How do you write a records management policy that aligns with both ISO 15489 and DoD 5015.2 without contradicting either?
The two frameworks operate at different levels, so they rarely contradict each other in practice—the trick is to recognize which problem each one solves and let them work together.
Understand What Each Standard Governs
ISO 15489 is a management standard. It defines the principles of trustworthy recordkeeping: that records should be authentic, reliable, complete, and usable, and that they should be created, captured, and managed through a deliberate program. It tells you what good recordkeeping looks like and why.
DoD 5015.2 is a systems standard. It specifies functional and technical requirements that records management software must meet—classification, scheduling, retention, freeze/hold, and destruction capabilities. It tells you how a system must behave to support recordkeeping.
Because one addresses program design and the other addresses system capability, they complement rather than compete.
Build the Policy in Layers
Structure your policy so each standard governs its natural layer:
- Principles layer (ISO 15489): State the program’s purpose, scope, roles and responsibilities, and the characteristics every record must have. Use ISO’s vocabulary—capture, classification, appraisal, disposition—as your conceptual backbone.
- Requirements layer (DoD 5015.2): Describe the capabilities your recordkeeping systems must provide to enforce those principles, such as applying retention schedules, managing holds, and producing auditable disposition.
- Procedures layer: Map day-to-day workflows to both, showing how a system function satisfies a stated principle.
Resolve Apparent Conflicts by Hierarchy
When wording seems to clash, defer to your governing legal and regulatory authority first, then ISO principles, then DoD functional detail. ISO is intentionally flexible, so you can almost always express its principles in terms DoD-compliant systems already support.
Practical Tips
- Use one controlled glossary; define each term once and cite its source.
- Keep retention and disposition authority tied to your records schedule, not to either standard.
- Document a crosswalk table mapping policy statements to the relevant clause or requirement so auditors see alignment explicitly.
A sound, well-documented program structure is what regulators expect. For related guidance, see the compliance and standards topic hub.
Sources & further reading
Authoritative government and non-profit references.
- ISO 15489-1 Records management — ISO
- Records management policy and guidance — National Archives (NARA)
How to cite this page
APA
RM University Editorial. (2026). How do you write a records management policy that aligns with both ISO 15489 and DoD 5015.2 without contradicting either?. Records Management University. https://www.recordsmgmt.org/questions/how-to-write-a-records-policy-aligning-iso-15489-and-dod-5015-2/
MLA
RM University Editorial. "How do you write a records management policy that aligns with both ISO 15489 and DoD 5015.2 without contradicting either?." Records Management University, 16 June 2026, www.recordsmgmt.org/questions/how-to-write-a-records-policy-aligning-iso-15489-and-dod-5015-2/.
Related questions
- Can a commercial off-the-shelf system meet the NARA Universal ERM Requirements without being DoD 5015.2 certified?
- Can a company be fined or sanctioned for not following ISO 15489 in a lawsuit?
- Can a US company store its records on servers in another country, and what cross-border data rules apply?
- Can following ISO 15489 actually help us pass an audit or hold up in court?
- Can I just adopt ISO 15489 word-for-word as our records policy, or does it not work that way?