ISO Standards for Archives and Records Management: An Overview
The Global Authority on Records Management: An Introduction to ISO/TC 46/SC 11
International Standards for Archives and Records Management from ISO/TC 46/SC 11
The Global Authority on Records Management: An Introduction to ISO/TC 46/SC 11
The International Organization for Standardization (ISO) serves as the world's preeminent developer of voluntary international standards, creating a common language for technology, business, and innovation across the globe. Within its extensive structure of over 200 technical committees (TCs), ISO/TC 46, established in 1947, holds the responsibility for "Information and documentation".1 This committee's purview is vast, covering the standardization of practices related to libraries, publishing, archives, records management, and information science, essentially addressing the entire lifecycle of information from creation to final disposition.1
To manage this broad mandate, TC 46 is divided into several specialized subcommittees. Among these, Subcommittee 11 (SC 11), titled "Archives/records management," is the definitive international body for setting the standards that govern how organizations create, manage, and preserve records as evidence of their activities.1 Its formal scope is the "Standardization of principles for the creation and management of documents, records and archives as evidence of transactions and covering all media including digital multimedia and paper".3 This mandate positions SC 11 at the critical intersection of information management, legal compliance, and organizational governance.
The Mandate and Strategic Vision of the Subcommittee
The strategic vision of ISO/TC 46/SC 11 extends far beyond the mere codification of existing practices. Its mission is to take a leading role in improving the management of records globally by providing standards that guide the design and application of best-practice processes and systems.5 More profoundly, the subcommittee's vision includes playing a central part in "rethinking the theory and practice of records management" and serving as a global hub for collaboration and information sharing among national standards bodies and individual experts.5
This ambitious vision reveals that SC 11 functions not merely as a technical committee but as a de facto global policy-making body for information governance. The language of its mission, to "define and promote good governance, transparency, accountability and effectiveness", is that of policy and strategic management, not just technical specification.5 The standards it produces are therefore not simply implementation guides but instruments designed to shape organizational behavior, influence legal and regulatory frameworks, and define professional identity on an international scale. The outputs are explicitly linked to high-level business drivers such as risk mitigation, legal protection, and support in litigation, positioning them as essential tools for senior executives, legal counsel, and compliance officers, not just operational records managers.6
Structure, Membership, and Working Groups
The authority and global relevance of SC 11's standards are rooted in its diverse and expert membership. The subcommittee is composed of representatives from over 40 participating and observing countries, ensuring that its work reflects a broad international consensus.3 This membership is not monolithic; it includes a wide spectrum of stakeholders from the public, private, and academic sectors. Key participants include major national archives such as the U.S. National Archives and Records Administration (NARA) and Library and Archives Canada (LAC), professional organizations like ARMA International, private industry consultants, and national standards bodies like the Standards Australia (SA), and the American National Standards Institute (ANSI).3 The active involvement of governmental bodies like national archives is particularly significant, as it implies a direct channel for the principles within the standards to influence and align with national recordkeeping policies and legal frameworks.
The operational work of the subcommittee is carried out through a series of dedicated Working Groups (WGs), each tasked with developing or revising standards on specific topics.3 These groups focus on critical areas such as the revision of cornerstone standards like ISO 15489, the development of guidance on metadata for records, work process analysis, long-term preservation of electronic records, digitization, risk assessment, and management systems for records.3 This structure allows for a concentration of specialized expertise on complex issues, ensuring the resulting standards are both technically sound and practically applicable.
Promoting Good Governance, Accountability, and Business Efficiency
The suite of standards developed by ISO/TC 46/SC 11 provides a comprehensive framework that is fundamental to modern organizational governance.9 These standards are not ends in themselves but are designed to be powerful enablers of core business objectives. By establishing an internationally recognized baseline for best practices, they allow organizations to achieve consistent levels of quality, performance, and reliability in their information management practices.3
The adoption of these standards yields tangible benefits that resonate at the highest levels of an organization. A systematic approach to records management, as prescribed by the SC 11 portfolio, directly supports business efficiency by ensuring that information is readily available for decision-making and operational activities.10 It enhances accountability and transparency by ensuring that a complete and authoritative record of decisions and actions is created and maintained, which is essential for meeting legal, regulatory, and societal expectations.5 Furthermore, this framework is a critical component of risk management, helping organizations mitigate the risks associated with information loss, unauthorized access, or non-compliance, while also supporting business continuity in the event of a disaster.6 Ultimately, the work of SC 11 empowers organizations to protect and leverage their records as vital information assets, contributing to innovation, economic prosperity, and enduring corporate memory.3
The Cornerstone Standard: A Deep Dive into ISO 15489 - Concepts and Principles
At the heart of the ISO/TC 46/SC 11 portfolio lies ISO 15489, the world's foundational international standard for records management.5 First published in 2001, it was a landmark achievement, creating the first globally agreed-upon framework for the profession. It has its genesis in the original Australian Standard AS 4390-1996, Records Management, the world's first national records management standard, which provided comprehensive guidance for managing business records in any organization. It strated as two components, which we see mirrored in ISO 15489:
AS ISO 15489.1-1996, Records Management - Part 1: General, and
AS ISO 15489.2-1996 Records Management - Part 2: Guidelines.
AS 4390 covered aspects such as strategies, procedures, practices, and storage for both manual and electronic records.
The ISO iteration ISO 15489: which followed the core of AS 4390, but with certain elements that were accepted Australasian practice, but were not accepted within the international context removed. This is significant as many of those elements have been subsequently adopted as satellite standards to the ISO 15489 ‘Mother Ship”, such as the Appraisal and Disposal components, more on this later. It was orginally published in the same model as AS 4390:
ISO/TR 15489-2:2001 - Information and documentation — Records management — Part 1: General.
ISO/TR 15489-2:2001 - Information and documentation — Records management — Part 2: Guidelines.
ISO 15489: 2001 was adopted by over 50 nations and translated into more than 15 languages, establishing a common vocabulary and methodology for records professionals worldwide.11 However, the rapid evolution of the digital information landscape necessitated a fundamental rethinking of the standard, leading to its comprehensive revision in 2016.
The Evolution to a Digital-Minded Framework: Key Changes in the 2016 Revision
The publication of ISO 15489-1:2016, Information and documentation — Records management — Part 1: Concepts and principles, marked a pivotal shift in the standard's philosophy and application.13 The most significant structural change was the formal withdrawal of the original Part 2, "Guidelines".14 This was a deliberate act to move the standard away from being a prescriptive, "how-to" implementation manual and to re-establish it as a high-level, principles-based framework.15 This change reflects a maturation of the profession, moving away from a one-size-fits-all approach to one that requires professional judgment and adaptation to specific contexts. It was also to allow for the ‘Mother Ship” and “Satellite” standards model, where each part of the Guidelines could be extended out into specific more detailed Standards and Technical Reports, for deep-dives into the key components, e.g. Metadata.
The 2016 revision was consciously developed to be "digital-minded" while remaining "technology-agnostic".11 The drafting committee worked to shed the remaining conventions and practices tied to the paper world, creating a standard fit for the purpose of modern digital business.11 It acknowledges and addresses the realities of contemporary information environments, such as the need for records systems to extend beyond traditional organizational boundaries to support collaborative and multi-jurisdictional work, and the increased opportunities for the use and reuse of records in digital formats.15 While fully applicable to paper-based or hybrid environments, its core logic is designed to guide the management of records in the complex, dynamic, and distributed digital world.11
This evolution of the standard represents a significant strategic shift. By removing the prescriptive Part 2, it could be argued that the committee effectively de-professionalized the implementation of a basic records program while simultaneously elevating the strategic importance of the records management professional. My own view is that this perspective was an unintended consequence of the desire to allow for the specialist subject deep-dive approach, but may have further professional repercussions. The original two-part standard could be followed by non-specialists to create a rudimentary, checklist-based program. The 2016 revision, by contrast, makes such an approach untenable. Its focus on applying principles, conducting risk analysis, and understanding business context demands deep professional expertise.15 It forces organizations to move beyond rote compliance and instead engage skilled professionals who can interpret the principles and design a bespoke, risk-based program tailored to the organization's specific needs. This elevates the role of the records manager from that of a custodian or technician to a strategic risk advisor and information architect.
Core Principles for Managing Records as Evidence and Information Assets
The 2016 standard firmly establishes the dual nature of records as both "evidence of business activity and information assets".15 This distinction is crucial: as evidence, records provide proof of transactions and decisions, supporting accountability and compliance; as assets, they are valuable sources of information that can be leveraged for decision-making, research, and business intelligence.
To serve as authoritative evidence, the standard stipulates that records must possess four key characteristics throughout their lifecycle 14:
Authenticity: An authentic record is one that can be proven to be what it purports to be, to have been created or sent by the person purported to have created or sent it, and to have been created or sent at the time purported.
Reliability: A reliable record is one whose contents can be trusted as a full and accurate representation of the transactions, activities, or facts to which they attest.
Integrity: The integrity of a record refers to it being complete and unaltered. It is necessary that a record be protected against unauthorized alteration.
Usability: A usable record is one that can be located, retrieved, presented, and interpreted.
These technical characteristics are supported by broader information governance principles that are embedded in the standard's framework, including Accountability, Protection, and Availability.11 To achieve these characteristics, the standard emphasizes that records must consist of both content and metadata, with metadata being the critical component that describes their context, structure, and management over time.14
The Central Role of Appraisal in Determining Records Requirements
One of the most profound changes in the 2016 revision of ISO 15489 was the redefinition and elevation of the concept of "appraisal." Moving far beyond its traditional meaning as a process for determining the final disposition of records, the standard re-envisions appraisal as the core strategic activity that underpins the entire records management program.15
In this expanded, Australasian-influenced definition, appraisal is the "recurrent analysis of business activity and context to identify what records need to be created and captured, and how they should be managed over time".12 This is a proactive and ongoing process of evaluating business activities, assessing risks, and understanding the legal, regulatory, and business requirements to determine precisely which records are needed to serve as evidence.14 The findings from this analytical work drive all subsequent decisions about records, from their initial creation and capture to their retention and ultimate disposition.12 By placing this sophisticated analytical function at its core, the standard positions appraisal as the most important intellectual tool available to records professionals for designing and implementing an effective, efficient, and compliant recordkeeping program.12
Implementing ISO 15489: Policies, Responsibilities, and Controls
While no longer a prescriptive guide, ISO 15489-1:2016 outlines the essential components required for a functional records management program. It stresses the need for clear, formally approved policies that define the organization's commitment to records management.11 It also mandates the assignment of responsibilities, emphasizing that a senior executive must have ultimate oversight of the program, with clear delegation to appropriate individuals and teams (which leads directly to the development of the ISO 30300 Management System for Records Management sub-series).11 This is complemented by requirements for ongoing monitoring and evaluation of the program's effectiveness, as well as competence and training for all personnel involved in creating and managing records.14
To enforce these policies and principles, the standard introduces the concept of "records controls." These are the specific tools and rules that are designed and implemented to govern how records are managed within systems.14 The key records controls described in the standard include 14:
Metadata Schemas: Authorized and structured models for the metadata that must be captured for records.
Business Classification Schemes: Hierarchical systems for linking records to the business activities that generate them.
Access and Permissions Rules: Controls that define who can access records and what actions they are permitted to perform.
Disposition Authorities: Formal rules that specify the retention periods for records and authorize their eventual destruction or transfer.
These controls are the practical mechanisms through which the high-level principles of the standard are put into operation. The standard also notes that the management of records in line with its principles is fundamental to a successful Management System for Records (MSR), as defined by the ISO 30300 series of standards, thus creating a direct link to the strategic governance layer of the SC 11 framework.19
Strategic Oversight and Governance: The ISO 30300 Series for Management Systems for Records (MSR)
While ISO 15489 provides the foundational principles for what constitutes good records management, the ISO 30300 series of standards addresses the strategic how, specifically, how to embed records management into an organization's core governance and management structures. Developed primarily for an audience of senior management, IT professionals, and records managers, this series introduces the concept of a Management System for Records (MSR).8 The MSR approach was created to overcome the historical challenge of records management being perceived as a low-priority, back-office compliance function. By reframing it in the familiar, auditable, and internationally recognized language of "Management Systems"—akin to ISO 9001 for Quality or ISO 14001 for Environment—SC 11 provided professionals with a powerful tool to gain executive traction, secure resources, and integrate their work into the fabric of corporate governance.6
Integrating Records Management with Business Strategy: The MSR Approach
An MSR is a formal framework of policies, objectives, and directives designed to align the creation, capture, and control of records with an organization's overall mandate, mission, and strategic goals.6 The core purpose of the ISO 30300 series is to link the management of records directly to organizational success and accountability.6 This transforms the discipline from a reactive, cost-centered activity into a proactive, value-adding function that supports key business drivers. An effective MSR promotes business efficiency, enables accountability, strengthens risk management, and ensures business continuity.6 It allows an organization to capitalize on the value of its information resources as business, commercial, and intellectual property assets.6 The adoption of the MSS model was a deliberate strategic choice, leveraging the credibility and familiarity of this structure to provide a clear pathway for records management to be taken seriously at the executive level.
ISO 30300: Establishing the Fundamentals and a Common Vocabulary
ISO 30300, Information and documentation — Records management — Core concepts and vocabulary, is the foundational standard for the MSR series.22 Its primary function is to explain the rationale and guiding principles behind an MSR, establish the objectives for its use, and specify the roles of top management.6
Crucially, it also provides the definitive terminology and definitions for the field. The 2020 revision of this standard significantly broadened its scope, making it the central vocabulary standard not just for the MSR series, but for all standards and technical reports produced by ISO/TC 46/SC 11.24 This ensures a consistent and coherent understanding of concepts across the entire portfolio. A key design feature of ISO 30300 is its compatibility with the common structure and terminology used in other major management systems standards (MSS), such as ISO 9001 (Quality), ISO 27001 (Information Security), and ISO 22301 (Business Continuity).6 This alignment facilitates the seamless integration of the MSR into an organization's existing management systems, allowing for a unified approach to governance, risk, and compliance.
ISO 30301: Requirements for an Auditable and Certifiable MSR
ISO 30301, Information and documentation — Management systems for records — Requirements, is the normative heart of the MSR series.22 This standard specifies the requirements that an organization
must meet to establish, implement, maintain, and continually improve an effective MSR.26 Its structure follows the high-level framework common to all modern ISO management system standards, with clauses covering the context of the organization, leadership, planning, support, operation, performance evaluation, and improvement.26
The most powerful feature of ISO 30301 is that it is an auditable standard. This means an organization can have its MSR formally assessed by an independent, third-party certification body.21 Achieving certification against ISO 30301 provides tangible, verifiable proof that the organization's records management program meets international best practice.25 This is the critical mechanism that elevates the MSR from an internal initiative to a strategic asset. The Certification model offers numerous benefits, including the ability to demonstrate regulatory compliance to auditors and authorities, enhance organizational accountability and transparency, improve efficiency in decision-making, and protect corporate information.22 For senior leadership, certification provides a clear, measurable goal and a tangible return on investment in the form of demonstrable good governance and risk reduction.
ISO 30302: Practical Guidelines for Implementation
Complementing the requirements standard, ISO 30302, Information and documentation — Management systems for records — Guidelines for implementation, serves as the practical companion document to the MSR series.22 Where ISO 30301 specifies
what must be done, ISO 30302 provides guidance on how to do it.27 This standard offers step-by-step advice and examples to assist organizations in applying the MSR requirements of ISO 30301. In effect, it fills the practical guidance role for the strategic management layer that was once occupied by the now-withdrawn ISO 15489-2 for the operational layer, helping organizations to better understand and implement a compliant MSR.
Enabling Technology: ISO 16175 and the Functional Requirements for Records Software
While ISO 15489 sets the principles and the ISO 30300 series provides the strategic management framework, ISO 16175 bridges the gap between these high-level concepts and the technical reality of the software systems that create and manage records. Published as Information and documentation — Processes and functional requirements for software for managing records, this standard provides internationally agreed principles and functional requirements for any software application used to manage digital information in office environments.28 Its purpose is to provide a clear benchmark for organizations to use when procuring, designing, or assessing the capability of their systems to ensure they can reliably create, capture, and manage records in accordance with established principles.28
The evolution of this standard reflects a critical shift in thinking about where and how records are managed. The traditional model focused on procuring a single, monolithic "Electronic Document and Records Management System" (EDRMS) that would act as the central, compliant repository for all organizational records. This "EDRMS-as-an-island" approach often failed due to poor user adoption, as employees preferred to work within their native business applications. The latest revision of ISO 16175 acknowledges this failure and ushers in a new era of "embedded compliance," providing an architectural blueprint for weaving records functionality into the entire fabric of an organization's IT landscape.
In this development and iteration of ISO 16175, we can see it’s journey from the original ICA-Req Standards published by the International Council on Archives to where the ISO model ultimately led. In 2008 the International Congress of Archives published three modules of its Principles and Functional Requirements for Records in Electronic Environments (ICA-Req). This approach clearly made it intent obvious to differentiate the EDRMS element of records management practice from the records management in core native business systems, a step change in matury from the original ISO 15489 thinking in the 1990s. The original suite of guidelines and functional requirements is organised into three modules:
Module 1: Overview and Statement of Principles: background information, organisation, fundamental principles and additional context.
Module 2: Guidelines and Functional Requirements for Records in Electronic Offices: a global high-level statement of core and optional requirements, including application guidelines and a compliance checklist.
Module 3: Guidelines and Functional Requirements for Records in Business Systems: guidelines and generic core and optional functional requirements for records in business systems.
So, we can see that evolution from records management practice from being an island to ‘in-place’ records management, over ten years, and even further from the original Archives New Zealand’s Electronic Recordkeeping Systems Standards (ERKSS) that was the genesis of IC-Req Module 2, (see ERKSS review) which has it’s roots in AS 4390 and the UK TNAs original standard.
Analysis of Core Functional Requirements
ISO 16175 outlines a comprehensive set of functional requirements that software must possess to be considered capable of managing records. These requirements are consistent with the principles articulated in ISO 15489 and are essential for ensuring that digital objects can serve as reliable evidence over time.28 The core functional areas specified by the standard include:
Creating and Capturing Records: The ability to create records or capture them from other systems, along with their essential metadata.
Maintaining Records: Ensuring the authenticity and integrity of records through features such as immutable (unalterable) storage, robust version control, and comprehensive, unalterable audit trails that log every action performed on a record.10
Retention and Disposition: The ability to apply and enforce retention rules from a disposition authority, manage legal holds, and securely execute the destruction or transfer of records at the end of their lifecycle.10
Dissemination and Access: Functionality for searching, retrieving, and rendering records, while strictly enforcing access and permissions rules to protect sensitive information.10
Administration: Tools for system administrators to manage the records management framework within the application, including classification schemes, disposition authorities, and user permissions.10
By providing this detailed checklist of functionalities, the standard gives organizations a powerful tool to evaluate vendor products and ensure that their systems can support legally compliant archiving and demonstrate the reliability of digital evidence in legal or regulatory proceedings.31
The 2020 Revision: A Unified Approach for All Systems
A transformative change occurred with the 2020 revision of ISO 16175. This new edition eliminated the previous distinction between dedicated records management applications (like an EDRMS) and general business systems (like CRMs, ERPs, or collaboration platforms).28 The standard now presents a single, unified set of functional requirements that applies to
any application that manages digital records.28
The implication of this change is profound. It formally recognizes the modern reality that records are created, managed, and stored across a diverse and distributed ecosystem of enterprise applications. The focus is no longer on finding a single "perfect" system but on ensuring that all systems where records reside possess the core functionality necessary for their reliable management. This shifts the primary audience for the standard beyond records managers to include enterprise architects, solution architects, and software developers.10 The conversation is no longer "Which EDRMS should we buy?" but rather "How do we ensure our core business platforms meet these essential functional requirements for records?" This promotes a more user-friendly and architecturally sound "manage-in-place" strategy, where compliance is embedded within the tools people use every day, rather than being imposed from a separate, often cumbersome, system.
Guidance for Selecting, Designing, and Implementing Compliant Software
To support the practical application of these requirements, the standard is complemented by ISO/TS 16175-2, which provides guidance for selecting, designing, implementing, and maintaining software for managing records.10 This technical specification helps organizations translate the functional requirements from Part 1 into concrete specifications when building or acquiring new systems.10 It provides a framework for ensuring that recordkeeping is considered a fundamental requirement from the outset of any IT project, rather than an afterthought. It is important to note, however, that the scope of ISO 16175 does not include the specific technical requirements for the long-term preservation of digital records, such as format migration strategies or digital repository specifications.28 These critical needs must be addressed separately as part of a dedicated digital preservation plan.28
The DNA of Digital Records: ISO 23081 on Metadata for Records Management
In the digital realm, a record's context, authenticity, and long-term viability are not inherent properties; they are entirely dependent on metadata. ISO 23081, Information and documentation — Records management processes — Metadata for records, is the international standard that provides the essential framework for creating, managing, and using this critical information.20 It defines recordkeeping metadata as the structured or semi-structured information that describes the context, content, and structure of records, enabling their management, retrieval, and preservation over time.34 This standard implicitly advances a fundamental concept of digital archives: metadata is not merely
about the record; it is an integral part of the record itself.
In the physical world, a signed document on official letterhead carries intrinsic evidence of its context and origin. A digital file, in contrast, is simply a collection of bits. Its meaning, origin, history, and relationship to other information are lost unless they are explicitly captured and persistently linked to it through metadata.20 The "record," therefore, becomes an intellectual construct comprising two inseparable components: the content (the bits) and the metadata (the context). One is meaningless as evidence without the other. ISO 23081 provides the definitive framework for creating and managing this fusion, ensuring that digital objects can serve as authentic, reliable, and usable evidence for as long as they are required.36
The Criticality of Metadata: Ensuring Authenticity, Reliability, and Usability
The primary purpose of the ISO 23081 series is to ensure that records maintain their integrity and can serve as authoritative evidence throughout their lifecycle.36 Metadata is the mechanism that achieves this. It documents the business context in which a record was created and used, tracks all actions performed on the record, and provides the technical information necessary for its preservation and future accessibility.37 Without a robust and well-managed metadata framework, an organization cannot prove the authenticity of its digital records, demonstrate their reliability in legal proceedings, or ensure their usability across technological changes.35 The standard emphasizes that in digital environments, the characteristics of an authoritative record must be explicitly documented through metadata, rather than being implicit as they often were in paper-based processes.35
Part 1: The Principles Underpinning a Records Metadata Framework
ISO 23081-1:2017, Metadata for records — Part 1: Principles, establishes the foundational concepts and governance for a records metadata framework.36 It directly links the requirements for metadata to the core principles of records management articulated in ISO 15489.39 The standard is not a prescriptive list of mandatory metadata elements, as these will vary based on organizational and jurisdictional requirements.35 Instead, it outlines the principles and identifies the essential
types of metadata required to support a comprehensive records program. These include 35:
Metadata about the record itself: Identity, structure, format, and relationships to other records.
Metadata about business processes: The business context, activities, and transactions that the record documents.
Metadata about agents: The people, workgroups, or systems responsible for creating, acting on, and managing the record.
Metadata about business rules and policies: The mandates, permissions, and disposition rules that apply to the record.
Metadata about records management processes: A log of all actions taken on the record, such as capture, classification, access, and disposition.
Part 1 also addresses the governance of metadata, defining roles and responsibilities, and explaining how records metadata intersects with and supports other metadata domains, such as preservation, resource discovery, and rights management.35
Part 2: Conceptual Models and Implementation Issues
ISO 23081-2:2021, Metadata for managing records — Part 2: Conceptual and implementation issues, provides the practical "how-to" guidance for putting the principles from Part 1 into practice.36 This part of the standard establishes a framework for defining specific metadata elements and aims to provide a common understanding that enables interoperability between different systems.41 It offers a conceptual model for defining a metadata schema and discusses the critical decision points that organizations must address during implementation.36 This includes identifying the various options for metadata capture, management, and storage, and providing pathways for choosing the most appropriate options for a given context.41
Part 3: A Self-Assessment Methodology for Metadata Schemas
ISO/TR 23081-3:2011, Managing metadata for records — Part 3: Self-assessment method, is a technical report that provides a practical tool for organizations to evaluate their own metadata practices.8 It consists of a self-assessment checklist, typically provided as a spreadsheet, that allows implementers to measure the strengths and weaknesses of their existing or proposed metadata schemas against the principles and requirements laid out in the standard.8 This tool enables a systematic review of an organization's metadata strategy, helping to identify gaps and areas for improvement to ensure alignment with international best practice.
A Comprehensive Catalogue of ISO/TC 46/SC 11 Publications
The work of ISO/TC 46/SC 11 extends well beyond the cornerstone standards of ISO 15489, 30300, 16175, and 23081. The subcommittee has produced a comprehensive portfolio of standards and technical reports that address a wide range of specific challenges in modern records and archives management.9 This body of work provides detailed guidance on specialized topics, ensuring that professionals have access to internationally agreed-upon best practices for virtually every aspect of their work.
Thematic Overview of the SC 11 Portfolio
To better understand the breadth and depth of the subcommittee's contributions, its publications can be grouped into several key thematic areas that reflect the evolving priorities of the profession:
Foundational Principles and Systems: This core group includes the foundational standards already discussed: ISO 15489 for concepts and principles, the ISO 30300 series for management systems, ISO 16175 for software functionality, and the ISO 23081 series for metadata.
Digital Transition and Preservation: Recognizing the paramount challenge of managing records in a digital world, SC 11 has developed specific guidance for the practical aspects of digital transformation. This includes standards on the processes for digital records conversion and migration (ISO 13008) and implementation guidelines for the digitization of physical records (ISO/TR 13028).42 It also addresses the critical need for long-term preservation through requirements for trusted third-party digital repositories (ISO 17068).42
Strategic Planning and Risk Management: This theme covers standards that elevate records management from an operational task to a strategic function. It includes a methodology for conducting risk assessment for records processes and systems (ISO 18128), detailed guidance on the strategic process of appraisal for managing records (ISO/TR 21946), and a framework for integrating records management directly into enterprise architecture (ISO/TR 21965).42
Addressing Emerging Technologies: SC 11 is proactive in exploring the impact of new technologies on records management. This is demonstrated by the publication of technical reports that provide early guidance and analysis on managing records in cloud computing environments (ISO/TR 22428-1) and the potential implications of blockchain and distributed ledger technologies for creating and managing authoritative records (ISO/TR 24332).42
Process Analysis and Improvement: This group includes standards focused on the underlying business processes that generate records. The technical report on work process analysis for records (ISO/TR 26122) provides a methodology for analyzing business activities to accurately identify recordkeeping requirements, ensuring that records management is seamlessly integrated into workflows from the very beginning.42
Definitive Table of ISO/TC 46/SC 11 Standards and Technical Reports
The following table provides a comprehensive and definitive catalogue of the standards and technical reports published under the direct responsibility of ISO/TC 46/SC 11. This reference tool summarizes the scope and current status of each publication, offering a complete inventory of the authoritative guidance available to information management professionals.42
Definitive List of ISO/TC 46/SC 11 Standards and Technical Reports
The following table provides a comprehensive and definitive catalogue of the standards and technical reports published under the direct responsibility of ISO/TC 46/SC 11. This reference tool summarizes the scope and current status of each publication, offering a complete inventory of the authoritative guidance available to information management professionals
ISO 13008:2022: Information and documentation — Digital records conversion and migration process
Status: Published
Summary: Outlines requirements and procedures for converting records to a different format or migrating them between systems, ensuring authenticity and integrity are maintained.
ISO/TR 13028:2010: Information and documentation - Implementation guidelines for digitization of records
Status: Published
Summary: Provides best-practice guidelines for digitizing physical records, covering planning, processes, quality control, and metadata considerations.
ISO 15489-1:2016: Information and documentation — Records management — Part 1: Concepts and principles
Status: Confirmed
Summary: The foundational standard establishing the core concepts, principles, and framework for creating, capturing, and managing records in all environments.
ISO 16175-1:2020: Information and documentation — Processes and functional requirements for software for managing records — Part 1: Functional requirements and associated guidance for any applications that manage digital records
Status: Under Review
Summary: Specifies the functional requirements for any software application that creates or manages digital records, ensuring they can support records management principles.
ISO/TS 16175-2:2020: Information and documentation — Processes and functional requirements for software for managing records — Part 2: Guidance for selecting, designing, implementing and maintaining software for managing records
Status: Confirmed
Summary: Provides practical guidance for organizations on how to select, design, and implement software that conforms to the requirements in Part 1.
ISO 17068:2017: Information and documentation — Trusted third party repository for digital records
Status: Confirmed
Summary: Specifies requirements for trusted digital repositories, ensuring they can preserve the authenticity, integrity, and usability of digital records over the long term.
ISO 18128:2024: Information and documentation — Records risks — Risk assessment for records management
Status: Published
Summary: Provides a methodology for assessing risks related to records and records systems, applying the principles of ISO 31000 to the records management context.
ISO/TR 21946:2018: Information and documentation — Appraisal for managing records
Status: Published
Summary: Provides detailed guidance on the process of appraisal, as defined in ISO 15489, for determining records requirements based on business needs and risk.
ISO/TR 21965:2019: Information and documentation — Records management in enterprise architecture
Status: Published
Summary: Offers guidance on embedding records management requirements into an organization's enterprise architecture framework to ensure systematic implementation.
ISO 22310:2006: Information and documentation — Guidelines for standards drafters for stating records management requirements in standards
Status: Confirmed
Summary: Provides guidance for writers of other ISO standards on how to correctly and consistently incorporate records management requirements into their documents.
ISO/TR 22428-1:2020: Managing records in cloud computing environments — Part 1: Issues and concerns
Status: Published
Summary: Explores the issues, risks, and concerns associated with creating and managing records in cloud environments, providing a framework for assessment.
ISO 23081-1:2017: Information and documentation — Records management processes — Metadata for records — Part 1: Principles
Status: Confirmed
Summary: Establishes the principles for creating, managing, and using metadata for records, linking it directly to the requirements of ISO 15489.
ISO 23081-2:2021: Information and documentation — Metadata for managing records — Part 2: Conceptual and implementation issues
Status: Published
Summary: Provides a conceptual model and practical guidance for implementing a metadata schema for records management.
ISO/TR 23081-3:2011: Information and documentation — Managing metadata for records — Part 3: Self-assessment method
Status: Published
Summary: A technical report that provides a checklist for organizations to self-assess their metadata practices against the ISO 23081 principles.
ISO/TR 24332:2025: Information and documentation — Blockchain and distributed ledger technology (DLT) in relation to authoritative records, records systems and records management
Status: Published
Summary: A technical report exploring the use and implications of blockchain and DLT for creating and managing authoritative records.
ISO/TR 26122:2008: Information and documentation — Work process analysis for records
Status: Published
Summary: Provides a methodology for analyzing business work processes to identify recordkeeping requirements.
ISO 30300:2020: Information and documentation — Records management — Core concepts and vocabulary
Status: Under Review
Summary: The core vocabulary standard for the MSR series and all SC 11 standards, defining fundamental terms and concepts.
ISO 30301:2019: Information and documentation — Management systems for records — Requirements
Status: Published
Summary: The auditable requirements standard for implementing a Management System for Records (MSR). Organizations can be certified against this standard.
ISO 30302:2022: Information and documentation — Management systems for records — Guidelines for implementation
Status: Published
Summary: Provides practical, step-by-step guidance on how to implement an MSR that meets the requirements of ISO 30301.
The Future Trajectory: Emerging Technologies and the Evolution of Records Management Standards
The development of international standards is not a static event but a continuous process of refinement, revision, and expansion to address the evolving needs of the global community. ISO/TC 46/SC 11 exemplifies this dynamic nature through its active work programme, which is increasingly focused on the challenges and opportunities presented by rapid technological change.5 The subcommittee's future trajectory indicates a strategic shift from codifying established best practices to engaging in pre-emptive standardization for emerging technologies. This proactive approach is a crucial lesson learned from previous technological disruptions, where recordkeeping principles were often an afterthought. By engaging with new technologies early in their development, SC 11 aims to ensure that the fundamental requirements for evidence, accountability, and governance are "designed in" from the outset, rather than being "bolted on" years later at great expense and difficulty.
The SC 11 Work Programme: Current Projects and Revisions
The relevance and authority of the SC 11 standards are maintained through a cyclical, systematic review process. Key standards such as ISO 15489, ISO 30300, and ISO 30301 are subject to periodic review (typically every five years) to determine whether they should be confirmed, revised, or withdrawn.27 This ensures that the guidance remains aligned with current technological realities and professional practices. For example, the Management System for Records standard, ISO 30301:2019, has recently entered its next review process, demonstrating the committee's commitment to continuous improvement of its core products.27 This ongoing work programme is a vital function of the subcommittee, guaranteeing that its portfolio of standards continues to provide a stable yet adaptable foundation for the profession.
Standardizing for the Future: Addressing AI, Blockchain, and Cloud Environments
ISO/TC 46/SC 11 is actively addressing the profound impact of emerging technologies on the creation and management of records. Rather than waiting for consensus to form, the subcommittee is taking a leading role in exploring these new domains and developing early guidance for the profession. This forward-looking strategy is evident in several key initiatives:
Artificial Intelligence (AI): The establishment of Working Group 22 (WG 22) is a direct response to the increasing integration of AI into organizational workflows. This group is tasked with developing a comprehensive framework to address the evolving role of AI in records management, exploring its impacts, and developing guidelines to manage the emerging challenges.5 The work of WG 22 will also address the critical ethical and societal considerations of managing AI-generated records, particularly concerning privacy, transparency, and accountability.5
Cloud Computing: Recognizing the ubiquitous shift to cloud-based infrastructure, SC 11 published ISO/TR 22428-1, Managing records in cloud computing environments — Part 1: Issues and concerns. This technical report provides a crucial framework for organizations to assess the risks and issues associated with creating, managing, and storing records in the cloud, a domain where traditional concepts of custody and control are fundamentally challenged.42
Blockchain and Distributed Ledger Technology (DLT): To address the potential of DLT to create immutable and verifiable records, the subcommittee developed ISO/TR 24332. This technical report explores the use and implications of blockchain in relation to authoritative records and records systems, providing an early analysis of how this technology might be leveraged to support or transform recordkeeping practices.42
Concluding Analysis: The Enduring Relevance and Adaptability of the SC 11 Framework
The comprehensive portfolio of standards from ISO/TC 46/SC 11 provides an indispensable framework for any organization seeking to manage its information assets effectively, accountably, and in accordance with international best practice. The strength of this framework lies in its sophisticated, layered, and adaptable structure.
At its core, ISO 15489 provides the enduring, high-level principles that define the very nature of records and the purpose of their management. This conceptual foundation is technology-agnostic and remains relevant across all business and technological environments. With the ‘Mother Ship” and “Satellite” hub and spoke model the ISO 30300 series provides the strategic management system for integrating these principles into the highest levels of organizational governance, making records management a C-suite concern. Linking these Satellites to the Mother Ship are the more technical and specific standards, such as ISO 16175 for software functionality and ISO 23081 for metadata, that provide the detailed implementation guidance needed to put the principles into practice in the digital world.
This intelligent structure allows the framework to be both stable and dynamic. The core principles remain constant, while the technical and strategic layers can be updated and expanded to address new challenges and technologies. The proactive engagement with AI, cloud, and blockchain demonstrates that ISO/TC 46/SC 11 is not merely a custodian of past knowledge but an active and essential participant in shaping the future of information governance. For records and information management professionals, the work of this subcommittee is not just a set of rules to be followed but a vital resource for navigating the complexities of the modern information landscape and for articulating the strategic value of their profession.