Electronic Document Storage 2003

8/17/2019 Electronic Document Storage 2003

1/32

Electronic Document Storage:Legal Admissibility

RICS guidance note


2/32

Published by RICS Business Services Limited,a wholly owned subsidiary of The Royal Institution of Chartered Surveyorsunder the RICS Books imprintSurveyor CourtWestwood Business Park Coventry CV4 8JEUK

No responsibility for loss occasioned to any person acting or refraining from action as a result of the materialincluded in this publication can be accepted by the author or publisher.

Produced by the Construction Faculty of the Royal Institution of Chartered Surveyors.

First edition published 2001

ISBN 1 84219 125 X

© RICS 2003. Copyright in all or part of this publication rests with theRICS, and save by prior consent of the RICS, no part or parts shall be reproducedby any means electronic, mechanical, photocopying or otherwise, nowknown or to be devised.

Typeset in Great Britain by Wyvern 21, Bristol.Printed in Great Britain by Alphagraphics, Stockton-on-Tees.


3/32

ContentsRICS guidance notes 4

Introduction 5

part 1 Code of Practice - DISC PD 0008:1999 6

part 2 Weight of evidence and document 8destruction

part 3 Authenticity 9

part 4 Photocopies, microfilm and image 10processing

part 5 Document storage 11

part 6 Storage and access procedures 12

part 7 Format of the Code of Practice 14GeneralInformation management policy Duty of careBusiness procedures and processesEnabling technologies

Conclusion 29

Appendix ASpecimen Form for RecordingScanning Information 30

Appendix BSpecimen Form for RecordingRetrieval 31

Appendix CReferences 32

3 | ELECTRONIC DOCUMENT STORAGEEFFECTIVE FROM APRIL2003


4/32

RICS guidance notesThis is a guidance note. It provides advice to members of RICS on aspects of the profession. Where procedures are recommended for specific professionaltasks, these are intended to embody ‘best practice’, that is, procedures which inthe opinion of RICS meet a high standard of professional competence.

Members are not required to follow the advice and recommendationscontained in the guidance note. They should, however, note the followingpoints.

When an allegation of professional negligence is made against a surveyor, thecourt is likely to take account of the contents of any relevant guidance notespublished by RICS in deciding whether or not the surveyor has acted withreasonable competence.

In the opinion of RICS, a member conforming to the practices recommendedin this guidance note should have at least a partial defence to an allegation of negligence by virtue of having followed those practices. However, membershave the responsibility of deciding when it is appropriate to follow theguidance. If it is followed in an inappropriate case, the member will not beexonerated merely because the recommendations were found in an RICSguidance note.

On the other hand, it does not follow that a member will be adjudged negligentif he or she has not followed the practices recommended in this guidance note.

It is for each individual chartered surveyor to decide on the appropriateprocedure to follow in any professional task. However, where members departfrom the good practice recommended in this guidance note, they should do soonly for good reason. In the event of litigation, the court may require them toexplain why they decided not to adopt the recommended practice.

In addition, guidance notes are relevant to professional competence in thateach surveyor should be up to date and should have informed him or herself of guidance notes within a reasonable time of their promulgation.

4 | ELECTRONIC DOCUMENT STORAGE EFFECTIVE FROM APRIL2003


5/32

IntroductionThe production and storage of documents and other information oncomputer systems has become increasingly common and it is, therefore,inevitable that these stored documents will be used in their electronicform as a basis for business transactions, and will be produced,transmitted and stored in significant numbers.

There is a need to store and retain records for professional and legalpurposes. However, paper storage is a significant problem for many practices. The quantity of paper produced is increasing year on year andwould do so even without expansion of the business. Two factors have ledto the increase in the amount of documentation being produced by businesses. Firstly, there is far more regulation being introduced intoeveryday life, and this is linked directly to a more litigious population.The need is now to be able to prove what actions occurred and when.

Secondly, the growth in management systems generally, as previously promulgated in BS EN ISO 9001:1994 and now in BS EN ISO 9001:2000,has led to an increase in documentation. In fact, the processes involved incompliance with ISO 9001 are designed to provide the documentary evidence which will satisfy the regulations which are relevant to theparticular business and, it is hoped, provide acceptable evidence in theevent of litigation.

The requirement for storage also has implications – not least of which isthe cost of dedicated storage areas. Storage conditions must be right to

ensure that storage is effective. Using a local lock-up garage will probably not be adequate to prevent deterioration of paper copies over a period of time.

Increasingly, businesses are turning to electronic storage. This is amedium that requires far less floor space and ensures longer term storage,without deterioration, under the right conditions. However, there are anumber of problems related to electronic storage which have to beaddressed. In particular, legal admissibility has to be considered: there hasto be certainty that electronically stored documents will have the sameweight and validity as the original versions.

There is no current standard which guarantees legal admissibility (although some countries have made a move towards this), but there is ashift of emphasis away from admissibility towards evidential value orweight which is in line with the Civil Evidence Act 1995. Annex G of theCode of Practice (see Part 1) gives information on relevant nationallegislation. The purpose of this text is to provide information on the bestpractice principles which have thus far been identified.



6/32

Part 1Code of Practice - DISC PD 0008:1999A Code of Practice for Legal Admissibility and Evidential Weight

of Information Stored Electronically

There has been considerable discussion about the value of documents storedon document management systems (DMS) when documents are required to bekept as evidence for a considerable time. It has been accepted by mostcommentators that a common discipline needs to be agreed so that the valueof these documents as evidence can be maximized.

It has not been possible to develop a set of requirements and may not be forsome time. The difficulty is the range of issues which have to be considered,the rate of change of technology and the need to consult our Europeanpartners on all legal aspects. The Civil Evidence Act 1995 would have to beupdated annually just to keep pace and this clearly cannot happen. Instead, aCode of Practice (DISC PD 0008) has been developed, which is evolving as thetechnology and electronic commercial practices mature. It defines best practicein document management and provides guidance that will help maximize thevalue and integrity of information in a court of law. First prepared andpublished in 1996, the Code came about as a result of the merging of theresearch carried out by two organizations, namely the Legal Images Initiative(formed by the Image and Document Management Association) and theDocument Management Forum (a group of the Computing Suppliers

Federation). In the absence of a formal set of requirements approved by thecourts through case law or by Parliament through the Civil Evidence Act,leading institutions took the view that a Code was required which recognizednew technologies and would give a framework which reflected the existing legalprecedents but applied to the new technologies.A document entitled Principlesof Good Practice for Information Management, written by two of the authorsof the Code of Practice, contains a detailed explanation of the background toeach of the sections of the Code.

The Code of Practice should be used as a basic reference document. It covers

data files stored on Write-Once-Read-Many times (WORM) optical storagesystems and as such covers WORM, multi-function media systems used in awrite-once mode, and compact-disc-recordable (CD-R) systems. It has alsobeen extended from the original version to cover any type of electronic storagemedium, including those that are rewritable. The use of rewritable mediarequires additional controls, as it is necessary to be able to demonstrate notonly that the correct data was stored in the first place, but also that the datanow present has not been modified in any way.



7/32

It should be emphasized that the Code does not guarantee legal admissibility.It seeks to define the current interpretation of best practice.

In this guidance note, where it is stated that and action ‘should’ be carried outin relation to the Code, the word ‘should’ indicates that such action is necessary in order to claim compliance with the code.

The Code pays particular attention to setting up authorization procedures andto the subsequent ability to be able to demonstrate, in a court of law, that theseprocedures have been followed. Whilst the Code defines essential procedures tobe implemented, it does not follow that documents held on a system that doesnot conform are not legally acceptable. It is likely, however, that it will be moredifficult to prove their integrity in a court of law.

The Code contains examples of compliance statements in Annex I andrecommends that the Compliance Workbook PD 0009 be used to demonstratecompliance with the Code.



8/32

Part 2Weight of evidence and documentdestruction

Each business will have its own requirements and it is important to determine,in advance,how a document would be presented to a court of law, and if weightof evidence or courtroom tactics could be unduly influenced by thedestruction of the original document, the document storage system or theaccess control systems. It will rarely be possible to give a definitiverecommendation regarding the destruction of original documents because,until there is a request to produce a document, the reason behind the requestmay not be known. It is the reason for the request that will indicate whether,if possible, the original document should be produced. Each business shouldconsult its solicitor, who will be able to provide a view as to which types of document are most likely to be disputed regarding their authenticity ratherthan their content.

There are different considerations for civil and criminal law. In a criminal case,the prosecution faces a much higher burden of proof ‘beyond reasonabledoubt’ than in civil proceedings ‘on the balance of probability’.



9/32

Part 3Authenticity

It is important to be able to demonstrate that a computer has been functioningproperly (i.e. according to agreed procedures) in order to authenticate

documents stored on the system. Documents may be rejected if this cannot beshown. There are three methods for doing this:

1) A maintenance record should be kept recording regular servicing of theequipment and any repair work either by the supplier/maintenancecontract or by the in-house IT support where qualified/trained to do this.

2) By having a control set of documents which have been used, scanned andreproduced from the scanned version to set a benchmark for the quality of copy.

3) By keeping proper records of scanning and scanning difficulties, especially of any modifications to settings required. This is explained in more detailin Part 7.

In most cases, arguments are over what a document says rather than theauthenticity of the document. However, the adversarial legal process meansthat the other party may try to discredit evidence on the basis of authenticity,to avoid dealing with the content. Arguments over authenticity of evidence canlead to investigation into the system that produced the paper and the methodof storage; operation and access control; and even to the computer programsand source code.

It could be necessary to satisfy the court that the information is stored in aproper manner. This issue could be used by an opponent to try to discredit theevidence and to make inadmissible that and any similarly stored documentsthat are produced. By questioning hardware reliability, for example, anopponent could establish, to the satisfaction of the court, that the documentstorage system is flawed and cannot be trusted. This would allow the wholesystem to be brought into question and any documents stored within it to beruled inadmissible.



10/32

Part 4Photocopies, microfilm and image processing

In very general terms, image processed documents will be treated as secondary evidence in the same manner as a photocopy or a microfilm image. However,

photocopies and microfilm images are admissible as evidence. Indeed, somephotocopies use a raster scan copying mechanism which is essentially the sameas an image processing scanner. It follows that image processed documents arelikely to be admissible with the same weight of evidence as photocopies andmicrofilm images, although no cases have yet been reported where this hasbeen tested.



11/32

Part 5Document storage

It is very important to note that, no matter how an organization stores businessdocuments, it is the responsibility of the executives of the organization to be

able to produce the documents when required. The company secretary orpartners and the manager of the document storage systems are responsible forthis document retrieval process, not the vendor of the storage system.Therefore, the advice of the company secretary (or solicitor) should always besought before implementing any document storage system, particularly whenthe original documents are subsequently destroyed.

The Code recommends that all interested third parties should be consulted,and it would be prudent to include professional indemnity insurers. It couldbe disastrous for a business to find that it was uninsured because it had

introduced a scan and destroy procedure.

The procedures by which documents are stored and accessed are vital insatisfying a court of law about the authenticity of a ‘copy’ of a document andthe inability to tamper with it. All copies of documents (photocopy, microfilmor image processing) will be treated as secondary evidence by a court of law,with a subsequent reduction of weight of evidence if the authenticity of thecopy can be questioned. For example, where the content of a document isunder question, the original or a copy should be treated with equal weight, butif a signature is being disputed, then the original is likely to carry more weightthan the copy.

There may be some confusion about ‘originals’ and ‘copies’. Many items to bescanned are actually themselves photocopies. The original document may reside in a file elsewhere. It may be necessary, if this is not readily apparent, forthe image processing system to indicate whether an image taken was from theoriginal or from a copy of it.



12/32

Part 6Storage and access procedures

Due to the duration of storage of many documents, the person who ‘certified’a system, or a document stored on it, may not be able to give evidence in

person. It is essential that a proper system for auditing and certifying isimplemented to demonstrate that the integrity of the system has beenmaintained from the time the document was stored.

Regular audits of the system should be performed, and certificates obtainedfrom the company auditors. This is in line with current procedures formicrofilmed documents. Although formal affidavits will not usually benecessary, advice should be sought from a company solicitor, particularly if theoriginal documents are to be destroyed.

It may help demonstrate the proper functioning of a system if a copy of theaudit record is stored in the image system at the time of audit.

As well as the specific details included in the Code, users should comply withthe relevant sections of BS 7799-1:2000 - Information Technology - Code of Practice for Information Security Management.

Of major importance to this Code is the Civil Evidence Act 1995. The Actintroduces a flexible system whereby all documents and copy documents,including computer records, can be admitted as evidence in civil proceedings.However, the court judge or arbitrator still has to be persuaded to treat theevidence as reliable and so organizations have to put in place procedures toprove the authenticity and reliability of the record.

Sections 8 and 9 of the Act address the nub of this issue:

8) (1) Where a statement contained in a document is admissible as evidencein civil proceedings, it may be proved:

(a) by the production of that document; or

(b) whether or not that document is still in existence, by theproduction of a copy of that document or of the material part of it, authenticated in such manner as the court may approve.

(2) It is immaterial for this purpose how many removes there arebetween a copy and the original.

9) (1) A document which is shown to form part of the records of a businessor public authority may be received in evidence in civil proceedingswithout further proof.



13/32

(2) A document shall be taken to form part of the records of a businessor public authority if there is produced to a court a certificate to thateffect signed by an officer of the business to which the records belong.

Similar work is being undertaken by the Home Office on a Police and CriminalLaw amendment.



14/32

Part 7Format of the Code of Practice

The Code of Practice contains an introduction and six sections, each of whichincludes details of processes and procedures that need to be put into place to

ensure conformity with the Code. In addition, there are ten annexes, includingone which identifies the changes made since the previous edition.

Sections two to six are structured in accordance with a set of five principlesestablished in BSI DISC PD 0010 - Principles of Good Practice for InformationManagement, which are as follows:

1) recognize and understand all types of information;2) understand the legal issues and execute ‘duty of care responsibilities’;3) identify and specify business processes and procedures;

4) identify enabling technologies to support business processes andprocedures;5) monitor and audit business processes and procedures.

General

Scope

The Code describes the use of electronic management systems to storeinformation, where the issues of legal admissibility, authenticity and evidential

weight of information contained in these stored documents is important. It isused with a document management system (DMS) incorporating write-onceoptical media as the storage device, covering Write-Once-Read-Many times(WORM) multi-functional media systems used in a write-once mode, andcompact-disc-recordable (CD-R) systems. It now incorporates re-writeablemedia (for example, magnetic storage).

The Code covers any type of data file controlled by the DMS. Data files may be created by the DMS, or may be imported into it. The Code covers all suchdata files, either created or imported, directly or through a network system,from the time at which the system assumes complete control of the data file.Such networks may be local or wide area.

While the Code covers aspects of document management that impinge uponthe issue of legal admissibility of digitized images, it also covers aspects thatmay affect the use of images in a legal context, even where admissibility per seis not at issue. Such aspects include the legibility and completeness of thedocument images, and the transfer of the images to other systems.

The Code covers the capture of digitized images both from the originaldocuments and from microform versions of the original documents. In the



15/32

latter case, users should be aware of the implications of the processes used inthe microfilming of the original documents.

The Code is intended for:

systems integrators and developers whose equipment provides facilities tomeet the requirements of end users; and

end users who wish to ensure that the information created by, entered intoand/or stored within the information management system can be usedwith confidence as evidence in a court of law.

Where users wish to claim adherence to the Code, the paragraphs identified by text in bold type in the Code are considered essential in so far as they apply tothe specific application concerned. Other paragraphs containrecommendations in italics that should be followed where practical.

DISC PD 0008 was first published by the BSI in 1996, covering the legaladmissibility of information stored on electronic management systems. It wasrevised and reissued in 1999, and re-titled ‘A Code of Practice for LegalAdmissibility and Evidential Weight of Information Stored Electronically’.Prior to this, BS 7799:1995 was published in 1995 setting out best practice forinformation security management. The Code is heavily reliant on thisdocument, which has now been revised as Information Technology - Code of Practice for Information Security Management.

BS ISO/IEC 17799:2000 (BS 7779-1:2000) specifies eight controls which are

either essential requirements, for example, legislative requirements, or areconsidered to be fundamental building blocks for information security. Theseare designated ‘key controls’ and apply to all organizations and environments.They are intended as a basis for use by organizations setting out to implementinformation security controls.

The recommendations for essential controls include the following:

a) data protection and privacy of personal information;

b) safeguarding of organizational records;c) intellectual property rights.

The recommendations for common best practice include the following:

a) development of an information security policy document;

b) allocation of information security responsibilities;



16/32

c) information, security, education and training;

d) reporting of security incidents;

e) business continuity management.

BS 7799-1 is to be read in conjuction with BS 7799-2:2002 - InformationSecurity Management Systems - Specification with Guidance for Use.

Information management policy

The Code advises that a policy document should be produced, dealing with thepolicy on:

what information is covered;

security classification, where appropriate;

storage media;

data file format and version control;

relevant information management standards;

retention periods and destruction;

responsibilities; and

legal advice sought and acted upon, including any special regulations. Inaddition, such bodies as professional indemnity insurers may wish to beconsulted.

This policy should be approved by senior management and reviewed at regularintervals. It is also recommended that the policy document details theresponsibilities for compliance with the Code by identifying a person or jobfunction and specifying retention periods for compliance documentation.

The requirement for an information retention and destruction schedule isamplified as being critical to the successful implementation of the revisedCode.

In order to define an organization’s information management policy, the Coderecommends that information should be grouped into types, with the policy for all information within a type being consistent.



17/32

The policy should list all types which are to be stored in compliance with theCode, such as:

1) information generated by a computer system - also known as encodeddata files;

2) scanned images/digitized voice and/or video; and

3) information generated at a remote user or third party site, in either of theabove two types.

Duty of care

It is essential that an organization is aware of the value of information that itstores and executes its responsibility with regard to that information under theduty of care principle. Appropriate levels of security for managing informationshould be agreed and documented; systems should be adequately managed;and the relevant sections of the Code should be implemented. Consultationwith interested third parties at the planning stage, before the system is installed,is also critical.

The revised Code contains more details of information security requirementswhich would be satisfied by compliance with BS 7799. Where the full weight of BS 7799 is not applicable, the controls listed in the Code should beimplemented.

In any event, there should be business continuity planning to ensure that alldata can be recovered successfully following major failures of equipment,environment or personnel.

Business procedures and processes

The organization should develop its own manual for the DMS. This can beincorporated in the quality management system, where the organizationalready has one. Such a procedures manual, in addition to any vendor-suppliedmanuals for the system, should include the following topics:

document capture;

data capture;

indexing;

authenticated output procedures;

authentication of copies of data files;

17 | ELECTRONIC DOCUMENT STORAGEEFFECTIVE FROM APRIL 2003


18/32

file transmission;

information destruction;

backup and system recovery;

system maintenance;

security and protection;

use of contracted services;

use of trusted third parties;

workflow;

self-modifying files;

date and time stamps;

video, audio and voice data (if applicable);

version control; and

maintenance of documentation.

Procedures need to be implemented to ensure that staff who operate the system

comply with the requirements. Any changes to procedures have to bedocumented and checked and it is necessary to keep copies of previousversions of the procedure.

All procedures should be reviewed at least annually and the results of reviewsmust be documented.

Document capture

There should be procedures dealing with situations where data files are either

created by the system or where they are imported into the system.If the information management system is used for storing images, then theseprocedures should be documented and users should comply with therecommendations set out in Annex C of the Code.

Preparation of paper documents

The Code requires documents to be examined before scanning to ensure thatthey are suitable. The business should, therefore, have procedures for theexamination process documented in its procedures manual.



19/32

Factors which may affect the scanning process should be considered and theremust be a procedure to deal with scanning difficulties. There should also be amethod for identifying such things as ‘post-it’ notes attached to the originaldocument or physical amendments which might not be visible after scanning.

Detailed procedures need to be established for general document preparationand collation.

Document batching

Wherever possible, documents should be grouped in batches. Where workflow is used, alternative methods of controlling the scanning process may need to beestablished.

Photocopying

It may be necessary to photocopy a document prior to scanning and theprocedures used should ensure that there is no loss of quality or of the totalimage. It is also advisable to provide some method of distinguishing betweenscanned originals and scanned photocopies.

Scanning processes

The Code requires that the procedure manual should include details of theoperational procedures used in the scanning process and that records be keptof all audit trails. In particular, it requires each document to have a uniqueidentity that cannot be changed or removed except on deletion and then only

under tightly controlled circumstances.

Information held in the records is expected to include as a minimum:

a unique identifier for each batch;

the date and time of scanning;

the name of the person who performed the scanning;

the type of material scanned;the number of documents; and

details of post-scanning processes, if any.

In practice, the scanning software will take care of many of the requirementsand a paper record will fill the gaps. (Appendix A shows a specimen form forrecording scanning information.)



20/32

The procedures should also describe how it is ensured that all documents in abatch are scanned.

Quality control

To be able to assess the validity of any scanned copy, it is necessary to preparea benchmark for evaluation. The operator, using normal settings, should makescanned copies of a range of types and conditions of document. Prints are thenobtained through the normal printing process. All hardware and settings arerecorded and the quality of each reprint is checked against the originals toensure it is acceptable by the standards required by the business. (It may beacceptable, for example, for the copy to be fractionally smaller than theoriginal, where no scale is needed or where a drawn scale is available.)

This set of prints and originals are retained and periodically rescanned andchecked.

The Code gives a number of criteria which may be appropriate to the user,including print size and grey scale, which can be used to establish the quality of the scanned image.

The results of all quality control checks (including audits) should be recorded,as should any problems or difficulties which are experienced. In addition, theequipment should be properly maintained at all times.

Rescanning

If, following an audit, a document has to be rescanned, the procedures shouldensure that the original image is replaced and that the batch numbering andaudit trail are not compromised.

Image processing

If image processing is used to improve the quality of an image, this couldconceivably lead to image manipulation. The procedures manual shoulddefine how this is managed.

Annex D of the Code describes some of the different documents and associatedimage processing facilities that may be used.

Data capture

This is mainly used where the original data is provided by such methods asOptical Mark Reading (OMR) or manual entry from an existing document.

Procedures need to be established which specify the quality and accuracy levelrequired and show that records of accuracy checking are retained.



21/32

There should also be a procedure to deal with data migration from one systemto another.

Indexing

The procedures manual should describe the indexing technique to be used andshould include a method for checking the accuracy of the records. This is oftenbuilt in to scanning software and electronic document management systems.Any changes to the index should be fully explained and audit trails dealing withthe amendment should be available. The Code also advises that in all cases theindex files should be retained for at least as long as the information to whichthey relate.

There should be procedures for rebuilding indexes and for amending/correcting information held in the indexes and ensuring its accuracy at alltimes.

Authenticated output procedures

For the prints to be legally admissible, there should be a formal process forrecovery whereby the operator certifies that all equipment is operatingnormally and for identifying the storage index data and document informationwhich confirms that the reproduction is a true and complete record.Appendix B shows a specimen retrieval record for a scanned document/file,which allows the operator to effectively certify that the document/file has beencorrectly retrieved.

The Code also places great stress on the authentication process and on controlswhere the output is not an exact reproduction, for example, monochromerather than coloured. If some aspect of the layout such as font or pagination isnot maintained, then retrieval characteristics should be agreed anddocumented.

Authentication of copies of data files

It may be necessary to be able to identify whether a data file is original or acopy. In these instances, the Code suggests that an electronic/digital signature

can be stored with a trusted third party and then be used to demonstratewhether a file is a true copy of the original.

File transmission

If the documents are to be transmitted within a system, via a network or anexternal, wide-area communications system to the storage device, thenprocedures should be defined to ensure that changes cannot occur during thetransmission either accidentally or deliberately.



22/32

When a data file is transmitted to another party, the original should be storedon the system. Equally, a data file received from an external source should besaved on the system and the time and date of any data file should be stored aspart of the audit trail.

The Code goes on to explain the benefits of this in questions of authenticity where, for example, the original file purports to have been saved at a later datethan the copy.

Information retention and destruction

The procedure for retention and/or destruction of originals must be properly documented. For the sake of the business, it should not be possible to destroy an original before it is confirmed that it has been safely stored.

In some cases, the original document will need to be retained, for example,where the original is of poor quality or holds annotations which cannot bescanned, or where fraud is suspected. In each case, the procedures should dealwith this.

Backup and system recovery

Backup facilities on the system should allow for automatic backup andverification of all data files and associated information, including audit trails atregular intervals. Procedures used in these systems should be documented inthe procedures manual, including the requirement for secure off-site storage of the backups. There should also be a record kept in the system audit trail of all

backup activity, which should include details of any problems incurred duringthe procedure.

It is also important to ensure that the files can be read even when the originalhardware is no longer available.

Where backup data is used to recover from a system failure, there should bedocumented procedures to ensure that data file integrity has not beencompromised. It is, therefore, important that the backup media be testedregularly.

System maintenance

Obviously, the hardware and the software should be operating normally. It isnecessary, therefore, to have complete maintenance records, including recordsof any down-time and reasons for faults and to undertake routine preventativemaintenance.

Under certain circumstances, it will be necessary to rescan documentsfollowing the identification of a fault (see Information retention anddestruction).



23/32

Where document scanning is used, the procedures for checking of quality should be followed after maintenance procedures have been completed.

Security and protection

The system should operate within the guidelines provided in BS 7799-1:2000,although this is not now referred to directly in the Code. The proceduresimplemented should be described in the procedures manual and shouldinclude the following:

appropriate security controls, e.g. limited access, encryption keys anddigital signatures;

mixed media may not be in write-once mode. This should be assessed;

removable media must be handled and stored as recommended;

data file transfers must be strictly controlled;

all media must be kept secure, with at least one backup off site;

user facilities may be in open areas, but the central system should be in asecure area;

virus protection should be installed;

hardware must be protected against power failure; and

all information on status of documents, maintenance and quality controland audit trails should be kept in a secure manner and be available forinspection and audit.

Use of contracted services

Having gone to the trouble of defining an internal procedure which complieswith the Code, it would be unacceptable if the business used outside serviceswhich afforded any less protection. The procedures manual should contain all

information relevant to the service provider; copies of their procedures andaudit records may be necessary.

Details of the procedures used and the transfer of documents and/or mediafrom the client to the service provider and from the service provider to theclient should be documented in the procedures manual.

The Code recommends that the contract between the supplier and the clientshould set out details of the extent to which compliance is claimed.



24/32

In addition, where the supplier also performs an indexing service, the clientshould check that the required accuracy is being achieved.

If the documents have to be transported physically, there should be a procedurefor despatch and receipt, including checking.

The Code also describes the procedure where a copy is stored with a trustedthird party as a secure means of detecting tampering with data files.

Workflow

This process allows a number of individuals to review a document at variousstages. This record of review needs to be stored in conjunction with theoriginal document as a complete record.

Some workflow applications link documents by virtue of changes to the index information. The creation and destruction of these links should be recorded inthe audit trail of each document affected.

The Code requires operational details such as flow diagrams to bedocumented, as well as the process definition classification and the processdefinition life cycle.

Self -modifying files

In some cases, document files contain automatic functions such as date entrieswhich change to the current date when the file is opened. This means that the

file cannot be ‘frozen’ in the sense required by the Code. Either the automaticfunctions need to be disabled before storing or there need to be procedureswhich define how these files are to be stored and retrieved to ensure thatauthenticated copies of the original can be produced.

Date and time stamps

Of key importance is an accurate record of the date and time and, to this end,it is essential that the system is maintained with the correct information.Regular checking of system clocks and changes to reflect seasonal changes, i.e.

‘summer time’, must be incorporated into the procedures. Only authorizedpersonnel should be able to change the system clocks.

Voice, audio and video data

The procedures should define how voice, audio and video data are to be dealtwith. Where the recording is not under the control of the informationmanagement system, the recording system should be up to the same standardas that required by the Code for the information management system. Therealso needs to be a procedure dealing with authentication of the source data.



25/32

Version control

If changes are allowed to stored data files, then this should be in accordancewith a documented procedure which includes any requirement to keepprevious versions.

The information management system should include version control andsuperseded versions should be kept for at least as long as the final version.

The Code makes the point that all changes to procedures and processes shouldbe implemented in accordance with an approved change control procedure.

Maintenance of documentation

Procedures and records should be maintained and stored in the same way asinformation generally.

Enabling technologies

General

For a new system, the user should ensure that the system has been designed inaccordance with the requirements of the Code. For systems already inoperation, documents stored on the system prior to the introduction of theCode cannot be considered as conforming to it unless controls which meet therequirements of the Code were in place from the time of storing thedocuments.

This section of the Code describes technologies and how they should beutilized and controlled.The following elements need to be addressed to achievecompliance with the Code.

Systems description manual

A list of hardware and software should be compiled, with information on how they interact, including system configuration and details of changes to thesystem.

Storage media and sub-system considerations

Access to information should be controlled with ‘read only’ access or ‘readwrite’ access where appropriate and it should be possible to identify any changes to the document or data by those with ‘write’ access. It is alsoimportant to prevent modifications being made without detection.



26/32

Access levels

The manual should define the levels of access available, as follows:

system manager;

system administrator;

system maintenance;

authors or originators;

information storage and indexing; and

information.

Only authorized members of staff may have access and such authority may only be given after suitable training.

System integrity checks

The system should ensure that the integrity of data files is maintainedthroughout the system, including during the transfer of this data to and fromthe storage media.

An additional element in the Code deals with digital and electronic signaturesand the ability to verify the true identity of a person prior to their being

enrolled as document signatory.

Compound documents

Where an image such as a CAD (computer-aided design) drawing or a linkedspreadsheet is stored, the parts may be separated electronically. The systemshould ensure that they are stored in the same location and can be retrieved asa complete facsimile of the image.

Image processing

There are a number of ways in which an image may be processed to improveits appearance. These include the following:

deskew;

despeckle;

black border removal;



27/32

background clean up;

noise removal; and

forms removal.

These should only be used with extreme care and should be fully documented.It is safer not to allow image processing, as any interference could invalidate notonly that document but any other which may possibly have been adjusted.

Compression techniques

Two type of compression technique are recognized:

1) lossy; and2) lossless.

Lossy should not be used on primarily text files, as the compressed image willlose certain details which may be replaced by artificially generated data when itis reproduced.

In general, it is safest not to use lossy compression at all, but the Code sets outthe requirements should this method be used.

Form overlays and form removal

Where the system software removes a fixed overlay from the digitized image,

leaving only the variable data, a record should be automatically generated torecord the removal and a copy of the template should be stored on the samemedium.

Environmental considerations

The hardware manufacturer may well have its own recommendations for theoperational environment. These must be acknowledged and addressed in thesystem manual. Handling and storage procedures should also be described, aswell as the procedure for checking the storage media regularly.

Data file migration

With changes in technology, it is almost inevitable that the hardware and/orsoftware will cease to be supported. The business should have procedures inplace to handle the transfer of files at the appropriate time.



28/32

Information deletion and/or expungement

It is essential that the system be able to delete or expunge documents asdescribed in the Data Protection Act 1998. This deletion can be accomplishedby the removal of index entries to the relevant documents. It is also essential tobe able to amend or remove incorrect or irrelevant data typically held incontravention of the Data Protection Act. Such correction may beaccomplished by deleting the original document and substituting the correcteddocument or by using masks.

In any event, the procedure for doing this should be documented.

Audit trails

To be able to use the stored information as evidence, it may be necessary toprovide supporting information on the history of the document or data,including date of creation and/or storage, movements from one medium toanother and evidence of the controlled operation of the system.

This information will be the subject of the audit trails and the records keptshould be sufficient to provide a full historical record of all significant eventsassociated with the stored information, and the information managementsystem.

It is important that the audit trail be agreed with all stakeholders who mightneed to refer to the information, including the user, audit and legal functions.

The Code recommends that, as far as possible, audit trail data should begenerated automatically and that where this does not occur, there should beadequate procedures in place and that, in either case, the date and time shouldbe recorded contemporaneously.

Audit trail data should also be stored as a separate entity on the system. Itshould be kept for at least as long as the information to which it refersand should be accessible. In particular, it may be necessary to make it easily accessible to third parties who have little or no experience in the use of thesystem.

The audit trail information should be treated as having the same level of security as the information to which it pertains, with secure backup copiesbeing kept. If paper copies are kept then the procedures should define how frequently they should be removed and stored.

The procedures for data migration should be defined and the audit trail shouldinclude this information.

Part of the audit trail should include the records of information capture; batch

information; indexing; change control; destruction information and workflow.



29/32

ConclusionThe Code of Practice provides a sound basis for the use of electronic documentand information management systems which, if followed, should mean thatthe information can be used as evidence in the civil courts.

Even without this requirement, it defines the best-practice approach forelectronic storage generally.

With the enactment of the Human Rights Act 1998 and the Data Protection Act1998, it is expected that pressure will continue to increase for a formaldocumented statement on legal admissibility. In time, this is likely to feature inthe Civil Evidence Act, either by reference to the Code or to some European-wide standard.

The danger, however, is that technology will continue to outpace any attempt

at legislation.



30/32

Appendix A: Specimen Form for Recording Scanning Information

The following files are authorized for scanning

Project number Project

Confirmation of scanning The above files have been scanned by ……………………………….. DIP Operator/ArchivistDate

Indexing information

Project number File Folder reference Commentary

Confirmation of acceptanceThe above scanned files have been checked, the images are true and complete representationsof the documents scanned.The batch contains …………… (No) images and consists of ……… (No)documents.Signed ………………………….. DIP Operator/Archivist Disk reference ….………….............

Optical disk back-up confirmed by IT Date………………….................................. .............................................................

Confirmation of destructionThe above original documents may now be destroyed

Signed ……………………………............................................................................ Managing Partner



31/32

Appendix B: Specimen Form for Recording Retrieval

Request for certified copiesThe following files/documents are required as certified copies

Project number Project Documents ordrawings

Request authorized by Group Leader

……………………………………...........................................

Authorization to make certified copiesThe DIP Operator/Archivist/CAD Manager is authorized to make certified copies of the above

Signed ………………………………………………….......................................... Managing Partner

Files/Documents/Drawings retrievedThe above files/documents/drawings have been retrieved from disk/tape reference:

Retrieved by ……………………………………………............................................................Name

Date

Indexing information

Project Number File Folder reference Commentary

Certificate of authenticity

I …………………….. being the DIP Operator/Archivist/CAD Manager employed by ………………, certify that the attached files/documents are a true reproduction of the originalswhich were archived in accordance with the procedures set out in our user manual.

Signed …………………………..

Date …………………….............



32/32

Appendix C: References

Further and more detailed information can be obtained from the British StandardsInstitution (BSI). Publications include:

BSI-DISC PD 0005 Information Service ManagementBSI-DISC PD 0008:1996 A Code of Practice for Legal Admissibility of Information Storedon Electronic Document Management Systems (Edition 1)BSI-DISC PD 0008:1999 A Code of Practice for Legal Admissibility and Evidential Weightof Information stored Electronically BSI-DISC PD 0009 Compliance Workbook BSI-DISC PD 0010 Principles of Good Practice for Information ManagementBSI-DISC PD 3000 Information Security Management: An IntroductionBSI-DISC PD 3001 Preparing for BS 7799 CertificationBSI-DISC PD 3002 Guide to BS 7799 Risk Assessment and Risk ManagementBSI-DISC PD 3003 Are you ready for a BS 7799 Audit?BSI-DISC PD 3004 Guide to BS 7799 AuditingBS 4783 Parts 1 to 8 Storage, Transportation and Maintenance of Media used in DataProcessing and Information StorageBS 7083:1996 Guide to the Accommodation and Operating Environment for InformationTechnology EquipmentBS 7799-1:2000 Information Technology - Code of Practice for Information Security ManagementBS EN ISO 9000 Quality Management and Quality Assurance Standards

BSI publications are available from Customer Services, Sales Department, 389 Chiswick High Road, London W4 4AL Tel: 020 8996 7000 Fax: 020 8996 7001 Web:

www.bsi-global.com

The following publications are available from The Stationery Office, 123 Kingsway, LondonWC1 Tel: 0870 600 5522 Fax: 0870 600 5533 Web: www.tso.co.uk

Civil Evidence Act 1995;Civil Evidence (Scotland) Act 1968;Police and Criminal Evidence Act 1984;Criminal Justice Act 1988;Evidence Act (Northern Ireland) 1939;Civil Evidence Act (Northern Ireland) 1971;Statute Law Revision Act (Northern Ireland) 1973;Police and Criminal Evidence (Northern Ireland) Order 1989;Criminal Justice (Evidence) (Northern Ireland) Order 1988.

Data protection registrar, Data Protection Guidance for Users of Document Image Processing Systems,1995.Available from the Information Commissioner, Wycliffe House, Water Lane, Wilmslow,Cheshire SK9 5AF Tel: 01625 545700 Fax: 01625 524510