What is BS 10008-1:2020 about?
Establishing the authenticity and integrity of information is increasingly important in today’s business world – especially where electronic information is used in dispute resolution or to demonstrate compliance. BS 10008-1:2020 therefore details what users need to do to manage electronically stored information (ESI) in such a way that it retains its authenticity and integrity.
Who is BS 10008-1:2020 for?
It’s intended for end-user organizations that either wish to ensure that ESI created by, entered into, stored and/or transmitted within their information management systems may be used with confidence as evidence in any dispute, within or outside a court of law; or that wish to ensure that electronic identity management systems may be used with confidence as evidence in any dispute, within or outside a court of law. It will also be used by integrators and developers of information management systems that provide facilities to meet user requirements.
Specific users will be:
- Business managers
- Records/IT managers
- Compliance officers
- Legal advisors in financial institutions
- Insurance companies
- Local government departments
Why should you use BS 10008-1:2020?
This British Standard specifies requirements for the implementation and operation of electronic information management systems. This includes the storage and transfer of electronically stored information (ESI).
The aim is to enable users to maintain the authenticity and integrity of the ESI, so that it’s trustworthy and is either accepted without dispute or successfully resists challenge. This is important in circumstances where the ESI might be used as evidence – whether for business, compliance, legal or other dispute resolution purposes.
BS 10008-1:2020 covers:
- The management of the availability of ESI over time
- The electronic transfer or communication of ESI
- The linking of electronic identity to particular ESI, including the use of electronic signatures and electronic copyright systems, as well as the verification of electronic identity
- Ways to authenticate encrypted information and electronic signatures
- How to migrate paper records to microform or digital format without compromising quality
The standard also includes requirements for the stewardship and accountability of the management of ESI throughout its life cycle. It applies to ESI in any form, including general office documents, electronic images and information held in databases and other electronic systems. The ESI can be alphanumeric, image based and/or voice/video recordings, captured from static and mobile devices.
Benefits from using the standard include improved efficiency, increased trust and better managed risk as well as:
- Better processes in place to deal with copyright, tracking and verification issues
- Reduced paper use that contributes to environmental credentials and reduced paper storage costs
- Better alignment of the organization’s information security policies
- More straightforward long-term information management including easier migrations during technology upgrades
- Stronger business continuity and resilience – electronic information can be backed-up and protected more effectively than paper records at risk of physical damage
NOTE 1: This British Standard does not cover processes used to evaluate the authenticity and integrity of ESI prior to it being captured or created in the system.
What’s new about BS 10008-1:2020?
This is a full revision of BS 10008:2014, introducing the following principal changes:
a) Guidance on information related to the Internet of Things has been added
b) Requirements related to information managed by blockchain/digital distributed ledger (DLT) technology has been added
c) All technical aspects of this document have been updated, including storage in the cloud and where information is stored in digital objects
d) The General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 have been taken into account
e) Information Classification, Marking and Handling (ICMH) as specified in BS 10010 has been taken into account
NOTE 2: The first incarnation of BS 10008-1 was a 1996 code of practice that was subsequently updated and published as BIP 0008 in 2004. That document included information and guidance that was removed with the publication of BS 10008:2008 as a formal compliance standard. However, it was recognized that the standard lacked detailed implementation guidance so the withdrawn content was published in three parts as BIP 0008-1, BIP 0008-2 and BIP 0008-3. To accompany the latest revision, the content in these three documents has been consolidated into a new British Standard, BS 10008‐2:2020. This supplies detailed guidance that will help with the successful implementation of BS 10008-1:2020. In addition, a book: The BIP 0009 Compliance Checklist, supports the demonstration of compliance with BS 10008-1:2020.