[Owasp-leaders] DPC BS 10012 - Draft Response

Colin Watson colin.watson at owasp.org
Thu Mar 19 13:03:09 EDT 2009


Dear all

The Industry Committee would like to receive any input in another
response to a draft standard.  This time it is BS 10012 "Specification
for the Management of Personal Information in Compliance with the Data
Protection Act 1998" Draft for Public Comment (DPC).  This draft
standard's purpose is to enable organizations to put in place a
personal information management system (PIMS), to which provides an
infrastructure for maintaining and improving compliance with amongst
other things the requirements of the UK Data Protection Act 1998
(DPA).

Implementation sections within the draft document include:

4.13 Security issues
  4.13.1 Security controls
  4.13.2 Storage and handling
  4.13.3 Transmission
  4.13.4 Access controls
  4.13.5 Security assessments
  4.13.6 Notification of security incidents
  4.13.7 Contingency plan

This one may be of more interest to the UK community, or people
knowledgeable about data privacy issues.  We have prepared a draft
response at:

   http://www.owasp.org/index.php/Industry:DPC_BS_10012

Unfortunately the DPC is not easily accessible.  You have to register
on the BSI Draft Review System and view it one section at a time:

   http://drafts.bsigroup.com/

(or of course buy it!).  Our deadline is the end of March.  Any
comments via the wiki or directly to me are appreciated.  Other
current, and past, Industry Committee initiatives are listed on our
page:

   http://www.owasp.org/index.php/Global_Industry_Committee

Regards

Colin Watson
Global Industry Committee member


More information about the OWASP-Leaders mailing list