What is the most common mistake organizations make when they say they are 'ISO 15489 compliant'?
The single most common mistake is treating ISO 15489 as a certification you “pass” rather than a framework you implement. ISO 15489-1 is a guidance standard for managing records — it describes principles, concepts, and good practice. It is not a certifiable management-system standard in the way some other ISO standards are. Saying you are “ISO 15489 certified” or “ISO 15489 compliant” often signals a misunderstanding of what the standard actually is.
The “Certified” Misconception
Because many organizations are familiar with auditable, certifiable standards, they assume ISO 15489 works the same way. It does not. There is no certificate that proves conformance. What you can credibly claim is that your records program is aligned with or based on the principles in ISO 15489 — and even that claim should be backed by evidence, not just intent.
Buying Software Is Not Compliance
A closely related error is equating compliance with technology. Installing a system that is described as “ISO 15489 ready” does not make an organization aligned with the standard. The standard is about records management as a discipline:
- Authentic, reliable, usable records with documented integrity
- Retention and disposition driven by appraisal and authorized schedules
- Metadata that supports context, control, and traceability over time
- Defined policies, responsibilities, and ongoing monitoring
Software can support these outcomes, but people, policy, and process produce them.
What Real Alignment Looks Like
Genuine alignment means you have done the analytical work the standard expects: understanding your business and legal requirements, identifying which records you must keep and for how long, classifying them consistently, and protecting them through their full lifecycle. It means your practices are documented and reviewed, so you can demonstrate — not merely assert — that records are managed reliably.
This is why mature programs anchor their schedules and policies in actual legal and business obligations, much as government programs are built on authorized retention schedules and records-management policy maintained by bodies like the National Archives.
The Takeaway
Treat ISO 15489 as a roadmap for building a defensible records program, not a badge to display. Claim alignment honestly, document how you achieve it, and be prepared to show your work.
Learn more on the compliance and standards topic hub.
Sources & further reading
Authoritative government and non-profit references.
- ISO 15489-1 Records management — ISO
- Records management (NARA) — National Archives (NARA)
How to cite this page
APA
RM University Editorial. (2026). What is the most common mistake organizations make when they say they are 'ISO 15489 compliant'?. Records Management University. https://www.recordsmgmt.org/questions/most-common-mistake-claiming-iso-15489-compliant/
MLA
RM University Editorial. "What is the most common mistake organizations make when they say they are 'ISO 15489 compliant'?." Records Management University, 16 June 2026, www.recordsmgmt.org/questions/most-common-mistake-claiming-iso-15489-compliant/.
Related questions
- Can a commercial off-the-shelf system meet the NARA Universal ERM Requirements without being DoD 5015.2 certified?
- Can a company be fined or sanctioned for not following ISO 15489 in a lawsuit?
- Can a US company store its records on servers in another country, and what cross-border data rules apply?
- Can following ISO 15489 actually help us pass an audit or hold up in court?
- Can I just adopt ISO 15489 word-for-word as our records policy, or does it not work that way?