ISO TR 18128:2014 pdf free
ISO TR 18128:2014 pdf free.Information and documentation – Risk assessment for records processes and systems
Regarding the nature and types of consequences to be included in the risk assessment of records processes and systems, there is a general starting point which applies to all organizations. Records which are authentic, reliable, have integrity, and are useable for as long as they are required will support the needs of the organization. Risks are identified based on their potential to undermine those general characteristics of records which would make them fail to meet the purposes for which they are created.
For discussion of probability and frequency of events in risk assessment, see 6.2.
Criteria for evaluating risks, including the criteria by which it will be decided when a risk is acceptable or needs treatment, include the size and reach of the records systems in the organization, the number of users, and the use made of the system in the operations of the organization.
Similarly, criteria for evaluating risks affecting records processes should include the frequency of the process, how many systems it is used in, its relative importance in creating or managing records, the tracking of processes, and the potential for reversing or remedying adverse effects.
Generally, the organization shall determine which records are the core records of its operations and the level of significance attached to them. These are business decisions based on the advice of both records professionals and the business managers.
The priority assigned to individual records, their aggregations, records processes, or specific records systems can also be assessed in relation to responses to major disasters affecting all or many business operations. For example, first, certain records are needed in the immediate aftermath of a natural disaster, such as security contacts’ addresses and phone numbers, building/facility entry records,contact details of disaster plan response teams, and insurance contacts and policy details. Second, the organization’s business continuity planning should identify the functions which need to be restored first and the records needed to do so.
Special attention should be paid to where a combination of risks applies to records identified as core operational.ISO TR 18128 pdf download.