Relationship between BS 10102-1 and BS 10102-2

In February 2020, BSI released two new data related standards that should be considered by all organisations: 

  • BS 10102-1:2020 – Big data. Guidance on data-driven organizations 
  • BS 10102-2:2020 – Big data. Guidance on data-intensive projects 

Although the titles state ‘Big data’, this only reflects the committee that created them. They are in fact applicable to virtually all organisations. 

Read on to get an overview of what they contain 

BS 10102 has been developed in two parts to provide guidance for a data-driven organisation and how data‑intensive projects are initiated by the organisation, with project outputs informing and influencing the organisation. These two documents are intended to be used together. The diagram below illustrates the relationship between these two parts.  

Part 1

Part 1 is relevant to almost all organisations and gives guidance on realising value from data. Key areas covered include: 

  • Section 4 describes 8 key principles
    1. Value – correct data exploitation can deliver significant value to an organisation, however, poor data exploitation can adversely affect the performance, profitability and reputation of the organisation 
    2. Data governance – monitoring data exploitation; understanding the provenance, legitimacy and accuracy of data; and responding to risks and issues 
    3. Fairness, transparency and ethics – demonstration of fair, transparent and ethical approaches to data exploitation including the transparency of processing and algorithms 
    4. Investment and innovation – adequate support to implement these guidelines and encourage further exploitation opportunities 
    5. Protecting intellectual property rights and commercially sensitive data 
    6. Respect for the individual 
    7. Security and privacy 
    8. Engagement, communication and training 
  • Section 5 describes key aspects of the data lifecycle and the processes required for management during the lifecycle phases of – Acquisition, Storage and handling, usage/ exploitation, data improvement, data matching, data sharing/ publishing and portability, data preservation, archiving and deletion/ destruction. 
  • Section 6 explains requirements for data governance
    • Establishing the data governance system
      • Define, agree and enforce rules 
      • Resolve issues 
      • Monitor and enforce compliance 
      • Opportunity/ threat awareness 
    • Data as a risk and a means to manage risk 
    • Choice of project management methodologies 
    • The need for a change management process and the types of change to be covered 
    • Security-by-design and privacy-by-design 
  • Section 7 explains a range of interface considerations affecting data exploitation 
    • Understanding business requirements and objectives and how data supports them 
    • The need for a data strategy and considerations during its development 
    • Data architecture management and master data management involves understand the data stores that exist within the organisation and the need to keep master data up to date 
    • Data standards to specify consistent approaches to data across the organisation 
    • Approaches to data ethics to reduce the risk of activities that could either be illegal and/or lead to reputational damage 
    • Awareness of organisational capabilities and how future data requirements could be resourced 
    • Provision of the resources needed for data exploitation 
    • Understand the competence levels of key staff involved in data activities 
    • Provision of training and raising awareness 
    • Behaviours and beliefs – those who have read previous blog posts of ours will recognise the importance of culture to data activities 
    • Data quality management and the range of data quality criteria that could be applicable. This also refers to ISO 8000-61 which we have described in other posts 
    • Internal communications to cover both ‘steady state’ activities and during change 
    • Responding to changing circumstances which may be the trigger for a data-intensive project 
  • Section 8 describes external considerations: 
    • Communications to parties outside the organisation 
    • Addressing capability gaps by dealing with external parties 
    • Terms and conditions when contracting data related activities 
    • Understanding and managing risks and liabilities 
    • Considerations for security and privacy when dealing with external parties 
  • Finally, Section 9 describes the process of initiating data-intensive projects, the subject of Part 2 

Part 2

Part 2 of the standard links closely to Part 1 and focuses on data-intensive projects. So what is a ‘data-intensive project’? The standard explains:

“Data-intensive projects are those that consume, create, analyse and/or process large volumes of data which are critical for the successful delivery of the project. What is data‑intensive for one organization might not be so for another, and each organization needs to interpret the guidance in its own individual circumstances.”

BS 10102-2

The topics covered by this part of the standard include:

  • Section 4 considers different types of projects including defined/ specified projects, exploratory projects, research and development projects and transformational projects. Several other organisational situations that will drive data-intensive projects are described
  • Section 5 describes ten key guidelines for data-intensive projects
    1. Requirements for documentation to support project delivery
    2. Defining project data requirements
    3. Assigning project responsibilities
    4. Communications
    5. Sourcing data to understand where data has originated, how to access it, what it represents and the quality of that data
    6. Data preparation to convert data to be suitable for project activities
    7. Data processing to deliver value from the data
    8. The application of different modelling methodologies
    9. Evaluation of processing outputs
    10. Project outputs
  • Section 6 provides a quick reminder about data security, privacy and ethics covered in Part 1
  • Section 7 considers change management and refers to Part 1 for change processes but additionally reminds readers that the project outputs will also be a form of change
  • Section 8 considers aspects of project closure such as delivery of project outputs and lessons learned

Both parts of this standard are available from the BSI Shop

Our Director, Julian Schwarzenbach, was part of the committee that developed these standards so can help if you need support in understanding the approach or implementing in your organisation.

Tagged on:     

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.