BS ISO 30301:2019 pdf download – Information and documentation — Management systems for records — Requirements
7.5.2 Creating and updating
When creating and updating documented information the organization shall ensure appropriate:
a) identification and description (e.g. a title, date, author, or reference number);
b) format (e.g. language, software version, graphics) and media (e.g. paper, electronic);
c) review and approval for suitability and adequacy.
7.5.3 Control of documented information
Documented information required by the MSR and by this document shall be controlled to ensure:
a) it is available and suitable for use, where and when it is needed;
b) it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity).
For the control of documented information, the organization shall address the following activities,
— distribution, access, retrieval and use;
— storage and preservation, including preservation of legibility;
— control of changes (e.g. version control);
— retention and disposition.
Documented information of external origin determined by the organization to be necessary for the planning and operation of the MSR shall be identified as appropriate, and controlled.
NOTE Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information, etc.
Documented information of the MSR is part of the records of an organization, which shall be managed in a records system. The MSR documented information creation and control requirements shall be consistent with the general records creation, capture and management requirements (Clause 8 and Annex A).
8.1 Operational planning and control
The organization shall plan, implement and control the records processes needed to meet the requirements and to implement the actions determined in 6.1, by:
— establishing criteria for the records processes;
— implementing control of the records processes in accordance with the criteria;
— keeping documented information to the extent necessary to have confidence that the records processes have been carried out as planned.
The organization shall control planned changes and review the consequences of unintended changes,taking action to mitigate any adverse effects, as necessary.
The organization shall ensure that outsourced records processes included in the scope on MSR are controlled.
8.2 Determining records to be created
The organization shall determine what, when and how records shall be created and captured for each business process. This shall be achieved through:
— the analysis of the business process in order to determine the requirements for records creation, capture and management in relation to continuing operations, and to satisfy accountability and other interested parties’ interests (see ISO/TR 26122 and ISO/TR 21946);
— the assessment of the risks that might be incurred through failure to control authentic, reliable and useable records for this business process and to protect the integrity of those records (see ISO/TR 18128). The results of this analysis shall be documented and authorized by the top management.
8.3 Designing and implementing records processes, controls and systems The organization shall design and implement records processes, controls and systems taking into account the records requirements in 4.1.2 and Annex A. The records processes and controls in Annex A should be implemented, taking into account the resources of the organization and the identified risks that can be managed through the creation, capture and management of records. The organization shall implement the records processes in records systems, manage the operation of the records systems, and establish regular monitoring of the performance of the records systems.
9 Performance evaluation
9.1 Monitoring, measurement, analysis and evaluation
The organization shall determine:
a) what needs to be monitored and measured;
b) the methods for monitoring, measurement, analysis and evaluation, as applicable, to ensure valid results;
c) when the monitoring and measuring shall be performed;
d) when the results from monitoring and measurement shall be analysed and evaluated.
The organization shall retain appropriate documented information as evidence of the results.
The organization shall evaluate the performance of records processes and systems and the effectiveness of the MSR.
9.2 Internal audit
9.2.1 The organization shall conduct internal audits at planned intervals to provide information on whether the MSR:
a) conforms to
— the organization’s own requirements for its MSR;
— the requirements of this document;BS ISO 30301 pdf download.