Principal Guidance
The principal guidance is published by the British Standards Institute in their snappily titled 'Code of Practice for legal admissibility and evidential weight of information stored electronically' (BIP 0008). It sets out five principles of good practice:
- Recognise and understand all types of information.
- Understand the legal issues and exercise a duty of care.
- Identify and specify business processes and procedures.
- Identify enabling technologies to support business processes and procedures.
- Monitor and audit business processes and procedures.
Classification
A fundamental requirement is that all documents and data are identified and classified. How documents are handled, secured and potentially destroyed must be clearly defined and the procedures governing this must be agreed and authorised by senior management. Circumstances will change so it is important that procedures and relating documentation are revised.
In practice this should be part of a more general risk analysis statement as outlined in the British Standards document ISO 17799. Previous versions of procedures need to be kept to demonstrate what was in force earlier.