ISO TR 18128:2014 download free

05-20-2021 comment

ISO TR 18128:2014 download free.Information and documentation Risk assessment for records processes and systems.
Introduction
All organizations identify and manage the risks to their functioning successfully. Identifying and managing the risks to records processes and systems is the responsibility of the organization’s records professional.
This Technical Report is intended to help records professionals and people who have responsibility for records in their organization to assess the risks related to records processes and systems.
NOTE System means any business application which creates and stores records.
This is distinct from the task of identifying and assessing the organization’s business risks to which creating and keeping adequate records is one strategic response. The decisions to create or not create records in response to general business risk are business decisions which should be informed by the analysis of the organization’s records requirements undertaken by records professionals together with business managers. The premise of this Technical Report is that the organization has created records of its business activities to meet operational and other purposes and has established at least minimal mechanisms for the systematic management and control of the records.
The consequence of risk events to records processes and systems is the loss of, or damage to, records which are therefore no longer useable, reliable, authentic, complete, or unaltered, and therefore can fail to meet the organization’s purposes.
The Technical Report provides guidance and examples based on the general risk management process established in ISO 31000 (see Figure 1) to apply to risks related to records processes and systems. It covers
a) risk identification,
b) risk analysis, and
c) risk evaluation.
1 Scope
This Technical Report intends to assist organizations in assessing risks to records processes and systems so they can ensure records continue to meet identified business needs as long as required.
The report
a) establishes a method ofanalysis for identifying risks related to records processes and systems,
b) provides a method of analysing the potential effects of adverse events on records processes and systems,
c) provides guidelines for conducting an assessment of risks related to records processes and systems, and
d) provides guidelines for documenting identified and assessed risks in preparation for mitigation.
This Technical Report does not address the general risks to an organization’s operations which can be mitigated by creating records,
This Technical Report can be used by all organizations regardless of size, nature of their activities, or complexity of their functions and structure. These factors, and the regulatory regime in which the organization operates which prescribes the creation and control of its records, are taken into account when identifying and assessing risk related to records and records systems.
Defining an organization or identifying its boundaries should take into account the complex structures and partnerships and contractual arrangements for outsourcing services and supply chains which are a common feature of contemporary government and corporate entities. Identifying the boundaries of the organization is the initial step in defining the scope of the project of risk assessment related to records.
This Technical Report does not address directly the mitigation of risks as methods for these will vary from organization to organization.
The Technical Report can be used by records professionals or people who have responsibility for records in their organizations and by auditors or managers who have responsibility for risk management programs in their organizations.
4.2 Risk criteria
Criteria should be based on the legal requirements for the organization’s jurisdiction and should include the following:
a) the nature and types ot consequences to be included and how they will be measured;
b) the way in which probabilities are to be expressed;
c) how a level of risk will be determined;
d) the criteria by which it will be decided when a risk needs treatment;
e) the criteria for deciding when a risk is acceptable and/or tolerable;
1) whether and how combinations of risks will be taken into account.
Regarding the nature and types of consequences to be included in the risk assessment of records processes and systems, there is a general starting point which applies to all organizations. Records which are authentic, reliable, have integrity, and are useable for as long as they are required will support the needs of the organization. Risks are identified based on their potential to undermine those general characteristics of records which would make them fail to meet the purposes for which they are created.
For discussion of probability and frequency of events in risk assessment, see Z.
Criteria for evaluating risks, including the criteria by which it will be decided when a risk is acceptable or needs treatment, include the size and reach of the records systems in the organization, the number of users, and the use made of the system in the operations of the organization.
Similarly, criteria for evaluating risks affecting records processes should include the frequency 0 the process, how many systems it is used in, its relative importance in creating or managing records, the tracking of processes, and the potential for reversing or remedying adverse effects.
5.2 Context: External factors
5.2.1 Areas of uncertainty: Changes In political-societal context
Changes in the political and societal climate, nationally and internationally, can affect public attitudes to governments and corporate behaviour. This can bring about legal and regulatory change, which impacts the organization’s operations and. consequently. its records requirements.
Examples of areas of changing public attitudes which can affect records requirements are national security, access to government and corporate information, privacy, intellectual property rights, and corporate reporting responsibilities. More generally, examples of areas of uncertainty include the following:
a) legal and regulatory changes affecting the organization’s records requirements;
a) changes in government policies affecting the organization’s records, records processes, and systems;
b) new standards or codes of practice that affect the organization’s records, records processes, and
systems;
c) changing demand for records services;
d) changing stakeholders’ expectations;
e) changes to reputation of, or trust in, the organization’s ability to deliver its services.
5.2.2 Areas of uncertainty: Macro-economic and technological environment
Changes in the macro-economic, business, and industrial environment and in information technology have high impact on competition and customer demand. Change can be gradual and continuous, or punctuated by crises, but also constitutes an area of uncertainty which can offer positive opportunities.
Examples of areas of uncertainty arising from such changes to the macro-economic and business environment include the following:
7 Evaluating risks
7.1 General
The pui-pose of risk evaluation is to assist in making decisions, based on the outcomes of risk analysis, about which risks need treatment and the priority for treatment implementation.
Risk evaluation involves comparing the level of risk found during the analysis process with risk criteria established when the context was considered. Based on this comparison, the need for treatment can be considered
The scale of consequence of adverse events and the adequacy of existing controls can be put together with a probability table to help identify the risks which should be the focus of actions, measures, or treatment.
Decisions can include the following:
a) whether a risk needs treatment;
b) priorities for treatment;
c) whether an activity should be undertaken;
d) which of a number of options should be adopted.
Evaluating the risk in relation to the likelihood and the adverse consequences should give due weight to the possible impact of rare or unprecedented occurrences if the impact is judged to be widespread and severe to the point of catastrophe. Likewise, the impact of an accumulation of minor breaches or non-conformities can be far in excess of any individual occurrence if the result is deterioration of the integrity and reliability of the records or records system.
As stated in the Introduction, the consequences of risk events are identified as the loss of, or damage to, records which are therefore no longer useable. reliable, authentic, complete, or unaltered, and therefore

Download infomation Go to download
Note: If you can share this website on your Facebook,Twitter or others,I will share more.

ISO 9885:1991 download free

ISO 9885:1991 download free.Wide-mouth glass containers - Deviation from flatness of top sealing surface - Test methods. ISO 9885 specifies two complementary test methods for the determination or the deviation from flatness of the top sealing surface...
07-27
Download Now

ISO 9009:1991 download

ISO 9009:1991 download.Glass containers — Height and non-parallelism of finish with reference to container base — Test methods. ISO 9009 specifies test methods for determining the height and the non-parallelism of finish with reference to the container...
07-27
Download Now

ISO 10076:1991 pdf free download

ISO 10076:1991 pdf free download.Metallic powders — Determination of particle size distribution by gravitational sedimentation in a liquid and attenuation measurement. The settling behaviour under gravity of a given mass of particles dispersed in an initially static...
07-27
Download Now

LEAVE A REPLY

Anonymous netizen Fill in information