NORMAS
This section includes the draft Spanish standards relating to Information and Documentation, during the period in which they
are subject to public information.
This issue includes the following Draft Spanish Standard (PNE) approved by the Technical Committee for Standardisation
number 50 (CTN50) of AENOR relating to Documentation.
Any comments regarding its content should be addressed to: CTN50 Secretariat, Calle Santa Engracia, 17, 3.o, 28010 Madrid,
or to the following e-mail address: secretaria@fesabid.org.
INFORMATION AND DOCUMENTATION. DOCUMENT MANAGEMENT
Technical Report ISO/TR 15489-1
Part 2
Directors
Background
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member
bodies). The work of preparing the International Standards is usually carried out through the ISO technical committees. Any member
body interested in a subject for which a technical committee has been established has the right to be represented on that committee.
International organizations, public and private, which are in contact with ISO, are also involved in the work. ISO works closely with
the International Electrotechnical Commission (IEC) on electrotechnical standardization.
International Standards are designed in accordance with the rules set out in Part 3 of the ISO/IEC Directives.
The main task of the technical committees is the preparation of International Standards. The draft International Standards
adopted by the technical committees are sent to the member bodies for voting. Publication as an International Standard requires the
approval of at least 75% of the member bodies participating in the vote.
In exceptional circumstances, where a technical committee has collected data of a different type from that normally published
within an International Standard (the latest in the field, for example), it may decide, by a simple majority of the members participating
in the vote, to publish a Technical Report. The nature of a Technical Report is entirely informative and does not have to be revised
until it is considered that the data contained therein is no longer valid or useful.
It should be noted that some of the elements of this part of ISO 15489 may be subject to patent rights. ISO assumes no
responsibility for the identification of any or all of these rights.
Rev. Esp. Doc. Cient., 29, 1, 2006
91
Normas
ISO/TR 15489-2 was prepared by ISO/TC Technical Committee 46,
Information y documentation, Subcomité SC 11, Archives/Records management.
ISO/TR 15489, under the general title Information and Documentation – Document Management, consists of the following
parts:
– Part 1: Overview
– Part 2: Guidelines [White Paper]
Introduction
This part of ISO 15489 provides a set of guidelines that complement ISO 15489-1. Both ISO 15489-1 and this part of ISO 15489
apply to documents, in any format or medium, created or received by an organization, public or private, in the course of its activities.
Thus, in this part of ISO 15489, unless otherwise indicated, systems may be considered as paper/manual or electronic systems, and
a document may be in paper, microfiche or electronic format.
ISO 15489-1 specifies the elements that make up document management and defines the results that should be achieved. This
part of ISO 15489 provides an implementation methodology. It should be noted, however, that national Standards, legislation and
regulations may require other factors and requirements for legal compliance.
In addition to using this part of ISO 15489, those who intend to apply this standard should consult the requirements and
guidelines of the standards, legislation and regulations that apply under their respective legal system. On the other hand, a wide
range of professional societies and associations have resources to help with the implementation of ISO 15489-1.
1. Field of application
This part of ISO 15489 is an implementation guide to ISO 15489-1 for use by document management professionals and
document managers in their respective organizations. It also presents a methodology that will facilitate the implementation of ISO
15489-1 in all organizations that need to manage their documents. It provides an overview of the processes and factors that
organizations that want to comply with ISO 15489-1 should consider.
92
Rev. Esp. Doc. Cient., 29, 1, 2006
Normas
2. Policy & Responsibilities
2.1. Introduction
Chapter 6 of ISO 15489-1:2001 explains, in general terms, the need for organizations seeking to comply with ISO 15489-1:2001
to have a document management policy in place, define responsibilities and assign them to different individuals. This part of ISO
15489 provides additional guidelines for document management policy and describes more broadly the types of responsibilities that
need to be defined and assigned.
2.2. Document Management Policy Statement
Organizations should define and document document management policies and ensure that they are implemented and maintained
at all levels of the organization.
A document management policy statement is a statement of intent. It sets out the broad outlines of what the organization intends
to do and, in some cases, includes a summary of the action plan and the procedures for achieving it. However, such a declaration
does not, in itself, guarantee good management of documents: its success will depend fundamentally on the visible and active
endorsement and support of management, and on the allocation of the necessary resources to carry out its implementation. Therefore,
an effective policy statement will assign a manager primary responsibility for document management and oversight of the
implementation of the relevant policy and action plan.
The statement of this policy should refer to, but not duplicate other information-related policies, e.g. information systems,
information security or asset management policies. It should be supported by procedures and guidelines, strategic plans, conservation
and disposal schedules and other documents that together make up the records management regime.
Endorsement and approval of this policy should be encouraged at all times among employees. It is of particular importance that
this policy obliges employees to create and maintain documents that meet the legal, regulatory, fiscal, operational, and
archival/historical needs of the organization. It is important to monitor compliance with the defined policy.
Rev. Esp. Doc. Cient., 29, 1, 2006
93
Normas
2.3. Responsibilities
2.3.1. Objectives of the definition of responsibilities and competencies
The fundamental objective of defining responsibilities, competencies and their interrelationships is to establish and maintain a
document management regime that meets the needs of both internal and external stakeholders.
In particular, the definition of responsibilities, competencies and their interrelationships should lead to the application of
standard practices or organizational rules that:
a) Require employees to correctly document the activities of the organization in which they take part, creating documents
according to business needs and processes;
b) Ensure that the information and processing systems that support the organization's activities allow for the creation of
appropriate documents as part of those activities;
c) Ensure the transparency of document processes and the adequacy of document management systems throughout their active
life (documents that are necessary for the day-to-day operation of the organisation and those that are subject to frequent use
are usually located close to the user, if it is a physical document, or online through the computer system);
d) Ensure that documents are maintained, stored and preserved for as long as they are useful to the organization and, where
appropriate, to external entities, such as archival institutions, researchers and auditors; and
e) Ensure that the disposition of documents is only made in accordance with a pre-defined approval process.
2.3.2. Competencies and responsibilities within the organization
An organization should define the competencies and responsibilities of all personnel involved in document management. The
following categories are likely to be included:
a) Executive management should assume the highest level of responsibility to ensure the success of the document management
action plan. Executive management support translates into the allocation of resources to lower levels and the promotion of
compliance with document management procedures throughout the organization.
b) Document management professionals assume primary responsibility for the implementation of ISO 15489-1. Specifically,
they establish the general document management policies, procedures and standards for the entire organization and
implement the processes described in chapter 4 of ISO 15489-1:2001.
94
Rev. Esp. Doc. Cient., 29, 1, 2006
Normas
c) Heads of business units or organizational groupings are responsible for ensuring that their staff create and maintain
documents as an integral part of their work and in accordance with established policies, procedures and standards. They are
also responsible for providing the necessary resources for document management and liaising with document management
professionals in all aspects set out in Chapter 4 of Standard 15489-1:2001.
d) Other persons in the organization who have specific obligations in relation to documents are responsible for: security,
compliance with legal provisions, and the design and implementation of systems using communication and information
technologies.
e) All staff who create, receive, and maintain documents as part of their day-to-day work should do so in accordance with
established policies, procedures, and standards. This includes the provision of documents only in accordance with authorized
instruments.
When the organization's document management plan is carried out by external contractors, it is important to ensure that they
comply with the standards set out in the organization's policies.
3. Strategies, design and implementation
3.1. Introduction
Chapter 8 of ISO 15489-1:2001 describes the essential characteristics of document systems and provides a framework for their
implementation. This chapter expands only on section 8.4 of ISO 15489-1:2001 and provides some guidelines related to the design
and implementation of document management systems.
3.2. Design and implementation of a document management system
3.2.1. General
It should be noted that the stages described in this process extend the general descriptions set out in section 8.4 of ISO 154891:2001 and that Stage A is related to letter a), Stage B to letter b) and so on.
Rev. Esp. Doc. Cient., 29, 1, 2006
95
Normas
Figure 1
Design and Implementation of Document Systems (DIRS) (DISDA)
Etapa A:
Investigación
preliminar
Etapa B:
Análisis de las
actividades
de la
organización
Etapa C:
Identificación
de los
requisitos
Etapa E:
Identificación
de las
estrategias
para cumplir
los requisitos
Política
Etapa D:
Evaluación
de los
sistemas
existentes
Etapa F:
Diseño de un
sistema de
gestión de
documentos
Diseño
Normas
Implementación
Etapa H:
Revisión
posterior a la
implementación
Etapa G:
Implementación de un
sistema de
gestión de
documentos
Legend
Principal
Feedback
Source: National Archives of Australia and State Archives of New South Wales.
3.2.2. Stage A: Preliminary Investigation
The objective of stage A is to provide the organization with an understanding of the administrative, legal, business and social
context in which it operates, so that the factors that most influence the need to create and maintain documents can be identified.
Stage A will also provide an overview of the organization's strengths and weaknesses in document management. This stage
provides a good basis for defining the scope of a document management project and presenting a case study to gain management
support.
Preliminary research is essential for making effective decisions regarding the organization's document management systems. In
addition, it will help to define document management problems within the organization and to assess the feasibility and risks of
different possible solutions.
96
Rev. Esp. Doc. Cient., 29, 1, 2006
Normas
Stage A is an important starting point for collecting information from the role-based processes to develop the classification table
and decide which documents should be incorporated and for how long they should be retained. In conjunction with subsequent
stages B and C, the preliminary investigation will also make it possible to assess the organization's responsibility for compliance
with external requirements for the creation and retention of documents. It also provides a useful basis for the evaluation of existing
systems.
3.2.3. Stage B: Analysis of the organization's activities
The goal of this stage is to develop a conceptual model of what an organization does and how it does it. This stage will
demonstrate how documents relate to both the organization's activities and its business processes, and will contribute in later stages
to decision-making about the creation, embodiment, control, storage, disposition and access to documents. This is even more
important in electronic environments, because if the system is not properly designed, the right documents cannot be incorporated or
retained. This stage provides the necessary tools to systematize the analysis of the organization and make the best use of its results.
The analysis of the organization's business activities and processes will provide insight into the relationship between them and
its documents.
At this stage, the following results can be generated:
a) documentation describing the organization's business activities and processes;
b) an organizational classification table showing the functions, activities and operations of the organization according to a
criterion of hierarchical relationships; and
c) A map of the organization's business processes showing the points at which documents are produced or received as products
of the organization's activity.
The analysis provides a basis for the development of document management tools, which include:
a) a thesaurus of terms that allows you to control the language used in the titling and indexing of documents in a specific
organizational context; and
b) A disposition instrument that defines the retention periods and the subsequent disposition actions on the documents.
The analysis will also help to identify and implement appropriate metadata-related strategies and to formally assign
responsibilities related to document retention.
Rev. Esp. Doc. Cient., 29, 1, 2006
97
Normas
3.2.4. Stage C: Identification of requirements
The objective of this stage is to identify the requirements that the organization must meet when creating, receiving, and storing
documents reflecting its activities, and to document these requirements in a structured and user-friendly way. The preservation of
appropriate documents facilitates the proper conduct of activities and ensures that individuals and organizations take responsibility
for their actions in legal and administrative matters. Likewise, the needs and expectations of related stakeholders, both internal and
external, are taken into account, making it possible to be accountable to them.
Document requirements are identified through a systematic analysis of the organization's needs, legal and regulatory obligations,
and other more general responsibilities that the organization has to assume to society. Assessing the risk arising from the failure to
create and retain documents will also help to identify document requirements. This stage also provides the rationale for the creation,
maintenance and availability of documents, the basis for the design of the management systems that will be responsible for their
incorporation and maintenance, and the benchmarks for comparing the performance of existing systems.
Products made at this stage may include:
a) a list of all sources that contain document requirements relevant to the organization;
b) a list of legal and regulatory requirements or any other requirements arising from the more general needs of the company
related to the maintenance of documents;
c) a risk assessment report supported by management; and
d) A formal document addressed to management and staff setting out the requirements for document keeping.
3.2.5. Stage D: Assessment of existing systems
The objective of this stage is to analyse the document management systems and any other information systems already in place
in order to assess the extent to which these systems incorporate and maintain documents from the organization's activities. The
evaluation will help to identify any gaps between the organization's agreed document requirements and the performance and
functions of existing systems. This will serve as a basis for the development of new systems and the redesign of existing ones, so as
to meet the needs for document management that have been identified and agreed upon in the previous stages.
By-products of this stage can be:
a) an inventory of the organization's existing systems; and
b) A report indicating the extent to which these systems comply with the organization's agreed document requirements.
98
Rev. Esp. Doc. Cient., 29, 1, 2006
Normas
3.2.6. Stage E: Identification of strategies to meet the requirements
The objective of this stage is to identify the policies, procedures, standards, tools and other instruments that the organization
should adopt to ensure the creation and maintenance of the necessary documents to reflect the activity of the organization. The
choice of strategies will take into account:
a)
b)
c)
d)
e)
f)
the nature of the organization, including its goals and history;
the type of activities it carries out;
the way in which it conducts its activities;
the technological environment in which it is based;
the prevailing corporate culture; and
any external conditioning factors.
The selection will also be influenced by the potential of each of the strategies to achieve the desired outcome and the potential
risk to the organization if the approach fails.
In some cases, archival institutions can help develop document strategies.
These strategies could include:
a)
b)
c)
d)
the adoption of policies and procedures;
the development of Standards;
the design of new system components; or
the implementation of systems in such a way as to satisfy the requirements identified in the preservation and maintenance
of documents.
When this stage is completed, a planned, systematic and appropriate proposal for the creation, onboarding, maintenance, use
and preservation of documents will be available and will serve as a basis for the design of the document management system or the
redesign of the existing system.
The products linked to this stage can be:
a) A list of strategies to meet documentation requirements that are compatible with other needs of the organization.
b) a model that relates strategies and requirements; and
c) A report to senior management recommending an overall design strategy.
3.2.7. Stage F: Designing a Document Management System
This stage consists of the transformation of the strategies and tactics selected in Stage E into a plan for the document management
system that meets the requirements identified and documented in Stage C and addresses any existing deficiencies in the organization
in relation to document management that have been identified during Stage D.
Rev. Esp. Doc. Cient., 29, 1, 2006
99
Normas
Stage F, like the other stages of this methodology, adopts a broad definition of the term systems, encompassing people and
processes, as well as tools and technology. Consequently, this stage will include:
a) designing changes to existing systems, processes, and practices;
b) the adaptation or integration of technological solutions; and
c) defining the most appropriate way to incorporate these changes to improve document management across the organization.
In practice, it can sometimes be difficult to see where the determination of document management strategies ends (Stage E) and
the design of systems incorporating those strategies begins (Stage F). However, it is useful to focus on each strategy separately to
ensure that document creation and maintenance requirements are feasible, consistent, and have been properly incorporated into the
design of the system.
This stage involves document management professionals and other experts who work with users to develop specifications that
best capture document requirements. This will ensure that users own the system, understand it and use it as intended.
Outputs in this Stage F may include:
a)
b)
c)
d)
e)
f)
g)
h)
i)
j)
k)
l)
m)
the project plan defining the tasks, responsibilities and deadlines for implementation;
Reports detailing the results of periodic design reviews
documentation relating to changes in requirements, validated by both user representatives and the project team;
conceptual design descriptions;
rules of operation of the system;
system specifications;
diagrams depicting the architecture and components of the system;
models representing different approaches to the system, such as processes, data flows, and data entities;
detailed specifications for developing or procuring technological, software or hardware components;
The File Plan or Classification Chart
Plans showing how the project will be integrated into existing systems and processes
Initial Training and Validation Plan
System Implementation Plan.
3.2.8. Stage G: Implementation of a document management system
The goal of Stage G is to identify and systematically implement the appropriate set of strategies to implement the plan designed
in Stage F. The
100
Rev. Esp. Doc. Cient., 29, 1, 2006
Normas
Plan provides an overview of how the different components of the system (processes, procedures, individuals and technology) are
integrated.
The integration of new or improved document management systems with communication systems and business processes can
be a complex operation involving financial and accountability interests. These risks can be minimized through careful planning and
documentation of the implementation process.
Once this stage is completed, improved document management practices should have been integrated into the organization, with
minimal disruption to the organization's activities, helping to meet its needs for quality accreditation and capitalizing on the longterm investment made in stages A to F.
Among the documentation produced at the completion of this stage can be found:
a)
b)
c)
d)
e)
f)
g)
a detailed project plan including the combination of selected strategies;
documented policies, procedures and standards;
training materials;
documentation relating to the conversion process and migration procedures;
documentation required for accreditation of "quality systems";
performance reports; and
report or reports addressed to management.
3.2.9. Stage H: Post-Implementation Review
The objective of stage H is to measure the effectiveness of the document management system, to evaluate the process of
developing the system so that deficiencies can be addressed, and to establish a monitoring regime that will be in place for as long as
the system is in place.
Stage H includes:
a) analyze whether the documents have been created and organized according to the needs of the organization's activities and
whether they are adequately interrelated with the processes of which they are part;
b) interviewing management, staff and other stakeholders;
c) conducting surveys;
d) review the documentation produced during the early phases of the system development project; and
e) Observe and randomly control the operation.
The organization can help ensure the permanent return on investment in the document management system by conducting postimplementation reviews and performing regular checks. It also ensures the existence of objective information to demonstrate that
the organization is creating and managing the
Rev. Esp. Doc. Cient., 29, 1, 2006
101
Normas
Proper documents. This review will minimize the organization's exposure to the risk of a system failure, and will allow it to anticipate
significant changes in document requirements and organizational needs that require a new development cycle.
By the end of Stage H, the organization will have:
a) developed and implemented an objective assessment methodology for its document management system;
b) documented the performance of the system and the development process; and
c) Submit a report documenting the findings and recommendations to management.
As business processes and document management systems are not static, steps C to H should be carried out on a regular basis
as shown in Figure 1.
4. Document Management Processes and Controls
4.1. Introduction
ISO 15489-1 sets out the principles for the various operations of document management. These operations are described in a
linear sequence. In practice, they do not take place in that order. Several specific operations can be carried out simultaneously. Some
operations depend on the existence of instruments created by processes that are described later in the sequence.
Traditionally, a linear sequence has been used to describe paper-based document management processes, because processes can
be, and often are, separated by varying intervals of time. In electronic document management systems, decisions regarding
incorporation and classification, as well as access and disposition, are generally made at the time of document creation, so processes
are more explicit and often simultaneous. Of course, this can also be true in paper-based systems.
Paper-based systems contain metadata about documents that are often implicit and can be inferred by anyone using the
documents. In paper-based systems, the structure of the document does not need to be specified, as it is immediately apparent to the
user. The content of documents may need to be highlighted using additional indexing. The content of the document is defined
through a number of complex factors, including the implementation of control systems, but it can also be deduced through the
physical location of the document and its position in relation to other documents. Electronic systems do not have the same implicit
metadata, so document embedding methods should make this metadata explicit.
It is necessary to configure the electronic systems used for the incorporation of documents in such a way as to require the
completion of the required metadata.
102
Rev. Esp. Doc. Cient., 29, 1, 2006
Normas
or generate them automatically. The amount of metadata required for electronic documents is greater than that required for paper
documents, since very few elements can be inferred implicitly in electronic systems, and all metadata implicit in paper documents
must be made explicit. This amount depends on the prior existence of document definition rules and classification systems in relation
to both identification and access.
Rather than following the order of operations set out in ISO 15489-1, this chapter aims to guide implementation by identifying:
a) the tools required for various document management operations, and their development;
b) various factors that will affect or determine the nature of document management operations in different organizations and
under different legal systems; and
c) the processes in which these instruments are used.
4.2. Instruments
4.2.1. Main Instruments
The main tools used in document management operations are:
a) a scoreboard based on the activities of the organization;
b) a timetable for the preservation and disposition of documents;
c) An access and security table.
Organizations can employ additional tools specific to document management, such as:
a) a thesaurus of accepted terms; and
b) A glossary of terms or other controlled vocabularies.
In addition, there are other tools that are not specific to document management, which can be applied to some document
management operations:
a)
b)
c)
d)
an analysis of the regulatory framework;
a risk analysis;
a relationship of assignment of responsibilities in the organization;
A record of employees and system user permissions
The development of the latest series of instruments is outside the scope of this part of ISO 15489.
Rev. Esp. Doc. Cient., 29, 1, 2006
103
Normas
4.2.2. Classification of the organization's activities
4.2.2.1. Introduction
A classification system based on organizational functions can provide a systematic framework for document management. The
analysis carried out for the development of the classification identifies all the activities of the organization and places them in the
context of its stated mission or purpose.
Once completed, the classification represents the functions, activities and operations of the organization. It can be used to
develop the document classification table, a thesaurus, rules for forming titles and indexes, and the identification of document
categories based on their layout and access permissions.
The classification system is a tool that allows the organization to:
a) organize, describe, and link documents;
b) linking and sharing documents, either internally or externally to the organization; and
c) Provide better access, retrieval, use and dissemination of documents.
Supported by tools such as controlled vocabularies, classification systems promote consistency of titles and descriptions, making
it easier to retrieve and use documents. In addition to facilitating access and use, classification systems can support other document
management processes, such as storage, preservation and disposal.
Classification systems can reflect the simplicity or complexity of organizations. They should determine the degree of control of
classification necessary for their purposes, depending on the organisational structures, the nature of the activity they carry out, the
responsibilities they assume and the technology available.
4.2.2.2. Development of the classification of the organization's activities
The classification of the organization's activities can be elaborated by applying the methodology described in sections 3.2.2 and
3.2.3.
The development of an analysis of the organization's activity involves the identification and analysis of the following elements:
a)
b)
c)
d)
e)
f)
g)
h)
104
the organization's goals and strategies;
the functions of the organization that support the achievement of those goals and strategies;
the activities of the organization that constitute those functions;
the work processes carried out to carry out specific activities and operations;
all the constituent stages of an activity;
all the operations that make up each stage;
the groups of recurring operations within each activity; and
documents already existing in the organization.
Rev. Esp. Doc. Cient., 29, 1, 2006
Normas
The conclusions of the analysis can be represented as a hierarchy of organizational activities, to be supplemented, where
appropriate, by sequential representations of processes.
To ensure that documents and their metadata accurately reflect the business processes that gave rise to them, classification
systems should be the result of analysis of those processes.
The structure of a classification system is usually hierarchical and is reflected as follows:
a) The first level usually reflects the function
b) The second level is based on the activities that constitute the function.
c) The third and subsequent levels provide more details about the activities or groups of operations that are part of each
activity.
The degree of accuracy of a classification system is chosen by the organization and reflects the complexity of each of the
functions being performed. For example, the staffing hierarchy1 could be set up as follows:
1. Human Resource Management
1.1. Determination of benefits
1.2. Establishment of working conditions
1.2.1. Appointments
1.2.2. Training period
1.2.3. Childcare
1.2.4. Flexible Work Agreements
1.3. Permissions
1.3.1. Regularisation
1.3.2. Indemnities
1.3.3. Annual leave
1.4. Hiring Employees
1.5. Fees
1.5.1. Deductions
1.5.2. Overtime
1.5.3. Remuneration
1.5.4. Retirement
Classification systems provide an articulation of the functions and activities of the organization. They are not always in a position
to specify each and every one of the known variables, but they can indicate which groupings are appropriate. For example, prompts
such as [Specify by Time Period] or [Specify by Customer] can be used within classification guidelines to force users to be more
specific. Other instruments are needed (auxiliary lists, e.g.
1
An example of hierarchy and development of the personnel classification table more in line with the practices carried out in Spain in document management
is presented in Annex C.
Rev. Esp. Doc. Cient., 29, 1, 2006
105
Normas
Example: Indexes) to list each of the individual variables used by the organization.
The persons responsible for the development of the classification systems can verify that the systems comply with the following
points:
a) They take their terminology from the functions and activities of the organization, not from the denominations of its units.
b) They are specific to each organization and provide a coherent and standardized mode of communication between the different
units of the organization that share information due to the interrelationship of their functions.
c) They have a hierarchical character ranging from the most general to the most specific, i.e. from high-level functions to more
specific operations, e.g. Finance – Audit – External.
d) They are composed of univocal terms that are a reflection of organizational practice.
e) They consist of a sufficient number of groupings and sub-groupings that cover all the functions and activities of the
organization that are generating documents.
f) They are made up of specific groupings.
g) They are designed in collaboration with the creators of the documents.
h) They are revised to reflect the changing needs of the organization and to ensure that the table is up-to-date and reflects
changes in the functions and activities of the organization.
4.2.3. Vocabulary
4.2.3.1. Controlled vocabulary – list of authorized headings
A list of authorized headings is a simple enumeration of terms that is derived from those used in the classification table. The
meaning of the term is not contemplated and the relations between the terms are not shown. The list makes it possible to control the
terminology used in forming the titles of documents by establishing the terms accepted and used in the natural language of the
organization, controlling the use of synonyms, homonyms, abbreviations and acronyms.
4.2.3.2. Thesaurus
A thesaurus is constructed using the conventions and procedures documented in ISO 2788.
A thesaurus is a controlled list of terms linked to each other by semantic, hierarchical, associative, or equivalence relationships.
This tool serves as a guide when assigning classification terms to individual documents.
A thesaurus specifies the meaning of each term and shows its relationships to other terms. A thesaurus provides enough inputs
to
106
Rev. Esp. Doc. Cient., 29, 1, 2006
Normas
Refer users from unused terms to terminology adopted by the organization. In addition, a thesaurus can be associated with other
document management tools, such as retention and disposition calendars or access classification schemes, making it possible to
automate other document management processes.
4.2.4. Conservation and disposal schedule
4.2.4.1. General
Decisions about which documents should be incorporated and for how long they should be retained are made more effectively
by proceeding systematically and in accordance with existing laws and regulations (which may be specific to the country, owned by
different types of organizations or branches of industry, or related to certain products). Instruments designed to standardize the
decision-making process can range from guidelines identifying documents that should be destroyed or integrated into management
systems, to a formally approved timetable with retention periods and disposition actions appropriate for each class of documents,
which is submitted for approval by an external authority (conservation and disposition schedule). In some countries, these calendars
approved by the competent external authority may prescribe permanent preservation of documents, either within the organization
or in an independent archival institution. In electronic document systems, incorporation and preservation decisions should be
considered as part of the design of the system at the time of its creation.
4.2.4.2. Identification of documents that should be incorporated into the document management system
The decision as to which documents should be incorporated into the document management system and for how long they
should be retained requires, first, an analysis of the internal and external environment of the organization, its relationship(s) to that
environment, and the identification of the functions and activities of the organization, as described in sections 3.2.2 and 3.2.3.
Second, the results of this analysis are assessed in relation to the external and internal requirements for organizational
accountability. By analysing activities and requirements, document managers can:
a) identify, from a broad perspective, the documents that should be created to administer and manage each activity;
b) Identify the areas of the organization in which the documents corresponding to each activity are incorporated
Rev. Esp. Doc. Cient., 29, 1, 2006
107
Normas
c)
d)
e)
f)
g)
analysing activities to identify all their constituent stages;
identify all the operations that are part of each stage;
identify the data needed to carry out each operation;
determine the need to incorporate evidence for each operation; and
Determine the appropriate time to incorporate the document.
Decisions regarding the incorporation of documents, as part of a systems design process, are most successfully made in
collaboration with the organizational unit responsible for the activity and its systems.
The decision not to formally require the incorporation of documents is usually based on the assessment of the risk arising from
the possession of incomplete documents. Risk management decisions are the result of an analysis of the regulatory and regulatory
environment, as well as the risks perceived by the organization, depending on the sector and the nature of the activity. Decisions
will include assessments of direct and opportunity costs, other resource allocations, litigation possibilities, the organization's public
image, ethical aspects, and the use of space (physical or computer network).
For example, if documents relating to pharmaceutical products carry a higher risk than those relating to the management of
office supplies, the former should be handled with a higher level of precision and longer retention periods than the latter. In addition,
documents essential to ensuring organizational continuity are incorporated into document management systems as part of the risk
management strategy.
Any document that has been incorporated or created should be given a retention period, so that there is no doubt as to how long
it should be retained.
4.2.4.3. Determination of the duration of the retention period of documents
To determine how long the documents should be kept, the following analysis can be carried out, which consists of five stages:
a) Determine the legal or administrative frameworks for the maintenance of documents within the system.
Legal or administrative requirements may impose minimum periods of conservation in different legal systems.
b) Determine the various uses of documents within the system.
Documents for certain operations within a system are used repeatedly to carry out other operations. A distinction should be
made between the main documents, which are those of recurrent use, and the documents of multiple specific operations,
which refer to the former. It may be possible to delete documents for specific operations from the system shortly after the
operation has been completed. For example, requests for
108
Rev. Esp. Doc. Cient., 29, 1, 2006
Normas
Staff permissions are only retained for a limited period of time, while the leave history will be retained for the entire period
of the employee's hire. The relationship between the main documents and other specific operational documents will determine
the period of retention of both within the system. This also depends on the nature of the organization's activity being
documented. For example, medical records may need to be retained longer than accounts payable documents posted in the
general ledger.
c) Determine linkages with other systems.
Documents in one system can serve as a support or reference for other systems. For example, the aggregated details of
individual purchase transactions are transferred to the general ledger. Documents integrated into a Geographic Information
System can be cited for reference or copied into planning, property, or other organizational activity systems.
d) Take into account the variety of uses of the documents. The stages of this process include:
1) the identification of other interested parties, e.g. files or external users with legally recognized or legitimate interests in
the retention of documents for longer than required by the organization's internal users;
2) assessment of the risks associated with the destruction of documents, once their regular and internal use has been
completed;
3) determining which documents are essential to ensure the continuity of the organization in the event of loss or damage and
what actions are necessary to preserve them;
4) assessment of the financial, political, social or other benefits of retaining documents after the organization has ceased to
use them; and
5) analysis of the non-financial cost-benefit balance of document retention, to decide how long they should be retained once
the organization's needs have been met.
e) Assign retention periods to documents according to the total evaluation of the system.
Within the system, retention periods and disposition actions of similar characteristics are established for sets of documents that
reflect or record similar activities. All documents belonging to the same management system should be included in some form of
retention and disposition schedule, from documents from smaller operations to those produced by policies and procedures. Retention
periods should be clearly set and disposal actions should be unambiguously identified. For example
'destroy
years after the audit' or 'transfer to the archives  years after the last operation has been carried out in full'.
Rev. Esp. Doc. Cient., 29, 1, 2006
109
Normas
4.2.5. Access & Security Table
4.2.5.1. General
A formal instrument for identifying access rights and the regime of restrictions applicable to documents is a necessary tool for
organizations of any size and under any legal system. The more complex the organization and its regulatory framework, the greater
the need for standardization of the procedures for the application of the access and security categories.
4.2.5.2. Elaboration of the access and security table
The establishment of appropriate categories of access rights and restrictions is based on an analysis of the organization's
regulatory framework, its activity and risk assessment. The appropriate level of access and security will depend on the nature and
size of the organization, as well as the content and value of the information. Appropriate security can be described as the level of
security that, according to common sense, would be needed to protect information from unauthorized access, collection, use,
disclosure, erasure, modification, or destruction. Thus, "appropriate" for one organization may be a locked warehouse, while for
another it may be a locked, guarded, limited-access warehouse with video cameras.
Access to documents may be restricted to protect:
a)
b)
c)
d)
e)
personal information and privacy;
intellectual property rights and trade secrets;
security of property (physical or financial);
public safety; and
legal and professional privileges.
Equally important are the rights of access legally recognized under the rules of good governance, freedom of information, the
protection of privacy, and the legal system and archival legislation. The effective development of an access and security table will
need to take these rights into account.
To develop an access table, the analysis of the organization's regulatory framework, its activity and risk assessment will be used
to:
a)
b)
c)
d)
110
identify legally recognized rights and restrictions on access to the organization's documents and information;
identify areas of risk of breach of privacy and commercial, professional or personal confidentiality;
identify the organization's security issues;
classify areas of risk of security breaches according to the likelihood of their occurrence and the assessment of damages;
Rev. Esp. Doc. Cient., 29, 1, 2006
Normas
e)
f)
g)
h)
relate identified risk areas and security issues to the organization's activities;
identify appropriate levels of restriction, from highest-risk to lowest-risk areas;
assigning restriction levels to different types of documents according to the classification of risks; and
Associate constraints with tools, such as classification tables or thesauri used to describe documents. In this way, warnings
and restrictions can be displayed automatically when documents are entered and recorded in the management system.
The way in which constraint levels are expressed should reflect the practice of the organization. Relevant areas of the
organization should be consulted when developing access restriction categories.
Access tables also apply to individuals, both those who are responsible for the management of classified documents and others
who have access rights. At a later stage, responsibilities should be clearly identified. User profiles and users who have access to
specific groups of classified documents can be defined and incorporated into the document management system. Documents that
fall into the "restricted" category can only be accessed by users who have been authorized. This restriction may be supported by a
control or veto process that is not part of the document management function. This aspect of categorizing users on the basis of access
is linked to the task of managing user permissions in relation to the document management system.
A document management system has to manage user permissions that are unique to it. You can use your organization's general
employee and user permissions log, but in cases where it doesn't exist, you'll need to create your own. This registry distinguishes
user permissions for accessing, modifying, or deleting documents from read-only permissions. An employee may be an authorized
user for the creation, modification and deletion of documents in a specific functional area, and possess only the ability to access, but
not modify, documents in other functional areas. Similarly, it may not be appropriate to allow access to documents for certain
activities of the organization outside the functional group that carries them out.
The monitoring and assignment of user profiles and their relationship to functional responsibilities is an ongoing task that takes
place in all document management systems, regardless of their format. Many electronic document management systems, especially
those that are accessible through geographically distributed systems, can inherit identification protocols from other applications. By
enabling network access over much greater distances, the assignment and control of user permissions will be a significant
responsibility, often vested in the staff responsible for managing data or information systems.
Rev. Esp. Doc. Cient., 29, 1, 2006
111
Normas
4.3. Document Management Processes
4.3.1. Introduction
The processes described below are presented sequentially, but it should be borne in mind that in many document management
systems, especially electronic systems, they may take place simultaneously or in a different order than described. All processes
generate metadata (detailed descriptive information) linked to the document. The amount of metadata that exists in relation to
documents and document management processes depends on the sophistication of a document management system, which, in turn,
will depend on the requirements arising from the organization's activities and responsibilities. The processes are as follows:
a)
b)
c)
d)
e)
f)
g)
h)
incorporation;
registration;
classification;
access and security assignment;
definition of the provision;
storage;
use and traceability; and
disposal.
4.3.2. Incorporation
Onboarding is the process of determining whether a document should be created and retained. This includes both documents
created by the organization and documents received by the organization. It is a matter of deciding which documents are incorporated,
which, in turn, means deciding who can have access to those documents and, in general, how long they have to be kept.
Decisions about which documents should be incorporated and which should be rejected are based on an analysis of the
organization's activity and the responsibilities it has assumed. The organization may use a formal tool, such as a retention and
disposition schedule (see section 4.2.4) or a set of guidelines to identify documents that do not need to be retained.
As an example of documents that do not require formal incorporation, we can cite those that:
a) they do not oblige an organization or individual to take a particular action;
b) do not document an obligation or responsibility; or
c) They do not contain information related to the activity for which the organization is responsible.
In paper-based document management systems, onboarding can be done by physically placing the document in a chronological
sequence within the
112
Rev. Esp. Doc. Cient., 29, 1, 2006
Normas
of a file or folder with a title. This grouping relates the individual document to other documents in a specific subject and allows
anyone who wants to retrieve the information contained in the document to obtain contextual information about it. A document is
implicitly linked to other documents for reasons of a temporal nature, by physical proximity, by the identity of the producer of the
dossier or folder, or by the title of the dossier or folder.
A paper-based document management system will require the establishment of controls over the files that are created and the
name given to them. The addition of new documents to a file (i.e., their addition) becomes a conscious process of determining the
most appropriate classification for the document in question, and of deliberately placing them in a known and predefined sequence
of documents. Documents that are gradually added to the file can be dated or numbered sequentially to provide additional security
when defining the sequence of actions. Other indexing terms may then be added to the record to ensure that the document can be
located and retrieved. The arrangement and conditions of access can be assigned by adding notes to the file or to the control systems.
Including a document in a predetermined set of actions or in a workflow can also be thought of as a form of document
onboarding. This process places the document in the context of the action that should take place after its creation or receipt and
functions as an acknowledgement of its participation in the organization's operations.
Electronic document management systems incorporate documents through a deliberate process whose meaning and purpose is
the same as that of registration.
Systems that incorporate documents also need to incorporate metadata associated with those documents so that:
a) describe both the content and the context in which the document was created;
b) allow the document to be a fixed representation of an action; and
c) Allow the document to be retrieved and presented in all its meaning.
These aspects are often referred to as context, content, and structure.
Information relating to the people involved in the operation, the activity of the organisation being carried out and the documents
generated can be recorded with different levels of accuracy. The level of detail required depends on the needs of the organization
and the variety of uses of the document. For example:
a) documents that are used only by one person can be managed in simple systems using the minimum information necessary
for retrieval;
b) Documents that are only used by a particular unit of the organization are only required to record data that is relevant and
comprehensible in that unit;
Rev. Esp. Doc. Cient., 29, 1, 2006
113
Normas
c) Documents that are available or accessible to more than one unit of the organization should provide information identifying
the unit of the organization concerned and the individuals involved in the operations in relation to an organization-wide
context;
d) documents created in the public domain, such as the World Wide Web, require a wide range of contextual information, since
it cannot be assumed that everyone will consult the document with the same degree of knowledge of the operations that
produced it. ISO 690-2 provides guidelines on how to reference electronic documents.
4.3.3. Registration
In systems where registration is used, the purpose of registration is to record the creation or incorporation of a document into a
document management system. It involves incorporating a brief descriptive information about the document when registering it, and
assigning it a unique identifier. In some document management cultures, the registration process is not often used in the case of
paper-based systems.
Registration is a way of formalizing the incorporation of a document into a document management system. Documents can be
recorded at more than one level of grouping within the management system, e.g. for correspondence, at file level or at 'document'
or 'sheet' level, depending on the need for proof.
In paper-based manual control systems, a record is usually a separate document. In computerized systems, a record may
encompass a combination of data. In electronic document management systems, the registration process may include classification,
assignment of disposition type and conditions of access. They can be designed with a view to recording documents through automatic
processes, transparent to the user of the application from which the document is incorporated and without the intervention of
document management staff. Even if registration is not fully automated, elements of the registration process (in particular, some of
the metadata required) can be automatically deduced from the IT environment and organization from which the document originates.
Whatever its form, in general, the record is unalterable. However, if it were
If changes need to be made, there should be an audit trail of them.
The registry should specify, at a minimum, the following metadata:
a)
b)
c)
d)
a unique identifier assigned from the system;
the date and time of registration;
a title or brief description;
the author (person or corporate entity), sender or recipient.
A more detailed record links the document to descriptive information about its context, content, and structure and to other related
documents. Every
114
Rev. Esp. Doc. Cient., 29, 1, 2006
Normas
A document or group of documents should contain information about its content and context, as well as other documents related to
it. In some cases, the legal system may require compliance with certain metadata requirements in order to obtain complete and
accurate documents. Some of these metadata requirements can be met by the initial registration of a document and its relationships.
Depending on the nature of the activity recorded, the testing needs of the organization and the technology implemented, the
information linked to the unique identifier of the document may include the following elements:
a)
b)
c)
d)
e)
f)
g)
h)
i)
j)
k)
l)
m)
n)
o)
p)
q)
r)
s)
the name or title of the document;
a description or summary of the text;
the date of creation;
the date and time of communication and receipt;
input, output or internal;
the author (with his/her parentage);
the sender (with his/her parentage);
the recipient (with his/her parentage);
the physical format;
their classification according to the classification table;
its links to related documents, documenting the same process or relating to the same person or matter, if the document is
part of a file;
the system from which the document was incorporated;
the software application and the version that was used to create or embed the document;
the standard to which the structure of the documents conforms (e.g. Standard Generalized Markup Language - SGML, or
Extensible Markup Language - XML)
details about the links embedded in the document, including the software application and the version that was used in the
creation of the embedded documents;
the templates needed to interpret the structure of the document;
access;
the retention period; and
any other information about the context and structure that is useful for management purposes.
If a classification table is used, the classification of the file/document will be more accurate if it is done at the same time as the
registration. The type and complexity of the classification depend on the type of business or organization.
Rev. Esp. Doc. Cient., 29, 1, 2006
115
Normas
4.3.4. Classification
4.3.4.1. General
Classification is the process of identifying one or more categories within the activities of the organization and the documents
they generate, as well as grouping them, if necessary, into files or series to facilitate the description, control, relationships and
assignment of the type of disposition and the conditions of access.
Through the use of classification systems based on the different activities of the organization (see section 4.2.2), the process
consists of the following stages:
a)
b)
c)
d)
identify the operation or activity that the document attests;
locate the operation or activity in the classification system;
examine the higher-level classes to which the operation or activity is linked, to ensure that the classification is appropriate;
compare the classification of the activity with the structure of the organization, to ensure that it is appropriate to the unit of
the organization to which the document belongs;
e) Assign the document the classification level according to the needs of the organization.
The number of classification levels and the lowest classification level (either at or above the operations level) depends on the
following factors:
a)
b)
c)
d)
e)
f)
responsibilities;
the nature of their activities;
size;
the complexity of its structure;
critical risk assessment in terms of speed and accuracy in document control and retrieval;
the technology in place.
4.3.4.2. Controlled vocabulary
Other descriptive and control data can be added to the document through the use of controlled vocabularies, such as a list of
authoritative headings or a thesaurus (see sections 4.2.3.1 and 4.2.3.2). The need for title and description control depends on the size
and complexity of the organization and its document management system. The higher the level of public accountability or control,
the greater the need for accuracy and speed in locating specific documents. The greater the risks present in the organization's activity,
e.g., public safety in relation to hazardous chemicals, the greater the need for precision and control in recovery.
116
Rev. Esp. Doc. Cient., 29, 1, 2006
Normas
4.3.4.3. Indexing
Proper assignment of indexing terms expands the possibilities of retrieving documents across classifications, categories, and
media. Indexing can be done manually or automatically generated by automatic profiles or text in electronic documents.
Although indexing was initially a manual practice, it is now often computerized. Free-text retrieval (full-text retrieval) systems
locate documents by searching their contents. Other retrieval tools provide searches based on user, document or subject profiles,
document content, and the use of intelligent agents. The most sophisticated indexing tools are tailored to specific types of documents,
the nature of the activity and the resources required for their implementation and operation.
The assignment of indexing terms may be limited to the terminology set out in the classification table or in other controlled
vocabularies. Indexing terms are typically drawn from the following elements:
a)
b)
c)
d)
e)
f)
g)
h)
i)
the format or nature of the document;
the title or main heading of the document;
the thematic content of the document, usually in line with the activity of the organization;
a summary of a document;
the dates associated with the transactions recorded in the document;
the names of clients or organizations;
specific handling or treatment requirements;
accompanying documentation that is not otherwise identified; or
the uses of documents.
4.3.5. Assigning Access and Security Categories
The establishment of access rights and restrictions is made up of steps similar to those of the classification of activities. Using
the access and security table (see section 4.2.5) as a reference, you should:
a) identify the operation or activity that the document attests;
b) identify the unit of the organization to which the document belongs;
c) verify the assigned access and security categories to determine whether the activity and area of the organization have been
identified as risk areas, or have been attributed security considerations or restrictions by law;
d) assign the document an appropriate level of access or restriction and specify appropriate control mechanisms for its
manipulation;
e) Record the access or security category of the document in the document management system in order to establish, if
necessary, additional control measures.
Rev. Esp. Doc. Cient., 29, 1, 2006
117
Normas
Access to documents is restricted only when required by law or dictated by the needs of the organization. Access and security
categories can be assigned by query to the unit of the organization to which the documents belong. To ensure that the additional
control and supervision mechanisms affecting these documents are not in place for longer than necessary, clearly defined restriction
periods may be established.
4.3.6. Identifying the Disposition Type
Many document management systems, especially those for electronic documents, identify the type of disposition and the
retention period of the document at the time of incorporation and registration. This process can be linked to activity-based
classification and automated as part of the system design.
The process needs to refer to conservation and disposal schedules (see section 4.2.4) of a more or less formal nature, depending
on the size and nature of the organization, as well as its responsibilities. It involves the following stages:
a)
b)
c)
d)
e)
identification of the operation or activity of the organization attested to in the document;
location of the operation and documents in the appropriate class of the calendar of conservation and disposal;
assignment of the corresponding retention period and identification of the intended disposal action;
record of the retention period and future disposition action in the document management system;
determination of the metadata retention period of documents that have been transferred to an external storage service provider
or archive, or that have been destroyed;
4.3.7. Storage
4.3.7.1. Decisions on document storage
The decision to incorporate a document into the system implies the intention to store it. Adequate storage conditions ensure the
protection, accessibility and proper management of documents. The purpose of the document, its physical format, and its use and
value will determine the characteristics of the equipment, as well as the services required to manage the document for as long as it
is needed.
It is important to provide efficient and effective means of maintaining, handling and storing documents prior to their creation
and to re-evaluate storage conditions as document requirements change. In addition, the conditions of the
118
Rev. Esp. Doc. Cient., 29, 1, 2006
Normas
Selected storage facilities should be integrated into the overall document management program.
By conducting a risk analysis, organizations can select the most appropriate and feasible physical storage and handling
conditions for their documents. The choice of storage conditions should take into account access and security requirements and
restrictions as well as the physical characteristics of the documents. Documents that are particularly important for organizational
continuity require additional protection and copying methods to ensure their accessibility in the event of a disaster.
Risk management also includes the development of a disaster recovery plan that defines an organized and hierarchical response
to such situations, that plans the continuity of the organization's normal operation during the disaster, and that anticipates appropriate
recovery measures.
Important factors in selecting storage and handling conditions include:
a) The volume and growth rate of documents. Some storage facilities may be discarded if, according to projected growth
rates, their capacity is not sufficient. Digital media should also be evaluated in terms of their storage capacity. The choice of
media should be in line with estimates of the volume and growth rate of documents.
b) The use of documents. The different uses of a document will determine what are the appropriate levels of protection against
loss or damage. In the case of electronic documents, the use of reliable systems and media that are more robust and longlasting will be used. In addition, the ease with which backups can be toggled and protected is a key factor when selecting
storage options for electronic documents.
c) The security and confidentiality needs of documents. Access to some documents is limited for reasons of confidentiality,
propriety, nature of the information or legal protection.
d) Physical characteristics. The following factors will have an impact on storage: weight, surface area required, temperature
and humidity controls, and special requirements for physical preservation of the medium (e.g. paper, digital storage,
microforms). Documents in electronic form may require conversion or migration, and digital storage media may need to be
renewed. Documents should be protected from fire, flood and other hazards, depending on local circumstances.
e) Consultation requirements. Document consultation is a key factor. Frequently accessible documents should be stored in a
more easily accessible facility. Electronic documents can be stored in different ways to make their retrieval easier and faster.
f) The relative cost of storage conditions. Consideration of costs may influence the decision to engage an external soul service.
Rev. Esp. Doc. Cient., 29, 1, 2006
119
Normas
and in the choice of media for the storage of electronic documents.
g) Access needs. A cost-benefit analysis of storage
"On-site" versus off-site storage can highlight the need for multiple storage facilities, systems, or equipment to fully meet
the organization's needs.
4.3.7.2. Facility Considerations
To ensure adequate protection and storage of documents, facilities should be assessed according to the following factors:
a) Its location should be easily accessible and should not be in areas that present known external risks.
b) The building should allow adequate temperature and humidity levels to be maintained, have means of protection against fire,
water, or contaminants (such as radioactive isotopes, toxins, and mold), and have security measures, controlled access to
warehouses, systems for detecting unauthorized entry, and adequate protection against pests.
c) Equipment. It is important that the shelves adapt to the format of the documents and that they have the necessary solidity to
withstand possible loads. Containers and packaging materials should resist handling and pressure from their contents and
should not damage documents during storage. The use of the documents may warrant special packaging to provide additional
protection against deterioration.
Organizations may choose to engage a service company to physically guard the documents and provide access to the electronic
information itself or to hard copies of it. In such cases, it is important that the rights and responsibilities of the owners of the
documents and of the service provider(s) are stipulated in a contract for the provision of services.
4.3.7.3. Digital Storage
Storing documents in electronic form requires complementary storage plans and strategies to prevent potential loss.
a) Backup systems prevent the loss of documents as a result of system failures. Such systems should provide regular and urgent
access to backups and include regular backups, multiple copies on various media, and storage of backups in different
locations.
120
Rev. Esp. Doc. Cient., 29, 1, 2006
Normas
b) Maintenance procedures may be necessary to prevent physical damage to the substrates. It may be necessary to copy
documents to more current versions of the same media (or on different media) to prevent data deterioration.
c) The obsolescence of the hardware and software used can affect the legibility of stored electronic documents. See section
4.3.9.2 for more information.
4.3.8. Use and traceability
The use of a document involves operations that can be recorded in the document management system as metadata. The use of
the documents may affect their conditions of access and disposal.
Document usage management includes:
a) identification of user permissions associated with different individuals and their respective positions within the
organization;
b) identification of the conditions of access and security of documents;
c) the identification of access rights of persons outside the organization;
d) ensuring that only persons who have the appropriate user profile or who have the relevant access rights have access to
restricted documents;
e) the traceability of documents to identify the persons who have had or have custody of them;
f) ensuring that any use of the documents is recorded in appropriate detail; and
g) the revision of the categories of access assigned to documents to ensure their up-to-date and applicability.
The traceability of documents in a document management system is a security measure for organizations. It ensures that only
users with the appropriate permissions perform tasks for which they have been authorized. The degree of control and level of detail
of record in the document management system depends on the nature of the activities and the documents they generate. For example,
in many cases the legal system establishes mandatory privacy protection measures that require the use of documents containing
personal information to be recorded.
Patterns of use of documents are useful in establishing the degree to which the information contained in the documents are upto-date and makes it possible to determine when a disposition measure should be taken.
Systems for monitoring the use or movement of documents range from card-based physical registration systems, to barcode
technology, to electronic document management systems in which the display of a document is not the same as the display of a
document.
Rev. Esp. Doc. Cient., 29, 1, 2006
121
Normas
It is automatically incorporated as a system operation. Traceability systems must be able to locate any document in an appropriate
period of time and to ensure that all movements can be recorded.
4.3.9. Disposal
4.3.9.1. General
Documents with similar dates and disposition actions should be easily identifiable in the document management system. For
example, paper documents with the same dates and disposition actions can be physically stored together.
The usage history of documents subject to disposition action should be reviewed to confirm or modify their status. Other
important activities include the following:
a) verification of the reasons that trigger disposition actions;
b) confirmation that any action in which the document may participate has already been completed; and
c) Maintenance of a document of disposition actions that can be audited.
4.3.9.2. Permanent conservation
Documents that have been removed from operating systems should be accessible and retrievable throughout their retention
period. The characteristics of the documents, as set out in section 7.2 of ISO 15489-1:2001, should be maintained. In cases where
documents are moved from the immediate physical environment of the producing unit to another physical location, the responsibility
for authorizing destruction or for making other disposition decisions will continue to be assumed by the unit in question.
Documents that have been identified for permanent preservation should be stored in an appropriate environment for long-term
preservation.
Document preservation strategies, especially for electronic documents, can be chosen based on their ability to maintain
document accessibility, integrity and authenticity over time, as well as their cost-effectiveness.
Preservation strategies can include copying, converting, and migrating documents.
a) Copying is the production of an identical copy on the same type of medium (paper/microfilm/electronic). For example, from
paper to paper, from microfilm to microfilm, or the production of backups of electronic documents (which can also be made
on another type of medium).
122
Rev. Esp. Doc. Cient., 29, 1, 2006
Normas
b) Conversion involves a change in the format of the document but ensures that this document retains the same primary
information (content). For example, the conversion of paper documents into microfilm, the scanning, or the change of
character sets.
c) Migration encompasses a set of organized tasks designed to periodically transfer digital material from one
hardware/software configuration to another, or from one technological generation to another. The goal of migration is to
preserve the integrity of the documents and maintain their retrievability, viewability, and any other use. Migration can occur
when hardware or software falls into disuse, or to move electronic documents from one format to another.
Other methods of preserving electronic records for long periods of time may be used as new technologies become available.
Preservation strategies for electronic records and associated metadata excluded from systems need to be formulated and
integrated into all system design processes to ensure that documents and their metadata remain accessible and usable throughout the
retention period.
Documents awaiting destruction can be identified in such a way that they can be destroyed systematically, once the retention
period has expired (e.g. annually).
When the storage of documents is entrusted to a service company or transferred to an external archival authority, whether as a
result of a disposition action or for other reasons, a formal agreement shall be drawn up, which shall be signed by both parties,
describing the obligations for the preservation of the documents, the management rules and the conditions of processing and access.
4.3.9.3. Physical Destruction
The physical destruction of documents is carried out by methods commensurate with their level of confidentiality. The
organization can have an audit trail in which all document destruction is recorded. The consent of the responsible authorities may
also be required. Destruction may be carried out by third parties hired for this purpose. The issuance of destruction certificates is
recommended for all destruction by third parties.
Documents in electronic form can also be destroyed by formatting or overwriting them, provided that it can be ensured that the
information cannot be recovered after formatting. The erasure instructions are not sufficient to guarantee that all pointers relating to
the data embedded in the system software have also been destroyed. Backups containing generations of system data should also be
formatted or overwritten before the actual destruction of the information in electronic form is completed. Physical destruction of
storage media is an appropriate alternative, especially if
Rev. Esp. Doc. Cient., 29, 1, 2006
123
Normas
erasure, formatting or overwriting are not applicable or are not considered safe methods of destruction of digital information (e.g.
information stored on WORM (Write Once Read Many) medium.
4.3.9.4. Transfer of Custody or Ownership of Documents
In certain circumstances, responsibility for the custody or ownership of documents is transferred from the organization that
created them to another. Such circumstances arise, for example, as a result of the restructuring of organizations, when they cease to
exist or when their activities are outsourced. When this occurs, documents that should be transferred are identified, removed from
existing document management systems, and physically transferred.
Such transfer of custody or ownership of documents to another organization may include:
a)
b)
c)
d)
transfer to other organizations with responsibilities for the documents;
transfer to outsourced or outsourced organizations;
transfer to a storage depot; or
transfer to a historical archive.
A key element of the transfer of ownership of documents is the determination of responsibility for those documents. Examples
of questions that can be asked in this regard include the following:
a)
b)
c)
d)
Have the administrative and operational requirements for the transfer of documents been reliably established?
Have the issues of competence and the need for accountability been addressed?
Has the impact of the transfer on the documents been taken into account?
Have the current legislation and the obligations arising from the regulatory framework been complied with?
In the case of an electronic document transfer, the following issues should be assessed, among others:
a)
b)
c)
e)
f)
hardware and software compatibility;
metadata (control and contextual information);
data documentation (technical information on data processing and data structure);
licensing agreements;
standards.
In cases where documents are removed from the control or ownership of the organization (e.g. through privatization of stateowned enterprises), it may be possible to
124
Rev. Esp. Doc. Cient., 29, 1, 2006
Normas
that the consent of the responsible archival authority is required. When the public administration has to transfer public documents
containing personal information to other jurisdictions or entities, other factors should be taken into account. In particular, legal
systems where there is legislation on freedom of information and the protection of privacy include, for example, requirements
relating to the retention of documents, the protection of personal data and provisions relating to access.
5. Monitoring & Auditing
5.1. General
There are three reasons for monitoring and auditing document management systems:
a) ensure compliance with the standards set by the organization;
b) ensure that documents will be accepted as evidence in a trial, if required;
c) Improve an organization's performance.
Details relating to the day-to-day activity of an organization are recorded and stored in its document management system, on a
regular basis and during the normal course of its activity.
Supervision helps to provide the document management system with legal and legal value. Monitoring processes are
documented to attest to compliance with the policies, procedures and standards that the organization has adopted.
Systematic supervision programmes, designed and developed in accordance with existing rules and regulations, are best able to
meet the requirements arising from corporate responsibilities.
A person with the appropriate skills can effectively supervise such compliance, reporting independently to management. The
people who can best manage compliance are those who have designed or implemented the supervisory programmes, or those
responsible for managing the documents.
Monitoring should be carried out on a regular basis at the intervals agreed and set out in the organization's document management
policy.
5.2. Compliance Audit
The correct design of any document management system should immediately have evidence that an organization:
a) understands the nature of your documents;
b) takes care of and takes safety measures for them; and
c) Properly use and implement technologies and work processes
Rev. Esp. Doc. Cient., 29, 1, 2006
125
Normas
In addition, document managers need evidence that demonstrates the organization's ongoing compliance with the law and
document management policies, principles, processes, and procedures, especially as the organization's staff is renewed.
The principles of good practice in document retention are of great value, even if the need to file electronic documents with the
courts never arises. The effort and resources required to carry out such compliance soon represent a benefit to the organization,
regardless of whether or not it is a party to litigation.
5.3. Probative value
Document managers should be aware of the magnitude of the legal challenge they face when presenting documents as evidence
in a court of law. If the integrity or authenticity of a document is called into question during the trial because of allegations of
forgery, incompetence, inadequate system functionality or system failure, the probative value or evidentiary weight that the court
attaches to the document may be lost or at least reduced to the detriment of the case.
Document managers should have readily available evidence to demonstrate and prove the organization's compliance with
legislation, policies, and procedures throughout the life of the system. It should also be possible to demonstrate that the system was
working as planned in accordance with the organization's usual practices. Documents relating to the monitoring and auditing of
system processes should provide evidence of this.
5.4. Performance Monitoring
Performance monitoring requires the organization to establish indicators, agreed, planned or required, in areas such as
responsibilities for procedures, the quantity and quality of work produced, and the security and integrity of the system and processes.
Consequently, the performance of the system should be measured periodically and regularly in relation to these indicators.
6. Formation
6.1. Introduction
ISO 15489-1 explains the need for organizations to implement a training program for all personnel involved in the creation of
documents and the document management system. This part of ISO 15489 deals with the requirements of this training program; the
personnel who should be trained; training of technical specialists; training methods; and the evaluation and review of training
programmes.
126
Rev. Esp. Doc. Cient., 29, 1, 2006
Normas
A training program should ensure that the functions and benefits of document management are widely understood by the
organization. It should explain document management policies and place procedures and processes in a context that allows staff to
understand the reasons why it is needed. Training will be more effective if it is designed to meet the needs of specific groups or, in
some cases, individual staff members.
6.2. Requirements of a training program
The organization should assign responsibility for the document management training program to a manager at an appropriate
reporting level. In addition, it should allocate appropriate resources to the programme.
The organization may choose to use a third party to provide all or part of the document management training.
A successful training programme will only be effective if staff perceive that management is committed to implementing the
policies and procedures contained in the training.
6.3. Personnel who should be trained
It is important that appropriate training is provided to all staff who assume any type of responsibility for document management.
Among others:
a)
b)
c)
d)
e)
managers, including senior management;
staff;
external service companies;
volunteers; and
Any other individual who has the responsibility of creating or using documents.
Organizations should ensure that all personnel identified in paragraph 2.3.2 receive training to enable them to meet their
responsibilities.
The training of document management specialists is provided for in paragraph 6.4.
6.4. Training of document management professionals
6.4.1. General
Many organizations need to recruit staff with appropriate professional qualifications (in records management or historical
archives) to manage their document management software and highly technical processes such as classification development,
preservation and disposal schedule, and system design. Appropriate technical skills may include an understanding of the operation
of computer systems. Knowledge of the organization's activity, processes, and objectives is also required.
Rev. Esp. Doc. Cient., 29, 1, 2006
127
Normas
Organizations may choose to use trained staff, facilitate the attendance of other employees in appropriate external training
programmes, or engage trained and experienced external consultants.
6.4.2. Training Methods
Document management training methods may include the following:
a) incorporation into staff training programmes;
b) group training for staff taking on new responsibilities or each time there is a change in the system;
c) on-the-job education and training, provided as part of a pre-established programme or informally by supervisors or staff of
equal rank who are knowledgeable;
d) briefings and seminars on specific issues or initiatives related to the documents;
e) publication of short "user guides" describing the main aspects of the organization's document management policies or
practices;
f) electronic presentations, which may be interactive, available on the company's network, or distributed in magnetic or optical
format;
g) help texts provided as part of computer systems;
h) Training courses offered by educational institutions or professional associations that are part of their general offer or are
developed at the request of the organization to meet a specific need.
6.5. Evaluation and review of training
The evaluation of the training program is based on the consistent and successful use of the document management system by
the trained staff. It may be necessary to assess such use in the light of the training received, as well as to carry out audits on the
functioning of the document management system in the organizational units. The evaluation can also compare the competency levels
of the staff against the objectives set out in the training programme.
The efficiency and effectiveness of the document management training programme will be enhanced if it is regularly reviewed
and if results are reported to management through the organization's usual channels.
The level of satisfaction of the people who have participated in the courses and other activities should be assessed.
It is important that the evaluation and revision of training programmes be accompanied by the necessary adjustments to the
programme, and that those already trained benefit from them.
It is useful to assess dysfunctions in accountability to discover the extent to which factors related to document management have
played a role.
128
Rev. Esp. Doc. Cient., 29, 1, 2006
Normas
Annex A
Reference tables for comparing ISO 15489-1 with the accompanying Guidelines (ISO/TR 15489-2)
Table A.1 compares the chapters and sections of ISO 15489-1 with the accompanying Guidelines (i.e. this part of ISO 15489)
and provides a link between the two documents so that users can easily establish:
a) the points where the Guidelines provide additional guidance to the matters covered by ISO 15489-1; and
b) the specific chapter or section of ISO 15489-1 referred to in each chapter or section of the Guidelines.
This part of ISO 15489 does not provide additional guidance with respect to each and every section and chapter of ISO 154891.
Table A.1
Comparison of ISO 15489-1 with accompanying Guidelines (ISO/TR 15489-2)
ISO 15489-1 (General)
Chapter
or Section
No.
Description
ISO/TR 15489-2 (Guidelines)
Chapter
or
Section
No.
Description
1
Field of application
For ISO 15489-1
1
Field of application
For the Guidelines
2
Standards for consultation
Lists the Standards that are part of
ISO 15489-1
–
Bibliography
Lists the publications referenced in
the text
3
Terms & Definitions
There are no additional terms and
definitions
4
Benefits of Document Management
No additional guidance is given.
5
Regulatory Environment
No additional guidance is given.
6
Policy & Responsibilities
2
Policy & Responsibilities
6.1
General
Establishes the need for a document
management policy
2.1
Introduction
He noted that the Guidelines would
elaborate on the types of responsibilities
that needed to be defined and assigned
6.2
Politics
It contemplates the objectives and the
relationships with the activities and the
regulatory environment
2.2
Document
Management
Policy
Statement
It explains their role, their
relationship to other documents and
the support that should be given to
them
Rev. Esp. Doc. Cient., 29, 1, 2006
129
Normas
Table A.1
Comparison of ISO 15489-1 with accompanying Guidelines (ISO/TR 15489-2) (continued)
ISO 15489-1 (General)
Chapter
or Section
No.
6.3
Responsibilities
Provides for the definition and
assignment of responsibility in the
document management policy
Chapter
or
Section
No.
2.3
Description
Responsibilities
2.3.1
Objectives of the definition of
responsibilities and competencies
Considers the purpose and scope of
application of the organizational
rules required for the definition of
responsibilities in document
management
2.3.2
Competencies and responsibilities
within the organization
It provides for the responsibilities of the
different categories of staff in terms of
document management
–
7
Document Management Requirements
8
Design and implementation of a
document management system
There is no equivalent heading
8.1
General
No additional guidance is given.
8.2
Features of a Document
Management System
No additional guidance is given.
8.3
Stages of design and implementation
of a document management system
No additional guidance is given.
8.4
Methodology for design and
implementation
8.4 (a)
130
Description
ISO/TR 15489-2 (Guidelines)
Preliminary investigation
3
No additional guidance is given.
Strategies, design and implementation
3.1
Introduction
It states that Chapter 3 only expands
on section 8.4
3.2
Design and implementation of a
document management system Points
out the correspondence between the
letters in section 8.4 and the names of
the stages in section 3.2
3.2.2
Stage A
Preliminary research Develop the
objective of this stage and relate it
to other stages
Rev. Esp. Doc. Cient., 29, 1, 2006
Normas
Table A.1
Comparison of ISO 15489-1 with accompanying Guidelines (ISO/TR 15489-2) (continued)
ISO 15489-1 (General)
ISO/TR 15489-2 (Guidelines)
Chapter
or Section
No.
Description
Chapter
or
Section
No.
8.4 (b)
Analysis of the organization's activities
3.2.3
Stage B
Analysis of the organization's activities
Develop the objective of this stage and
list the possible documentation that
can be produced in it
8.4 (c)
Identification of requirements
3.2.4
Stage C
Identify the requirements Develop the
objective of this stage and list the
possible documentation that can be
produced in it
8.4 (d)
Evaluation of existing systems
3.2.5
Stage D
Evaluation of existing systems
Description
Develop the objective of this stage and
list the possible documentation that
can be produced in it
8.4 (e)
Identifying strategies to meet
requirements
3.2.6
Stage E
Identifying Strategies to Meet Document
Requirements Lists the factors that
affect the strategies, possible strategies,
and possible documentation that may be
produced
8.4 (f)
Designing a Document Management
System
3.2.7
Stage F
Designing a Document
Management System
It explains the relationship between
stage F and other stages and lists the
possible documentation that can be
produced
8.4 (g)
Implementation of a document
management system
3.2.8
Stage G
Implementation of a document
management system
Develop the objective of this stage and
list the possible documentation that
can be produced in it
8.4 (h)
Post-Implementation Review
3.2.9
Stage H
Post-Implementation Review Lists the
activities performed and describes the
benefits
8.5
Suspension of document management
systems
Rev. Esp. Doc. Cient., 29, 1, 2006
–
No additional guidance is given.
131
Normas
Table A.1
Comparison of ISO 15489-1 with accompanying Guidelines (ISO/TR 15489-2) (continued)
ISO 15489-1 (General)
Chapter
or Section
No.
9
Description
Document Management Processes and
Controls
ISO/TR 15489-2 (Guidelines)
Chapter
or
Section
No.
4
Document Management Processes and
Controls
4.1
Introduction
It explains the sequencing of document
processes, the differences between
paper metadata and electronic systems,
and the order of Chapter 4 of the
Guidelines
4.2
Instruments
Only the header
4.2.1
4.3
9.1
Identification of documents that should
be incorporated into the system
Explains risk analysis in document
onboarding, the dynamic nature of
documents, and the need for metadata
Description
Main Instruments
It lists the tools used in document
management and selection under the
Guidelines (classification table based
on the organization's activities,
document retention and disposition
schedule, security and access
classification scheme, thesaurus and
glossary of terms)
Document Management Processes
Introduction and list of processes
4.2.4
Conservation and disposal schedule
He explained that the incorporation of
documents should be systematic
4.2.4.2
Identification of documents that should
be incorporated into the document
management system
Explains how determining onboarding
requires the identification of roles and
activities
List the processes for identifying the
need for onboarding
He points to the use of risk analysis to
decide which documents need to be
incorporated
132
Rev. Esp. Doc. Cient., 29, 1, 2006
Normas
Table A.1
Comparison of ISO 15489-1 with accompanying Guidelines (ISO/TR 15489-2) (continued)
ISO 15489-1 (General)
Chapter
or Section
No.
Description
ISO/TR 15489-2 (Guidelines)
Chapter
or
Section
No.
4.3.6
9.2
Setting retention periods
It describes the factors that affect
preservation, the reasons for
preservation, and the types of
documents that are likely to require
permanent preservation
4.2
Description
Defines the layout Lists the
processes for defining the layout at
the time of onboarding, especially in
an electronic environment
Instruments
4.2.1
Main instruments Mention the
conservation and disposal
schedule
4.2.2
Classification of the organization's
activities
Explains the development of the
conservation and disposal schedule
based on the classification table of the
organization's activities
4.2.4
Conservation and disposal schedule
Describes the conservation and
disposal schedule
4.2.4.2
Identification of documents that should
be incorporated into the document
management system
He explains that the determination of
the length of the period of retention of
documents requires the identification
of the functions
& Activities
Points to the need for a clear retention
period
4.2.4.3
Rev. Esp. Doc. Cient., 29, 1, 2006
Determining the length of the document
retention period Describes the analysis
required to determine how long
documents should be kept and provides
examples. Describe retention periods.
133
Normas
Table A.1
Comparison of ISO 15489-1 with accompanying Guidelines (ISO/TR 15489-2) (continued)
ISO 15489-1 (General)
Chapter
or Section
No.
9.3
Incorporation of documents
List goals and techniques
Chapter
or
Section
No.
Description
4.3.6
Definition of the provision
It lists the processes for linking the
classification of activities to the
definition of the provision, especially in
an electronic environment
4.3.9
Disposal
Explains how to implement
conservation and disposition
schedules
–
See also section 4.2.4.2 Identification of
documents that should be incorporated
into the document management system
4.3.2
Incorporation
Describes the onboarding process,
including examples of documents that
do not need to be incorporated as
documents, paper-based onboarding
methods, and required electronic
systems and metadata
9.4
Registration
Define the registration process and
explain the purpose of the registration
process
4.3.3
Registration
Develop the process, list the metadata,
and specify the minimum metadata
9.5
Classification
3.2.2
Stage A: Preliminary research
Includes the preliminary element of
the development of the classification
table of the organization's activities
Classification of the organization's
activities
Explains the uses of the organization's
leaderboard
3.2.3
Stage B: Analysis of the
organization's activities
Explains the purpose of organizational
analysis in the design of a document
management system; Relates the
organization leaderboard to other
process documents in the organization
and lists tools that can be developed
from an organization leaderboard
9.5.1
134
Description
ISO/TR 15489-2 (Guidelines)
Rev. Esp. Doc. Cient., 29, 1, 2006
Normas
Table A.1
Comparison of ISO 15489-1 with accompanying Guidelines (ISO/TR 15489-2) (continued)
ISO 15489-1 (General)
Chapter
or Section
No.
9.5.2
Description
Classification systems
It points out the relationship with the
activities of the organization
ISO/TR 15489-2 (Guidelines)
Chapter
or
Section
No.
Description
4.2.1
Main Instruments Mentioned as a
Main Instrument
4.2.2
Classification of the
organization's activities
Explains the nature and purpose of the
classification table of the
organization's activities
4.2.2.2
Development of the classification of
the organization's activities Explains
the necessary analysis and
hierarchical structure of the table
It lists a number of guiding points for
the development of a leaderboard of
the organization's activities
9.5.3
Controlled vocabularies
As a support for classification and
indexing tables
9.5.4
Indexing
It points out the possibility of manual
or automatic indexing and refers to the
International Standard
9.5.5
Number and Code Attribution
Describes the value of codes for
identification
Rev. Esp. Doc. Cient., 29, 1, 2006
4.2.3
Vocabulary
4.2.3.1
Controlled Vocabulary – List of
Authorized Headings Describes the
list of authorized headings
4.2.3.2
Thesaurus
Describe a thesaurus
4.3.4.2
Controlled vocabulary
It deals with the levels of vocabulary
control that are required in different
situations
4.3.4.3
Indexing
Consider the purpose and means of
indexing.
Lists sources of indexing terms
–
No additional guidance is given.
135
Normas
Table A.1
Comparison of ISO 15489-1 with accompanying Guidelines (ISO/TR 15489-2) (continued)
ISO 15489-1 (General)
Chapter
or Section
No.
9.6
Description
Storage and handling Describes the
conditions necessary to keep
documents in good condition
ISO/TR 15489-2 (Guidelines)
Chapter
or Section
No.
4.3.7
4.3.7.1
Description
Storage
Document Storage Decisions
Explains the rationale for storage
decisions and the use of risk analysis
List the factors to consider when
selecting storage and handling options
9.7
Access
It relates access to the regulatory
environment and explains the need for
access regulation
List the requirements for controlling
access
4.3.7.2
Facility Considerations
List the factors to evaluate when
selecting storage facilities
4.3.7.3
Digital Storage
Lists additional factors to be considered
in the case of digital storage
4.2.5
4.2.5.2
Access & Security Table Defines
the access and security table
Elaboration of the access and security
table
List the reasons for restricted access
Lists sources of information on
security and access requirements for
documents
Explains the need for an employee
identification framework, document
access levels, and the implementation
of access and security controls
136
Rev. Esp. Doc. Cient., 29, 1, 2006
Normas
Table A.1
Comparison of ISO 15489-1 with accompanying Guidelines (ISO/TR 15489-2) (continued)
ISO 15489-1 (General)
Chapter
or Section
No.
9.8
Description
Traceability
9.8.1
General
Explain the reasons for traceability
9.8.2
Traceability of actions Explains
the fundamentals for traceability of
actions
9.8.3
Location Traceability Explains the
fundamentals for document
location traceability
9.9
Disposal
It provides for the execution of
disposition decisions through
destruction or transfer to a different
storage or custody facility
ISO/TR 15489-2 (Guidelines)
Chapter
or
Section
No.
Description
4.3.5
Assigning Access and Security
Categories
It lists the steps required to implement
the access and security table and points
out the need for constant monitoring of
controls.
4.3.8
Use and traceability
Explains the need for usage tracing
and the relationship of usage history
to security
4.3.8
Use and traceability
Provides a usage management
framework through traceability
It explains how traceability can
contribute to document security and
can indicate usage patterns
Points to the need for traceability
systems to locate documents and trace
their use
4.3.9
Disposal
Describes the processes for
disposition
4.3.9.2
Permanent Conservation
Responsibilities and Strategies
for Permanent Conservation
4.3.9.3
Physical Destruction
Describes the processes for physical
destruction
4.3.9.4
Transfer of Custody or Ownership
of Documents
Explains the circumstances in which a
transfer of custody or ownership
responsibility may occur
It lists the principles that must be
observed when destroying documents
It lists the issues to be considered in
terms of accountability and control
Rev. Esp. Doc. Cient., 29, 1, 2006
137
Normas
Table A.1
Comparison of ISO 15489-1 with accompanying Guidelines (ISO/TR 15489-2) (continued)
ISO 15489-1 (General)
Chapter
or Section
No.
9.10
Description
Documentation of document
management processes
Requires documentation and
proficiency for all document
management processes
ISO/TR 15489-2 (Guidelines)
Chapter
or
Section
No.
4.2.4
4.2.4.3
4.3.2
10
138
Monitoring & Auditing
Point out the requirements
5
Description
Conservation and disposal schedule
It points to the need for a
conservation schedule and
formal disposal.
Determination of the duration of the
retention period of documents Mention
the retention and disposition schedule
and disposition actions
Incorporation
Mention the conservation schedule
and formal disposition
Monitoring & Auditing
5.1
General
Outlines the benefits and
responsibilities for monitoring
programs
5.2
Compliance Audit
Stresses the need to show that the
document management system is
working properly
5.3
Probative value
It outlines the need to ensure that
documents will be accepted in court
5.4
Performance Monitoring Mentions
the need to set performance levels
when evaluating system
performance
Rev. Esp. Doc. Cient., 29, 1, 2006
Normas
Table A.1
Comparison of ISO 15489-1 with accompanying Guidelines (ISO/TR 15489-2) (continued)
ISO 15489-1 (General)
Chapter
or Section
No.
11
Description
Formation
Point out the requirements
ISO/TR 15489-2 (Guidelines)
Chapter
or
Section
No.
6
Formation
6.1
Introduction
Explain the purpose of a training
program
6.2
Requirements of a training program
Describes the means of managing a
training program
6.3
Personnel who should be trained Lists
the personnel who need to be trained
6.4
Training of document management
professionals
List the skills of professionally trained
staff
6.4.2
6.5
Rev. Esp. Doc. Cient., 29, 1, 2006
Description
Training Methods
List the methods
Evaluation and review of training
Methods & Benefits
139
Normas
Annex B
Comparison of ISO/TR 15489-2 Guidelines with ISO 15489-1
This annex lists the chapters or sections of this part of ISO 15489 (Guidelines) and indicates the related chapters or sections of
ISO 15489-1.
The chapters or sections of ISO 15489-1 that are not discussed in depth in this part of ISO 15489 are shown at the end of Table
B.1.
Table B.1
ISO/TR 15489-2 (Guidelines)
Chapter
or Section
No.
Description
Chapter
or
Section
No.
Description
1
Field of application
1
Field of application
[For ISO 15489-1]
2
Policy & Responsibilities
6
Policy & Responsibilities
2.1
Introduction
He noted that the Guidelines would
elaborate on the types of
responsibilities that should be
defined and assigned
6.1
General (says:) General
Establishes the need for a document
management policy
2.2
Document
Management
Policy
Statement
It explains their role, their
relationship to other documents and
the support that should be given to
them
6.2
Politics
It contemplates the objectives and
the relationships with the activities
and the regulatory environment
2.3
Responsibilities
6.3
Responsibilities
It provides for the definition and
allocation of policy responsibilities
8.4
Methodology for design and
implementation
2.3.1
Objectives of the definition of
responsibilities and competencies
Considers the purpose and scope of
application of the organization's rules
governing the definition of
responsibilities in document
management
2.3.2
Competencies and responsibilities
within the organization
It provides for the responsibilities of the
different categories of staff in terms of
document management
3
3.1
140
ISO 15489-1 (General)
Strategies, design and
implementation
Introduction
It states that Chapter 3 only
expands on section 8.4
Rev. Esp. Doc. Cient., 29, 1, 2006
Normas
Table B.1 (continued)
ISO/TR 15489-2 (Guidelines)
Chapter
or Section
No.
3.2
Description
ISO 15489-1 (General)
Chapter
or
Section
No.
Description
Design and implementation of a
document system
It points out the correspondence
between the names of the stages in
section 8.4 and the names of the stages
in section 3.2
3.2.2
Stage A
Preliminary investigation
Dig deeper into the goal of this stage
and relate it to other stages
8.4 (a)
Preliminary investigation
3.2.3
Stage B
Analysis of the organization's activities
Elaborate on the purpose of this stage
and list possible documentation
8.4 (b)
Analysis of the organization's activities
3.2.4
Stage C
Identify the requirements Drill down
into the purpose of this stage and list
possible documentation
8.4 (c)
Identification of requirements
3.2.5
Stage D
Evaluation of existing systems
Elaborate on the purpose of this stage
and list possible documentation
8.4 (d)
Evaluation of existing systems
3.2.6
Stage E
Identifying strategies to meet
requirements
List the factors that affect the strategies,
possible strategies, and possible
documentation
8.4 (e)
Identifying strategies to meet
requirements
3.2.7
Stage F
Designing
a
Document
Management System
It explains the relationship between
stage F and other stages and lists
possible documentation
8.4 (f)
Designing a Document Management
System
3.2.8
Stage G
Implementation of a document
management system
Elaborate on the purpose of this stage
and list possible documentation
8.4 (g)
Implementation of a document
management system
3.2.9
Stage H
Post-Implementation Review
List the activities performed and
describe the benefits
8.4 (h)
Post-Implementation Review
4
Document Management Processes
and Controls
Rev. Esp. Doc. Cient., 29, 1, 2006
9
Document Management Processes
and Controls
141
Normas
Table B.1 (continued)
ISO/TR 15489-2 (Guidelines)
Chapter
or Section
No.
Description
ISO 15489-1 (General)
Chapter
or
Section
No.
Description
4.1
Introduction
Structure of document processes and
the Guidelines
–
No equivalent
4.2
Instruments
–
See also section 9.10 Documenting
Document Management Processes
Point out the documentation
requirements
4.2.1
Lists the tools used in document
management and the selection
envisaged in the Guidelines
(classification of the
organization's activities,
competence to dispose of
documents, etc.).
documents, security and access
classification scheme, thesaurus and
glossary of terms)
4.2.2
Classification of the organization's
activities
It includes the analysis of the functions,
activities and operations that make it
possible to describe, manage and
retrieve documents and support storage
and disposal
9.5
Classification
9.5.1
Classification of the organization's
activities
List the benefits of classifying the
organization's activities
4.2.2.
Development of the classification of
the organization's activities Includes
the analysis that supports the
classification of business activities and
the methods of developing a schema
See also section
8.3 Design and implementation of a
document system
9.5.2
Classification systems
Indicates the basis and level of
classification required
4.2.3
Vocabulary
9.5.3
Controlled vocabularies
Point out the purpose of
vocabulary checks
–
See also section 9.5.3
Controlled Vocabulary
4.2.3.1
Controlled Vocabulary – List of
Authorized Headings Describes the
list of authorized headings
4.2.3.2
Thesaurus
Describe a thesaurus
142
Rev. Esp. Doc. Cient., 29, 1, 2006
Normas
Table B.1 (continued)
ISO/TR 15489-2 (Guidelines)
Chapter
or Section
No.
Description
4.2.4
Conservation and disposal schedule
Describes the requirements for formal
instruments
4.2.4.2
Identification of documents that should
be incorporated into the document
management system
Addresses risk analysis and analysis
requirements
4.2.4.3
4.2.5
4.2.5.2
ISO 15489-1 (General)
Chapter
or
Section
No.
Description
9.2
Determination of retention periods
Explains the basis of document
preservation and continuous
preservation
Determination of the duration of the
retention period of documents It
contemplates the decision on the
retention period in terms of external and
internal requirements, use and
relationships with other systems, and
specifies the retention periods
9.10
Documentation of document
management processes
Describes disposition competency
Access & Security Table Describes
the requirements and level of
complexity required
9.7
Access
Describes the regulatory environment
and processes that should be supported
Elaboration of the access and
security table
It covers the analysis and risk analysis
required to develop a scheme, and
implementation issues
4.3
Document Management Processes Lists
processes (onboarding, registration,
classification, disposition range
identification, access classification,
storage, use and location, disposition
implementation)
–
No equivalent
4.3.2
Incorporation
Describes the factors that influence the
methods and the level of accuracy
9.1
Identification of documents that
should be incorporated into the
system
Analysis and reasons for incorporation
Document Onboarding
List goals and techniques
9.3
4.3.3
Registration
Describes metadata methods and
requirements
Rev. Esp. Doc. Cient., 29, 1, 2006
9.4
Registration
Explain the goal
143
Normas
Table B.1 (continued)
ISO/TR 15489-2 (Guidelines)
Chapter
or Section
No.
4.3.4
Description
Classification
It covers the definition, the stages of the
process, and the factors that affect the
level of classification
ISO 15489-1 (General)
Chapter
or
Section
No.
9.5
Description
Classification
9.5.1
Classification of the organization's
activities
Describes the benefits of
classifying the organization's
activities
9.5.2
Classification systems
Indicates the basis and level of
classification required
4.3.4.2
Controlled vocabulary
Point out the factors that affect the level
of control
9.5.3
Controlled vocabularies Point
out the purpose of controlled
vocabularies
4.3.4.3
Indexing
Consider the purpose and means of
indexing.
Lists sources of indexing terms
9.5.4
Indexing
It points out the possibility of
manual or automatic indexing and
refers to the International Standard
4.3.5
Assigning Access and Security
Categories
Analyze the assignment of access rights
and the responsibility of the restriction
9.7
Access
It describes the regulatory
environment and processes that
need to be supported
4.3.6
Identifying the Disposition Type
Explains the identification processes
9.9
Disposal
Lists the types of disposition actions
and the principles of physical
destruction
4.3.7
Storage
9.6
Storage & Handling
Provides a summary of requirements
4.3.7.1
Document storage decisions Consider
a risk analysis when choosing a storage
option and list the document-related
aspects that should be assessed
4.3.7.2
Facility Considerations Considers the
evaluation of the factors related to the
facility and indicates the contracted
storage option
144
Rev. Esp. Doc. Cient., 29, 1, 2006
Normas
Table B.1 (continued)
ISO/TR 15489-2 (Guidelines)
Chapter
or Section
No.
4.3.7.3
4.3.8
Description
ISO 15489-1 (General)
Chapter
or
Section
No.
Description
Digital Storage
It lists other factors that should be
considered in the case of digital storage
Use and traceability
Explains the processes required to
manage usage and control
4.3.9
Disposal
Describes disposition processes
4.3.9.2
Permanent Conservation Lists
responsibilities and strategies for
permanent conservation
9.8
Traceability
9.8.1
General
Lists the purposes of motion and usage
recording
9.8.2
Traceability of actions
List the benefits of controlling the
movement of documents through
workflows
9.8.3
Location Traceability
Describes the benefits and requirements
of recording the physical location of
documents
9.9
Disposal
It provides for the execution of
disposition decisions through
destruction or transfer to a different
storage or custody
It lists the principles that must be
observed when destroying documents
4.3.9.3
Physical Destruction
Describes the processes of physical
destruction
4.3.9.4
Transfer of Custody or Ownership of
Documents
Explains the circumstances in which a
transfer of custody or ownership may
occur
It lists the issues that should be
considered in terms of accountability
and control
5
5.1
Monitoring & Auditing
10
Monitoring & Auditing
Point out the requirements
General
It sets out the reasons for the
implementation of monitoring
programmes
Rev. Esp. Doc. Cient., 29, 1, 2006
145
Normas
Table B.1 (continued)
ISO/TR 15489-2 (Guidelines)
Chapter
or Section
No.
5.2
Compliance Audit
Explains the need to show that the
document system is working properly
5.3
Probative value
It outlines the need to ensure that
documents will be accepted in court
5.4
Performance Monitoring
Mentions the need to evaluate
system performance
6
Formation
6.1
Introduction
Explain the purpose of a training
program
6.2
Requirements of a training
program
Describes the means of managing a
training program
6.3
Personnel who should be trained
Lists the personnel who should be
trained
6.4
Training of document management
professionals
It lists the skills that professionally
trained staff should possess
6.4.2
146
Description
ISO 15489-1 (General)
Chapter
or
Section
No.
Description
11
Formation
Point out the requirements
2
Standards for consultation
Lists the Standards that are part of
the ISO 15489-1 Standard
Training Methods
List the methods
6.5
Evaluation and review of training
Outlines the methods and benefits
–
Bibliography
Lists the publications referenced in
the text
Rev. Esp. Doc. Cient., 29, 1, 2006
Normas
Table B.1 (continued)
ISO/TR 15489-2 (Guidelines)
Chapter
or Section
No.
–
Description
The following sections or sections
of ISO 15489-1 do not fall within
the scope of any chapter or section
in the Guidelines.
ISO 15489-1 (General)
Chapter
or
Section
No.
3
Terms & Definitions
4
Benefits of Document Management
5
Regulatory Framework
7
Document Management Requirements
8
Design and implementation of a
document management system
8.1
General
8.2
Features of a Document
Management System
8.3
Stages of design and implementation
of a document management system
8.5
Suspension of document management
systems
9.5.5
Rev. Esp. Doc. Cient., 29, 1, 2006
Description
Number and code attribution
147
Normas
Annex C
Example of a classification system and development of a personnel classification table
In Spain (and in non-Anglo-Saxon cultures) it is common for the classification systems (and therefore the classification tables)
used in document management to reach a more precise final level, since they not only indicate activities and operations, but also
relate them to the documentary series to which they give rise. The following example illustrates the development of the personnel
hierarchy from this point of view.
1
1.1
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.2
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.3
1.3.1
1.3.2
1.3.3
1.3.4
1.4
1.4.1
1.4.2
1.5
1.5.1
1.5.2
1.5.3
1.5.4
148
HUMAN RESOURCES MANAGEMENT
Human Resource Development
Job Descriptions
Performance appraisal files
Personal Files
Personnel selection files
Circulars and internal notes
Personnel Management
Payroll
Personal Income Tax Certificates
Social Security (TC-1 and TC-2)
Relations with Mutual Accident Insurance Companies
Alteration reports (leave and vacations)
Confirmatory Reports (Temporary Disabilities)
Work Accident Reports
Labour relations
Labor Agreements
Union Election Records
Disciplinary proceedings (labour inspectorates)
Lawsuit Files
Formation
Training Plans
Training Course Records
Prevention of occupational risks
Prevention Programs
Risk assessment studies
Planning preventive actions
Information for workers
Rev. Esp. Doc. Cient., 29, 1, 2006
Normas
Bibliography
[1] ISO 690-2, Information and Documentation – References – Part 2:
Electronic Documents and Parts thereof
[2] ISO 2788, Documentation – Guidelines for the establishment and development of monolingual thesauri
[3] ISO 15489-1, Information and Documentation – Document Management – Part 1: General
Analytical Index
access
See also Access and Security Table; Indexing Controlled Vocabulary, 4.3.4.3
Legally recognized rights, 4.2.5.2 restriction, 4.2.5.2
storage, 4.3.7.1 g) User permissions, 4.2.5.2 Organization activities analysis,
3.2.2
Rating, 4.2.2
Development, 4.2.2.2 Storage Decisions, 4.3.7.1
Digital, 4.3.7.3
Facility Considerations, 4.3.7.2 Processes and Controls, 4.3
Analysis of the activities of the organizations, 3.2.3 Compliance audit, 5.2
Audit, Compliance, 5.2
classification
See also activities of the organization; indexing; access and security table; controlled vocabulary
Processes, 4.3.4
comparisons of ISO 15489-1 with the Guidelines, Annex A, Annex B
Application Guide, Section 1
Competences
Objectives of the definition, 2.3.1 Within the organization, 2.3.2 Conservation
4.3.9.2
determination of the retention period, 4.2.4.3
Content (metadata), 4.3.2
context (metadata), 4.3.2 External contractors, 2.3.2 a) controls
See Controls & Processes
custody, transfer of, 4.3.9.4
Rev. Esp. Doc. Cient., 29, 1, 2006
149
Normas
Policy Statement, 2.2 Rights, 4.2.5.2
Legal Challenges, 5.3
Physical destruction, 4.3.9.3
Executive Management, 2.2, 2.3.2 (a)
Document Systems Design and Implementation (DIRS)(DISDA), 3.2 layout
See also Preservation of Competence, 4.2.4
Destruction, 4.3.9.3
documents that should be incorporated, 4.2.4.2 Duration of retention period, 4.2.4.3
Implementation, 4.3.9
Rank Identification, 4.3.6 Transfer, 4.3.9.4 Disposition of Documents See
Disposition
employees
See also training
Competencies and responsibilities, 2.3.2 Policy statement, 2.2
Specific obligations in relation to documents, 2.3.2 (d)
Subject Headings
4.2.3.1
indexing, 4.3.4.3
Headings, authorized, 4.2.3.1 Conservation strategies, 4.3.9.2 Strategies, Chapter 3
structure
See classification
Structure (metadata), 4.3.2
Assessment of existing systems, 3.2.5
Training, Chapter 6 Evaluation and Review, 6.5 Methods, 6.4.2
staff to be trained, 6.3 Program requirements, 6.2
Document Management Professionals, 6.4 Transfer of Custody or Ownership, 4.3.9.4
Risk Management
Onboarding Decisions, 4.2.4.2 Storage, 4.3.7
identification
See classification; registration; document requirements
unique identifiers, 4.3.3
indexing, 4.3.4.3
150
Rev. Esp. Doc. Cient., 29, 1, 2006
Normas
See also controlled vocabulary
Instruments, 4.2.1
Preliminary investigation, 3.2.2
heads of the organization's business units, 2.3.2 (c) time limits, for retention, 4.2.4.3
List of Authorized Headings, 4.2.3.1
metadata
Onboarding, 4.3.2
Log, 4.3.3
User Permissions, 4.2.5.2 Permissions, 4.2.5.2
personal
See Employees
document management processes See professional processes and controls
See document management professionals, document management professionals, competencies
and responsibilities, 2.3.2 (b) training, 6.4
ownership, transfer of, 4.3.9.4
recovery
See access; indexing
Log, 4.3.3
Document Requirements
identification, 3.2.4
Compliance Strategies, 3.2.6
Responsibilities, 2.3 Definition objectives, 2.3.1 Within the organization,
2.3.2 Restriction of access, 4.2.5.2
Post-implementation review, 3.2.9 review, 3.2.8
Paper-based systems, 4.1
Onboarding, 4.3.2
free-text retrieval systems (full text), 4.3.4.3 electronic systems, 4.1
Onboarding, 4.3.2
Document destruction, 4.3.9.4 Transfer, 4.3.9.4
Existing systems, 3.2.5 supports
See Storage Performance Monitoring , 5.4
Rev. Esp. Doc. Cient., 29, 1, 2006
151
Normas
Monitoring, Performance, 5.4
Thesaurus, 4.2.3.2
Traceability, 4.3.8
Courts of Justice (Evidentiary Value), 5.3
use
management, 4.3.8
variety of uses, 4.2.4.3 (d) storage, 4.3.7.1 (b)
Probative value, 5.3
152
Rev. Esp. Doc. Cient., 29, 1, 2006