There are two British Standards that deal specifically with data management. These are Principles of Good Practice for Information Management (BSI-DISC PD 0010), and Code of Practice for Information Security Management (British Standard BS7799 – now ISO 27002).
Principles of good practice for Information Management (BSI-DISC PD 0010) by Bernard Dyer and Bill Mayon-White is intended for use by all individuals and organisations with a duty to create and maintain records. It provides a practical framework to guide organisations through the operation and development of new methods and technologies for managing information. The framework is structured around the following five core principles:
- Recognise and understand all the types of information being managed
- Understand the legal issues and execute ‘duty of care’ responsibilities
- Identify and specify business processes and procedures
- Identify enabling technologies to support business processes and procedures
- Monitor and audit business processes and procedures
BS7799 (BS7799-2:2005), which now has the international number ISO 27001:2005, is the international best practice information security management standard, defining and guiding Information Security Management System (ISMS) development.
IT Governance: A Manager’s Guide to Data Security and ISO 27001 / ISO 27002 contains everything necessary to help you implement an ISO 27001 (BS7799) Information Security Management System (“ISMS”), in any organisation, in any sector, anywhere in the world.