Explanatory Note The relationship between PD 0008 & ISO/TR 15801



Similar documents
Why is British Standard BIP0008 important for a Document Management System?

The legal admissibility of information stored on electronic document management systems

FREEDOM OF INFORMATION (SCOTLAND) ACT 2002 CODE OF PRACTICE ON RECORDS MANAGEMENT

Corporate Records Scanning Strategy

Invest NI Document Scanning Policy

Guidance for managing your records effectively (1)

Scotland s Commissioner for Children and Young People Records Management Policy

An Approach to Records Management Audit

In addition, a decision should be made about the date range of the documents to be scanned. There are a number of options:

RECORDS MANAGEMENT POLICY

Life Cycle of Records

Document Management Solutions Are you drowning in paper or can't find the information you are looking for fast and accurately?

CORPORATE RECORDS MANAGEMENT POLICY

Document Scanning - The Law, Inland Revenue and HM Customs

WEST LOTHIAN COUNCIL RECORDS MANAGEMENT POLICY. Data Label: Public

LORD CHANCELLOR S CODE OF PRACTICE ON THE MANAGEMENT OF RECORDS UNDER

NHS Business Services Authority Records Management Audit Framework

NHS Information Governance:

GCP - Records Managers Association

Corporate Records Management Policy

Strategies for Developing a Document Imaging & Electronic Retention Program

Information Management Policy CCG Policy Reference: IG 2 v4.1

Complying with the Records Management Code: Evaluation Workbook and Methodology. Module 8: Performance measurement

BSO Board Director of Human Resources & Corporate Services Digitalisation of records in the Scanning Centre. 21 June 2012

How To Ensure That A Document Is Safe From Change

West Midlands Police and Crime Commissioner Records Management Policy 1 Contents

ELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION

Complying with the Records Management Code: Evaluation Workbook and Methodology

Guide 1 What is records management?

What NHS staff need to know

FSN White Paper. How automating the Procure-to-Pay process delivers business advantage

Records Management Policy

Moving from ISO 9001:2008 to ISO 9001:2015

Bringing Your Documents into the Digital Age. Paperless Office... Fact or Fantasy. An overview of Electronic Document and Records Management

PARLIAMENTARY AND HEALTH SERVICE OMBUDSMAN. Records Management Policy. Version 4.0. Page 1 of 11 Policy PHSO Records Management Policy v4.

How To Use A Court Record Electronically In Idaho

Greater London Authority Records Management Policy

Approved by: Vice President, Human Resources & Corporate Resources and Vice President, Treasury & Compliance Date: October 14, 2009

Non-Profit Records Management Tool Kit

The Information Security Management System According ISO The Value for Services

Records and Information Management. General Manager Corporate Services

Quality Management. Retention of Project Documentation. Guidelines. Association of Professional Engineers and Geoscientists of British Columbia

AIIM & ASSUREON AN ASSUREON BRIEF

Feature. How to Maximize Evidential Weight of Electronically Stored Information Recommendations of BS 10008

Enterprise Content Management - ECM Program for New Mexico State Government

GxP Process Management Software. White Paper: Software Automation Trends in the Medical Device Industry

Implementing an Electronic Document and Records Management System. Key Considerations

ERMS Solution BUILT ON SHAREPOINT 2013

How to Go Paperless In Three Simple Steps: A Guide for Small Businesses

Records Management Policy

Records Management Policy.doc

Scanning Guidelines. Records Management

1. Each employee is responsible for managing college records in a responsible and professional manner.

Applicability: All Employees Effective Date: December 6, 2005; revised January 27, 2009 Source(s):

Hong Kong High Court Procedure E-Discovery: Practice Direction Effective September 1, 2014

Records Management Policy

Guidance for Industry Part 11, Electronic Records; Electronic Signatures Scope and Application

Information Management Policy

Solutions Pocket Book for Touchstone

Guide 4 Keeping records to meet corporate requirements

Microsoft SharePoint and Records Management Compliance

Record Retention and Digital Asset Management Tim Shinkle Perpetual Logic, LLC

Management of Official Records in a Business System

AN OVERVIEW OF INFORMATION SECURITY STANDARDS

UNIVERSITY OF MANITOBA PROCEDURE

ANU Electronic Records Management System (ERMS) Manual

Quality Management Systems Foundation Training Course

Planning for Disaster and the Role of Document Management Catherine Murphy

This document is no longer current. Please go to the following URL for more information:

International Workshop Agreement 2 Quality Management Systems Guidelines for the application of ISO 9001:2000 on education.

Records Management - Department of Health

Introduction to the ISO/IEC Series

INTERNAL AUDIT FINAL REPORT CNES FINANCE AND CORPORATE RESOURCES DEPARTMENT CLOUD IT SYSTEMS AND THE CRM SYSTEM OFFICIAL OFFICIAL

BS 8878: A Summary

LibertyNET: A flexible document management solution that reduces costs by automating tasks

E-Discovery Basics For the RIM Professional. Learning Objectives 5/18/2015. What is Electronic Discovery?

EA-ISP-001 Information Security Policy

la conception et l'exploitation d'un système électroniques

RECORDS MANAGEMENT POLICY

APPLICATION OF THE NEW EU REGULATORY FRAMEWORK TO IP TELEPHONY

AGENDA ITEM: SUMMARY. Author/Responsible Officer: John Worts, ICT Team Leader

onesource workflow manager

Records Management Focus White Paper Understanding Digital Records Management

Enterprise Content Management. Image from José Borbinha

Dematerialisation and document collaboration

Kentucky Department for Libraries and Archives Public Records Division

WHITE PAPER SPON. Information Security Best Practices: Why Classification is Key. Published November 2011 SPONSORED BY

Lord Chancellor s Code of Practice on the management of records issued under section 46 of the Freedom of Information Act 2000

Protective Marking for UK Government

Millions of Google Apps Users May be In Violation of Legal & Organizational Compliance Standards. Learn How To Avoid it.

How To Use Formfile

The Translation Service Provider s Guide to BS EN 15038

The True Impact of Documents on Business Today

Information and Compliance Management Information Management Policy

Guide to Going Paperless in the Cloud. IDEAL.com, Parklawn Drive, Rockville, MD IDEAL -

FRAMEWORK FOR THE PREPARATION OF ACCOUNTS. Best Practice Guidance

IT Security Management 100 Success Secrets

Transcription:

Explanatory Note The relationship between PD 0008 & ISO/TR 15801 ISO/TR 15801 Electronic Imaging - information stored electronically - recommendations for trustworthiness & reliability PD 0008 Code of Practice for Legal Admissibility & Evidential Weight of Information Stored Electronically Document Management and Storage Information is one of the most valuable assets for any organization. If your information is stored in paper, microform, electronic form or combination, the processes adopted by an organization for its storage, retrieval and use are important. No business can survive or grow without adopting best practice for managing information, whether technical, financial or customer-related. BSI Business information can offer you a complete information solution. The major advantage that the guidance offers is clear practical advice, particularly in the UK. The BSI Kit clarifies assessment, understanding and implementation. Electronic document storage, Kit 38 includes: PD 0008 PD 5000 PD 0010 ISO/TR 15801 PD 0009 PD 5000-6 Regulation and/or Good Management Practice Standards Workbooks Achieve Management overview, responsibilities Process definition and compliance 1. A code of practice for legal admissibility and evidential weight of information stored electronically Ref PD 0008: 1999 2. Compliance Workbook Ref PD 0009: 1999 3. The principles of good practice for information management Ref 0010:1997 In-house procedures Deployed solution Contact BSI Customer Services to order Kit 38 on +44 (0)20 8996 9001

Explanatory note The relationship between PD 0008 and ISO/TR 15801 Introduction The second edition of the Code of Practice for Legal Admissibility and Evidential Weight of Information Stored Electronically was published by BSI in 1999 as PD 0008. It has proved to be very successful, and has been implemented in a wide range of business sectors, including public authorities and private companies. Organizations following the guidance in the Code of Practice are able to demonstrate its value in achieving the maximum benefit from their electronic document management systems (EDMS) and electronic records management systems (ERMS). One example of this is the need for the retention of original paper documents (or the need to create paper copies of electronic documents). Many organizations have used compliance with the recommendations of the Code of Practice as the "trigger" for electronic only policies, eliminating the need to keep paper "just in case". With the success of PD 0008, and a need from the marketplace to create a publication along the same lines as PD 0008 but with a more international scope, it was decided to initiate a project within the International Organization for Standardization (ISO) to create ISO/TR 15801, Electronic imaging information stored electronically recommendations for trustworthiness and reliability. Whilst the BSI Code of Practice was used as the initial draft for ISO/TR 15801, the process of drafting a document with international applicability has inevitably led to a number of differences between the two publications. This explanatory note has been produced: to inform existing and potential users of either of these two publications of the similarities and differences between them; to enable the reader to determine which publication is most appropriate to their needs. What is the difference between a Code of Practice and a Technical Report? The Code of Practice was published as a BSI "Published Document" (PD), rather than as a British Standard (BS) in recognition of the rapid rate of development of information management solutions. As a code of practice, it provides a framework and guidelines that identify key areas of good practice for the implementation and operation of electronic document management systems, irrespective of the type of document being managed, and irrespective of the storage media being used. ISO/TR 15801 is a technical report, bringing together information from worldwide sources on the subject of demonstrating the authenticity of electronically stored information. It is informative in nature and cannot be complied with, as distinct from International Standards that contain compliance requirements. Often, as is anticipated in this case, ISO technical reports develop into International Standards in due course. Technical reports are often narrow in scope, to ensure that international acceptance can be achieved. In the case of ISO/TR 15801, the scope has been limited to scanned image files. Information management systems covered by the two publications The Code of Practice covers all types of electronic information management systems, using any type of storage media. It can be used with EDMS and ERMS systems, as well as hybrid systems. Stored information can be of any type, from e-mail messages, through wordprocessed files, spreadsheets, Computer Aided Design (CAD) files etc., to scanned images. It can also be applied to systems that include video and/or audio files. ISO/TR 15801 is intended for use with document scanning systems only, and is therefore not applicable to text files and other "non-scanned" file formats. 1

National/international applicability There is a difference in emphasis between the two publications at a national/international level. The objective of the Code of Practice was to resolve the issue of legal admissibility and evidential weight of information stored electronically that was restricting the adoption of document imaging in the UK. Many organizations were not achieving the maximum benefit from the use of electronic document storage systems, particularly where there was a reluctancy to destroy original paper records, or abandon the requirement to create paper copies "for the file", both of which the new legal and regulatory requirements are moving towards. To assist in meeting this objective, references to UK law were added in an annex, giving the publication a UK bias. The objective of ISO/TR 15801 is to be able to demonstrate that document images stored within an electronic storage system are trustworthy and reliable. Such an objective is international by nature, as it addresses technology and procedural issues as opposed to legal ones. Thus, ISO/TR 15801 can be used on a worldwide basis, within the scope of relevant national laws or regulations Detailed differences General In overall terms, ISO/TR 15801 contains less practical guidance than the Code of Practice. Much of the material in the Code of Practice that gives clarifying guidance has not been included in ISO/TR 15801 because it is not specifically relevant internationally. Much of the annex material from the Code of Practice has also not been included. Information Management Policy ISO/TR 15801 does not specifically recommend the inclusion of a security classification scheme within the information management policy document as the Code of Practice does. Such a scheme is applicable to systems that have varying security-marking requirements (e.g. top secret, secret, confidential, public) for stored information. ISO/TR 15801 covers security in more general terms. Also, as the scope of ISO/TR 15801 is restricted to scanned image files, the section on file formats relates to image files only. The Code of Practice covers all types of file format. Duty of Care There are no significant differences between the Duty of Care (e.g. security and consultations) sections in the two publications. Procedures and processes As ISO/TR 15801 only deals with scanned images, there are no sections relating to "data files", as there are in the Code of Practice. The recommendations given in an annex in the Code of Practice on document scanning procedures have been included in the main body of ISO/TR 15801. A section on the capture of data from scanned images has been added to ISO/TR 15801. This is appropriate for use (for example) with Optical Character Recognition (OCR) and Intelligent Character Recognition (ICR) techniques. Sections on self-modifying files and voice, audio and video data, which are present in the Code of Practice, have been omitted from ISO/TR 15801. 2

Enabling technologies The section in the Code of Practice on compound documents has not been included in ISO/TR 15801. Audit trails The main elements relating to audit trails are common to the two publications. As there are no compliance issues in ISO/TR 15801, the section in the Code of Practice on compliance using the Compliance Workbook has not been included in ISO/TR 15801. A summary of the differences between the Code of Practice and ISO/TR 15801: Subjects covered PD 0008 ISO/TR 15801 Scanned image files Y Y E-mail Y N Word processing Y N CAD files Y N Audio Y N Video Y N Other file formats Y N Compound documents Y N OCR and ICR guidance Little coverage Y Security classification Y N trustworthiness and reliability issues Y Y legal admissibility and evidential weight issues Y N UK Legislation Y N International applicability N Y Compliance with publication Y N Is the Code of Practice still needed? The major advantage that the Code of Practice has over ISO/TR 15801 is that it contains a lot of practical advice relating to its implementation, particularly in the UK marketplace. This makes it easier to understand, and helps with its application in an operational environment. Another major benefit of the Code of Practice is that it covers any type of electronic information, whereas ISO/TR 15801 only covers scanned images. Hence, the Code of Practice could be used in applications where e-mail, word processing and other office applications, CAD files, video or audio files are being managed. 3

Additional assistance is available in the form of a Compliance Workbook (PD 0009), which has been designed as an audit tool for use in understanding, reviewing and documenting compliance with the recommendations of the Code of Practice. Revision of PD 0008 A revision of the Code of Practice is underway and will include: the content of ISO/TR 15801; new developments in document management technologies not covered in the 1999 version of the Code of Practice; new practical advice; case studies; reference to other guidance material such as Model Requirements 1 and the Public Record Office system compliance scheme 2 ; the impact of new legislation in the UK (such as the Electronic Communications Act 2000); guidance on the similarities and differences between the functionality of EDMS and ERMS systems and hybrid systems. The revised version of PD 0008 is now being drafted, with publication planned for late Autumn 2003. Code of Practice or Technical Report? For organizations based in the UK, the Code of Practice offers all the relevant advice to ensure legal admissibility and maximize evidential weight of electronically stored information. The practical advice and case study sections that will be available in the 2003 revision will give further guidance on the understanding and implementation of its recommendations. Whilst the Code of Practice is UK-specific, multi-national organizations would find both publications applicable because the recommendations in the Code of Practice would apply in UK divisions and ISO/TR 15801 could be used to assist non-uk divisions to formulate their local and international policies. Author: Alan Shipman British Standards Institution 2003. No part of this Explanatory Note may be reproduced in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying or otherwise without the prior written permission of BSI. 1 Available for downloading at www.cornwell.co.uk/moreq 2 For more information, see http://www.pro.gov.uk/recordsmanagement/standards/default.htm 4

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information