Complying with PD0008?

If you have read the first article you will have remembered that we discussed about PD0008?

Is it complicated to comply with PD0008?

Like any project or change of systems a starting point must be organized and followed, considerations must be taken into place. Before choosing any electronic document storage solution organizations, considerations must take place.

Data retention and disposal requirements

Derived from legislation including data weeding and disposal to ensure that destruction of data is secure and that evidential probity of scanned documents has been assured prior to hard copy data destruction

Audit data requirements

Meet ISO 17799, evidence legislation and the Data Protection Act1998

Access control considerations

Ensure compliance with ISO 17799, evidence legislation and the Data Protection Act 1998

Interface requirements

Including encryption and safeguarding of encryption keys

Backup obligations

Ensure use of optical WORM devices for legal integrity of data with0% data loss to prevent loss/corruption to ensure compliance with the Data Protection Act1998 and evidence based legislation

Disability Discrimination Act requirements

To ensure that the solution meets the needs of disabled users

ISO 17799

Evidence of compliance with this standard assists in showing a Court that the

Computer records can be relied upon.

Auditing the auditors

Who is auditing the system administrators? Checks need to be in place to ensure integrity of data or all other controls can be called in to question by a Court of Law

Testing

The electronic storage solution and ongoing patches to it will need to be tested including IT health checks before they are operated within the live environment – they shouldn’t be tested using live data

Clock Synchronization

The electronic storage solution’s application clock needs to be synchronized with those with the organization’s estate to ensure that audit data is consistent and reliable

Monitoring

Users that send information to or receive information from the solution must consent to and/or have been advised that interceptions of their communications may be made without notice

Freedom of Information Act 2000

The storage solution will need to support swift and easy searches for information

Technical and organization controls

Derived from legislative requirements

Printing of Evidential Records

All data contained within the electronic storage solution should be capable of being printed to produce a permanent record accompanied by authentication of the data, i.e. a digital signature proving the integrity of the original file by showing that it hasn’t been tampered with and that it will satisfy the test of repeatability, i.e. it will create the same output of data every time.

Advertisements

About martin smith

A degree in Engineering Management ,who is just trying to make life a bit easier, for anyone who wishes to read these articles. View all posts by martin smith

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: