BSI guidelines address data protection issues in systems testing

BSI guidelines address data protection issues in systems testing

UK standards body BSI has published a new set of guidelines designed to help banks avoid embarrassing and costly security breaches when processing computer-based customer data during systems testing.

The publication explains how to test IT systems within the guidelines of the Data Protection Act 1998 and has been endorsed by the Financial Services Authority and the UK Information Commissioner, Richard Thomas.

Mike Frost, the FSA's manager for the information and archive management unit, says the guide is a practical and useful reference source for the cost-conscious manager dealing with compliance and systems testing.

"At worst, it removes any excuse not to give full consideration to data protection in system testing procedures," he says. "It provides a practical methodology that can save considerable time and effort."

Jenny Gordon, the data protection manager for Internet bank Egg and the co-author of the guidelines, says the use of live data during routine systems testing can pose problems for the unwary: "There is a real risk that the malfunctioning of a system that holds records without individuals' permission will lead to a breach of data protection law."

A copy of the guidelines is available for purchase from the BSI Web site.

Comments: (0)