
2. Electronic file
3. Information in a database
4. An SMS
5. Information in a web form
6. etc-.
6. What is a management
carlota@carlotabustelo.com
system?
Management system
set of interrelated or interacting elements of an organization to establish
policies and objectives, and processes to achieve those objectives
styringssystem
sett av samvirkende elementer i en organisasjon som er forbundet med
hverandre, for å etablere policyer og målsetninger og prosesser for å nå de
nevnte målsetningene
Based in continous improvement
Standardize
MSS- Management
Systems Standards
• requirements
• conformity can be
assesed by an
independent third
Best seller is ISO 9000 partycertification
7. carlota@carlotabustelo.com
What is an MSR?
Management system for records. MSR
• the management system to direct and control an organization with regard to records
System for dokumentasjonsforvaltning
• styringssystem for å rettlede og styre en organisasjon når det gjelder dokumentasjon
GOVERNANCE FRAMEWORK Alligned with general strategy of
the organization
RECORS CREATION AND
CONTROL
8. ISO DTR
17068
Trusted
Third Party
Repository
for Digital
Records
ISO 16175
Principles and
Functional
Requirements
for Records in
Electronic Office
Environments 1
Digital records
management
systems -2
carlota@carlotabustelo.com
ISO 30300 family
ISO 15489
Records
management.
General-1
Guidelines-2
ISO TR
26122
Work
process
analysis for
records
ISO 23081
Metadata for
records.
Principles-1
Conceptual and
implementation
issues-2
ISO 13008
Digital
records
conversion
and
migration
process
ISO TR
13028
Implement-ation
guidelines
for
digitization
of records
Related standards &
Technical reports
Implementation of records processes
Self assessment
method-3
Management systems for records
ISO 30300
Management systems
for records-
Fundamentals and
vocabulary
Fundamentals
&Terminology
Requirements
ISO 30301
Management systems
for records -
Requirements
ISO 30303
Management systems
for records-
Requirements for
bodies providing audit
and certification
ISO 30302
Management systems
for records: Guidelines
for Implementation
Guidelines
Support High Level
Structure Elements
ISO 30304
Management systems
for records: Assessment
guide
standards
Governance framework for records
Business
systems 3
Under discussion Under development
ISO 18128
Risk
assessment
for records
processes
and
systems
9. carlota@carlotabustelo.com
Management systems
for records
• Why the title?
• Management system for record
vs Records management systems
• Extended use from the software
industry of the name EDRMS
(electronic document and
records management systems) to
refer to an specific software
• Extended use in the professional
literature and even in ISO 15489
of “record management system”
or “records systems” to refer to
the operational level
records system
information system which captures,
manages and provides access to
records over time
dokumentasjonssystem
informasjonssystem som fanger inn,
styrer og gir tilgang til dokumentasjon
over tid
10. ISO 30300 Management system for records -
carlota@carlotabustelo.com
Fundamentals and vocabulary
• Umbrella standard
General statements
“marketing”
messages
Vocabulary to be
applied in all the
other products of the
series
11. ISO 30301 Management system for
carlota@carlotabustelo.com
records - Requirements
Requirements: need or
expectation that is stated,
generally implied or
obligatory
Identified by the verb shall
When implementing
requirements to be
fulfilled
When auditing
compliance to be verified
13. carlota@carlotabustelo.com
Index
1. Introduction to ISO 30300 series of standards:
Recordkeeping as a tool for management
2. Users of ISO 30300, benefits. How to
convince management?
3. Relationship with other MSS. Quality
assurance and ISO 30300.
4. Certification of ISO 30300
14. carlota@carlotabustelo.com
Reason for ISO 30300
• One of the main reasons: to convince management about the
importance of recordkeeping using management language
and tools
• Marketing
• Search for new allies among
those responsible for other
management systems
• Opportunity to explain,
propose and convince
management
15. A favorable context
The need of organizations to manage their records as evidence of their activities has always
existed for
-Accountability purposes (fiscal, administrative, economic, political, etc.)
- Preservation of “know-how”, or an organization’s memory
Records creation and control
Operational level Strategic level
Technological change
E-society (e-government, e-business)
Real risks
so A new vision is needed
16. An integrated approach
Business functions and MSS by Song-Ahm Cho (Korea)
-
ISO 30300
(Documents and
records)
ISO 27000
(Information
security)
17. carlota@carlotabustelo.com
The message to
management
‘Creation and management of records are integral to any
organization’s activities, processes and systems. They enable
business efficiency, accountability, risk management and
business continuity. They also enable organizations to capitalize
on the value of their information resources as business,
commercial and knowledge assets, and to contribute to the
preservation of collective memory, responding to the challenges
of the global and digital environment.’
‘Management System Standards (MSS) provide tools for a
systematic and verifiable approach to organizational control in
an environment that encourages good business practices.’
ISO30300 & 30301 Introduction
18. carlota@carlotabustelo.com
Users of ISO30300
Every organization (all size, sector and country):
- creates records and needs to control them
- is a potential user of 30300
Some organizations decide to implement a
program/policy/framework for records creation and
control. This could be done by different approaches
Aligning records framework with one of
the most applied management
methodologies known as “management
systems”
19. carlota@carlotabustelo.com
Users of MSRS
• Key issues of “Management system” approach for records:
– To integrate records as part of the strategic objectives
– To link the overall management system to the operational
records activities
– To implement a systematic framework for continual
improvement
– To commit top management to provide the appropriate
leadership, funds and people
Following a standardized model: ISO 30300 series of Standards
20. carlota@carlotabustelo.com
Benefits of MSR
implementation
Benefits of good control of
records
a) business efficiency
b) legislative and regulatory compliance
c) effective decision-making
d) elimination of redundant and duplicate
information
e) information sharing
f) IT performance increase
g) disaster recovery and business continuity
h) litigation protection
i) defense of stakeholders’ rights and interests
j) corporate or collective memory
k) social responsibility support
Full control of information about an organisation’s activities for as long as it is
needed for any purpose
21. carlota@carlotabustelo.com
Benefits of MSR
implementation
Benefits of implementing
MSR Standards
a) Use of internationally accepted model to
establish and implement policy and
objectives.
b) Integrate risk assessment approach
c) Promote the continual improvement through
the assessment of performance measures
and the implementation of auditing
processes
d) Allow the easy conformity confirmation
process and independent third party
certification
e) Integrate use with other commonly used
MSS
To provide top management a management tool to implement a records
framework.
22. New attitude from records
•Understanding of the organization, its context, strategies and
objectives
•Don’t think in recordkeeping as an aim by itself
•Design records policy and objectives aligned with organization
strategic objectives
carlota@carlotabustelo.com
professionals
LOOK
FORWARD
23. Records policy
carlota@carlotabustelo.com
System
Management system
Management system for records
Management Top management
Records management
Records objective
Continual improvement
Records planning Records control Records assurance Records improvement
Source: Song-Ahm Cho (KO) 2008
Relationship between
management and operational
level
24. carlota@carlotabustelo.com
Index
1. Introduction to ISO 30300 series of standards:
Recordkeeping as a tool for management
2. Users of ISO 30300, benefits. How to
convince management?
3. Relationship with other MSS. Quality
assurance and ISO 30300. Certification of ISO
30300
25. Management systems
standards (MSS). A great
carlota@carlotabustelo.com
ISO success
Management
Continuos
improvement
ISO 9000
Quality
Success
1994
First
edition
1987
Conformity
assesment is
possible
Current
2008
ISO 14001- environmental management
ISO 27001- information security management
ISO 50001- energy management
ISO 30301- recorkeeping management
New edition
expected 2015
26. carlota@carlotabustelo.com
Fuente: ISO 30300 Cap 2.7
Relationship with other
MSS
ISO mandate to harmonize all
MSS to promote the
integrated approach to a
management system
ISO TMB-JTCG
Common High
Level Structure,
core definitions
and text on
common
requirements.
27. Relationship with other
ensuring that authoritative and reliable
information about, and evidence of,
business activities undertaken within a
management system are created, managed
and made accessible to those who need
them, for as long as they need them;
establishing a systematic and verifiable
approach to the management of records
and documentation processes associated
with the activities of other management
systems;
establishing an assessment framework for
records and documentation processes and
practices within other management
systems;
contributing to the continual improvement
of the organization’s performance through
its integrated management systems.
Source ISO 30300 2.7
carlota@carlotabustelo.com
COMMON IN ALL MSS:
Documented information
section. Formerly Control of
documents + control of records
ISO 30301 helps to be compliant
with this section
MSS
28. Conformity assesment
carlota@carlotabustelo.com
• Self assessment
First-party CA • declares on its own responsibility
• CA activity that is performed by a second
person or organization
• Has an interest in the organization
Second-party CA
• By an independent body
Third party CA • Is paid for the service
Certification – the provision by an independent body of
written assurance (a certificate) that the product,
service or system in question meets specific
requirements.
29. carlota@carlotabustelo.com
MSS Certification
Certification
bodies
ISO/IEC 17021, Conformity assessment -
Requirements for bodies providing audit and
certification of management systems
Accreditation
bodies
accredited
Organizations
which have
implemented a
MSS
certified
32. Reasons for certification
carlota@carlotabustelo.com
• Enhance company image
• Meet customer demands
• Gain preferred supplier status
• Establish better control over business operations
• A foundation for continuous improvement
Certification shouldn´t be the aim, but the
consequence of sucessful implementation
Implementation Certification
33. carlota@carlotabustelo.com
A question frequently
asked
• Why use ISO 30300 instead of ISO 9000?
– ISO 30300 is not in competition with ISO 9000. They
are compatible and complementary. The biggest
source of complaints and non-conformities in ISO
9000 implementation are coming from the control of
documents and records. ISO 30300 helps to solve
them with little extra effort
– Some organizations, such as in regulated
environments, or in which the information is the main
material, may consider control of this information as
the main aspect of their management system, rather
than the quality of the service or product, which is the
core aspect of ISO 9000