[Asis-standards] vote on : ISO/DTR 18128, Information and documentation — Risk identification and assessment for records systems
Mark Needleman
mneedlem at ufl.edu
Wed Apr 18 09:03:26 EDT 2012
Folks
i just cast a YES vote on
: ISO/DTR 18128, Information and documentation — Risk identification and
assessment for records systems
to be published as an ISO technical report with the following comments
(comments provided by Baden Hughes - and slightly edited by me):
section 5.3.1 - despite the clarifications as to the
types of internal risk, it does not appear to cover the significant
change of the businesses activties (eg introducing a new product or
service in a non traditional area that introduces new external or
internal factors re the requirements for management of records). this
is not the same as the uncertainty introduced through merger,
acquisition etc as itemised in the first subpoint in 5.3.1.
section 5.4.1 - We think it would be advisable to
strengthen the wording of the "reliability of systems suppliers" to
explicitly cover commercial and technical viability. This dovetails
into 5.4.2 as well; its about whether or not commercial systems
suppliers remain in the market offering records management systems.
section 5.5.3 - We think this should be expanded to
include maintenance of metadata transformation and cross walk schema
which is often performed externally and unfortunately often through a
non persistent agency.
section 7.2 - ISO 31000 should also be referenced here.
mark
More information about the Asis-standards
mailing list