This British Standard gives recommendations and guidance for the implementation and operation of information management systems that manage information electronically (including where the electronic information is transferred from one computer system to another) and where the issues of authenticity, integrity and availability as required for legal admissibility and evidential weight are important. It describes the processes for use in the identification and development of policies and procedures as specified in BS 10008\u20111, in relation to the management of electronically stored information (ESI).<\/p>\n
This British Standard is applicable to any system that:<\/p>\n
stores and\/or transmits information electronically;<\/p>\n<\/li>\n
uses any type of database or other electronic system; and\/or<\/p>\n<\/li>\n
manages information electronically, using any type of electronic storage medium including write\u2011once\u2011read\u2011many (WORM) and rewritable technologies.<\/p>\n<\/li>\n<\/ol>\n
This British Standard also covers procedures and processes relevant to the following ESI authentication principles:<\/p>\n
electronic identity verification \u2013 proving the genuineness of the individual\/organization that produced, transferred and\/or stored the electronic document;<\/p>\n<\/li>\n
electronic signature \u2013 the application of the legal equivalent of a \u201cpen and ink\u201d signature on a paper document;<\/p>\n<\/li>\n
electronic copyright \u2013 the application of a copyright mark to ESI; and<\/p>\n<\/li>\n
linking the electronic identity and\/or electronic signature and\/or electronic copyright to the particular ESI (and preventing compromise to its integrity).<\/p>\n<\/li>\n<\/ol>\n
It covers aspects of the information management processes that affect the use of ESI in normal business transactions, even where legal admissibility per se is not an issue. Such aspects include the legibility, accuracy and completeness of the ESI, and the transfer of the ESI to other systems.<\/p>\n
This British Standard is also applicable to electronic identity management systems and can be applied to any form of electronic identity management system, irrespective of the technology used.<\/p>\n
This British Standard is intended for:<\/p>\n
end user organizations that wish to ensure that ESI captured by, imported into, stored and\/or transmitted within their information management systems can be used with confidence as evidence in any dispute, within or outside a court of law;<\/p>\n<\/li>\n
end user organizations that wish to ensure that electronic identity management systems can be used with confidence as evidence in any dispute, within or outside a court of law; and<\/p>\n<\/li>\n
integrators and developers of information management systems that provide facilities to meet user requirements.<\/p>\n<\/li>\n<\/ul>\n
This British Standard does not cover processes used to evaluate the authenticity of ESI prior to it being imported into the system. However, it can be used to demonstrate that output from the information management system is a true record of what was imported.<\/p>\n
Compliance with this British Standard does not guarantee legal admissibility. It defines good practice.<\/p>\n
| PDF Pages<\/th>\n | PDF Title<\/th>\n<\/tr>\n | ||||||
|---|---|---|---|---|---|---|---|
| 5<\/td>\n | Foreword <\/td>\n<\/tr>\n | ||||||
| 7<\/td>\n | 0 Introduction 0.1 Management summary 0.2 Purpose of this British Standard <\/td>\n<\/tr>\n | ||||||
| 8<\/td>\n | 0.3 Compliance 0.4 Information as an asset <\/td>\n<\/tr>\n | ||||||
| 9<\/td>\n | 0.5 Technology 0.6 Management framework 0.7 Brief history of this British Standard 1 Scope <\/td>\n<\/tr>\n | ||||||
| 10<\/td>\n | 2 Normative references 3 Terms and definitions <\/td>\n<\/tr>\n | ||||||
| 16<\/td>\n | 4 Context of the organization <\/td>\n<\/tr>\n | ||||||
| 17<\/td>\n | 4.1 General 4.2 Issues <\/td>\n<\/tr>\n | ||||||
| 20<\/td>\n | Figure 1 \u2014 Encryption keys <\/td>\n<\/tr>\n | ||||||
| 21<\/td>\n | Figure 2 \u2014 Hierarchy of trust 4.3 Requirements 4.4 Boundaries and applicability <\/td>\n<\/tr>\n | ||||||
| 22<\/td>\n | 5 Leadership 5.1 Leadership and commitment 5.2 Policy statements <\/td>\n<\/tr>\n | ||||||
| 32<\/td>\n | 5.3 Roles and responsibilities of workers <\/td>\n<\/tr>\n | ||||||
| 34<\/td>\n | 5.4 Legal and regulatory environment <\/td>\n<\/tr>\n | ||||||
| 35<\/td>\n | 6 Planning 6.1 Actions to address risks and opportunities <\/td>\n<\/tr>\n | ||||||
| 36<\/td>\n | 6.2 Objectives and achievements <\/td>\n<\/tr>\n | ||||||
| 37<\/td>\n | 7 Support 7.1 Resources 7.2 Competence 7.3 Awareness <\/td>\n<\/tr>\n | ||||||
| 38<\/td>\n | 7.4 Reporting and communication 7.5 Documented information <\/td>\n<\/tr>\n | ||||||
| 48<\/td>\n | 8 Operation 8.1 General 8.2 Creation 8.3 Importing <\/td>\n<\/tr>\n | ||||||
| 51<\/td>\n | 8.4 Business process management, robotic process automation and workflow systems <\/td>\n<\/tr>\n | ||||||
| 52<\/td>\n | 8.5 Document scanning <\/td>\n<\/tr>\n | ||||||
| 53<\/td>\n | 8.6 Data extraction <\/td>\n<\/tr>\n | ||||||
| 54<\/td>\n | 8.7 Metadata capture <\/td>\n<\/tr>\n | ||||||
| 55<\/td>\n | 8.8 Self-modifying files 8.9 Compound documents <\/td>\n<\/tr>\n | ||||||
| 56<\/td>\n | 8.10 ESI in structured databases <\/td>\n<\/tr>\n | ||||||
| 62<\/td>\n | 8.11 Blockchain and distributed ledger technologies 8.12 Version control <\/td>\n<\/tr>\n | ||||||
| 65<\/td>\n | 8.13 Storage systems <\/td>\n<\/tr>\n | ||||||
| 71<\/td>\n | 8.14 ESI transfer <\/td>\n<\/tr>\n | ||||||
| 72<\/td>\n | Table 1 \u2014 Key recommendations <\/td>\n<\/tr>\n | ||||||
| 87<\/td>\n | 8.15 Indexing and other metadata <\/td>\n<\/tr>\n | ||||||
| 88<\/td>\n | 8.16 Authenticated output procedures <\/td>\n<\/tr>\n | ||||||
| 90<\/td>\n | 8.17 Identity <\/td>\n<\/tr>\n | ||||||
| 107<\/td>\n | 8.18 ESI retention, redaction and disposal <\/td>\n<\/tr>\n | ||||||
| 110<\/td>\n | 8.19 Information security procedures <\/td>\n<\/tr>\n | ||||||
| 114<\/td>\n | 8.20 System maintenance 8.21 External service provision <\/td>\n<\/tr>\n | ||||||
| 121<\/td>\n | 8.22 Information management system testing 9 Performance evaluation 9.1 Monitoring, measurement, analysis and evaluation 9.2 Internal audit <\/td>\n<\/tr>\n | ||||||
| 123<\/td>\n | 9.3 Management review <\/td>\n<\/tr>\n | ||||||
| 125<\/td>\n | 10 Improvement 10.1 Nonconformity and corrective actions <\/td>\n<\/tr>\n | ||||||
| 126<\/td>\n | 10.2 Continual improvement <\/td>\n<\/tr>\n | ||||||
| 128<\/td>\n | Annex A (normative)\u2002 Unstructured message considerations <\/td>\n<\/tr>\n | ||||||
| 134<\/td>\n | Annex B (informative)\u2002 Application of controls <\/td>\n<\/tr>\n | ||||||
| 136<\/td>\n | Table B.1 \u2014 Applicability matrix <\/td>\n<\/tr>\n | ||||||
| 139<\/td>\n | Annex C (informative)\u2002 Example information storage policy statement <\/td>\n<\/tr>\n | ||||||
| 141<\/td>\n | Annex D (informative)\u2002 Legal context <\/td>\n<\/tr>\n | ||||||
| 147<\/td>\n | Annex E (normative)\u2002 Preparation of paper documents <\/td>\n<\/tr>\n | ||||||
| 163<\/td>\n | Bibliography <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":" Evidential weight and legal admissibility of electronically stored information (ESI) – Code of practice for implementation of BS 10008-1<\/b><\/p>\n |