Standards and Regulations

ERM Community Wiki

Community Topic(s): ERM


All companies have multiple levels of regulations that they must adhere to: national (multiple national regulations if an international company), state and local, industry-specific, and internal governance procedures. These regulations change even as new ones are created, companies need an overall framework to address all of these levels, not a Sarbanes-Oxley plan, a Patriot Act plan, etc. Regulatory guidelines have an impact on how a company manages its information. Can you dispose of paper if you use an electronic system? If you scan paper and save it electronically, can you then dispose of the paper? Can you store information offsite through a storage service provider or are you required to maintain it under our control within our facilities? Whatever the regulations are, companies must be compliant with them. As companies do business beyond their borders, they must pay attention to other country’s regulations as well. As a recent European Parliament ruling on the definition of a document shows, even defining the basic rules of the road around “document” and “record” is not always simple.

ISO 15489 is a widely-accepted standard for records management. DOD 5015.2 are two other standards and described briefly here. In addition to these cited, other governmental bodies have issued standards and guidelines in recent years. Australia, Germany, Italy, the Netherlands, Norway, New Zealand, South Africa, and Switzerland are among the countries that have done so.

International Standard: Information and Documentation – Records Management (ISO 15489)

ISO 15489 is an international standard published in 2001 by the International Standards Organization to provide guidance on determining the responsibilities of organizations for records and records policies, procedures, systems, and processes. It applies to the management of records, in all formats or media, created or received by any public or private organization in the conduct of its activities, or any individual with a duty to create and maintain records. ISO 15489 provides guidance on the design and implementation of a records system, but does not include the management of archival records within archival institutions. Part 1 of the standard defines records management, and Part 2 provides implementation guidance.

U.S. Department of Defense Standard: Design Criteria Standard for Electronic Records Management Applications (DoD 5015.2-STD)

DoD 5015.2 was first published in 1997 to set forth mandatory baseline functional requirements for records management applications software for U.S. Department of Defense components in the implementation of their records management programs. The standard defines required system interfaces and search criteria to be supported by ERMS and non-mandatory features, and describes the minimum records management requirements that must be met, based on U.S. National Archives and Records Administration (NARA) regulations. DoD 5015.2 also identifies non-mandatory features that are deemed desirable for ERMS. Version 2 of the standard was published in June 2002 to incorporate requirements for security classification markings, access controls, declassification and downgrading instructions, and other issues.

United Kingdom National Archives

The UK National Archives specification, Requirements for Electronic Records Management Systems, was originally published in 1999 to form a baseline of generic functional requirements necessary for a credible electronic records management system. The 2002 revision was published as a three-part document. Part 1: Functional Requirements identifies the functional requirements for ERMS in two sections. Section A defines the core requirements for an ERMS in some detail. Part 2: Metadata Standard defines the core metadata elements referenced in Part 1. Part 3: Reference Document provides a glossary of terms, description of entities and their relationships, user roles, access control model, and example disposal schedules. Part 4: Implementation Guidance was added in 2004, and an Optional module, B.4: Case management and workflow, in 2005.

Model Requirements for the Management of Electronic Records (MoReq)

The Interchange of Data between Administrators (IDA) program of the European Commission sponsored the development of Model Requirements for the Management of Electronic Records or MoReq in 2000 2001. MoReq describes functional requirements for the management of electronic records by an ERMS. The specification was written to be equally applicable to public and private sector organizations that wish to introduce an ERMS or to assess the ERMS capability they currently have in place. Other closely related requirements, such as the electronic management of physical records (e.g., paper files and microfilm), are also addressed. An update to MoReq, known as MoReq2, was published in 2008. A completely new version, known as MoReq2010, was partially published in 2011.

Other Standard Specifications

As well as DoD 5015.2, UK National Archives and MoReq specifications, other 'standard' specifications have been published at various times and in various languages. Some are national in character, some international, others are sectoral. A collection of some two dozen such specifications is maintained on the MoReq Collateral website (http://moreq2.eu/other-specifications).

Other Standards

The following list of standards is from the Moreq 2’s Appendix 7.2. It is a list of standards and other sources particularly relevant to electronic records management systems. This is a list of international standards, de facto and de jure.

FIPS 186-2 NIST Digital Signature Standard (http://csrc.nist.gov/publications/PubsFIPS.html)

ISAAR(CPF) International Standard Archival Authority Record for Corporate Bodies, Persons, and Families (International Council on Archives) (http://www.ica.org/en/node/30230)

ISAD(G) International Standard for Archival Description (General). (http://www.icacds.org.uk/icacds.htm)

IETF RFC 2821 Simple Mail Transfer Protocol. (http://www.ietf.org/rfc/rfc2821.txt)

IETF RFC 2822 Internet Message Format. (http://www.ietf.org/rfc/rfc2822.txt)

ISO 216 Writing paper and certain classes of printed matter – Trimmed sizes – A and B series

ISO 639 Codes for the representation of names of languages.

ISO 2788 Guidelines for the establishment and development of monolingual thesauri (Wiki note: this standard was withdrawn in 2011, well after publication of MoReq2; consider instead ISO 25964).

ISO 5964 Guidelines for the establishment and development of multilingual thesauri (Wiki note: this standard was withdrawn in 2011, well after publication of MoReq2; consider instead ISO 25964)..

ISO 860 Representation of dates and times.

ISO 9834-8 Procedures for the operation of OSI Registration Authorities: Generation and registration of Universally Unique Identifiers (UUIDs) and their use as ASN.1 Object Identifier components (see also ITU X.667).

ISO/TS 12033 Guidance for selection of document image compression methods.

ISO/TR 12037 Recommendations for the expungement of information recorded on write-once optical media.

ISO 12142 Media error monitoring and reporting techniques for verification of stored data on optical digital data disks.

ISO/TR 12654 Recommendations for the management of electronic recording systems for the recording of documents that may be required as evidence, on WORM optical disk.

ISO 14721 Open archival information system – Reference model (OAIS).

ISO/IEC 15444 JPEG 2000 image coding system: Core coding system.

ISO 15489 Records Management.

ISO/TR 15801 Information stored electronically – Recommendations for trustworthiness and reliability.

ISO 15836 The Dublin Core metadata element set.

ISO 18492/TR Long-term preservation of electronic document-based information.

ISO 19005-1 Electronic document file format for long-term preservation – Part 1: Use of PDF 1.4 (PDF/A-1).

ISO 23081 Metadata for records.

ITU X.667 Generation and registration of Universally Unique Identifiers (UUIDs) and their use as ASN.1 object identifier components. (http://www.itu.int/ITU-T/studygroups/com17/oid/X.667-E.pdf).

TIFF Tagged Image File Format. (http://partners.adobe.com/public/developer/tiff/index.html)

X.509 ITU-T Recommendation X.509: Open systems interconnection – The Directory: Public-key and attribute certificate frameworks. (http://www.itu.int/rec/T-REC-X.509-200003-I/en).

XKMS XML Key Management Spec. (http://www.w3.org/TR/xkms/).

XML W3C Extensible Markup Language (XML) (http://www.w3.org/TR/REC-xml/)

Other Guidance
ISO/DIS 9241-171 Ergonomics of human-system interaction – Part 171: Guidance on software accessibility

ISO/TS 16071 Guidance on accessibility for human-computer interfaces (due to be superseded by ISO 9241-171).

WfMC Workflow Management Coalition Terminology & Glossary. (http://www.wfmc.org/standards/referencemodel.htm)

1999/93/EC Directive on a Community Framework for Electronic Signatures. (http://europa.eu/scadplus/leg/en/lvb/124118.htm)

DLM Forum Guidelines Guidelines on best practices for using electronic information. INSAR (European Archives News) Supplement III (1997). ISBN: 92-828-2285-0. (http://dlmforum.typepad.com/gdlines.pdf)


The wiki text is available under the Creative Commons Attribution License agreement.