|
|||||||||||
|
|
Confidence in e-business informationFor hundreds of years paper has been an acceptable way for businesses and other organisations to store their information. Most companies however, now use computer systems to create original documents, which are thus in an electronic form. It has been estimated that more than 90% of company documents are now produced electronically. The legal position on the use, in court, of information stored in electronic form is not clear-cut. In legal disputes, electronic evidence (like any form of evidence) may be challenged for authenticity. Courts (and other bodies such as industry regulators) throughout the world vary in their understanding, and thus acceptability of electronic original documents. To help organisations to obtain the full benefits of electronic document management, and to enable them to demonstrate authenticity, a comprehensive set of 5 International Codes of Practice were published in 1998, and revised in 2002. These codes were developed with the support of national standards bodies, industry associations, government departments and the legal profession. In 2005, to bring the 5 Codes further up to date and improve consistency with the existing BSI Code of Practice for Legal Admissibility and Eviential Weight of Information Stored Electronically (BSI BIP 0008-1), they have now been superceded by new editions published by BSI as 3 consistent parts of BIP 0008. The three parts of BIP 0008 are:
These new documents were edited for BSI by the Directors of Group 5 Training - Peter Howes and Alan Shipman. What BIP 0008, a Code in 3 parts, means for your business The business benefits of trading with Electronic Original documents are of enormous significance and involve a major paradigm shift in organisations working practices. There are 5 discreet steps in the "life cycle" of a document, be it electronic or paper/microfilm; Creation, Communication, Live Usage, Retention and Archiving. The Code allows for all of these steps to be electronic, although in practice paper is still often more convenient during the 'live usage' phase of the cycle. The "life cycle" cost of a document has been calculated to be £5. With the increasing use of documents (estimated at rising about 20% per annum), this cost is becoming recognised as significant in an organisations administration overheads. Savings of around 25% on this "life cycle" cost is considered achievable from inter-organisational trading using Electronic Originals. Paper based documents are frequently being retained because no clear route for organisations has existed to transfer to electronic original based trading - until now. Availability The BSI Code of Practice is 3 Parts was published by the British Standards Institution in 2004 and 2005. To order them, use BIP 0008 as the prime document reference. Code of practice The Parts of the Code are for use in any application where information is created, stored, communicated, used, and / or archived in an electronic form. Compliance with the Code will enable the authenticity of such electronic documents to be demonstrated, and thus reduce the risk of challenge by an opposing party in litigation. As many organisations are trading internationally, the Code is designed for use within any legal or regulatory environment. The Code can also be applied in any industry sector, and using any technology. This is achieved by developing Code of Good Practice using well tried and tested methodologies, which emphasise the need for organisations to maintain approved policies for document management, and implement demonstrable procedures which enable reliable audit trails to be accessed in the event of a challenge to authenticity. Each Part of the Code is designed to interlink in a dependence hierarchy, starting with Storage (Part 1) and concluding with Identity (Part 3). All the Parts of the Code cover any type of data file, including scanned images, data files and voice/video recordings. In Detail Code of Practice for Legal Admissibility and Evidential Weight of Information Stored Electronically (BSI BIP 0008-1:2004) All electronic documents must be stored in an electronic form at some time in their "life cycle". This Code describes the controls that should be implemented to reduce the risk of them being lost or changed during storage (short or long term). The controls described can be applied to systems irrespective of the type of electronic storage media in use. Whilst the benefits of WORM optical storage are highlighted, the additional controls that should be implemented where magnetic media (tape or disk) in rewritable forms are used are also described. Code of Practice for Legal Admissibility and Evidential Weight of Information Communicated Electronically (BSI BIP 0008-2:2005) When electronic documents are moved from one system to another or from one person to another, either externally or internally, their authenticity and integrity may be compromised. This Code described controls which should be implemented to enhance confidence in such systems, and to be able to demonstrate to a court that authenticity and integrity has been maintained. The Code is independent of specific transmission technology, and so can be implemented on networks or remote transmission via carriers (circuit switched or message switched). Code of Practice for Legal Admissibility and Evidential Weight of Linking Electronic Identity to Documents (BSI BIP 0008-3:2005) In some applications it is vital to be able to prove the identity of the originator, recipient or user of an electronic document. This Code described the procedures and processes which should be implemented to enable this proof to be obtained and documented, whether the identity in question is a person or another entity. The Code also includes controls required where identity association is for Copyright purposes. Why comply? Compliance to the relevant Parts of the Code of Practice increases confidence in the organisation's electronic information asset and simplifies the demonstration of meeting quality goals and specific regulatory requirements. Services available from Group 5 Training Management Briefing Provides a common framework for bringing all relevant personnel up to speed, aiding corporate understanding and communications between disciplines. Such sessions often lead to the creation of an effective Project Plan for compliance. Training Seminars A formal training course designed to prepare you for achieving compliance can be presented on your premises, designed specifically to meet your needs. Such courses are cost effective for medium and large organisations, reducing staff costs and improving confidentiality. These intensive seminars can be presented at a location of your choice. For more details, please contact us at a.shipman@group5.co.uk System Design If you are designing a system, include the requirements of the Code of Practice into the System Specification. Group 5 Training can provide valuable assistance in the production of these requirements, thus enabling a compliant system from Day 1 of implementation. Diagnostic Review A full and independent review is undertaken of your system, providing you with a written report advising on actions to be undertaken to achieve the benefits of compliance. This review includes a full information security audit of your computer systems. Gap Analysis Following the Diagnostic Review, an Action Plan will be designed by Group 5 Training, which will enable rapid progress to be made towards compliance. Corrective Actions Having worked on a number of systems, Group 5 Training are well experienced in the best methods of implementing the Code of Practice. Often our advise has lead to improved efficiencies and reduced operating costs. Produce Documentation The Code of Practice requires documentation to be produced detailing Security, Procedural and Technological specifications. Group 5 Training are geared to produce this documentation, having previously assisted a number of large and small organisations. Compliance Audit and Certification Group 5 Training can assist you in demonstrating compliance, by independent audit and completion of the BSI Compliance Workbook (BIP 0009:2004). Vendors Can your products be used in a Compliant manner? Group 5 Training can audit your system, and detail any missing facilities that are required for compliance. Data Sheet If you would like a copy of our data sheet (.pdf), please see the downloads section.
|
||||||||||
| © 2007 - Group 5 Training Limited | |||||||||||
