Purpose The purpose of this paper is to demonstrate that records management frameworks need to be risk based, flexible and aligned to wider information management objectives. The paper outlines some of the changes, challenges and opportunities now and on the horizon for records managers. The paper argues that through embedding the international information security standard ISO 27001 in conjunction with the records management standard ISO 15489, holistic information governance strategies will be delivered that are responsive to change. Design/methodology/approach The paper provides a discussion on the challenges facing records and information management professionals and suggests that ISO 27001 provides some of the systems' solutions lacking from ISO 15489. Findings The alignment of ISO 27001 to ISO 15489 strengthens the delivery of existing records management systems and its drivers. This is critical to build strong information governance programmes, which enable risks to be assessed in an ever-changing information management world. Practical implications Successful implementation of records management requires alignment with wider information standards and strategies to deliver holistic information management and governance. Originality/value – This research will assist in promoting best practice in records management and information governance.