Data protection: Audit and certify according to the standard BS 10008 (ERMS)

in Advisory, 04.09.2013

A confidential Electronic Records Management System (ERMS) is essential for your data protection. British Standard BS 10008 is the value creating solution. KPMG is now officially accredited by the Swiss authorities Seco SAS to audit and certify according to the standard BS 10008.

Concerning the newly issued banking regulations like MiFID-2 and new banking operation risk regulations such as Finma circle 2008/21, there are important requirements regarding the records management issues which need to be solved in the financial industry. The BS 10008 standardizations provide enterprises a professional framework to manage the today’s data governance. How records should be managed in a secure way was brought up in several life cases on the market. While managing financial and legal relevant records is primarily concerned with the operational records of three specific aspects of the legal service — courts of law, police forces and public prosecutors — much of its content is also applicable to the management of records in other legal environments. Records are fundamental to the efficient and effective operation of the legal system of an enterprise and perhaps are even more crucial to the administration of law than to any other function of the financial sector. An accountable and transparent electronic Records Management System is good evidence of a strong and honest data government.

What is the BS 10008 Standard?

The Electronic Records Management System (ERMS) is an essential Management Process to provide professional Governance for your data in your enterprise. The international standardization BS 10008 entitled “Evidential Weight and Legal Admissibility of Electronic Information” provides enterprises with an entire control framework to govern your sensitive data and information within the digital archiving systems.

The way companies manage, store and verify their electronic records is a long-term commitment and investment.

Benefits of the BS 10008 Standard:

  • Maintaining the right standard whether you’re migrating data to new storage and digital archiving systems or constantly adding to your records.
  • It is designed to deal with issues relating to the authenticity and integrity of electronic information which may be used as legal evidence, and operational IT Service Management (ITSM) processes.
  • It supports organizations to setup an holistic approach of how records management system could be organized and applicable to enterprise records management systems.

Why the BS 10008 Standard is crucial for companies today?

First of all, the BS 10008 standard is a practical set of control objectives, and is in fact based on an existing code of practice for “legal admissibility and evidential weight of information stored electronically”.

This original code of practice include the electronic communication of information and the linking of electronic identity to documents, which all together make up the new standard – as requested by adopters of BIP 0008. This effectively puts the new standard in direct oversight of requirements like document management, information security and enterprise digital archiving systems.

According to the compliance requirements of the BS 10008 standard it will help organizations to maximize the trustworthiness and reliability of their information, and to minimize the risk associated with long term storage of electronic information on their records management systems.

The scope covers the accessibility and availability of verifiable information over a period of time, and includes the use of document management, storage, transmission, and retrieval systems as well as electronic identification and digital signatures as well as digital time stamping authorities.

About the value of BS 10008 Standard

The enterprise documents and information may be in form of text, executable formulae, and / or multi-media. The main body of the BS 10008 standard provides guidelines and directions on various aspects of electronic information management including:

  • Information management and security policies (covering the electronic storage and transfer of information), roles / responsibilities, reporting and documentation among other things.
  • System implementation and IT operations (covering information capture, transfer, storage, index and output, as well as features like identity, security, disaster recovery, outsourcing, version control and exercising)
  • System monitoring and review (including auditing and management reviews)
  • System maintenance, monitoring and improvement One is left, after reading this, with the overall impression that here is a well thought-out and fairly comprehensive example of a developing standard which will benefit from input by all interested, and affected, stakeholders.

KPMG provides professional certification assessments for the standard BS 10008 Evidential Weight and Legal Admissibility of Electronic Information for your company.

How is the certification BS 10008 process managed by KPMG?

After we have received your application we appoint a client manager who will guide you and your business through the following steps.

  1. Pre-Audit (Health Check)
  2. Formal Certification Assessment
  3. Post Certification Assessment