There’s a new ISO technical report out that provides you with guidelines for assessing the risks associated with records generation and retention. This new ISO/TR 18128, “Information and documentation – Risk assessment for records processes and systems,” helps those responsible for records management to review potential areas of uncertainty. It covers any and all areas of an organization that create and store records of any kind. So it is going to be helpful across the spectrum of your business activities.
You’ll use this technical report when you already know what records you need to generate and maintain. It’s going to help you pinpoint the areas of vulnerability within your systems and to assess the potential impact of loss or damage to those records. It is based on the concepts of ISO 31000 (“Risk Management – Principles and Guidelines”). They are risk identification, risk analysis and risk evaluation. Specific guidance is given that speaks directly to the challenges of protecting your valued data.
The clauses in 44-page ISO/TR 18128 cover the following areas:
- How to identify specific risks related to records generation and maintenance.
- How to analyze what effects various damage or loss scenarios might have on the organization.
- How to conduct a formal assessment of these various risks.
- How to document your risks prior to taking steps for mitigation.
You’ll not only get help due to the specific nature of the sources of risks that are covered, but also in evaluating how critical each might be to your situation. In the wide-ranging review, issues as diverse as acts of nature to the introduction of errors due to human frailty to malware are all discussed.
And the 3 Annexes provide you with concrete assistance in the following areas: the format of entries in a risk register, checklists for identifying areas of uncertainty, and how to use the controls found in Annex A of ISO/IEC 27001 (“Information technology – Security techniques – Information security management systems – Requirements”.)
For many of our customers, the requirements of a good records management program are often times left up to the heads of the various departments. This means that it is not unusual for the Document Center staff to get questions on how to appropriately handle essential records and maintain data collections.
If you need help with your records management system, you can search for and order the standards you need at our Document Center website, www.document-center.com. For example, you can find similar standards to the ISO/TR 18128 at our page Document Center List of Standards on Information Sciences. Or you can contact our sales staff by phone (650-591-7600), fax (650-591-7617) or email (info@document-center.com).
Since 1982, we’ve been assisting folks like you develop and maintain the engineering documentation so essential to your business processes. We have programs that can make this task far easier and more reliable for your staff, improving your effectiveness without increasing your costs. That’s why so many companies rely on Document Center. Make us your Standards Experts too!
