• There are no items in your cart
We noticed you’re not on the correct regional site. Switch to our AMERICAS site for the best experience.
Dismiss alert

PD ISO/TR 18128:2014

Current
Current

The latest, up-to-date edition.

Information and documentation. Risk assessment for records processes and systems
Available format(s)

Hardcopy , PDF

Language(s)

English

Published date

31-03-2014

Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Risk assessment criteria for the organization
5 Risk identification
6 Analysing identified risks
7 Evaluating risks
8 Communicating the identified risks
Annex A (informative) - Example of a documented risk
        entry in a risk register
Annex B (informative) - Example: checklists for
        identifying areas of uncertainty
Annex C (informative) - Guide to using controls
        from ISO/IEC 27001, Annex A
Bibliography

Describes: a) a method of analysis for identifying risks related to records processes and systems, b) a method of analysing the potential effects of adverse events on records processes and systems, c) guidelines for conducting an assessment of risks related to records processes and systems, and d) guidelines for documenting identified and assessed risks in preparation for mitigation.

This Technical Report intends to assist organizations in assessing risks to records processes and systems so they can ensure records continue to meet identified business needs as long as required. The report establishes a method of analysis for identifying risks related to records processes and systems, provides a method of analysing the potential effects of adverse events on records processes and systems, provides guidelines for conducting an assessment of risks related to records processes and systems, and provides guidelines for documenting identified and assessed risks in preparation for mitigation. This Technical Report does not address the general risks to an organization’s operations which can be mitigated by creating records. This Technical Report can be used by all organizations regardless of size, nature of their activities, or complexity of their functions and structure. These factors, and the regulatory regime in which the organization operates which prescribes the creation and control of its records, are taken into account when identifying and assessing risk related to records and records systems. Defining an organization or identifying its boundaries should take into account the complex structures and partnerships and contractual arrangements for outsourcing services and supply chains which are a common feature of contemporary government and corporate entities. Identifying the boundaries of the organization is the initial step in defining the scope of the project of risk assessment related to records. This Technical Report does not address directly the mitigation of risks as methods for these will vary from organization to organization. The Technical Report can be used by records professionals or people who have responsibility for records in their organizations and by auditors or managers who have responsibility for risk management programs in their organizations.

Committee
IDT/2/17
DocumentType
Standard
Pages
48
PublisherName
British Standards Institution
Status
Current

Standards Relationship
ISO/TR 18128:2014 Identical

BS 10012(2017) : 2017 DATA PROTECTION - SPECIFICATION FOR A PERSONAL INFORMATION MANAGEMENT SYSTEM

ISO/TR 23081-3:2011 Information and documentation Managing metadata for records Part 3: Self-assessment method
ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements
ISO 30300:2011 Information and documentation Management systems for records Fundamentals and vocabulary
ISO 31000:2009 Risk management Principles and guidelines
ISO/TR 15489-2:2001 Information and documentation Records management Part 2: Guidelines
ISO/IEC 27005:2011 Information technology Security techniques Information security risk management
ISO 23081-1:2017 Information and documentation — Records management processes — Metadata for records — Part 1: Principles
ISO 15489-1:2016 Information and documentation Records management Part 1: Concepts and principles
ISO 23081-2:2009 Information and documentation Managing metadata for records Part 2: Conceptual and implementation issues
ISO Guide 73:2009 Risk management — Vocabulary

View more information
£246.00
Excluding VAT

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.