is the online magazine of BSI Group, highlighting the vital role that standards play in today's business environment by helping organizations improve quality, save money, reduce risk and be more sustainable. Features include interviews with leading business figures, as well as news on the latest developments in management systems, standards, testing, healthcare and certification.
Viewpoint
Question: This year marks the 25th anniversary of data protection regulation in the UK. Does the fact that such legislation exists mean that standards do not have a big role to play in the data protection puzzle?First of all, the fact that there is legislation in place does not mean standards do not have a role to play. Quite the contrary: in many cases, standards offer a framework for businesses to better prepare and comply with legislation. For example, vast amounts of personal information are handled by organizations of all sizes, across - and between - the public and private sector. Such information must be treated with the highest possible standard of care - not just because of the manifold business benefits of ensuring that personal data is collected, stored and shared appropriately, but also because there is a legal requirement to do so, such as under the UK 1998 Data Protection Act (DPA).
However, according to a survey conducted by BSI of over 500 UK SMEs, almost one in five businesses admitted to having unwittingly breached the DPA - not simply by failing to hold personal information securely but by neglect of other legal obligations. Moreover, a third of businesses said that the complexity of the DPA restricted their ability to comply with the Act.
This is where standards can play a vital role. BS 10012:2009 Data protection. Specification for a personal information management system, published by BSI, provides a framework for organizations to maintain and improve compliance in this area. It's the first standard for the management of personal information and can be used by any organization.
While legislation does not offer advice on compliance, standards like BS 10012 can help organizations create a tailored management system, covering key areas such as training and awareness, risk assessment, data sharing, retention and disposal of data, and disclosure to third parties. It sets the stage for compliance both now and in the future.
Standards also benefit from the involvement of a wide range of stakeholders. A draft form of BS 10012 was developed by a panel of experts including representatives from industry, government, academia and consumer groups, before a three-month period of public consultation. This generated over 500 comments, each of which was reviewed by the panel before the final version of the standard could be published. The end result is a robust standard that offers support to organizations looking to set-up and monitor a system for managing their compliance with data protection legislation. The standard is supported by BSI's new Online Data Protection Tool, which assists organizations in meeting their legal requirements.
We have already seen impressive take-up of BS 10012 from a range of sectors, including central and local government but also banking, healthcare, policing, charities, companies engaged in clinical trials; anywhere the safe stewardship of personal (sometimes sensitive) data is of paramount importance.
By becoming more confident in how they lawfully manage such information, we believe organizations will also deliver better customer service, and in these still-uncertain times, that can be a real competitive advantage.
Mike Low, director, Standards, BSI ______________________________________
Data protection regulations mean that organizations need to process personal information in a manner that protects the rights of the individual. However, they do not specify the most efficient way to comply with the regulation. As a consequence, organizations often muddle their way through and many are uncertain whether they are complying with the regulations or not.
Under the circumstances, standards continue to play an important part in ensuring compliance and reassuring customers and clients that their information is safe and sound. Standards can be used to identify and assist organizations in the development of policies, processes and technology to comply with the regulations. For example, BS 10012 specifies a management system that enables organizations to put in place, as part of the overall information governance infrastructure, a framework for maintaining and improving compliance with data protection legislation and good practice.
Alan Shipman, director, Group 5 Training Limited
Business Standards © 2010. Editorial produced by Caspian Publishing in association with The British Standards Institution. Editorial opinions expressed on are not necessarily those of BSI Group or Caspian Publishing. Neither Caspian Publishing nor BSI Group accept responsibility for advertising or editorial content, nor for that appearing on linked third-party websites. Reproduction in whole or in part is forbidden without written permission from BSI Group or Caspian Publishing.
OCS, an international facilities services group based in the UK, has achieved triple certification to ISO 9001 Quality management, ISO 14001 Environmental management/ and BS OHSAS 18001 Health and safety management with BSI.
Rising waters: revising PAS 1188
For those living in areas that are prone to flooding, having the right protection resources available is essential. While images of emergency sandbags holding back rivers of water may fill the media, there is a much wider range of products available for flood protection.
Sapphire earns a standards hat-trick
Sapphire Energy Recovery, the waste processing and resource recovery business owned by Lafarge Cement, has achieved certification to three management systems standards (ISO 9001 Quality management, ISO 14001 Environmental management and BS OHSAS 18001 Health and safety management) from BSI. Sapphire is the UK's leading processor of used tyres, and sources and manages the logistics of a range of waste-derived fuels and raw materials for the cement industry.
UK film industry pioneers sustainability standard developed by BSI
The British film industry, in conjunction with BSI, is taking the lead in the global entertainment market with the announcement at the Cannes Film Festival of a new British Standard that will improve the industry's environmental, social and economic impact. For example, in London alone, screen production accounted for 125,000 tonnes of carbon emissions in 2009, 40% of which came from studios and 28% from TV and film production.
Gerda, a leading developer and manufacturer of products for the security industry, has become the first company to be awarded the Kitemark for thief-resistant lock assemblies, in line with BS 10621:2007 Thief resistant dual-mode lock assembly.
Question: Do companies need to verify their carbon footprint?
Unless a business is regulated by some form of greenhouse gas (GHG) reporting and/or cap-and-trade regulation (as is the case for some 12,000 installations in Europe), rarely is there the need to either calculate or verify the accuracy of a carbon footprint.
Have a standards-related question for BSI or a comment on the website? We'll find the right person to answer.
