TEMPLATE 8

HOW IS AN ELECTRONIC RECORD GUARANTEED AND/OR PROVED AUTHENTIC?



Authenticity is conferred to a record by its mode, form, and/or state of transmission, and/or manner of preservation and custody.

In electronic systems as well as in traditional records systems, authenticity is ensured by enforcing sophisticated administrative procedures, employing difficult to reproduce technical instruments, and installing security systems.


Mode of transmission

The method by which a record is communicated over space or time needs to be secure in order to guarantee the authenticity of the record. This security can be achieved as follows:

articulation of the circumstances and manner of transmitting records from one space to another either automatically or manually, and of receiving records from outside in any of the spaces

inclusion in the system of an audit trail capability that keeps a trace of every

transmission (date, time, persons, subject)


Form of transmission

The form the record has when it is made or received can also guarantee the authenticity of records. Traditionally, authenticity relies on extrinsic or instrinsic characteristics such as watermarks, seals, etc. In the electronic environment, very record made, in order to be transmitted externally, must have a document profile attached to it that must include:

date
time
author
addressee
subject
classification code
registry number (if applicable)
corroboration (indication of the protection used)

every record made, in order to be transmitted in a completely secure way, must be protected by:

date stamping or
cryptographed seal

a simple way of providing records with special signs difficult to imitate is by accompanying the subscription on the record with some drawing and/or motto that can only identify specific persons


State of transmission

Authenticity relates to state of transmission in the measure in which it can be assumed for originals, copies in the form of originals, authentic copies, and inserts contained in originals, copies in the form of originals, and authentic copies. Thus, with electronic records, every record received from outside is to be considered an original at the moment in which it is physically affixed to the system, being the first complete record to reach the effects for which it was transmitted. In order to protect the characteristics of this original record, it is essential to attach to it a complete document profile before the record is handled for the transaction of the affairs to which it relates, and to include it in the central files in the general space.

every record transmitted from the individual to the group space is to be considered an original as well.

most records moving within the work space are drafts. To allow for its identification, each draft must have attached a document profile indicating date, time, author, number of version, and any other relevant data, such as names of other persons consulted about it outside the work space. Other records are comments on drafts, and must be considered originals because each comment is a first, complete and effective record on its own. This means that each comment has to have a document profile too with date, time, author, and the reference to the draft, including its version number, to which it relate. Still other records are copies in the form of originals of the records on file used as reference, or forwarded to the group for taking action. Each final complete record transmitted to the general space must have the appropriate profile as defined above; it leaves the group space as the final draft and is received in the general space as an original. This original is then protected by adding classification code etc. to the profile. If it is meant to be sent outside, the protective measures mentioned above must be added; otherwise it may be filed.

A specific issue that needs to be addressed is that of inserts. Inserts are records entirely quoted (if textual) or reported (if images or graphics) in subsequent original records in order to renew their effects, or because they constitute precedents of the actions to which the subsequent originals refer. While the authenticity of the record containing the insert can be guaranteed by using any of the measures described in this document or a combination thereof, the authenticity of the insert itself cannot be ensured, as it depends on the reliability of the author of the record containing it and on the authenticity of the record from which the insert is made.


Manner of preservation and custody

In addition to all the requisites identified for records created in the traditional environment, it is necessary to establish specific ones for the secure preservation and custody of electronic records, such as:

backward and forward compatibility for the technology chosen for preservation purposes
a routine for making backup copies of the records in the system
a routine according to which master copies of the record are preserved in a climatically suitable and physically secure environment, while other copies are reserved for use and made easily available to the users
a routine for authenticating master copies
a system of regular recopying and/or migration


If you are experiencing any difficulties with this page, please contact Webkeep