STANDARTINFORM prepared an overview of new national standard «Information and documentation. Risk assessment for records processes and systems» due to the World Information Day which is celebrated annually on the 26th of November.
GOST R 57551–2017 will be implemented since July 1, 2019.
This standard will help specialists on document management and employees who are responsible for work with documents in their organizations to assess risks associated with records processes and systems (software applications where documents are created and stored).
Organization should also determine which documents are key ones for the purposes of fulfilling of its activities.
Priority set for separate documents, their arrays, record processes or specific document systems can also be taken into account due to response to major emergencies affecting all or many business operations. For example, certain documents such as addresses and telephone numbers of emergency services, information about entry of persons into the facility, contact details of emergency response teams, contact details of insurance companies and specific insurance conditions may be needed immediately after a natural disaster.
Organizations should determine which business functions should be restored first of all and which documents will be needed for this purposes while planning for ensuring of their business continuity.
GOST R establishes method of analysis conducted to identify risks and describes method of analysis of potential consequences from adverse events for records processes and systems; contains recommendations for risk assessments and documentation of identified and assessed risks.
Risk identification is carried out in the following areas: analysis of context of activities (external and internal), systems and processes used in creation and management of documents of organization.
Vitality of document systems depends on monitoring of changes in internal and external context of organization. In these cases systems can be updated and are able to respond to changing needs.
Process of risk identification includes establishment of causes and sources of risk, events, situations or circumstances that can significantly affect achievement of goals of organization as well as clarification of nature of such influence.