Evidential weight and legal admissibility of electronic information specification
BS 10008 specifies what is required in order to implement and operate an electronic information management system. The standard is based on BIP 0008 which was designed to deal with issues relating to the integrity and authenticity of information stored electronically.
The contents of the standard include:
- The availability and accessibility of information
- The use of document management
- The management of quality issues related to document scanning processes
- The provision of a full audit trail for the life of a piece of electronic information
- The electronic transfer of information from one computer system to another
- Copyright management
- System maintenance
Dajon are audited compliant with BS 10008.
As an ISO 9001 certified organisation we have implemented quality management system requirements for all areas of the business including:
ISO 9001 accreditation gives you the confidence that Dajon have the quality systems in place that will provide the foundation to better customer satisfaction, staff motivation and continual improvement.
The international standard for Environmental Management Systems
ISO 14001 is the principal management system standard which specifies the requirements for the formulation and maintenance of an EMS. There are three fundamental commitments required in an environmental policy that meets the requirements of ISO 14001. These include:
- Prevention of pollution
- Compliance with legislation
- Continual improvement of the EMS
These commitments help drive the improvements in overall environmental performance.
The international standard describing best practice for an Information Security Management System
An Information Security Management System (ISMS) is “part of the overall management system, based on a business risk approach, to establish, implement, monitor, review, maintain and improve information security. The management system includes organisational structure, policies, planning activities, responsibilities, practices, processes and resources” (ISO/IEC 27000:2012).
An ISMS is a systematic approach to managing confidential or sensitive corporate information so that it remains secure (i.e. available, confidential and with its integrity intact). It encompasses people, processes and IT systems, in recognition that information security is not just about anti-virus software, implementing the latest firewall or locking down your laptops or web servers. The overall approach to information security should be strategic as well as operational, and different security initiatives should be prioritised, integrated and cross-referenced to ensure overall effectiveness.
Data Protection Act 1998
We are registered with Data Protection Act 1998 in the UK under the auspices of the Information Commissioner's Office (ICO). The principles are:
- Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless –
- at least one of the conditions in Schedule 2 is met, and
- in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
- Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
- Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
- Personal data shall be accurate and, where necessary, kept up to date.
- Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
- Personal data shall be processed in accordance with the rights of data subjects under this Act.
- Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
- Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.