BS 10008 Legal Admissibility of Electronic Information
1. BS 10008: Evidential
Weight and Legal
Admissibility of
Electronic Information
Joe Chapman
Aberdeenshire Council
IRMS Scotland, 15 June 2015
2. BS
10008
NOT TO BE CONFUSED WITH…
ISO 10008 – guidance for a
business-to-consumer electronic
commerce transaction system
BUT SIMILAR TO…
ISO 15801 – information stored
electronically: recommendations
for trustworthiness and reliability
3. What’s it
all
about?
British standard – best practice
Implementation and operation
of electronic information
management systems
Storage and transfer
Verification and authentication
Availability and accessibility
4. Benefits
Convert paper records to digital
Save on costs of paper storage
Managing information over long
periods inc. migration/upgrades
Copyright, tracking & verification
Authenticate digital signatures
Risk management approach
5. What’s
changed
?
In accordance with Annex SL –
new 10-clause format for all
management system standards
Recognising technological and
cultural changes in IM
Structured data now included…!
Stewardship of information as
an organisational activity
Aligns with other standards
… and accompanied by 3-part BIP 0008 – the Code of Practice for Legal Admissibility of Information Stored Electronically
5 discrete steps in the ‘lifecycle’ of a document (electronic or paper):
Creation, Communication, Live Usage, Retention and Archiving.
The Codes allow for all of these steps to be electronic.
BS 10008 is for use in any application where information is created, stored, communicated, used, and/or archived in an electronic form.
The ‘lifecycle’ cost of a document has been calculated to be £5.
With the increasing use of documents (estimated at rising about 20% per annum),
this cost is becoming recognised as significant in an organisations administration overheads.
Savings of around 25% on this cost can be achieved from inter-organisational trading using Electronic Originals.
Information authenticity and integrity – increasingly important – dispute resolution
Heightened awareness of critical information held in business systems
Traditionally, paper records – certain to be accepted as valid and admissible in legal proceedings
Purpose of BS 10008 – ensuring electronic information is trustworthy and afforded equivalent evidential weight
BS 10008 specifies requirements for management and availability of electronic information over time
Includes use of electronic signatures and copyright, and the linking of electronic identity to documents
Three Main Headings – Information Stored Electronically; Information Communicated Electronically; Linking Electronic Identity to Documents
Most effective way to manage a major digitisation process, involving:
Complex technology
Lots of sensitive data
Large number of users
Compulsory element of any document scanning project –
e.g. NHS Records Management Code of Practice – scanned paper records destroyed only if system compliant (‘paperless by 2018’)
Another BSI case study – PWC – world’s largest professional services firm – clean working environments, reliable information
Scope of standard covers not only the electronic records management system but the scanning process too
Certification of both the EDM systems and the related working practices is required for compliance
Annex SL – 10 clauses; 45 ‘shall’ statements -> 84 requirements; standardised to simplify use of 1 or more management system standards
2014 revision designed to recognise significant changes in:
the way electronic information is managed as an asset by organisations
the sophistication of and reliance upon IT systems for managing information
Two-year transition period for BS 10008-compliant companies to move to the new version
Aligns with:BS EN ISO 9001: Quality management systems
BS ISO/IEC 27001: Information security management systems
BS ISO 14001: Environmental management systems
So if you’ve got £160 going spare, it might be worth a read!