Galve, Deryl Q.

OPERAUD
BSAC02

1. What is the ISO/IEC 27000 Series of Standards?

According to Irwin (2020) ‘ISO/IEC 27000 is the series explains how to implement best-
practice information security practices.’ It provides the overview of information section systems
and terms and definitions to the all types of organization. It does this by setting out  ISMS
(information security management system) requirements which its approach focuses to risk
management, containing measures that address the three pillars of information security:
people, processes and technology. The ISO/IEC 27000 is still being developed.

2. What is ISO 15489 Information and Documentation—Records Management?

To Higgins (2007) ISO 15489 is ‘a standard provides guidance to ensure that records remain
authoritative through retention of their essential characteristics: authenticity, reliability,
usability and integrity. ISO 15489 provides accurate and reliable records to disseminate an
efficient access to the organization. Primarily developed for the management of business
records, ISO 15489:2001 can be applied to the management of records created by any activity,
and is equally applicable to digital or hard copy information.

3. Choose 3 among the system/function components of Information Technology and

Management and explain its importance and provide at least one issue that it will
resolve.

For me, ISO 15489 can provide the best information technology management to the
organization. From the definition itself by Higgins, ‘a standard provides guidance to ensure that
records remain authoritative through retention of their essential characteristics: authenticity,
reliability, usability and integrity.’ It is said that ISO 15489 provides a high-level framework for
records management workflow. Having both recorded data technical reports and traditional
reports, it can support future project decisions and activities from the historical evidences given
from the form of ISO 15489. They can easily access to evidence and business activities while
facilitating compliance with any pertaining regulatory environments. ISO 15489 establishes the
core concepts and principles for the creation, capture and management of records. It sits at the
heart of a number of International Standards and Technical Reports that provide further
guidance and instruction on the concepts, techniques and practices for creating, capturing and
managing records. Records are both evidence of business activity and information assets. They
can be distinguished from other information assets by their role as evidence in the transaction
of business and by their reliance on metadata. Metadata for records is used to indicate and
preserve context and apply appropriate rules for managing records. With the definitions given
to ISO 15489, it can be seen that a company can provide credibility to accurately express
business activities that will strengthen the good flow of progress in each sector of the
organization. One of the capabilities I see ISO 15489 resolving is problems when it comes to
losing documents or lost data. In the way that ISO 15489 does, the organization can still be
provided with records that can confirm progress within the business since its wide umbrella
inside the organization adequately prevent data to losses.

References:

https://www.itgovernance.co.uk/blog/what-is-the-iso-27000-series-of-standards

https://www.dcc.ac.uk/guidance/briefing-papers/standards-watch-papers/iso-15489

https://www.iso.org/obp/ui/#iso:std:iso:15489:-1:ed-2:v1:en

https://www.youtube.com/watch?v=9vsZgqjIBQ0