Records and document management in the IT Governance frameworks: best practices and standardization (COBIT framework)
DOI:
https://doi.org/10.3989/redc.2020.3.1666Keywords:
Records management, technical standards, COBIT, reference frameworks, information assets managementAbstract
Organizations have at their disposal different standards that provide guidance for the governance and management of information services and systems. These standards are made up of the best practices developed by public and private organizations. They are also presented in the form of frameworks that define objectives, key process indicators and processes. Entities can use these frameworks and standards as a basis to define their own internal processes and compare them with the best practices in the industry. Among these frameworks, one that is especially relevant is the COBIT model developed by ISACA (Information Systems Audit and Control Association) and international standards like ISO/IEC 38500. This paper analyses the presence of document management practices and specific standards (in particular ISO 15489 and ISO 30300) within the COBIT framework.
Downloads
References
AENOR (2011). UNE-ISO/IEC 20000-1:2011, Tecnología de la información. Gestión del Servicio. Parte 1: Requisitos del Sistema de Gestión del Servicio (SGS). Madrid: AENOR.
AENOR (2011). UNE-ISO 30301:2011, Información y documentación. Sistemas de gestión para los documentos. Requisitos. Madrid: AENOR.
AENOR (2013). UNE-ISO 38500:2013, Gobernanza corporativa de la Tecnología de la Información (TI). Madrid: AENOR.
AENOR (2016). UNE-ISO 15489-1:2016, Información y documentación. Gestión de documentos. Parte 1: Conceptos y principios. Madrid: AENOR.
AENOR (2017). UNE-EN ISO/IEC 27001:2017, Tecnología de la información. Técnicas de seguridad. Sistemas de Gestión de la Seguridad de la Información. Requisitos. (ISO/IEC 27001:2013 incluyendo Cor 1:2014 y Cor 2:2015). Madrid: AENOR.
Anderson, K.A. (2012). A Case for a Partnership Between Information Security and Records Information Management. ISACA Journal, vol. 2, 1-5.
Andreeva, S.; Velikanova, S.; Chernykh, O.; Kozhushkova, N.; Samarokova, I.; Arakcheeva, Z. (2017). The Risk- Based Thinking in Managing Documents as Assets. International Journal of Economic Perspectives, 11 (2), 829-837.
Birks, M.; Mills, J. E. (2011). Grounded Theory: a Practical Guide. Los Angeles: Sage.
Bustelo, C. (2007). Norma UNE ISO 15489. Gestión de documentos. Anuario ThinkEPI, vol. 1, 146-147.
Clements, T. (2018). Maintaining Data Protection and Privacy beyond GDPR Implementation. Rolling Meadows, IL: ISACA. 20 p.
Conde-Hernad, J.M.; Gonzalez-Gaya, C. (2013). Methodology for implementing a Document Management System to support ISO 9001:2008 Quality Management Systems. Procedia Engineering, vol. 63, 29-35. https://doi.org/10.1016/j.proeng.2013.08.225
Dhérent, C. (2006). Document management at the French National Library. Records Management Journal, 16 (2), p. 97-101. https://doi.org/10.1108/09565690610677454
Financial Reporting Council (1992). The Financial Aspects of Corporate Governance. London: GEE, [90 p.] ISBN 085258 9158.
García-Alsina, M. (2012) Contribución de la serie ISO 30300 a la gestión de la documentación judicial. Ibersid. Revista de Sistemas de Información y Documentación, vol. 6, 135-143.
García-Morales, E. (2014). Un encaje perfecto: ISO 30300 y sistemas integrados de gestión empresarial. Anuario ThinkEPI, vol. 8, 153-155.
Gelbstein, E. D. (2016). IS Audit Basics: The Domains of Data and Information Audits. ISACA Journal, vol. 6, 1-4.
Glinz, M.; Fricker, S. A. (2015). On shared understanding in software engineering: an essay. Computer Science - Research and Development, vol. 30, 363-376. https://doi.org/10.1007/s00450-014-0256-x
Grimal-Santos, O.; Vaquero-Lorenzo, P.; Vian-del-Pozo, M. J. (2009). El archivo parlamentario de las Cortes de Castilla y León: Implementación de un sistema de gestión documental (aplicación práctica de la norma ISO 15489). Tabula, vol. 11, 345-358.
Hamidovic, H. (2010). An Introduction to Digital Records Management. ISACA Journal vol. 6, 1-6.
Hamidovic, H. (2014). Electronic Documents Information Security Compliance. ISACA Journal vol. 3, 1-3.
Healy, S. (2010). ISO 15489 Records Management: its development and significance. Records Management Journal, vol. 20 (1), 96-103. https://doi.org/10.1108/09565691011039861
Hoda, R.; Noble, J.; Marshall, S. (2010). Using grounded theory to study the human aspects of software engineering. En: Human Aspects of Software Engineering. ACM, 5. https://doi.org/10.1145/1938595.1938605
Hook, N. (2015). Grounded theory. En: Game Research Methods, 309-320. ETC Press.
ISACA (2012a). COBIT® 5: un marco de negocio para el gobierno y la gestión de las TI de la empresa. Rolling Meadows, IL: ISACA. 94 p. ISBN: 978-1-60420-282-3.
ISACA (2012b). COBIT® 5: Procesos catalizadores. Rolling Meadows, IL: ISACA. 230 p. ISBN: 978-1-60420-285-4.
ISACA (2013). Información Catalizadora. Rolling Meadows, IL: ISACA, 102 p. ISBN 978-1-60420-554-1.
ISACA (2017). Getting Started with Data Governance using COBIT 5: Design And Delivery Of Data Governance, 20 p. Disponible en: http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/Getting-Started-with-Data-Governance-Using- COBIT-5.aspx (última consulta 12/07/2019)
ISACA (2018a). Marco de Referencia COBIT® 2019: Objetivos de gobierno y gestión. Schaumburg, IL: ISACA, 302 p., ISBN 978-1-60420-790-3.
ISACA (2018b). Guía de implementación de COBIT® 2019: Implementación y optimización de una solución de gobierno de Información y Tecnología. Schaumburg, IL: ISACA, 78 p., ISBN 978-1-60420-794-1
ISACA (2018c). Guía de diseño COBIT® 2019: Diseño de una solución de Gobierno de Información y Tecnología. Schaumburg, IL: ISACA, 150 p., ISBN 978-1-60420-793-4
ISACA (2018d). Marco de referencia COBIT® 2019: Introducción y metodología. Schaumburg, IL: ISACA, 64 p., ISBN 978-1-60420-788-0.
Joseph, P.; Debowski, S.; Goldschmidt, P. (2012) Paradigm shifts in recordkeeping responsibilities: implications for ISO 15489's implementation. Records Management Journal, vol. 24 (1), 57-75. https://doi.org/10.1108/09565691211222108
Junceda, J. (2018). Programas de cumplimiento y sector público. Especial mención a las empresas y entes públicos. Presupuesto y gasto público, no. 91, 169-178.
Lomas, E. (2010) Information governance: information security and access within a UK context. Records Management Journal, vol. 20 (2), 182-198. https://doi.org/10.1108/09565691011064322
López-Arranz, A. (2019). El trabajador con funciones de compliance officer en la empresa, en Europa y España. Revista de Investigación del Departamento de Humanidades y Ciencias Sociales, no. 15, 1-20
Moro-Cabero, M. (2011). La relevancia de auditar requisitos de información en el diseño de sistemas de gestión de documentos: métodos tradicionales, enfoques emergentes. Investigación Bibliotecologica, vol. 25 (53), 201-230. https://doi.org/10.22201/iibi.0187358xp.2011.53.27475
Moro-Cabero, M.; Martin-Pozuelo, M. P.; Bonal-Zazo, J. L. (2011). ISO 15489 and other standardized management systems: analogies and synergies. Records Management Journal, vol. 21 (2), 104-121. https://doi.org/10.1108/09565691111152044
OCDE (1998). Principles of Corporate Governance, Paris: OECD Publishing. 45 p.
Oliver, G. (2014). International records management standards: the challenges of achieving consensus. Records Management Journal, vol. 24 (1), 22-31. https://doi.org/10.1108/RMJ-01-2014-0002
Runeson, P.; Höst, M.; Rainer A.; Regnell, B. (2012). Case study research in software engineering: guidelines and examples. Hoboken, N.J.: https://doi.org/10.1002/9781118181034
Smallwood, R. F. (2014). Information governance, IT governance, data governance: what's the difference? En: Information Governance: Concepts, Strategies, and Best Practices. Wiley. ISBN: 978-1-118-21830-3.
Strait, C. (2010). Building a business case for records management. ISACA Journal, vol. 6, 1-3.
Published
How to Cite
Issue
Section
License
Copyright (c) 2020 Consejo Superior de Investigaciones Científicas (CSIC)
This work is licensed under a Creative Commons Attribution 4.0 International License.
© CSIC. Manuscripts published in both the printed and online versions of this Journal are the property of Consejo Superior de Investigaciones Científicas, and quoting this source is a requirement for any partial or full reproduction.All contents of this electronic edition, except where otherwise noted, are distributed under a “Creative Commons Attribution 4.0 International” (CC BY 4.0) License. You may read here the basic information and the legal text of the license. The indication of the CC BY 4.0 License must be expressly stated in this way when necessary.
Self-archiving in repositories, personal webpages or similar, of any version other than the published by the Editor, is not allowed.