3. Benchmarks for businesses
It is important to note that complying with standards such as those set out by the International Organization for Standardization (ISO) and British Standards Institution (BSI) is voluntary.They are designed to provide clear, consistent and thorough guidelines, so organisations can prove that they are working to the same benchmark.
Whether or not a business adheres to one of these frameworks is entirely their call.
i. BS 10008:2008 Evidential Weight and Legal Admissibility of Electronic Information
The cutting-edge British benchmark for ensuring that scanned documents carry evidential weight is the BS 10008 standard. In the eyes of BSI and its partners, an organisation that implements BS 10008 is a shining example of best practice, and more importantly, their electronically-stored information should prove unassailable in court.
BS 10008 is not the BSI’s first attempt at creating a benchmark for legally admissible scanned documents. The standard builds on earlier guidelines, most importantly BIP 0008, to ensure that they continue to stand up in the 21st century.
“BIP 0008 is all about best practice for the physical-paper-to-image process and the ongoing management of the image file for the rest of its life, alongside that of the paper,” comments Mr Wall. “It also provides guidance for the handling of all electronic information by the organisation – storage, transmission, transfer, security and so on.”
Meanwhile, Mr Wall explains that BS 10008, the successor to the BIP 0008 guidance, comprises “a wider view of how an organisation operates and looks after its information. It covers data management, audit trails, encryption and the authentication of electronic signatures, among other aspects. In short, it offers enough guidance to put to rest the concerns raised by respondents to AIIM’s ‘Winning the Paper Wars’ survey: the preconceptions that physical signatures on paper are obligatory and that the scanning of documents will compromise legal admissibility.”
ii. Other standards that you can use
The BSI is not the only institution to have addressed the evidential weight of electronically stored information in the form of a documented standard.
For instance, the ISO offers a very similar benchmark. It is called ISO/TR 15801:2009 and, in that organisation’s words, describes “the implementation and operation of document management systems that can be considered to store electronic information in a trustworthy and reliable manner” It overlaps fairly substantially with BS 10008.
A recent development also worth mentioning is that the PDF Association (PDF/A) standard, which builds on Adobe’s widely used Portable Document Format (PDF), is increasingly accepted too. Notably, it appears in MoReq 2010, the European Commission’s most recent guidelines on what it calls “model requirements for the management of electronic records”, meaning that it is supported by EU legislators.
Finally, Mr Wall suggests that organisations seeking to satisfy a BS 10008 compliance audit will “naturally be in a better position” should they also be accredited to ISO standards like 9001:2008 (quality management) and 15489-1:2001 (records management).
He offers one caveat, however: “Many of these certifications leave the information management aspects untested or even excluded.”