Mobile Edition
Print
Get the Mag
Weekly UpdatesThe British Standards Institute (BSI) has released two standards--one published, one in draft form--in response to electronic information management issues.
In December BSI published BS 10008, Evidential Weight and Legal Admissibility of Electronic Information Specification. The standard prescribes best practices for implementing and operating information management systems so the e-records held in them are less likely to be challenged as evidence. The standard comes in response to the growing number of lawsuits involving e-discovery in the United Kingdom, according to an article in IT-Director.com.
For electronic documents to be admissible, BS 10008 stipulates they must be managed by a secure system throughout their lifetime and specifies requirements for ensuring the documents' availability over time. The standard deals with authenticity and integrity issues, particularly around the transfer of electronic information from one computer to another. It also covers electronic identity verification and electronic signatures, especially for where it is important to link an electronic identity to particular electronic documents. The standard is generic and can be used by public or private entities. BS 10008 is available for 100 [pounds sterling] (about $144 U.S.) at www.bsigroup.com/en/ Shop/Publication-Detail/?pid= 000000000030172973.
In mid-2009, BSI is expected to publish BS 10012, Specification for the Management of Personal Information in Compliance with the Data Protection Act 1998. The standard, now in draft form, targets public and private organizations that store personal information and comes on the heels of several highly publicized data breaches in Great Britain and other parts of the world.
BS 10012 is expected to provide a framework for complying with EU data protection directives--the first standard to do so. It is a management systems standard that follows the Plan-Do-Check-Act format similar to those found in ISO 9001 for quality and ISO 27001 for information technology security.
Rather than prescribing specific operations, BS 10012 focuses on establishing the framework necessary to manage personal information effectively, offering organizations advice on establishing a positive culture, realizing the need for staffing with regard to data processing and protection, and providing employees with sufficient guidance.
More information about BS 10012 is available at www.bsigroup.com /en/About-BSI/NewsRoom/BSI-News-Content/Discipl ines/Information-Management / DPC-BS-10012.
FEED