Legal Archiving & Records management, existing technologies and
Legal Archiving & Records management, existing technologies and solutions Marc Vandeveken - I.R.I.S. Agenda Definition Key drivers and objectives The actual picture Impact on IDR, ECM and ICT. Q&A Definition Archiving is the process of collecting, classifying and preserving
information for future reference . Legal archiving is archiving for legal and regulation purposes. Key Drivers and Objectives E-docs replace P-docs 80% of the information is located in e-mails, e-docs and web. Most of the key-business transactions are now processed electronically. Volume of p-docs is decreasing. Paper archive : expensive, no added-value.
but what about the legal value of E-docs ? Legal value of p-docs is obvious (signature), not the case for e-docs. The Key objective of Legal Archiving is to legitimate electronic information by conferring it the same legal value as paper information). Key Drivers and Objectives Legal and regulation pressure is growing Increasing requirements for documents traceability, retention and disposition + Emerging requirements for private information protection implies :
Proven destruction of private information after retention period expiration. Ability to prove the usage of private information (traceability). Need to protect organizations key information against : Unauthorized access, usage and alteration by internal users. Erroneous deletion or alteration by technical or business staff. The actual picture Original P-doc is considered as a proof. E-doc can be considered as a proof when :
Its origin and author can be undoubtedly proved. The document has been electronically signed (the author is known). A third-party certificate guaranties the undoubtable link between the signature and the content of the document. This certificate must be qualified (i.e : must rely on approved technologies, provider and must contain enough information). No alteration has been made possible since the moment it has been created in its final form. The actual picture To be used as a legal proof, an E-doc must be: authenticated (electronic signature + certificate)
not altered (integrity) Secured and auditable process in the organization : End-to-end (from documentation creation/scanning to archiving) Traceability (who has done what ? When ?) Contextual information : Date, time, place of creation -> time stamping (Horodatage) would reinforce value of proof. Secured long-term storage Concepts and criteria No real legal text to define what a reliable legal archiving system must be. Different norms exist : AFER 16/2008 (E.T.112.081) dd. 13.05.2008:
Condition and terms for storing and archiving the e-invoices and e-data based on the VAT law Legal context on the production and the archiving of e-docs NF Z 42-013 (AFNOR France 2001 new version in 2008) : Set of technical and operational measures to ensure a proper long-term storage and retrieval of electronic documents (scanned or produced by an IT application). Recommends optical storage - physical WORM-, new version also admits logical WORM. ISO 15 489 + MoReq : Dedicated to the records management. MoReq is the operational approach of ISO 15 489 MoReq 2 : European Directive
New version of MoReQ Concepts and criteria Authenticity : Signature Time stamping Non alterability : Through the use of non-rewritable storage Physical WORM (optical juke-boxes) Logical WORM magnetic disk bays (IBM DR550, EMC Centera)
Based only on the signature Normal magnetic disk (reinscriptible) Authentication through PKI Durability: Technological cycle : < 10 years (minus the retention rules)
Storage durability : 5-10 years (magnetic), 10-50 years (optical) Plan periodical upgrade of the systems Regularly verify storage media / perform duplicates through a validated procedure (use of masters). For magnetic disks, use RAID + hot-swappable disks. Use standard file formats (PDF/A-1A) Concepts and criteria Retention period Based on document type. When does it start : On creation date After the last event date (example : account closing, death etc)
The retention delay can be freezed : Example : an account has been reopened. Legal archiving is a process, not a product Impact on IDR, ECM and ICT Impact on IDR (Legal Scanning AFER regulation) : Endorsing (small print on scanned document : timestamp + operator ID). Identification of the scanning operator + scanner ID + date/time) Electronic signature + certificate during scanning process (pay attention to certificate management as they expire). Scanning application must be secured :
No graphical editor authorizing the alteration of the image file. Use of non-alterable image format (TIFF group 4). Authentication of operator through sign-on. Use of dedicated network for scanning process. Image file associated with all meta-data released to ECM. The release process generates log files. Log files must be stored and controlled on a regular basis. Legal Scanning
Impact on IDR, ECM and ICT Impact on ECM No alteration of the original document is allowedonly annotation on a separate layer. No image editor is available not technically possible to alter original document. Every operation on the original document is logged (search, read, annotate etc). Should a modification of the original document is authorized, this is done through the use of versioning and strictly logged. Documents are encrypted and stored in specific legal hardware.
Documents are stored according to retention rules (date-based or event-based). Impact on IDR, ECM and ICT Impact on ICT (Storage) Use of specific legal storage hardware (ex : IBM DR550; EMC Centera). No illegal operations allowed (removal impossible). Management of retention period expiration (flag for destruction).
Access data only from ECM solution (no file-system-like browsing). Possibility of logical data segregation Data security tools (mirroring, replication etc) How to face your major challenge: Do more with less, while reducing your carbon footprint Do more with less Automate processes Reduce workload Legal Archiving is GREEN! Reduce paper volume Decrease square meters for archiving
Printing no longer an obligation Questions? Thank you !!
Incorporating Building Morphological Data for Houston Test Case Two-way coupling WRF/CFD through MCEL (Model Coupling Environmental Library) Composite NEXRAD Radar Valid 6/8/03 12Z 4 km WRF BAMEX realtime 12-h forecast Reflectivity Collaborative partnership, principally among NCAR, NOAA, DoD, FAA, AFWA,...
assumes that public labeling, or branding, as deviant, has adverse consequences for further social participation and self-image. the most important drastic change is in public identity, which is a crucial step towards building a long-term "deviant career"
Provided for all 6 CSAP strategies. Intervention details: Descriptive information about your intervention. Provided for Prevention Education and Environmental Strategies (including Synar) only. Intervention Name.
System Buses Blane Adcock Eric Bartel Kevin Estep Jason Losco PC\AT Bus made backward compatible with older XT bus 8MHz bus with 16 bit data path maximum transfer 8Mb/second speed is independent of CPU speed became bottleneck because it couldn't...
Staffing and Scheduling. 2010Goal. Accomplishments. Analysis of supplemental staffing needs for inpatient and outpatient areas. Improve satisfaction and retention of the maturing workforce. Develop and implement subspecialty nursing fellowship. Established Medical Assistant positions in the Clinical Resource Center. Float Pool...
Development of primitive models for Space Vehicles: Principles of Chemical Reaction & Momentum Transfer. Separable First Order Differential Equations A first-order ODE is separable if it can be written in the form where the function v(y) is independent of x...
Search Designer Activity Guide provides a familiar PeopleSoft browser interface enabling you to: create search definitions, create search categories, define title and summary result display. Flexible security: indexes can be created with source-level security, document-level security, or no security.
Leadership in the Use and Analysis of Student Data 2007-2008 Jean Brown Superintendent, Local District 1 September 2007 Curriculum and Instruction Professional Development Coaching Use of Periodic Assessment Data Teacher Collaboration Administrative Leadership Personalization 2005 - 2006 Understanding Systems for...
Ready to download the document? Go ahead and hit continue!