Determining documents to be captured into a records system
12
© ISO 2001 – All rights reserved
d Consider the broad range of uses of the record. Steps in this process include
1 identifying other stakeholders, for example, archives or external users, with enforceable or legitimate interests in preserving the record longer than the internal users of the organization,
2 assessing the risks associated with destroying the record, once routine, internal use of the record has finished,
3 considering what records and actions to preserve them would be required by the organization to ensure business continuity in the event of loss or damage to the records,
4 assessing financial, political, social or other positive gains from maintaining the record after organizational use has been completed, and
5 analysing the balance between the costs and non-financial gains of records retention, to decide how long records are maintained after organizational needs have been met.
e Allocate retention periods to the records on the basis of the total system evaluation. Similar retention periods and disposition action are determined for groups of records performing or recording
similar activities within the system. All records within a records system should be covered by some form of disposition authority, from records of the smallest transactions to the documentation of the system’s policies
and procedures. Retention periods should be stated clearly and disposition triggers clearly identified. For example: “destroy x years after audit” or “transfer to the archives x years after last transaction completed”.
4.2.5 Security and access classification scheme 4.2.5.1 General
A formal instrument that identifies the rights of access and the regime of restrictions applicable to records is a necessary tool to manage records in organizations of all sizes and jurisdictions. The more complex the organization
and the more complex its business and regulatory environment, the greater the need for standardization of procedures to apply access and security categories to records.