This checklist is a tool for managing risks to the creation and maintenance of records.
It can be used to assess compliance with the standard. Where a requirement is not
met, an organisation must assess the risks involved and plan to address them.
| Principle/Requirement | Yes | No | If No, What Risks Exist? | Actions Required to Treat Risks |
| Principle 1: Recordkeeping Must be Planned and Implemented Recordkeeping policies and procedures (compliant with legal, regulatory and administrative requirements) must be implemented and must clearly assign recordkeeping responsibilities and appropriate resources and training. |
||||
| 1. Responsibility for recordkeeping compliance must be assigned and endorsed by the administrative head. |
||||
| 2. Organisations must have a defined, documented and implemented policy for recordkeeping, which is regularly reviewed. |
||||
| 3. Organisations must have defined, documented and implemented procedures for recordkeeping which are regularly reviewed. |
||||
| 4. Recordkeeping responsibilities and resources must be defined, supported and assigned. |
||||
| 5. A programme of internal recordkeeping monitoring and compliance must be developed and implemented. |
||||
| Principle 2: Full and Accurate Records of Business Activity Must be Made Full and accurate records must be made of all business activity for the whole organisation; records should be identified and created to document and facilitate the transaction of business. |
||||
| 6. The functions and business activities of an organisation must be identified and documented, including any functions contracted out. |
||||
| 7. Records of business decisions and transactions must be created. |
||||
| 8. All records of business activity must be captured routinely into an organisation-wide recordkeeping framework. |
||||
| 9. Staff must receive appropriate, and regular, training for organisational recordkeeping responsibilities. |
||||
| Principle 3: Records Must Provide Authoritative and Reliable Evidence of Business Activity Organisations must be able to demonstrate that records captured are authentic, reliable, complete, comprehensive, useable, tamperproof and have integrity. |
||||
| 10. Records must be authentic: organisations must accurately document their creation, receipt, and transmission. |
||||
| 11. Records must have reliability and integrity: records must be maintained unaltered. |
||||
| 12. Records must be useable, retrievable and accessible. |
||||
| 13. Records must be complete, recording the content and contextual information necessary to document an activity. |
||||
| 14. Records must be comprehensive and provide authoritative evidence of all business activities. |
||||
| Principle 4: Records Must be Managed Systematically Records must be managed systematically across both recordkeeping systems and business systems within an organisational recordkeeping framework. |
||||
| 15. Records must be identified and captured within a recordkeeping framework. |
||||
| 16. Records must be organised according to a business classification scheme. |
||||
| 17. Records must be reliably maintained over time within a recordkeeping framework. |
||||
| 18. Records must be useable, accessible and retrievable for the entire period of their retention. |
||||
| 19. Records’ contextual and structural integrity must be maintained over time. |
||||
| 20. Retention and disposal actions must be applied systematically. |
| « Previous page | Table of contents |