What should we do if a new version of ISO 15489 or the NARA Universal ERM Requirements is released after we already built our program to the old one?
A new edition of a standard is not a crisis, and it rarely means starting over. Standards like ISO 15489 and the NARA Universal Electronic Records Management (ERM) Requirements are revised precisely because recordkeeping practice evolves. Treat a release as a scheduled maintenance event, not an emergency rebuild.
Don’t panic, and don’t rip and replace
Most revisions refine, clarify, or extend existing concepts rather than overturn them. The core principles, reliable, authentic records that remain usable and properly retained, tend to carry forward. A program built thoughtfully to a prior edition usually satisfies the majority of the new one already. Your job is to find and close the gaps, not to discard work that still serves you.
Run a structured gap analysis
When a new version lands, work through it deliberately:
- Obtain the new text and any official crosswalk. Standards bodies and NARA often publish a summary of what changed between editions.
- Map old requirements to new. Identify what is unchanged, what is reworded, what is genuinely new, and what was removed or relaxed.
- Assess your current state against the deltas only. Concentrate effort where real differences exist.
- Score each gap by risk and effort. Some changes are documentation updates; others may touch systems, metadata, or retention logic.
Plan, prioritize, and document
Turn the gap analysis into a remediation roadmap with owners and realistic timelines. Sequence high-risk or low-effort items first. Coordinate with IT, legal, and information security, since changes to capture, metadata, or disposition may ripple across systems.
Crucially, record your decisions. If you choose to defer or not adopt a particular change, document the rationale. A defensible program is one whose choices are explained and dated.
Build in continuous monitoring
The deeper lesson is to stop treating standards as static. Assign someone to watch for revisions, schedule periodic program reviews, and version-control your policies so you always know which edition you are conforming to. A program designed to be revisited absorbs the next release with far less disruption.
For related guidance, see the compliance and standards hub.
Sources & further reading
Authoritative government and non-profit references.
- ISO 15489-1 Records management — ISO
- Records management policy and guidance — National Archives (NARA)
How to cite this page
APA
RM University Editorial. (2026). What should we do if a new version of ISO 15489 or the NARA Universal ERM Requirements is released after we already built our program to the old one?. Records Management University. https://www.recordsmgmt.org/questions/what-to-do-when-a-records-standard-is-updated-after-we-built-our-program/
MLA
RM University Editorial. "What should we do if a new version of ISO 15489 or the NARA Universal ERM Requirements is released after we already built our program to the old one?." Records Management University, 16 June 2026, www.recordsmgmt.org/questions/what-to-do-when-a-records-standard-is-updated-after-we-built-our-program/.
Related questions
- Can a commercial off-the-shelf system meet the NARA Universal ERM Requirements without being DoD 5015.2 certified?
- Can a company be fined or sanctioned for not following ISO 15489 in a lawsuit?
- Can a US company store its records on servers in another country, and what cross-border data rules apply?
- Can following ISO 15489 actually help us pass an audit or hold up in court?
- Can I just adopt ISO 15489 word-for-word as our records policy, or does it not work that way?