Presentation is loading. Please wait.

Presentation is loading. Please wait.

Legal Archiving & Records management, existing technologies and solutions Marc Vandeveken - I.R.I.S.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Legal Archiving & Records management, existing technologies and solutions Marc Vandeveken - I.R.I.S."— Presentation transcript:

1 Legal Archiving & Records management, existing technologies and solutions Marc Vandeveken - I.R.I.S.

2 Agenda  Definition  Key drivers and objectives  The actual picture…  Impact on IDR, ECM and ICT.  Q & A

3 Definition « Archiving is the process of collecting, classifying and preserving information for future reference ». Legal archiving is archiving for legal and regulation purposes.

4 Key Drivers and Objectives  E-docs replace P-docs…  80% of the information is located in e-mails, e-docs and web.  Most of the key-business transactions are now processed electronically.  Volume of p-docs is decreasing.  Paper archive : expensive, no added-value. …but what about the legal value of E-docs ?  Legal value of p-docs is obvious (signature), not the case for e-docs. The Key objective of Legal Archiving is to legitimate electronic information by conferring it the same legal value as paper information).

5 Key Drivers and Objectives  Legal and regulation pressure is growing …  Increasing requirements for documents’ traceability, retention and disposition +  Emerging requirements for private information protection implies :  Proven destruction of private information after retention period expiration.  Ability to prove the usage of private information (traceability).  Need to protect organization’s key information against :  Unauthorized access, usage and alteration by internal users.  Erroneous deletion or alteration by technical or business staff.

6 The actual picture  Original P-doc is considered as a proof.  E-doc can be considered as a proof when : “Its origin and author can be undoubtedly proved.” The document has been electronically signed (the author is known). A third-party certificate guaranties the undoubtable link between the signature and the content of the document. This certificate must be qualified (i.e : must rely on approved technologies, provider and must contain enough information). “No alteration has been made possible since the moment it has been created in its final form.”

7 The actual picture…  To be used as a legal proof, an E-doc must be:  authenticated  (electronic signature + certificate)  not altered (integrity)  Secured and auditable process in the organization :  End-to-end (from documentation creation/scanning to archiving)  Traceability (who has done what ? When ?)  “Contextual information” : Date, time, place of creation -> “time stamping” (Horodatage) would reinforce value of proof.  Secured long-term storage

8 Concepts and criteria  No real legal text to define what “a reliable legal archiving system” must be.  Different norms exist :  AFER – 16/2008 (E.T.112.081) dd. 13.05.2008:  Condition and terms for storing and archiving the e-invoices and e-data based on the VAT law  Legal context on the production and the archiving of e-docs  NF – Z 42-013 (AFNOR France 2001 – new version in 2008) :  Set of technical and operational measures to ensure a proper long-term storage and retrieval of electronic documents (scanned or produced by an IT application).  Recommends optical storage - physical WORM-, new version also admits logical WORM.  ISO 15 489 + MoReq :  Dedicated to the records management.  MoReq is the operational approach of ISO 15 489  MoReq 2 :  European Directive  New version of MoReQ

9 Concepts and criteria  Authenticity :  Signature  Time stamping  Non alterability :  Through the use of non-rewritable storage  Physical WORM (optical juke-boxes)  Logical WORM magnetic disk bays (IBM DR550, EMC Centera)  Based only on the signature  Normal magnetic disk (reinscriptible)  Authentication through PKI  Durability:  Technological cycle : < 10 years (minus the retention rules)  Storage durability : 5-10 years (magnetic), 10-50 years (optical)  Plan periodical upgrade of the systems  Regularly verify storage media / perform duplicates through a validated procedure (use of masters).  For magnetic disks, use RAID + hot-swappable disks.  Use standard file formats (PDF/A-1A)

10 Concepts and criteria  Retention period  Based on document type.  When does it start :  On creation date…  After the last event date (example : account closing, death etc…)  The retention delay can be freezed :  Example : an account has been reopened. Legal archiving is a process, not a product

11 Impact on IDR, ECM and ICT  Impact on IDR (Legal Scanning – AFER regulation) :  Endorsing (small print on scanned document : timestamp + operator ID).  Identification of the scanning operator + scanner ID + date/time)  Electronic signature + certificate during scanning process (pay attention to certificate management as they expire).  Scanning application must be secured :  No graphical editor authorizing the alteration of the image file.  Use of non-alterable image format (TIFF group 4).  Authentication of operator through sign-on.  Use of dedicated network for scanning process.  Image file associated with all meta-data released to ECM.  The release process generates log files.  Log files must be stored and controlled on a regular basis. Legal Scanning

12 Impact on IDR, ECM and ICT  Impact on ECM  No alteration of the original document is allowed…only annotation on a separate layer. No image editor is available  not technically possible to alter original document.  Every operation on the original document is logged (search, read, annotate etc…).  Should a modification of the original document is authorized, this is done through the use of versioning and strictly logged.  Documents are encrypted and stored in specific legal hardware.  Documents are stored according to retention rules (date-based or event-based).

13 Impact on IDR, ECM and ICT  Impact on ICT (Storage)  Use of specific legal storage hardware (ex : IBM DR550; EMC Centera).  No “illegal” operations allowed (removal impossible).  Management of retention period expiration (flag for destruction).  Access data only from ECM solution (no file-system-like browsing).  Possibility of logical data segregation  Data security tools (mirroring, replication etc…)

14 How to face your major challenge: Do more with less, while reducing your carbon footprint Do more with less – Automate processes – Reduce workload Legal Archiving is GREEN! – Reduce paper volume Decrease square meters for archiving Printing no longer an obligation

15 Questions?

16 Thank you !!

Download ppt "Legal Archiving & Records management, existing technologies and solutions Marc Vandeveken - I.R.I.S."

Similar presentations

The Impact of Auditing on Records Management Risk and Compliance Susan B. Whitmire, CRM, FAI Manager, Enterprise Records and Information Management BlueCross.

The Impact of Auditing on Records Management Risk and Compliance Susan B. Whitmire, CRM, FAI Manager, Enterprise Records and Information Management BlueCross.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Fedora Users’ Conference Rutgers University May 14, 2005 Researching Fedora's Ability to Serve as a Preservation System for Electronic University Records.

Fedora Users’ Conference Rutgers University May 14, 2005 Researching Fedora's Ability to Serve as a Preservation System for Electronic University Records.
Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.

Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.
Archiving for legal purposes How to implement the new Belgian legislation to destroy physical invoices and use an electronic archive.

Archiving for legal purposes How to implement the new Belgian legislation to destroy physical invoices and use an electronic archive.
Dematerialization of Organisations’ Key Business Processes Security and e-Invoicing ATHENEE PALACE HILTON, Bucuresti September 21 st 2004 Genovel Iovu.

Dematerialization of Organisations’ Key Business Processes Security and e-Invoicing ATHENEE PALACE HILTON, Bucuresti September 21 st 2004 Genovel Iovu.
IMPLEMENTING AN ELECTRONIC RECORDS MANAGEMENT PROGRAM Philip C. Bantin Indiana University Archivist IU Electronic Records Program Website:

IMPLEMENTING AN ELECTRONIC RECORDS MANAGEMENT PROGRAM Philip C. Bantin Indiana University Archivist IU Electronic Records Program Website:
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Records Management What to Keep and What to Toss.

Records Management What to Keep and What to Toss.
PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.

PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.
M.Sc. Hrvoje Brzica Boris Herceg, MBA Financial Agency – FINA Ph.D. Hrvoje Stancic, assoc. prof. Faculty of Humanities and Social Sciences Long-term Preservation.

M.Sc. Hrvoje Brzica Boris Herceg, MBA Financial Agency – FINA Ph.D. Hrvoje Stancic, assoc. prof. Faculty of Humanities and Social Sciences Long-term Preservation.
Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.
Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.

Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.
DIGITAL SIGNATURE AND ELECTRONIC DOCUMENTS IN ITALY Prof. Pierluigi Ridolfi AIPA Authority for Information Technology in the Public Administration V. Solferino,

DIGITAL SIGNATURE AND ELECTRONIC DOCUMENTS IN ITALY Prof. Pierluigi Ridolfi AIPA Authority for Information Technology in the Public Administration V. Solferino,
Database Administration Chapter 8 12011 FOSTER School of Business Acctg. 420.

Database Administration Chapter FOSTER School of Business Acctg. 420.
1 E-Discovery Changes to Federal Rules of Civil Procedure Concerning Discovery of Electronically Stored Information (ESI) Effective Date: 12/01/2006 October,

1 E-Discovery Changes to Federal Rules of Civil Procedure Concerning Discovery of Electronically Stored Information (ESI) Effective Date: 12/01/2006 October,
Internet Resources Discovery (IRD) IBM DB2 Digital Library Thanks to Zvika Michnik and Avital Greenberg.

Internet Resources Discovery (IRD) IBM DB2 Digital Library Thanks to Zvika Michnik and Avital Greenberg.
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

Similar presentations

Ads by Google