1

INTRODUCTION

ISO (International Standards Organization) is a federation of national standards bodies (ISO

member bodies) around the world. The work of preparing International Standards is usually
done through the ISO technical committee. Each member body interested in the subject for
which a technical committee has been formed has the right to be represented on that committee.
Among the organizations that cooperate in this ISO are international, governmental and non -
governmental organizations. ISO works closely with the International Electrotechnical
Commission (IEC) in all matters of electrotechnical standardization.

Current records are often used to conduct the current business of an organization or
individual. It is usually kept at or near their place of origin or at the registry or records office.
Up -to -date records mean records that are required and used in the day -to -day affairs of the
current office or local government office, and therefore must be kept in office space and
equipment for that purpose. The current record is also known as the active record.

Semi-current records required only infrequently in the conduct of current business and
also known as semi-active records. Semi-current records mean records no longer needed
frequently in the conduct of current business but for administrative, fiscal, or legal purposes
and record must still be retained. Semi-current records will normally be maintained in a records
center or other offsite intermediate storage pending their ultimate disposal.

Non -current records are no longer required to conduct current business. These records
are also known as inactive records which means records that are no longer used in day-to-day
business dealings, but are kept and sometimes used for legal, historical, or operational
purposes.

1
CURRENT RECORD

ISO 15489-1:2016

5.2 RECORDS

CLAUSES 5.2.3 METADATA FOR RECORDS

Metadata for records should depict the following of business context, dependencies and
relationships among records and records systems, relationships to legal and social contexts;
and relationships to agents who create, manage and use records. Some of a record’s metadata
is derived or attributed at the time the record is created or captured and does not change. This
is point of capture metadata for records. Metadata about actions on the record and other events
in the record’s existence, including the participating agents, continues to accrue over time as
the record is used and managed. This is process metadata for records. As metadata accumulates
over time, it collectively documents, amongst other things, a record’s provenance. The
metadata of a record itself should be managed as a record, in that it should be protected from
loss or unauthorized deletion, and retained or destroyed.

ISO 9001:2015

7.5 DOCUMENTED INFORMATION

CLAUSES 7.5.2 CREATING AND UPDATING

Clause 7.5.2 defines three requirements that must be met to cover the requirements of ISO
9001-2015. The statement includes the keyword ‘shall’, which means order, an obligation that
must be fulfilled. With respect to creating or updating documented information the organization
‘should’ ensure in accordance with the reference conventions used to identify the date, title,
author and / or reference number of the documented information. In addition, formats and
media such as languages, software versions, graphics, stored on paper, electronics. ISO 9000:
2015 uses the word medium to define the technology used to store information i.e. review and
approve suitability and adequacy. This clause simply tells the organization that they ‘should’
ensure to the extent that the information documented is concerned that the information is
identified, referenced, reviewed and approved accurately for appropriateness and adequacy.
This is not a new matter and was previously covered by clauses 4.2.3 a to c for ISO 9001-2008
documentation requirements.

2
ISO 27001:2013

6.0 PLANNING

CLAUSES 6.1 ACTIONS TO ADDRESS RISKS AND OPPORTUNITIES

This clause is to cover the “preventive measures” specified in the old ISO 27001: 2005.
Organizations must be vigilant to manage the opportunities and risks that arise for the context
and expectations and needs of parties so that repeated assessments can produce reliable and
comparable results. The organization must identify and then implement an information security
risk assessment process with specific information security risks and acceptance conditions, as
well as criteria for performing the assessment. To choose appropriate risk treatment solutions
and controls, the company must identify and implement an information security risk treatment
process. So, controls listed in Annex A must be considered because it provides an outline of
each control. This process helps in identify the risks and overcome unexpected problems. Thus,
it is essential to kept the information security risk treatment process as documented
information.

HOW TO HANDLING CURRENT RECORD

METADATA FOR RECORDS

A record’s content and its associated metadata may be managed either in multiple coexistent
locations and systems, or in a single location and system. Logical relationships, or linkages,
between a record’s content and its associated metadata should be created and maintained using
automated or manual processes. Metadata for records should consist of information recording
the following of a description of the content of the record, the structure of the record (e.g. its
form, format and the relationships between the components comprising the record) and the
business context in which the record was created or received and used. No further reproduction
or distribution is permitted. ISO 15489-1:2016 were relationships with other records and other
metadata like identifiers and other information needed to retrieve and present the record, such
as format or storage information and the business actions and events involving the record
throughout its existence (including date and time of the actions, changes to the metadata and
the agents undertaking the actions). ISO 15489-1: 2016 handles records management and
records control. Therefore, it is responsible for obtaining effective support by arranging
monitoring and training to handle records. This ISO section describes concepts and principles

3
related to the following: records, metadata for records and records systems; repeated analysis
of business context and identification of records requirements; record control; the process of
creating, capturing and managing records.

CREATING AND UPDATING

ISO 9001:2015 describe about clauses 7.5.2 that creating and updating records. This clause is
simply telling organisations that they as documented information is concerned that it is
appropriately identified, referenced, reviewed and approved for suitability and adequacy. It
created on paper in the form of maps and plans. This clause created on media and paper and it
is about the language, software version, graphics, which are held on paper dan electronic.
Updating will make review and approval for suitability likes (cartographic records),
architectural and engineering drawings, pictures (iconographic records) or computer printouts.
Besides that, maps are the place to search document information cause this iso always updates.

PLANNING

ISO 27001:2013 describe about clauses preventive measures. Risk recognition, analysis, and
evaluation, as well as documentation ISO must include in the risk assessment process.
Prevention should be implemented for the purpose of minimizing disaster risk. Prevention is
taken into account to reduce the risk of damage, loss of life, property and records. The
necessary disaster prevention measures for an organization are as follows: fire, water/flood,
security and vital record. Top management needs to make some important decisions on how to
incorporate information security into a company that needs to decide between the following
exchanges that is the need for creativity versus the use of information assurance procedure
controls. Moreover, the ease of doing business for stakeholders versus increased exposure to
threats. ISO 27001 itself requires some activities to be performed directly by top management
which are the roles and responsibilities of top management in ISO 27001. In addition, top
management needs to agree a budget for implementation and maintenance information
security, and agree on residual risks they usually give this consent for the risk owner.

4
SEMI CURRENT RECORD

ISO 15489-1:2016

9.0 PROCESSES FOR CREATING, CAPTURING ANG MANAGING RECORDS

CLAUSES 9.6 STORING RECORDS

Clause 9.6 is about storing records in record centre to protects from unauthorised access,
alteration, loss, or destruction, including theft and catastrophe, regardless of format or media.
This implies that precautions should be taken. Metadata for records should include in storage
information. This can be derived from organizational records systems or from the systems of
external providers. This data should be sufficient for locating and monitoring the protection of
records. Records storage should be regularly checked and reviewed to identify any threats to
the its accessibility or integrity, including the environment and media, protective materials,
handling procedures, and storage systems.

ISO 13485: 2016

QUALITY MANAGEMENT SYSTEMS

Iso state that design and development verification shall be performed in accordance with
planned and documented arrangements. To ensure that the design and development outputs
have met the design and development input specifications, the company shall document
verification plans that include methods, acceptance criteria and, as appropriate statistical
techniques with rationale for sample size. If the intended use requires that the medical device
be connected to, or have an interface with, other medical device(s), verification shall include
confirmation that the design outputs meet design inputs when so connected or interfaced.
Records of the results and conclusions of the verification and necessary actions shall be
maintained in a safe manner to avoid loss of information and easy to track when reference is
required.

5
ISO 9001: 2015

8.O OPERATIONS

CLAUSE 8.2 REQUIREMENT FOR PRODUCT AND SERVICES

Customer communication is essential like ensuring the customer has a clear written quotation
and specification relating to the services they want. Organisations also need to be clear about
what is required in their products and services. After receiving the order, the organization must,
prior to delivery, review the requirements related to the product and keep records about the
review. If the customer changes its requirements, these also must be reviewed and recorded. In
case of changes, the organization must ensure that all documented information is amended and
all relevant persons are aware of the changes. This ISO loose in the process of quality
management that requires how, what, and when. This development appears to be occurring not
only to accommodate new technology of communication such as audio, video, and other
electronic materials but also to preserve current versions more easily, enable an entity to reuse
appropriate material, minimise documentation costs and have wider access.

ISO 30300

MANAGEMENT SYSTEM FOR RECORDS

ISO 30300 are complementary with the first version of the standard ISO 15489 which the latest
describes the requirements that records should satisfy to maintain their evidential value for
decision-making processes. It outlines the procedures that are to follow for the creation, capture
and management of records such as operations of classification, indexing, access control,
storage, use, migration and disposal of documents and records in order to design and implement
a Management Systems for Records. ISO 30300 provide guiding principles related to a
Management Systems for Records implementation where the first standard lists basic
principles and technical vocabulary, while the second provides technical specifications and
requirements related to the process of implementation of such systems.

6
APPRAISAL PROCESS IN SEMI-CURRENT RECORDS

Appraisal process are required which means that the document will face evaluation process
either it is still have values or not. If the record is valuable, the company may preserve it and
retain it in its possession. If the record is non value, the organisation may either permanently
or temporarily dispose it. After that, the workers will decided the values of the documents either
it have primary values like legal, administrative, and fiscal or secondary values like historical,
research, informational and evidential.

INVENTORY

Inventory process is a descriptive listing of each record series or system, together with an
indication of location and other pertinent data. It is not a list of each document or each folder.
Its main purpose is to provide the information needed to develop the schedule. It also helps
identify various records management problems. It gives big impact in record management as
an overview to manage the previous record. Through the inventory process, the organization
will identify, describe and locate all the records based on its format such as paper, electronic
and micrographic.

SCHEDULE

Clear timetable as preparations is required to approximate time for evaluation. This shows that
the workers are already expert in their jobs because they can survey a large area only by looking
at the samples. Further, the company will do an initial survey regarding the record situation,
usually start with the department. For example, analyse the function of the department that
leads to a better understanding of its place in the larger institution according to what it does.
Using the analysis result, records series that document the most important aspects of the
department or known as core records are identified.

7
SURVEY

Next, conduct the survey, the survey entails the physical preparation of documents at the record
series stage in the department. The existence or absence of records that have previously been
identified as core records series. On a records survey form, information about the surveyed
records sequence is listed. A documentation plan is created from the results of the record
survey. The documentation plan specifies which records series should be preserved.

RETENTION SCHEDULE

There are few ways to implement retention schedule. Firstly, a company should implement a
universal retention schedule which was arranged in classification into the record classes that
are current record, semi current record, non-current record and archival records.

Secondly implement the document retention periods, the longer the legal and organisational
importance of the documents, the longer the retention periods of the retention schedule should
be. The legal or organisational rationale for the retention periods should be known. Valid
citations should be kept on file in the case of a legal authority.

Thirdly is disposal schedule, make sure to dispose of documents in a secure manner to avoid
the thief and to protect the records or information. The company has the choice of shredding,
burying, or pulping as a means of disposal.

Next, to assess the effect of legal changes on retention periods, the retention schedule should
be revised on a regular basis (every 18 to 24 months). The records classification system should
also be revised to reflect changes in the company's operation and the record as its result.

Lastly, is to begin the rollout. When it comes to implementing the organization's retention plan,
make sure do it repeatedly. The retention schedule should be in the company's infrastructure
and comply with the company's record keeping if there are changes in management. From all
the above this shows that, retention schedule is essential because it controls the record from
spreading, minimize from the risk of taking legal action and to locate and retrieve the record
efficiently.

8
NON-CURRENT RECORD/ARCHIVES

ISO 14001: 2015 CLAUSE 7.5: DOCUMENTED INFORMATION

CLAUSE 7.5.3: Explained how access, retrieval, use, storage, and preservation are controlled.

ISO 15489: 2001: Executing a retention policy on the disposal of records which are no longer
required for operational reasons; according to organizational policies, statutory requirements,
and other regulations this may involve either their destruction or permanent preservation in an
archive.

ISO 16175 – 1: 2020:

• Explained that the organization limit the risk for manage the unlawful loss or
destruction of records and with over-retention of records.
• In addition, the organization also should limit the risk for manage to access the
inappropriate and unauthorized records.

HOW TO HANDLE NON-CURRENT RECORD/ARCHIVES?

REPOSITORY
Repository is place to store the non-current record to a separate storage device for long term
retention. The non-current also should be indexes for easily located and retrieved. So, archivist
have responsible to manage the non-current record in repository. The archival agency
responsible for selecting, acquiring, preserving and making available archives. The repository
had proper equipment to ensure the records are kept safe and secure. That is because the non-
current record may become important in future.

ACCESS AND USE

The implementation of policies and procedures governing the access and use of archival
records by employees of the organization which own them or by the public. The user must be
able retrieve and consult that information. The aim of researcher access services, consequently,
should be to lower the intellectual and psychological barriers to archives so that as many
individuals as possible can read, touch, learn from, and enjoy those documents that illuminate
past experience.

9
PUBLIC ACCESS
Public access is the process of facilitating access to the historical archives preserved in the
national archives to the researchers with hard copy and electronic searching tools. The steps of
public access in national archives are receiving, registering and determining the researcher’s
needs at the National Archives , provide the researcher with research tools and determine the
required documents to be viewed, drafting an access request (attached), approval from the
department to provide the researcher with documents, preparing the materials by the archivist,
submitting the materials to the researcher, and last signing the Receipt of the documents form
by the researcher (attached). So, that policy can ensuring that organization’s secrets are not
leaked and spread to the public.

PRESERVATION
Preservation is the specific steps undertaken to maintain, repair, restore or conserve archival
records in appropriate facilities and equipment. The records will preservation as archives for
their ongoing value. The preservation has the responsibility of physically repairing damaged
non-current records. Before the company preserved the records, the organization or agency
should determine the value of records. Records of permanence nature are to be preserved. The
preservation includes the shelving and storage conditions of the records.

APPRAISAL
Appraisal is a process to determine the value and the final disposition of records and also
designating records as either temporary or permanent storage. All archives must be selective
in their acquisition of material both to establish and to maintain a collection which is cohesive,
compact and worthy of the resources required to support it. There are two appraisal process of
archives. Firstly, process to decide what records need to be kept how long in order and known
as “continuing utility”. Secondly, process to decide what records merit permanent preservation
as archives and known as “enduring value”. These two-appraisal processes are related for each
other. For example, for the certain categories of records such as primary copies of minutes of
a top-level committee so possible to we predict how long those records are likely to be needed
to creators and users. Also, that records possible to predict will have an enduring value.

10
DESTROY

The organization manage the non-current record which is that can relate with the financial in
the company. The organization should decide the right way with the affordable cost. The
organization limit the risk for manage the unlawful loss or destruction of records and with over-
retention of records. To destroy the public records, they should follow The National Archive
Act but if they not follow the act, they will get penalty under section 25 which is the company
will get fine of not more than RM5,000.00 or one year in prison or both. The company should
get permission from national archive, national audit and national accountant to destroy the
public records.

CONCLUSIONS

As a conclusions record management is a crucial to information governance strategy. Keeping

track of the accuracy and availability of documents over time will assist the organisation in
accomplishing its goals. Assigning tasks to particular persons is the most important aspect of
records management. It teaches responsibility in each individual. Indirectly, easy to keep track
of who officially approved a policy, but it's also important to decide who has long-term
responsibility for the policy's various aspects. Since people in organisations change over time,
the strategy should focus on roles rather than names. Hopefully, the next generation can
improve ways in handling the record management in the future.

11
REFERENCES

An, Xiaomi. (2009). Glossary of Integrated Records, Archives and Information

Management Terms. Retrieved April 29. 2021. From

http://demo.quickmerger.com/resources/statics/comprehensive_glossary.php

International Organization for Standardization. (2015). Quality Management Systems.

(ISO 9001:2015). http://www.iso.org

International Organization for Standardization. (2016).Information And Documentation.

(ISO 15489-1: 2016)

https://www.iso.org/standard/62542.html

International Organization for Standardization. (2013). Information Technology.

(ISO 27001: 2013)

https://www.iso.org/standard/54534.html

International Organization for standardization. (2019) ISO 14001: 2015

Clause 7.5 Documented information.

https://isoconsultantkuwait.com/2019/05/11/iso-140012015-clause-7-5-documented-
information/

International Organization for Standardization. (2020). Information and Documentation.

ISO 16175 – 1: 2020

https://www.iso.org/obp/ui/#iso:std:iso:16175:-1:ed-2:v1:en

12