Analysis methodologies


Three different Technical Reports provide records professionals with the best practices in analysing business context,  business activities, work processes and risk, to enable decision making on what records to create, and how to ensure the appropriate management of records, over time.  

The ISO/TR 21946: 2018 Appraisal for managing records provides guidance on performing appraisal work, specifically:

  1. developing an understanding of the nature of the business and its legal, resourcing and technological setting; andPDCA wheel
  2. using risk assessment to determine what records should be created and how they should be managed to meet the range of applicable requirements. This involves assessing:
    • the risks affecting the business generally, and
    • risks that can be managed through the creation, capture and management of records.

The ISO/TR 26122:2008 - Work process analysis for records  was developed to provide records professionals with the best practices in analysing work processes as the starting point for identifying records requirements in the workplace. As a foundation activity for records management, work process analysis is the basis for identifying:

  • the information flow;
  • the records of decisions required;
  • the grouping (classification) of records;
  • the retention requirements;
  • the links (interdependencies) between processes and systems.

ISO/TR 26122 provides an overview of the main forms of analysis and a series of checklists to assist practitioners to implement the analysis. The analysis is scalable – for one process, for a series of activities, or a whole organisation – and no steps are mandatory. Practitioners should select the form and steps of the analysis which best fit the scale and purpose of the records management task.

The ISO/TR 18128: 2014 Risk assessment for records processes and systems  provides a systematic and comprehensive method for assessing the risks related to records processes and systems. It includes an identification of areas of uncertainty and gudelines to apply ISO 31000 Risk management to the managing of records over time. 

In conjunction the three of them describe the foundational work that is needed to produce:

  • hierarchical breakdowns of business functions and activities;
  • work process analyses;
  • defined requirements for creating and managing records; and
  • risk assessments.