CADWEB - Project extranet and project collaboration extranets

News

Cadweb is the First to be certified to BS 10008

June 2009

Cadweb is pleased to announce that its market leading system Cadweb.net is now certified to BS 10008 ‘Evidential Weight and Legal Admissibility of Electronic Information’. Cadweb is the first in its field to achieve this certification which follows a natural progression from its long term certification to ISO/IEC 27001 ‘Information Security Management’. Cadweb.net’s certification to this standard is also unique in its market place.

What is BS 10008 ‘Evidential Weight and Legal Admissibility of Electronic Information’

BS 10008 started life as a best practice document on how to ensure the legal admissibility of data created and stored in an IT system. In November 2008 it became a fully fledged British Standard. As its title implies the standard sets out the technical requirements of an IT system that need to be in place to govern the storage, transmission and identification of data. Thus any data/metadata produced from such a system can be guaranteed to be acceptable as bona fide evidence in a UK court of law.

What effect will it have?

Now that there is a standard to judge the legal integrity of IT systems, the status of any system not certified, and this will include email, will become increasingly doubtful. What this means in practice is that as this standard starts to become more widely adopted, any IT system whose data may be required for use in a court of law will have to be certified.

Increasingly if data cannot be shown to have come from a system certified to BS10008 lawyers will be able to question the validity of that electronic evidence and will be able to diminish its legal weight if not have it treated as hearsay and rendered completely inadmissible by the courts.

Cadweb.net compliance

Very early on in its development Cadweb realised the importance of the legal standing of any audit trail provided by the system. Unless this can stand up in court and the provider can guarantee this, then the value of the system to any client is greatly diminished.

Up until now the best measure of a system’s legal robustness was for it to be audited to ISO/IEC 27001 ‘Information Security Management’ which required independent third party certification. Cadweb has been audited to this standard by the British Standards Institute since 1998. Now that the technical requirements have been clearly set out in BS10008, certification to this standard will also becomes necessary if a system’s audit trail is to be relied upon in legal proceedings.

Who audits the auditor?

The new standard clearly sets out the minimum technical and operational requirements of a system for the Transmission, Storage and Identification of information contained within it. It has much in common with ISO 27001 which it refers to within the text on a number of occasions. However, the standard does have one flaw in that it is possible to ‘self-certify’. In other words no independent verification of a system’s compliance to its requirements is required. This seems a pity because it is open to abuse; self-certification to BS10008 is the equivalents of letting MPs manage their own expenses, and we know how that turned out!

Therefore the best way to ensure the legal integrity and robustness of any system is to use one which is certified to both ISO 27001 and BS10008. This will ensure that the system has been rigorously designed, built and managed and that it is regularly inspected and certified by a qualified independent third party.

Ends
For further information please contact Francis Newman on 0208 964 5040.

Notes to Editors

Founded in 1995 Cadweb is the longest and oldest, established project extranet provider in the UK. Cadweb is now recognized as the de facto market leader in it's field with a long and growing list of blue-chip clients. Project Extranets provide an internet based central searchable repository for project information whereby project data can be stored and retrieved by all members of a construction project.
Cadweb.net provides an internet based, central, highly searchable repository for all project information, whereby project data can be stored and retrieved by all members of a construction project.