September 10th, 2021
Space and cost savings, faster document processing, and the long-term safeguarding of information: These are all advantages of digital audit-proof archiving. But how can you ensure that all guidelines are adhered to and that your documents are archived in a secure manner legally? Because audit-proof archiving is indispensable for compliance conformity alone.
The VOI, an independent professional association for providers and users in the field of Enterprise Information Management, has compiled a guide for this reason. It is intended to help you find your way through the legal texts, ordinances and regional and industry-specific regulations.
You must archive each document properly.
Depending on the type of document, there are different rules you must follow. For example, different regulations apply to invoices than to contracts. However, electronic archiving should not only comply with legal requirements, but also with operational requirements. These are the basis for the reliable and audit-proof storage of documents.
You need to archive every document completely and securely.
Information is now increasingly captured, processed and archived digitally. To prevent information loss, it is therefore essential that you store all documents completely.
Every document must be archived in the fastest way possible.
For long-term preservation of information, you should edit and file the relevant documents in a timely manner. In this way, you not only ensure easy access to the digital documents, but also their long-term preservation. In this way, you also prevent knowledge from being lost or even being impossible to find.
You must archive each document in its original and unchangeable form.
It is important that you can retrieve each document in its original form. According to GoBD regulations, this function must be available at all times. If changes or deletions are necessary, you have to document them completely.
Customize user rights
Each document must be provided with an appropriate rights release.
Data protection or operational reasons: Not every employee may have access to every document. An authorization concept is necessary to protect confidential information.
Each document must be retrievable and reproducible within a reasonable time.
Archived documents must be accessible within a reasonable time. What constitutes a reasonable time depends on the state of information technology and the context in which the content is to be made accessible.
Comply with retention period
You must keep each document in the archive until the end of its intended life.
Within the entire retention period, all documents must be available for viewing. You may delete a document from the archive at the earliest after the legal retention period of the respective document has expired. For example, an archiving period of ten years applies to accounting documents and invoices; for received commercial or business letters it is six years.
Every activity in the archive must be documented.
By logging subsequent changes to a document, you ensure that it can be restored to its original form. The log must be meaningful and must contain all changes.
Enable process verification
An expert third party must be able to check the entire archiving process at any time.
The archiving process is checked by the expert for its legal conformity in organizational and technical terms. For this reason, process documentation and system logs are essential. This enables you to prove that you are complying with the relevant regulations for capturing, recording, processing, storing and disposing of data and documents.
Follow the guidelines
Any migration and modification to the archiving system must be carried out according to the principles mentioned above.
During the required retention periods, the archiving systems used are often modified – either by replacing individual devices or by migrating the archive. Therefore, you must follow all of the above principles whenever you make a change. In particular, you should document the migration changes and measures carefully so that their correctness can be verified during the retention period of the migrated documents.
Audit-proof archiving of documents summarized
This guide will help you to keep track of the legal requirements for audit-proof archiving. You can find out which document has to be archived specifically for which time and whether it has to be archived at all from the relevant legal regulation.
In principle, the following requirements apply to audit-proof archiving: You are obliged to retain documents as follows:
- in time