a) establishes a method of analysis for identifying risks related to records processes and systems,
b) provides a method of analysing the potential effects of adverse events on records processes and systems,
c) provides guidelines for conducting an assessment of risks related to records processes and systems, and
d) provides guidelines for documenting identified and assessed risks in preparation for mitigation.
ISO/TR 18128:2014 can be used by all organizations regardless of size, nature of their activities, or complexity of their functions and structure. These factors, and the regulatory regime in which the organization operates which prescribes the creation and control of its records, are taken into account when identifying and assessing risk related to records and records systems.
ISO/TR 18128:2014 can be used by records professionals or people who have responsibility for records in their organizations and by auditors or managers who have responsibility for risk management programs in their organizations.