This draft standard (BS 10008) is designed to deal with issues relating to the authenticity and integrity of electronic information which may be used as legal evidence, and is currently available for comment on the BSi website. Also it does make an interesting read when viewed in light of its applicability to enterprise DRM.
First of all, the BS 10008 standard is not entirely new, and is in fact based on an existing code of practice for "legal admissibility and evidential weight of information stored electronically" (or BIP 0008). This original code of practice was extended in 2005 to include the electronic communication of information and the linking of electronic identity to documents, which all together make up the new draft standard - as requested by adopters of BIP 0008. Also this effectively puts the new standard in direct oversight of things like document management, information security and enterprise DRM.
According to the BSI website, compliance with the new BS 10008 standard will help organisations to maximise the trustworthiness and reliability of their information, and to minimise the risk associated with long term storage of electronic information on their systems. The scope covers the accessibility and availability of verifiable information over a period of time, and includes the use of document management, storage, transmission, and retrieval systems as well as electronic identification / signatures and copyright management. The document and information may be in form of text, executable formulae, and / or multi-media (i.e. voice / video / images). The main body of the draft standard provides guidelines and directions on various aspects of electronic information management including:
- Information management and security policies (covering the electronic storage and transfer of information), roles / responsibilities, reporting and documentation among other things.
- System implementation and operations (covering information capture, transfer, storage, index and output, as well as features like identity, security, disaster recovery, outsourcing, version control and exercising)
- System monitoring and review (including auditing and management reviews)
- System maintenance, monitoring and improvement One is left, after reading this, with the overall impression that here is a well thought-out and fairly comprehensive example of a developing standard which will benefit from input by all interested, and affected, stakeholders.
So, by all means, do post any comments / suggestions on this standard directly onto the BSI website (needs registration) and, as ever, any other comments and thoughts (e.g. on its applicability and relationship to DRM, for example) are most welcome right here on this blog.