What does the future hold for ISO 15489?

The problem with standards is that there are so many to choose from, laughs Barbara Reed of Recordkeeping Innovation.

It’s an old saying but it applies in spades in the world of recordkeeping where an alphabet soup of national and international standards provide a challenge for those looking for a secret formula for sound information management at their organisation.

The founder, director and principal consultant of Australia’s Recordkeeping Innovation is personally involved in the complicated process of developing and defining these standards through high level national and international collaboration, including the ongoing evolution of the rock star of record-keeping standards, ISO 15489. 

IDM asked Barbara to explain the relevance of these standards to business and government organisations looking to develop their records management platforms in the modern era.

IDM: Barbara, many of those outside the recordkeeping profession will not have a direct knowledge of the many recordkeeping standards that exist. Can you explain briefly why they exist and why they are important to information management?

BR:  There are a whole range of standards.  Some are issued internationally, some are issued nationally, some are issued by jurisdiction, some are issued by professional bodies, and some are issued by organisations. Each has particular impact in their sphere of influence. International standards represent a consensus internationally, and are often directly influential on national, jurisdictional and other standards. 

So why are international standards important for our field?  They provide a stake in the ground for recordkeeping - this is what we stand for, as distinct from other views of the information space - and I think that is really important, a really solid thing to give us a professional base to work from. 

IDM: You are currently involved in a global review of the ISO 15489 standard, why is this standard important to this part of the world?

BR: 15489 is the foundation records management standard, the umbrella standard, which establishes that this is what recordkeeping or record management is, this is what the outcomes should be, and this is broadly how it should be done.  It’s not about this aspect of it or that aspect of it, it’s about here’s what it is and this is what it’s for.  So that makes it important for professionals, and it sets out some key definitions of records, records processes and the core controls.

IDM: How does this standard influence the decision of an organisation looking to implement an electronic document and records management system? Is compliance with this standard something that can be given to a supplier as a big tick or is it something that applies more broadly to the organization's information architecture?

BR: This standard is not a compliance standard, and it’s not about technology.  Those standards do exist, but don’t look to 15489 for compliance. This standard acknowledges that technology is but one piece in records management.  It’s an important piece but it’s not all of it, and technology is changing so rapidly.  So this standard says, people are really important, process is really important, change is really important.  You’re going to change your technology, but if you change your technology here’s what the recordkeeping outcomes should be and here are the processes that any technology deployed in this space should support.  Really it’s about core professional practice. For an organisation it’s saying this, this is what your organisation should be doing in managing records.

IDM: The ISO 15489 standard was issued in 2001, however organisations in 2013 have to deal with a vastly different landscape with records from a wide array of sources from twitter to the cloud. Has it remained relevant?

BR: When it was written in 2001 we knew we were on the cusp of quite a significant (and continuing) transformation in the way we were doing business and interacting with people.  So it was written to be technology neutral and to be principles based.  I think that it has actually stood the test of time quite well.  The original standard has been around for a while and it will probably have been in place for about 14 years by the time the revision finally works its way through the process and is issued.  I think the principles based nature of it has stood the test of time pretty well, in fact better than you’d expect in a very volatile technical environment.  

However, we were in a different world technologically in 2001 and there are things in the original standard that still reflect some of the kind of paper based reality of where we were in the early digital transition, and there are some things that we need to acknowledge for change.  

New technical environments are increasingly distributed, even fragmented. There are blurry boundaries around what an organisation is and what a process is, and how you might dynamically construct records on the fly.  

So, the technology environment has definitely changed, but because the original ISO 15489 was based on principles and it tried to be technology neutral, ISO 15489 has stood up better than you might have expected.

IDM: You have said that ISO 15489 has been an outstanding success. Why is that?

BR: It’s been influential in driving national practice, certainly in Australia and in New Zealand, which are the countries I know best.  ISO standards act as a benchmark. We can see in the rhetoric of technology vendors that they acknowledge the influence of the standard, even while trying to work in different recordkeeping cultures around the world. The standard has been translated into an extraordinary number of languages indicating the reach of the standard internationally. But more than that, has it changed the practice of recordkeeping?   Like everything I think it’s a mixed bag. Sometimes the broad intentions have been misused to prescribe, narrow, and even silo, practice which certainly wasn’t the drafting intention.

IDM: Are there any problems with the ISO 15489 standard that have led to the review? 

BR: Nothing is perfect and international standards are always the product of a compromise and consensus. The process involves people sitting around the table, explaining their own specific ways of doing things and aligning them to others, and finally working out whether there is commonality or best practice.  From an Australian perspective, we had the base text for the original 15489 in the Australian Standard on Records Management, AS4390, and we compromised on some of the original approaches.  There’s always things you can you do better and I think that’s our Australian view at the moment. 

One area we’ve got concerns about is whether it’s at all useful to make the stereotypical distinctions made between documents and records.  Is this useful to organisations?  We don’t think so.  It’s all information and data, so how do you put it together for organisations so they don’t have to have three pieces of technology doing what one, configured appropriately, could do? To get there we need to unify the concepts and make it clear.  It requires a conceptual view that actually works across recordkeeping so we don’t have to make these boundary distinctions.  

And, we want things to be able to last, in whatever environment, for however long they’re needed to last. When the ISO 15489 standard was developed some people drew hard boundaries between records and archives.  

We have a definition in Australia of appraisal which is a very analytic approach to looking at business activities and working out what records need to be made and kept to document that business activity. This is a very dynamic way of thinking about appraisal, not focusing at the end of life on how long you keep it.  Those are the types of things we are looking to inject into the review.

IDM: What do you mean by referring to the concept of ‘the record’ as now a dynamic not a static thing? 

BR: This is relevant to digital more than the paper world where what we were doing was managing objects, files or documents, and they were quite discrete and they existed in some physical format.  We put systems over the top to manage those physical objects.  Where we’re going at the moment is towards understanding that  in the digital world you don’t just manage physical things, and that the digital objects don’t exist without the metadata that are in those larger systems to accompany them. It’s the metadata that tells you about who’s done what to it and when.  

So it’s not a simple object/thing approach. A record can exist in many different environments, and it can exist in many different environments over time, so it can move around between systems.  Let’s say it started life in Word, it was placed in a collaborative system, then it was captured in an EDRMS and then it went to collaborative system then it went to the Web.  What we need to do is to work out how to get the idea across that it’s not just the object, it’s the object with all of its metadata which may live in different systems, and you’ve got to link them all together persistently and consistently to make that a record.  So that’s a different idea of what a record is.  It’s not about just managing a single, simple physical thing anymore but something that has component parts which may live in different environment.

IDM: The EDRMS was for a long time seen as a way to provide a single source of the truth and put an organisation on the road to recordkeeping compliance. Is this model failing?

BR: Records managers have carved out the EDRMS as their patch, and there a whole lot of issues with that.  You can argue the toss as to whether they’ve been a successful technology or not. But what we know is that as organisations automate business processes, they’re not interested necessarily in thinking about information and documentation that supports that business process moving out of that business context provided in the line of business systems.  So by being obsessively concerned by boundary issues and concentrating only on EDRMS we risk ignoring where records are actually happening. This integration of recordkeeping and business systems as new business processes automate is happening across organisations.  That notion of a single source of truth was always good copy and a good selling line, but is that the truth? I guess I’m just asking questions around that.  We need guiding practice that enables recordkeeping to be applied in all types of environments. You might choose to use an EDRMS but others might choose to use something different.  What we’re writing in the revised standard has to be able to be applied in different environments.

IDM: What are some of the ways that changes to the ISO 15489 standard will help organisations that are grappling with managing records in the digital environment?

BR: It’s really aimed at the professionals, guiding the practice of records management.  It will help an organisation if they come to recordkeeping professionals and ask: what is this thing called records management?   We need a clear professional statement: this is records management.  The standard will hopefully, provide clear, professional guidance on the concepts, the core control tools, the core processes and the outcomes from those processes.  

So why are we bothering?  Good accountable, reliable information that reflects business actions, maintained with those characteristics that provide proof of process, for as long as business and society needs them: that’s the bottom line. Information that possesses the robust characteristics so it can be used and proven, and so we can tell you what happened to it.  

Organisations are really interested in that.  That’s a good thing.  It gives people who are operating in the big information world a statement of their specific requirements for governance rules; that these are the things you should be responsible for. So the revision should empower recordkeeping professionals to actually operate. 

In a world of stressing homogeneity of information I think it’s really important to be able to state these are the reasons that the recordkeeping discipline requires a specific set of outcomes. Organisations aren’t really interested in inter-disciplinary arguing about information, data, documents, records etc. What’s their bottom line?  They want to be able to rely on information they’ve got.  What are the characteristics that they need to ensure so that their information can deliver on that requirement?  What do we have to do to deliver what organisations need?  The standard is our stake in that ground.  So I think the standard helps us refine the message and talk to the requirements for managing accountable information (records), not simply for compliance, but to make business happen better. That’s how we influence and help organisations.