PD ISO/TR 18128:2014
Superseded
A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.
View Superseded by
Information and documentation. Risk assessment for records processes and systems
Hardcopy , PDF
08-04-2024
English
31-03-2014
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Risk assessment criteria for the organization
5 Risk identification
6 Analysing identified risks
7 Evaluating risks
8 Communicating the identified risks
Annex A (informative) - Example of a documented risk
entry in a risk register
Annex B (informative) - Example: checklists for
identifying areas of uncertainty
Annex C (informative) - Guide to using controls
from ISO/IEC 27001, Annex A
Bibliography
Describes: a) a method of analysis for identifying risks related to records processes and systems, b) a method of analysing the potential effects of adverse events on records processes and systems, c) guidelines for conducting an assessment of risks related to records processes and systems, and d) guidelines for documenting identified and assessed risks in preparation for mitigation.
Committee |
IDT/2/17
|
DocumentType |
Standard
|
Pages |
48
|
PublisherName |
British Standards Institution
|
Status |
Superseded
|
SupersededBy |
This Technical Report intends to assist organizations in assessing risks to records processes and systems so they can ensure records continue to meet identified business needs as long as required. The report establishes a method of analysis for identifying risks related to records processes and systems, provides a method of analysing the potential effects of adverse events on records processes and systems, provides guidelines for conducting an assessment of risks related to records processes and systems, and provides guidelines for documenting identified and assessed risks in preparation for mitigation. This Technical Report does not address the general risks to an organization’s operations which can be mitigated by creating records. This Technical Report can be used by all organizations regardless of size, nature of their activities, or complexity of their functions and structure. These factors, and the regulatory regime in which the organization operates which prescribes the creation and control of its records, are taken into account when identifying and assessing risk related to records and records systems. Defining an organization or identifying its boundaries should take into account the complex structures and partnerships and contractual arrangements for outsourcing services and supply chains which are a common feature of contemporary government and corporate entities. Identifying the boundaries of the organization is the initial step in defining the scope of the project of risk assessment related to records. This Technical Report does not address directly the mitigation of risks as methods for these will vary from organization to organization. The Technical Report can be used by records professionals or people who have responsibility for records in their organizations and by auditors or managers who have responsibility for risk management programs in their organizations.
Standards | Relationship |
ISO/TR 18128:2014 | Identical |
BS 10012(2017) : 2017 | DATA PROTECTION - SPECIFICATION FOR A PERSONAL INFORMATION MANAGEMENT SYSTEM |
ISO/TR 23081-3:2011 | Information and documentation Managing metadata for records Part 3: Self-assessment method |
ISO/IEC 27001:2013 | Information technology — Security techniques — Information security management systems — Requirements |
ISO 30300:2011 | Information and documentation Management systems for records Fundamentals and vocabulary |
ISO 31000:2009 | Risk management Principles and guidelines |
ISO/TR 15489-2:2001 | Information and documentation Records management Part 2: Guidelines |
ISO/IEC 27005:2011 | Information technology Security techniques Information security risk management |
ISO 23081-1:2017 | Information and documentation — Records management processes — Metadata for records — Part 1: Principles |
ISO 15489-1:2016 | Information and documentation Records management Part 1: Concepts and principles |
ISO 23081-2:2009 | Information and documentation Managing metadata for records Part 2: Conceptual and implementation issues |
ISO Guide 73:2009 | Risk management — Vocabulary |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.