Data Management British Standards

There are two British Standards that deal specifically with data management. These are Principles of Good Practice for Information Management (BSI-DISC PD 0010), and Code of Practice for Information Security Management (British Standard BS7799 – now ISO 27002).

Principles of good practice for Information Management (BSI-DISC PD 0010) by Bernard Dyer and Bill Mayon-White is intended for use by all individuals and organisations with a duty to create and maintain records. It provides a practical framework to guide organisations through the operation and development of new methods and technologies for managing information. The framework is structured around the following five core principles:

  1. Recognise and understand all the types of information being managed
  2. Understand the legal issues and execute ‘duty of care’ responsibilities
  3. Identify and specify business processes and procedures
  4. Identify enabling technologies to support business processes and procedures
  5. Monitor and audit business processes and procedures

BS7799 (BS7799-2:2005), which now has the international number ISO 27001:2005, is the international best practice information security management standard, defining and guiding Information Security Management System (ISMS) development.

IT Governance: A Manager’s Guide to Data Security and ISO 27001 / ISO 27002 contains everything necessary to help you implement an ISO 27001 (BS7799) Information Security Management System (“ISMS”), in any organisation, in any sector, anywhere in the world.