BSI British Standards Information Governance Workshop Presentation. Information Governance Workshop: Where next for Standards? Examines data protection and the role of standards, including BS 10012 for data protection.

1. BSI Information Governance Workshop Where next for Standards? 05 October 2009 Read more at: http://shop.bsigroup.com/ictstandards

2. Agenda 10.00 Introduction 10.10 Review of BS 10012 versus original business case 10.30 BS 10012 success and general feedback 10.50 Briefing for morning workshop 11.00 Workshops to consider BS 10012 and Data Protection 12.00 Feedback from morning workshop teams 12.30 Lunch 13.30 Preservation of electronic records 14.10 Briefing for afternoon workshop 14.15 Workshops to consider preservation of electronic records and information governance 15.00 Feedback from afternoon workshop teams 15.15 Closing remarks Read more at: http://shop.bsigroup.com/ictstandards

3. Timeline: BSI and Information Governance 1995 Data Protection Directive 95/46/EC implemented BSI publishes Information Security standard BS 7799 1998 UK Data Protection Act receives Royal Assent 1999 BSI publishes guidance for Data Protection Act (PD 0012) BSI publishes Code of Practice for Legal Admissibility of electronic information (PD 5000) 2000 Freedom of Information Act comes into force Information Security standard ISO/IEC 17799 published 2001 Records Management standard ISO 15489 published 2002 Freedom of Information (Scotland) Act comes into force BSI publishes guidance for Records Management ISO 15489 2003 BSI publishes guidance for Freedom of Information Act (BIP 0001) 2005 Information Security ISO/IEC 27000 series published BSI publishes revised guidance on Legal Admissibility (BIP 0008) 2008 BSI publishes Legal Admissibility standard (BS 10008) BSI publishes revised guidance on Legal Admissibility (BIP 0008) 2009 BSI publishes Data Protection standard (BS 10012) Read more at: http://shop.bsigroup.com/ictstandards

7. Agenda 10.00 Introduction 10.10 Review of BS 10012 versus original business case 10.30 BS 10012 success and general feedback 10.50 Briefing for morning workshop 11.00 Workshops to consider BS 10012 and Data Protection 12.00 Feedback from morning workshop teams 12.30 Lunch 13.30 Preservation of electronic records 14.10 Briefing for afternoon workshop 14.15 Workshops to consider preservation of electronic records and information governance 15.00 Feedback from afternoon workshop teams 15.15 Closing remarks Read more at: http://shop.bsigroup.com/ictstandards

8. Timeline: BSI and Data Protection 1999 BSI publishes guidance to practical implementation of the DPA 1998 (PD 0012) - BSI Access & Privacy Editorial Board (APEB) established - Assistance and introduction from ICO 2000 First major revision (BIP 0012) 2003 Second major revision (BIP 0012) 2006 Third major revision (BIP 0012) 2007 Workshop identified a stakeholder desire for a formal data protection standard 2008 New project added to BSI work programme for Technical Committee, IDT/1 Document Management Applications - Drafting panel IDT/1/-/4 set up to develop standard (Chair: Gordon Wanless) 2009 Draft for Public Comment launched on 2 nd January for a 3 month period - Panel reviews the comments and develops final text BS 10012 published on 2 nd June Read more at: http://shop.bsigroup.com/ictstandards

9. Original business case (1) Description of the product Working title: “ Code of Practice for the Management of Personal Information in Compliance with the Data Protection Act 1998” Read more at: http://shop.bsigroup.com/ictstandards

10. Original business case (2) Working Scope This Code of Practice gives recommendations for the management of personal information by organisations in both the public and private sectors. It is intended for those who are responsible for initiating, implementing and maintaining compliance with the Data Protection Act 1998 (DPA) within their organisation. It is intended to provide a common ground for the management of personal information, for providing confidence in its management, and for enabling an effective assessment of compliance with the DPA by both internal and external assessors, and by consumers. Read more at: http://shop.bsigroup.com/ictstandards

11. Original business case (3) Expansion on the title for non-experts The Data Protection Act 1998 implements a European Directive (95/46/EC) and applies to “personal data” which is defined in the DPA as data relating to living individuals. The DPA requires organizations known as “data controllers” to comply with Eight Data Protection Principles and to notify the Information Commissioner of their data processing (to ensure openness). The DPA also gives individuals or “data subjects” rights of access to their personal data, to object to or to stop certain types of processing and to sue data controllers for damages when breaches of the law occur. Read more at: http://shop.bsigroup.com/ictstandards

15. Agenda 10.00 Introduction 10.10 Review of BS 10012 versus original business case 10.30 BS 10012 success and general feedback 10.50 Briefing for morning workshop 11.00 Workshops to consider BS 10012 and Data Protection 12.00 Feedback from morning workshop teams 12.30 Lunch 13.30 Preservation of electronic records 14.10 Briefing for afternoon workshop 14.15 Workshops to consider preservation of electronic records and information governance 15.00 Feedback from afternoon workshop teams 15.15 Closing remarks Read more at: http://shop.bsigroup.com/ictstandards

16. Survey of BSI DP guidance subcribers (2006) Read more at: http://shop.bsigroup.com/ictstandards DP Purchasers by Sector Commercial Local Government Education Healthcare & NHS Government Agency Museums, Art Galleries Police Central Government Financial Housing Association Manufacturing Charity Professional Body Legal Consultant Publisher

17. Survey of BS 10012 users by Sector Read more at: http://shop.bsigroup.com/ictstandards

18. Survey of BS 10012 users by Sector Read more at: http://shop.bsigroup.com/ictstandards

19. Survey of BS 10012 users by organisation Read more at: http://shop.bsigroup.com/ictstandards

20. Survey of other BS 10012 users Read more at: http://shop.bsigroup.com/ictstandards

24. BSI input into Public Consultations Read more at: http://shop.bsigroup.com/ictstandards

26. Agenda 10.00 Introduction 10.10 Review of BS 10012 versus original business case 10.30 BS 10012 success and general feedback 10.50 Briefing for morning workshop 11.00 Workshops to consider BS 10012 and Data Protection 12.00 Feedback from morning workshop teams 12.30 Lunch 13.30 Preservation of electronic records 14.10 Briefing for afternoon workshop 14.15 Workshops to consider preservation of electronic records and information governance 15.00 Feedback from afternoon workshop teams 15.15 Closing remarks Read more at: http://shop.bsigroup.com/ictstandards

27. Agenda 10.00 Introduction 10.10 Review of BS 10012 versus original business case 10.30 BS 10012 success and general feedback 10.50 Briefing for morning workshop 11.00 Workshops to consider BS 10012 and Data Protection 12.00 Feedback from morning workshop teams 12.30 Lunch 13.30 Preservation of electronic records 14.10 Briefing for afternoon workshop 14.15 Workshops to consider preservation of electronic records and information governance 15.00 Feedback from afternoon workshop teams 15.15 Closing remarks Read more at: http://shop.bsigroup.com/ictstandards

34. Agenda 10.00 Introduction 10.10 Review of BS 10012 versus original business case 10.30 BS 10012 success and general feedback 10.50 Briefing for morning workshop 11.00 Workshops to consider BS 10012 and Data Protection 12.00 Feedback from morning workshop teams 12.30 Lunch 13.30 Preservation of electronic records 14.10 Briefing for afternoon workshop 14.15 Workshops to consider preservation of electronic records and information governance 15.00 Feedback from afternoon workshop teams 15.15 Closing remarks Read more at: http://shop.bsigroup.com/ictstandards

37. Agenda 10.00 Introduction 10.10 Review of BS 10012 versus original business case 10.30 BS 10012 success and general feedback 10.50 Briefing for morning workshop 11.00 Workshops to consider BS 10012 and Data Protection 12.00 Feedback from morning workshop teams 12.30 Lunch 13.30 Preservation of electronic records 14.10 Briefing for afternoon workshop 14.15 Workshops to consider preservation of electronic records and information governance 15.00 Feedback from afternoon workshop teams 15.15 Closing remarks Read more at: http://shop.bsigroup.com/ictstandards

38. Agenda 10.00 Introduction 10.10 Review of BS 10012 versus original business case 10.30 BS 10012 success and general feedback 10.50 Briefing for morning workshop 11.00 Workshops to consider BS 10012 and Data Protection 12.00 Feedback from morning workshop teams 12.30 Lunch 13.30 Preservation of electronic records 14.10 Briefing for afternoon workshop 14.15 Workshops to consider preservation of electronic records and information governance 15.00 Feedback from afternoon workshop teams 15.15 Closing remarks Read more at: http://shop.bsigroup.com/ictstandards

42. Electronic preservation What we have now (1) Long term preservation ISO/TR 18492:2005 - Long-term preservation of electronic document-based information ‘ How to’ guide - Digital records preservation JWG (TC 46/SC 11 & TC 171 ) Storage media ISO/TR 10255 - Document management - Optical disk storage technology - Management and standards (at final proof stage) ISO 12142:2001 - Electronic imaging - Media error monitoring and reporting techniques for verification of stored data on optical digital data disks (in ballot for withdrawal, replaced by:) ISO 23868:2008 - Document management - Monitoring and verification of information stored on 130mm optical media Read more at: http://shop.bsigroup.com/ictstandards

43. Electronic preservation What we have now (2) Processes ISO/NP XXXXX Digital records conversion and migration processes (Records management) Use of microfilm ISO 11506:2009 - Document management applications - Archival of electronic data - Computer Output Microform (COM) / Computer Output Laser Disc (COLD) Authenticity ISO 12654:1997 - Electronic imaging - Recommendations for the management of electronic recording systems for the recording of documents that may be required as evidence, on WORM optical disk (Adopted as BS 7768 in UK) ISO/TR 15801:2004 - Electronic imaging - Information stored electronically - Recommendations for trustworthiness and reliability (revision due 2009) Read more at: http://shop.bsigroup.com/ictstandards

44. Electronic preservation What we have now (3) Electronic preservation formats ISO 32000-1:2008 - Document management - Portable Document Format - PDF 1.7 ISO/NWI 32000-2 - Document management - Portable Document Format - PDF X ISO 19005-1:2005 Document management - Electronic document file format for long-term preservation - Use of PDF 1.4 (PDF/A-1) ISO/CD 19005-2 Document management - Electronic document file format for long-term preservation (PDF/A) - PDF 1.7 (Due 2009/10) ISO 24517-1:2008 - Document management - Engineering document format using PDF - Use of PDF 1.6 (PDF/E-1) ISO/NWI 14289 - PDF / Universal Access Read more at: http://shop.bsigroup.com/ictstandards

45. Electronic preservation What we have now (4) BSI publications: Preservation BIP 0089:2008 A manager’s guide to the long-term preservation of electronic documents Authenticity BS 10008:2008 Evidential weight and legal admissibility of electronic information BIP 0008:2008 Code of practice for implementing BS 10008 Read more at: http://shop.bsigroup.com/ictstandards

47. Survey of BS 10008 users by Sector Read more at: http://shop.bsigroup.com/ictstandards

48. Electronic preservation Where do we go from here? Workshop topics: 1. Electronic preservation – do we need more guidance? How do we get more take-up with PDF/A? 2. Legal admissibility – still seems to be an issue – how do we solve the issue? 3. Information Governance is growing in stature – what guidance is needed? What existing standards topics need to be included within Information Governance? Read more at: http://shop.bsigroup.com/ictstandards

49. Agenda 10.00 Introduction 10.10 Review of BS 10012 versus original business case 10.30 BS 10012 success and general feedback 10.50 Briefing for morning workshop 11.00 Workshops to consider BS 10012 and Data Protection 12.00 Feedback from morning workshop teams 12.30 Lunch 13.30 Preservation of electronic records 14.10 Briefing for afternoon workshop 14.15 Workshops to consider preservation of electronic records and information governance 15.00 Feedback from afternoon workshop teams 15.15 Closing remarks Read more at: http://shop.bsigroup.com/ictstandards

50. Agenda 10.00 Introduction 10.10 Review of BS 10012 versus original business case 10.30 BS 10012 success and general feedback 10.50 Briefing for morning workshop 11.00 Workshops to consider BS 10012 and Data Protection 12.00 Feedback from morning workshop teams 12.30 Lunch 13.30 Preservation of electronic records 14.10 Briefing for afternoon workshop 14.15 Workshops to consider preservation of electronic records and information governance 15.00 Feedback from afternoon workshop teams 15.15 Closing remarks Read more at: http://shop.bsigroup.com/ictstandards

54. Agenda 10.00 Introduction 10.10 Review of BS 10012 versus original business case 10.30 BS 10012 success and general feedback 10.50 Briefing for morning workshop 11.00 Workshops to consider BS 10012 and Data Protection 12.00 Feedback from morning workshop teams 12.30 Lunch 13.30 Preservation of electronic records 14.10 Briefing for afternoon workshop 14.15 Workshops to consider preservation of electronic records and information governance 15.00 Feedback from afternoon workshop teams 15.15 Closing remarks Read more at: http://shop.bsigroup.com/ictstandards

55. Agenda 10.00 Introduction 10.10 Review of BS 10012 versus original business case 10.30 BS 10012 success and general feedback 10.50 Briefing for morning workshop 11.00 Workshops to consider BS 10012 and Data Protection 12.00 Feedback from morning workshop teams 12.30 Lunch 13.30 Preservation of electronic records 14.10 Briefing for afternoon workshop 14.15 Workshops to consider preservation of electronic records and information governance 15.00 Feedback from afternoon workshop teams 15.15 Closing remarks Read more at: http://shop.bsigroup.com/ictstandards