BS 10008-2:2020 pdf free.Evidential weight and legal admissibility of electronically stored information (ESI).Code of practice for implementation of BS 10008-1.
BS 10008-2 In order to ensure that ESI is well managed, and to meet its business needs, the organization should define and implement good management practices. ESI, like any other asset, should be classified,structured, validated, valued, secured, monitored, measured, managed and disposed of, when appropriate, efficiently and effectively. All ESI used by an organization should be classified into “information types”. This classification should be used in the creation of a “policy statements” which extends to accommodate the transferred ESI covered in this British Standard.Increasingly, ESI is being sent from one electronic system to another, either within an organization or between organizations. The manner in which this movement of ESI occurs can determine the success or failure of the organization; thus, transfer systems should be secure, structured and auditable.NOTE 1 Where information is received electronically from another organization, knowledge of the processes used to transfer the ESI is key to a successful, legally admissible electronic transfer system.NOTE2 When defining a transfer policy, the relative importance of speed of delivery, both to the recipient organization and to the recipient in that organization, might be significant. Taking two extremes, direct transfer to a PC across the internet or via a carrier usually results in almost instantaneous transfer, whereas transfer by post can be measured in days.NOTE3 With the move from paper originals to electronic original documents, the use of the electronic equivalent of an ink signature becomes an important part of a document authorization process. A signature can also be used as a method for authenticating the contents of a document.NOTE 4 Technologies can be implemented that apply electronic signatures of various forms to electronic documents, with various degrees of confidence and integrity. Some systems also allow for the verification of an electronic signature by another individual or organization [a trusted third party (TTP]].As with many types of electronic systems, however, simply implementing technology might not provide the weight of evidence necessary should an electronic identity be challenged. Appropriate policies and procedures should be implemented in order to create secure, structured and auditable electronic identity management systems.BS 10008-2 pdf downlaod.