EVS-ISO 16175-3:2012

This document will help organisations to ensure that evidence (records) of business activities transacted through business systems are appropriately identified and managed. Specifically, it will assist organisations to: • understand processes and requirements for identifying and managing records in business systems; • develop requirements for functionality for records to be included in a design specification when building, upgrading or purchasing business system software; • evaluate the records management capability of proposed customised or commercial off-the-shelf business system software; and • review the functionality [or records or assess compliance of existing business systems. It does not provide a complete speci[ication but rather outlines a number o[ key records management requirements, with recommended levels o[ obligation, which can be used as a starting point for further development. As outlined in the document, organisations will still need to assess, amend and select their requirements based on their business, technical and jurisdictional environments and constraints. This Module only addresses records management requirements and does not include general system management. Design requirements such as usability, reporting, searching, system administration and performance are beyond the scope of this document. It also assumes a level of knowledge about developing design specifications, procurement and evaluation processes, therefore these related issues are not covered in any detail. Requirements for the long-term preservation of digital records are not explicitly covered within this document. However, the inclusion of requirements for export supports preservation by allowing the export of records to a system that is capable of long-term preservation activities, or for the ongoing migration of records into new systems. While the guidance presented in this Module should be applicable to records management in highly integrated software environments based on service-oriented architectures, such scenarios are not explicitly addressed. Similar principles and processes will apply in such environments, but additional analysis will be required to determine what processes and data constitute, across multiple systems, the required evidence or record of any particular transaction. Use of the term ‘system’ in this document refers to a computer or IT system. This is in contrast to the records management understanding of the term that encompasses the broader aspects of people, policies, procedures and practices. Organisations will need to consider these wider aspects, and to ensure that fundamental records management supporting tools such as disposition authorities , information security classifications and a records culture are in place, in order to ensure records from business systems can be appropriately managed.