[Owasp-leaders] DPC BS 10012 - Draft Response

Colin Watson colin.watson at owasp.org
Thu Mar 19 13:03:09 EDT 2009

Dear all

The Industry Committee would like to receive any input in another
response to a draft standard.  This time it is BS 10012 "Specification
for the Management of Personal Information in Compliance with the Data
Protection Act 1998" Draft for Public Comment (DPC).  This draft
standard's purpose is to enable organizations to put in place a
personal information management system (PIMS), to which provides an
infrastructure for maintaining and improving compliance with amongst
other things the requirements of the UK Data Protection Act 1998

Implementation sections within the draft document include:

4.13 Security issues
  4.13.1 Security controls
  4.13.2 Storage and handling
  4.13.3 Transmission
  4.13.4 Access controls
  4.13.5 Security assessments
  4.13.6 Notification of security incidents
  4.13.7 Contingency plan

This one may be of more interest to the UK community, or people
knowledgeable about data privacy issues.  We have prepared a draft
response at:


Unfortunately the DPC is not easily accessible.  You have to register
on the BSI Draft Review System and view it one section at a time:


(or of course buy it!).  Our deadline is the end of March.  Any
comments via the wiki or directly to me are appreciated.  Other
current, and past, Industry Committee initiatives are listed on our



Colin Watson
Global Industry Committee member

More information about the OWASP-Leaders mailing list