ISO 15489-1:2016 — Information and Documentation · Records Management
ISO 15489-1:2016 — Information and Documentation · Records Management — 50% covered.
6 requirements · 3 enforced · 0 designed · 0 advisory · 0 deferred.
Source: ISO 15489-1:2016 (Information and documentation — Records management — Part 1: Concepts and principles) sets the principles for creating, capturing and managing authentic, reliable, usable records with documented metadata, retention authority, and access controls. KYE Protocol™ does NOT manage, store, classify, or retain records — Iron Mountain governs INFORMATION (records, custody, retention, classification, IDP). KYE Protocol™ governs ACTION: who was authorised to act on a record, whether that action was admissible, evidenced, final, and revocable. KYE Protocol™ retains its OWN proof-of-governance evidence chain (NOT the customer's records). The records-storage / retention-schedule / disposition requirements are records-management's job and map out-of-scope; the chain-of-authority overlay (the moment a custodied/classified record drives a consequential AI action) is KYE Protocol™'s job and maps enforced. · License: ISO copyright — citation only; KYE registry cites clause structure for mapping purposes (no normative text reproduced).
By category
| Category | Reqs | Enforced | Designed | Advisory | Deferred | Coverage |
|---|---|---|---|---|---|---|
| Records authenticity & reliability (authority overlay) | 2 | 2 | 0 | 0 | 0 | 100% |
| Records access & permissions (authority overlay) | 1 | 1 | 0 | 0 | 0 | 100% |
| Records creation, capture & metadata (records-management) | 1 | 0 | 0 | 0 | 0 | 0% |
| Retention schedule & disposition authority (records-management) | 1 | 0 | 0 | 0 | 0 | 0% |
| Records storage & preservation (records-management) | 1 | 0 | 0 | 0 | 0 | 0% |
Every requirement → the KYE™ artefact that enforces it
| ID | Title | Status | KYE™ enforcement |
|---|---|---|---|
iso-15489.authenticity-authority-binding |
Record authenticity at the action boundary: a custodied record may only drive a consequential AI action under a recorded named-authority decision | enforced | audit_events: kye.purpose.request.v1, kye.purpose.admissibility.v1, kye.evidence.decision_map.v1engines: internal, internalrule_packs: kye:rule-pack:chain-of-authority-insightconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
iso-15489.reliability-evidence-pin |
Record reliability: every authority decision over a custodied record emits a signed, replay-provable evidence pin | enforced | audit_events: kye.evidence.pack.v1, kye.replay.context_seal.v1, kye.replay.proof.v1engines: internal, internalrule_packs: kye:rule-pack:chain-of-authority-insightconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
iso-15489.access-permission-overlay |
Records access & permissions: an AI action on a record is refused unless the actor holds the required permission scope | enforced | audit_events: kye.purpose.admissibility.v1, kye.evidence.decision_map.v1engines: internal, internalrule_packs: kye:rule-pack:chain-of-authority-insightconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
iso-15489.records-capture-metadata |
Records creation, capture & metadata (records-management — owned by the information custodian, not KYE™) | out-of-scope | constitution_refs: constitution/30-AUDIT-WORM-RETENTION.md |
iso-15489.retention-disposition-authority |
Retention schedule & disposition authority (records-management — KYE™'s audit-retention is NOT the customer's records-retention) | out-of-scope | constitution_refs: constitution/30-AUDIT-WORM-RETENTION.md |
iso-15489.storage-preservation |
Records storage & preservation (records-management — owned by the information custodian, not KYE™) | out-of-scope | constitution_refs: constitution/16-EDGE-RUNTIME.md |