I was yesterday asked whether our system was compliant with relevant standards for legal admissibility. Now it’s been a while since I read the relevant documents from BSi so I took some time to catch up on the latest standard BS10008:2008 available from BSi online at http://www.bsigroup.com/en/Shop
It’s changed a little since the original draft of PD0008 and there is more imaging specific advice but the basic premise remains the same, the admissibility of electronic documents for evidence is as much if not more to do with the management and operation of a document system than the technical details of the system itself. Some interesting points from the publication BIP 0008-1 ‘Code of Practice for Legal Admissiblity’ :-
Compliance requires not just a ‘system’ but a set of documentation that defines what the system is for, how it is to be used and evidence that it is being used correctly, these include a Management Policy, Retention Schedule, Security Policy, Procedures Manual and a System Description. These documents themselves should be managed with facilities for version control and release approval (good job you have a Document Management system eh).
Ok, so you’ve implemented the system, written all the procedural and policy documents and every time anyone goes anywhere near the system it is audited, is it now legally admissible? Well actually yes, but it was to start with, just now you have more evidential weight and it is less likely your electronic document evidence will be disputed. Civil law is based on the ‘balance of probability’ or ‘evidential weight’ whereas Criminal Law is dependent on ‘Beyond Reasonable Doubt’. In both cases though an original document will carry more evidential weight than an electronic copy.
Regarding the technology, which I suspect is what I was really being asked about, there is some useful guidance. Scanning with image enhancement is an interesting subject especially as scanners these days either come with integrated enhancement or software drivers that perform it.
The digitised image should be a true facsimile of the original, but features like de-skew, de-speckle, cropping, dynamic threshold, conversion from grey or colour to mono all affect the resulting image. The process of scanning and the enhancement applied during the process must be documented and tests performed and documented on examples to ensure the resulting images represent a true enough copy of the original.
The use of WORM media is not a requirement but can substantially enhance the evidential weight that the document has not been changed since its original capture. Normal Read/Write magnetic media is acceptable but you would need to restrict access and audit at operating system level to secure the same level of confidence.
One piece that made me smile was a reference to training, that staff should be trained on use of the system and should prove their competence before being allowed to. How true that is.
In summary I shall be answering that our system CAN BE legally compliant but will have to then go to great depths to explain all the details around what that does and does not mean. In the meantime if you want to know if YOUR system is compliant with BS10008 get a copy of BIP0009 (Compliance Workbook) from the BSi website and undertake your own assessment.
Until next time
Tim
