BS 10008-2014 Evidential weight and legal admissibility of electronic information Specification《电子信息的法定许可和证据权重 规范》.pdf

1、BSI Standards PublicationBS 10008:2014Evidential weight and legaladmissibility of electronicinformation SpecificationPublishing and copyright informationThe BSI copyright notice displayed in this document indicates when the documentwas last issued. The British Standards Institution 2014Published by

2、BSI Standards Limited 2014ISBN 978 0 580 83673 2ICS 03.160; 35.240.30The following BSI references relate to the work on this document:Committee reference IDT/1Draft for comment 14/30286703 DCPublication historyFirst published November 2008Second (present) edition, December 2014Amendments issued sinc

3、e publicationDate Text affectedBS 10008:2014 BRITISH STANDARDContentsForeword 1Introduction 21 Scope 42 Normative references 43 Terms and definitions 44 Context of the organization 65 Leadership 76 Planning 127 Support 138 Operation 169 Performance evaluation 2510 Improvement 27Bibliography 28Summar

4、y of pagesThis document comprises a front cover, an inside front cover, pages i to ii,pages 1 to 30, an inside back cover and a back cover.BRITISH STANDARD BS 10008:2014 The British Standards Institution 2014 iBRITISH STANDARDBS 10008:2014ii The British Standards Institution 2014ForewordPublishing i

5、nformationThis British Standard is published by BSI Standards Limited, under licence fromThe British Standards Institution, and came into effect on 08 December 2014. Itwas prepared by Panel IDT/1/-/5, Legal admissibility, under the authority ofTechnical Committee IDT/1, Document management applicati

6、ons. A list oforganizations represented on this committee can be obtained on request to itssecretary.SupersessionThis British Standard supersedes BS 10008:2008, which is withdrawn.Information about this documentThis is a full revision of the standard, and introduces the following principalchanges: r

7、ecognition of the significant changes in recent years of how information ismanaged as an asset in organizations; inclusion of structured data within the scope; inclusion of the importance of stewardship of electronic information as anorganizational activity; restructured to enable alignment with the

8、 ISO Management SystemStandards structure as defined in the ISO/IEC Directives, Part 1, Annex SL 1.Presentational conventionsThe provisions of this standard are presented in roman (i.e. upright) type. Itsrequirements are expressed in sentences in which the principal auxiliary verb is“shall”.Commenta

9、ry, explanation and general informative material is presented insmaller italic type, and does not constitute a normative element.Contractual and legal considerationsThis publication does not purport to include all the necessary provisions of acontract. Users are responsible for its correct applicati

10、on.Compliance with a British Standard cannot confer immunity from legalobligations.BRITISH STANDARD BS 10008:2014 The British Standards Institution 2014 1IntroductionInformation is an organizational asset that needs to be managed throughout itslifecycle; it is frequently required to be used within a

11、nd outside the organizationfor demonstrating compliance and/or dispute resolution. If the authenticity orintegrity of the information cannot be trusted then conclusions based upon itcould be discredited. This British Standard addresses how information needs tobe managed by an organization, in an inf

12、ormation management system, toenable it to have strong evidential weight and be demonstrably trustworthywith regard to its authenticity and integrity whenever during its lifecycle it isneeded to be used whether for business, compliance, legal or other disputeresolution purposes.BSI has published a C

13、ode of Practice for Evidential Weight and LegalAdmissibility, BIP 0008 2, 3, 4 (formerly PD 0008) since 1996. This Code ofPractice has been widely adopted and is referenced, for example, by the LordChancellors Code of Practice on the management of records published underSection 46 of the Freedom of

14、Information Act 2000 5. In Scotland this is theCode of Practice on records management issued under Section 61 of theFreedom of Information (Scotland) Act 2002 6.BIP 0008 consists of the following three parts, which have been revised toprovide information and guidance for the implementation of variou

15、s sections ofthis British Standard: BIP 0008-1, Evidential weight and legal admissibility of informationstored electronically Code of practice for the implementation ofBS 10008; BIP 0008-2, Evidential weight and legal admissibility of informationtransferred electronically Code of practice for the im

16、plementation ofBS 10008; BIP 0008-3, Evidential weight and legal admissibility of linking electronicidentity to documents Code of practice for the implementation ofBS 10008.This British Standard covers the scope of all three parts of BIP 0008. Itspublication reflects the requests of the adopters of

17、BIP 0008 for a formalcompliance standard.The detailed guidance given in the latest edition of BIP 0008 will assist in thesuccessful implementation of this British Standard. The compliance workbook,BIP 0009 7, provides a tool that enables the demonstration of compliance withthis British Standard alon

18、g with the appropriate parts of BIP 0008.If an organizations electronic information management system conforms to thisBritish Standard, it is anticipated that the evidential weight of electronicinformation managed by the organization will be maximized, by ensuring itstrustworthiness and reliability.

19、 It is also anticipated that conformity with thisBritish Standard will minimize the risks involved with the long-term storage ofinformation in an electronic form.This revision of this British Standard has been structured along the lines of thestandardized structure of ISO Management System Standards

20、, as defined inISO/IEC Directives, Part 1, Annex SL 1 such that its implementation can bealigned and synchronized with other management system standards, such as thefollowing: BS EN ISO 9001, Quality management systems Requirements;BRITISH STANDARDBS 10008:20142 The British Standards Institution 201

21、4 BS ISO/IEC 27001, Information technology Security techniques Information security management systems Requirements; BS EN ISO 14001, Environmental management systems Requirements with guidance for use.BRITISH STANDARD BS 10008:2014 The British Standards Institution 2014 31 ScopeThis British Standar

22、d specifies requirements for the implementation andoperation of electronic information management systems, including the storageand transfer of information, with an objective of enabling the user to ensurethe authenticity and integrity of the information is maintained, so that it istrustworthy and i

23、s either accepted without dispute or successfully resistschallenge. These issues are important where the information might be used asevidence whether for business, compliance, legal or other dispute resolutionpurposes.This British Standard covers:a) the management of the availability of electronic i

24、nformation over time;b) the electronic transfer or communication of electronic information;c) the linking of electronic identity to particular electronic information,including the use of electronic signatures and electronic copyright systems,as well as the verification of electronic identity.This Br

25、itish Standard also includes requirements for the stewardship andaccountability of the management of information throughout its life cycle.The requirements specified in this British Standard are generic and intended tobe applicable to all organizations (or parts thereof), regardless of type, size an

26、dnature of business. The extent of application of these requirements depends onthe organizations operating environment and complexity.This British Standard applies to electronic information in any form, includinggeneral office documents, electronic images and information held in databasesand other e

27、lectronic systems. The information may be alphanumeric, imagebased and/or voice/video recordings.This British Standard does not cover processes used to evaluate the authenticityof information prior to it being captured or created in the system.2 Normative referencesThe following documents, in whole

28、or in part, are normatively referenced in thisdocument and are indispensable for its application. For dated references, onlythe edition cited applies. For undated references, the latest edition of thereferenced document (including any amendments) applies.BS ISO 12651, Electronic imaging Vocabulary3

29、Terms and definitionsFor the purposes of this British Standard, the terms and definitions given inBS ISO 12651 and the following apply.3.1 big datadata that cannot be processed using conventional database management toolsor data processing applications due to its sizeNOTE There is currently no inter

30、nationally recognized standard definition of theterm “big data”.3.2 cloudmodel for enabling ubiquitous, convenient, on-demand network access to ashared pool of configurable computing resources (e.g. networks, servers,storage, applications, and services) that can be rapidly provisioned and releasedSO

31、URCE: NIST Special Publication 800-145 8.BRITISH STANDARDBS 10008:20144 The British Standards Institution 2014NOTE BIP 0117:2010 9 addresses this area.3.3 compound documentinformation constructed from a number of separate digital documents3.4 conversiontranslation of electronic information from one

32、file format to another3.5 documentinformation stored on mediaSOURCE: BIP 00083.6 electronic imageelectronic representation that depicts or records a visual perceptionNOTE 1 This electronic representation could be in two dimensions (e.g. document,picture, map) or three dimensions (e.g. CAD model, hol

33、ogram, sculpture).NOTE 2 This electronic representation could be in a raster (e.g. bit-map) or vectorformat.3.7 information managementprocessing and/or storage of information in a controlled manner3.8 lossy compressiontype of information which results in the de-compressed information having lessdeta

34、il than the originating information before compression3.9 management systemset of interrelated or interacting elements of an organization to establishpolicies (3.15) and objectives and processes (3.17) to achieve those objectivesNOTE 1 A management system can address a single discipline or several d

35、isciplines.NOTE 2 The system elements include the organizations structure, roles andresponsibilities, planning, operation, etc.NOTE 3 The scope of a management system may include the whole of theorganization, specific and identified functions of the organization, specific andidentified sections of t

36、he organization, or one or more functions across a group oforganizations.SOURCE: ISO/IEC Directives, Part 1, Annex SL 13.10 mediamaterial upon which information is recordedSOURCE: BS ISO 189133.11 metadatadata about dataSOURCE: BIP 00083.12 migrationtransfer of electronic information from one storag

37、e media to anotherNOTE This might or might not involve the removal from the original storagemedia.3.13 nonconformitynon-fulfilment of a requirementSOURCE: BS EN ISO 9000; BS EN ISO 14001BRITISH STANDARD BS 10008:2014 The British Standards Institution 2014 53.14 organizationperson or group of people

38、that has its own functions with responsibilities,authorities and relationships to achieve its objectivesNOTE The concept of organization includes but is not limited to sole-trader,company, corporation, firm, enterprise, authority, partnership, charity or institution,or part or combination thereof, w

39、hether incorporated or not, public or private.SOURCE: BS ISO/IEC 27000:20143.15 policyintentions and direction of an organization as formally expressed by its topmanagementSOURCE: ISO/IEC Directives, Part 1, Annex SL 13.16 proceduredocumented set of actions which is the official or accepted way of d

40、oingsomething3.17 processset of interrelated or interacting activities which transforms inputs into outputsSOURCE: ISO/IEC Directives, Part 1, Annex SL 13.18 recordinformation created, received and maintained as evidence and as an asset by anorganization or person, in pursuance of legal obligations

41、or in the transaction ofbusinessSOURCE: BS ISO 30300:20113.19 stewardshipresponsibility for information assets used by the organizationSOURCE: based on BS ISO 201213.20 systemset of interdependent elements constituted to achieve a given objective byperforming a specified functionSOURCE: BS ISO 14620

42、-23.21 top managementperson or group of people who directs and controls an organization at thehighest levelNOTE Top management has the power to delegate authority and provide resourceswithin the organization.3.22 transfermovement of electronic information from one system to another3.23 workersindivi

43、duals working under the control of an organization, including employees,temporary staff, contractors and consultants4 Context of the organizationObjective: To provide direction and support for the management of electronicinformation.BRITISH STANDARDBS 10008:20146 The British Standards Institution 20

44、144.1 GeneralThe organizations top management shall determine:a) the external and internal issues that are relevant to information authenticityand integrity (see 4.2);b) the requirements of internal and external parties that are relevant toinformation authenticity and integrity (see 4.3);c) the boun

45、daries and applicability of the information management systemwith respect to authenticity and integrity (see 4.4).4.2 IssuesA risk management process shall be used to identify issues.NOTE The risk management processes defined in BS ISO 31000 may be appropriate.4.3 RequirementsWhen determining inform

46、ation management requirements, legal and regulatoryrequirements, duty of care, contractual obligations and information stewardshipthroughout the information lifecycle shall be included.4.4 Boundaries and applicabilityWhen determining the scope of the information management system, issues(4.2) and re

47、quirements (4.3) shall be taken into consideration. Where only partof the information held by the organization is included (for example, a singledepartment or a single process could be defined as the scope of the system), thescope of the system shall be documented as part of the policy statement(see

48、 5.2.2 and 5.2.3).5 LeadershipObjective: To provide leadership in the management of electronic informationand ensure that the appropriate resources are allocated to the various tasks.5.1 Leadership and commitmentThe organizations top management shall set a clear policy direction anddemonstrate suppo

49、rt for, and commitment to, the management of electronicinformation through the issue and maintenance of an information managementpolicy.NOTE 1 The top management team might consist of a Board of Directors, a ChiefExecutive and his/her top staff, the partners or an owner of a sole trader company.The policy shall address the whole lifecycle of the information and shall identifythe role of the information steward(s), responsible for the information at eachstage of its lifecycle.NOT