Electronic archiving software, the architect of trust

[white paper]

Founded in 2015, the serdaLAB & Archimag Digital Agency, specialises in implementing multichannel communication strategies.

The agency draws strength from the intelligence, research and foresight laboratory of the Serda Group and the sector-level and cross-media expertise of Archimag (40,000 magazine readers and 70,000 unique visitors for the Archimag.com website). For over 10 years, serdaLAB has been analysing the challenges and trends shaping the information management sector, including electronic archiving, digitisation, professional electronic publishing, documentation, libraries, intelligence and search engines.

The serdaLAB & Archimag Digital Agency addresses a wide range of needs: . New service or product launches. Generation/acquisition of qualified leads. Brand installation or confirmation. Access to new markets. Winning over of new target markets. Nurturing strategies

The serdaLAB & Archimag Digital Agency provides a broad array of services, such as consulting (audits, surveys and strategy), content creation and promotion (white papers, expert opinion papers, computer graphics, opinion columns, etc.), media relations, and support with organising events (editorial focus, trade shows, presentations, round-table discussions, etc.) and online campaigns (email marketing, social marketing, webinars, tutorials and videos).

www.serda.com - www.archimag.com

ABOUT THE AUTHOR

1

CONTENTS

Introduction

About the author

1. Durability, integrity, confidentiality and accessibility: the four key principles of electronic archiving Feedback: Orange

2. The seven differentiators of electronic archiving software Feedback: Electricité de Strasbourg

3. Software: the backbone of an electronic archiving system Making sense of the different standards

Conclusion

INTRODUCTIONIn today's world, electronic documents have the same legal value as paper documents, meaning that electronic archiving has become a strategic issue for a large number of organisations. Before an electronic document can be used as evidence, it must satisfy specific criteria designed to guarantee its durability, integrity and traceability. Otherwise, the organisation will be unable to present the necessary supporting documents in the event of a tax investigation or defend itself in case of a dispute. As such, it will be wide open to penalties or other sanctions.

Organisations need to avoid getting lost in the jungle of standards. Navigating a clear course through all the standards and regulations relating to archiving and records management is anything but plain sailing. French, European and international standards, norms and certifications have been building up over the years and are not always easily understood.

Software now plays a key role in electronic archiving systems. After spending several decades juggling with different types of archiving media (diskettes, CDs, DVDs, Blu-ray discs, etc.) and thinking that information was related to its storage medium, organisations have realised that such media do not offer indefinite storage. They have changed their approach and begun designing software-oriented electronic archiving systems.

This white paper has been designed to shed light on the vital role that software plays in electronic archiving systems and also put standards back in their rightful place.

2

1. DURABILITY, INTEGRITY, CONFIDENTIALITY AND ACCESSIBILITY

THE FOUR KEY PRINCIPLES OF ELECTRONIC ARCHIVING

Data and documents under control

Electronic archiving is defined as the "long-term retention and management of an organisation's digital assets". Even though archived data is no longer used for the company's daily activities, it is deliberately retained in case the company needs to comply with specific regulations, handle disputes, satisfy its information governance requirements or simply safeguard its assets.

However, electronic archiving is not only a legal requirement. It is an integral part of the organisation's information asset management process and may therefore contribute to developing new services (such as an ISP allowing its customers to view their invoice history online) and improving how the company functions. Electronic archiving is a way of preserving and facilitating the use of the company's documentation. For example, quick and easy access to customer files can help an organisation respond to its customers' enquiries more effectively.

Although archived documents are increasingly destined for distribution, the company must control how those documents are distributed.

Four ways to tackle format obsolescence

1. Save documents in a standardised format, such as PDF.

2. Regularly convert files into a more recent format to extend their lifespan.

3. Whenever files are converted, check that the newly created files conform to the original files in order to guarantee their integrity and re-compute the digest to save the details of the conversion. All conversions (into another format) and migrations (to another storage medium) must be recorded or notarised in the logs.

4. Take every measure to ensure that files can be read on retrieval.

3

Four levels of protection for the

integrity of an electronic document

Compute the document's digest at the time of submission

Seal the document using a server stamp and timestamp the document when deposited

Record the document's submission in a secure log, followed by every other operation concerning the archived document

Regularly check the digest by recomputing and verifying against the initial digest

The electronic archiving system must guarantee:

• Durability. This involves the long-term preservation of data and guaranteeing that all data can be reread and retrieved. This is an especially complicated process, since the only standardised file formats are PDF and XML. Therefore, a file's legibility depends on the goodwill of the software vendor, who may either default (bankruptcy, retirement of software support, etc.) or impose upgrades (obligation to install a new version of the software).

The average lifespan of a .doc or .xls file is estimated to be five years. To avoid layout and font problems and incompatibility issues after five years, the file must be converted. This lifespan is even shorter for certain specific formats, especially those associated with the modelling software used by architectural firms, which change even more frequently.

In addition to the format, the storage infrastructure is also instrumental in the data's longevity. All storage media, whether optical discs, hard drives, SSD drives or magnetic tapes, are also subject to very short replacement cycles. In the ideal electronic archiving system, although the hardware should take a back seat to the software, the storage infrastructure must be robust, redundant and scalable enough to guarantee data durability, hence the importance of regularly migrating archives to a new storage system.

This double technological obsolescence ultimately creates a time paradox between the lifespan of written work (often several decades) and information technologies, which are renewed at a much faster rate.

4

• Integrity. To maintain the evidential value of a digital document and thereby minimise any legal risks, the organisation must preserve the document's "integrity", which means showing that it has not been modified or corrupted.

The solution is to compute the document's digest. This mechanism involves producing a character string specific to each document (like a fingerprint) and then checking that string at regular intervals. The digest is sealed by affixing an electronic stamp, following which it is timestamped. A secure log is used to record the document's submission and all subsequent operations concerning the document. This log is used to keep a trace of all operations performed. Time stamping the events recorded in the log helps establish the date and time of each event (if the archive is moved, viewed, and so on), so that such events can be proved at a later date if necessary.

"Over 75% of reported breaches are causedby the company's own employees" (Sources: Forrester et PwC)

•Confidentiality. This clearly raises question marks about access rights to archived documents, particularly in case of personal information (especially since a new European Regulation has just come into force) and sensitive data (invoices for weapons, healthcare data, bank data, specific payslips, blueprints for nuclear power stations, etc.). Which employees are allowed access and why? Confidentiality aims to address such questions by restricting access to archived documents for authorised users only by managing their usage rights and keeping track of the way in which they have used those documents. The ISO 27001 standard ("Information security management") identifies confidentiality as a security criterion in the same way as integrity. Security must be ensured from the moment data is sent until the end of its retention period. Various technological tools are available for maintaining the confidentiality of archived documents, including access control, traceability and encryption.

Encryption: guaranteed

confidentialityDespite strengthening confidentiality, encryption alone cannot guarantee the security of an archive collection in an environment where archiving practices are uncontrolled.

Consequently, it is important to know where encryption comes into the equation and who is entrusted with the encryption and decryption keys. The user? One of the components (physical or application-level) of the electronic archiving system? What about a trusted third party?

One th ing is for sure , however : confidentiality is much stronger when the secret is held by as few people as possible (or even just the user). But in this case, keeping the keys becomes a particularly sensitive issue.

5

Retention periods: what you should know

Payslips: 5 years

Invoices: 10 years

Business contracts: 10 years after the contract has ceased to produce its effects

Marketing authorisation for medicinal products: 50 years after marketing for the product has ended…

The PRISM and Snowden affairs have prompted organisations and governments to keep a closer eye on the security of their data and archived documents. They are determined to protect them not only from other people, but also their own employees. Contrary to misconceptions, employees are the leading cause of data breaches in an organisation.

•Accessibility. Although archives must obviously be quick and easy to access, organisations should nevertheless think about what constitutes a reasonable length of time for accessing an archived document, depending on the nature of their business.

Take the example of the construction industry. Once the building has been handed over and any defects made good, the construction firm provides the client with a list of all works performed. "Sometimes this represents a cubic metre of paper," explains Jean-Louis Pascon, a Digitisation Consultant and Trainer at Demat-Conseil. "The whole list can then be injected into an electronic archiving system, because the client already knows that it will be several years before anyone needs to take a look.

Some 10 years later, if the new owner decides to knock down the partitions and extend the surface area, it will take one hour to retrieve the archive, which is more than enough," he adds. "However, if you are involved in the interbank sector and the aim is to keep track of all the transactions in different markets, the archiving software needs to be capable of delivering a much faster response."

Therefore, the availability rate should be defined to reflect the level of risk that the company would face if it were unable to retrieve the document within the specified time. In some cases, documents must be available for viewing in real time, 24 hours a day and seven days a week.

6

Over 10 years ago, Orange started using an electronic archiving program encapsulated into an application called ADF for archiving invoices.

In the beginning, only invoices for the company's residential landline customers were concerned, but other types of invoice were soon added (mobile invoices, group invoices, etc.). Orange not only had to contend with a growing volume of data, but also an increasingly stringent set of requirements. "Our choice settled on a program that conformed to the NF Z42-013 standard and incorporated the same kernel as the one that we were using before and which perfectly satisfied our performance criteria," advises Stéphane Stragier, Project Management Leader in Orange's IS Division.

Several rival programs were shortlisted, but most failed to deliver on what they promised. "Our application needs to support a very high level of data acquisition and a large number of queries," adds Stéphane Stragier. Between 1.5 and 2 million queries a day for PDF files. A real constraint. "When we started showing these figures to the different vendors, they were unable to keep up. None had a customer typology like ours in their portfolio. There were no problems in terms of our data acquisition levels, but nobody could satisfy our query requirements," he explains.

The software was chosen for both technical and strategic reasons. Technically speaking, the software's components satisfied all the requirements and standards relating to legal

archiving obligations. Strategically speaking, "we thought it would be easier to approach a small vendor," especially for a group such as Orange, which requires flexibility, a fast response and superior customer tracking capability.

The software is currently used to archive the group's PDF invoices for its landline and mobile customers, whether residential or business. "We have internal portals (for advisors and sales reps) and external portals (for subscribers), who will send a continual stream of queries to the software," adds Stéphane Stragier. Within the company, the software is queried in two stages:

• The first web service fetches the metadata (customer name, invoice number, amount, etc.).

• The second web service returns the corresponding PDF.

Customers can also sign into the portal from home and view their invoice. They can even use the Orange & Me mobile app to display their metadata and download their invoice. The system obviously features secure access (encrypted transport protocols, access to the secure technical machine environment, dual login/password authentication, and so forth). Orange has even implemented a HSM unit (Hardware Security Module). PDF files are created on a DTP application at the front end of the process before being sent to the archiving software, where they are aggregated and then transferred to the HSM unit for encryption and certification, which reinforces server and data security.

FEEDBACK: ORANGE

7

2. THE SEVEN DIFFERENTIATORS OF ELECTRONIC ARCHIVING SOFTWARE

What are the selection criteria?

To choose the right electronic archiving software, you must first determine what it is going to be used for. Many organisations only think about electronic archiving in response to various laws and regulations (France's Act for Growth, Business & Equal Economic Opportunity, Chorus Portail Pro 2017, etc.) without actually taking their real needs into account. They do not yet give this topic sufficient thought.

Without knowing which type of documents they are going to archive, organisations cannot make an informed decision when choosing their software. "If the organisation is looking to archive Office files or invoices, the matter can be settled in no time at all," explains Jean-Louis Pascon. "But when it comes to the blueprints for a bridge, for example, and everything involved in its construction (design calculations, soil investigations, concrete sample testing, rebar tensile testing, etc.) and the whole lot needs to be retained for 99 years, the matter is not so straightforward."

What do my archives consist of? What types of document do I need to archive and for how long? Are my documents signed or not? Am I operating on behalf of the government? Once the organisation has determined exactly what it wants to do, it can start looking at the different tools available.

"Many organisations only think about electronic archiving in response to

various laws and regulations (France's Act for Growth, Business & Equal

Economic Opportunity, Chorus Portail Pro 2017, etc.) without actually taking

their real needs into account."

8

Other aspects subsequently enter into the equation when choosing the software, including:

• The volume of data that needs to be preserved and made available for viewingThis is an important issue. In case of a low volume of data, it will be in the organisation's best interests to enlist the support of a service provider, especially since they will have a Europe-wide choice once the eIDAS Regulation concerning trust service providers is fully published. With fewer than 3,000 documents a year, there is no point looking for a software program that requires the company to implement an electronic archiving system complete with its operating environment and operations teams. However, when it comes to large organisations and all companies issuing large amounts of documents with major data preservation and lookup needs, the choice of software will play a decisive role.

• Device independenceThe software's ability to function with any type of disk array (WORM or otherwise) and support changes in storage infrastructure is also an important consideration. The idea is to eliminate any hardware constraints and focus exclusively on the software's functionality, especially since not every organisation today necessarily has an in-house IT team to manage its technical resources. Before it strives to find the right software, the organisation must ensure that its employees have clearly understood the issues of electronic archiving and the importance of the software being ready to operate irrespective of the storage medium.

Electronic vault:a "component" of the electronic archiving system

Electronic archiving systems and vaults are sometimes pitted against each other, but it is actually a fallacy.

As demonstrated by the NF Z42-020 standard, an electronic vault is a "component" that is intended to be integrated into an overarching system, i.e. an electronic archiving system.

E l e c t r o n i c v a u l t s c a n a l s o b e incorporated into an HR information system or ERP for disseminating and keeping track of invoices, payslips and other documents.

9

In the event of a dispute, what are the prerequisites for electronic archiving systems to

ensure that the documents produced by either party have evidential value?

The litigation phase is always prepared in the early stages of the dispute process, which the company must anticipate accordingly. In principle, case law has shown that the courts recognise the legal value of electronic documents, which are most often presented as digital copies of the original documents in hardcopy format. On many occasions, the courts have also recognised the legal value of contracts that have been signed electronically.

The archiving system needs to be capable of returning an electronic original that can be used to identify the signatory and prove the integrity of its content throughout its lifecycle, from creation through to the end of the retention period, including cases where the document needs to be extracted for presentation in a court.

It is important for the organisation to be in possession of all the security and technical documents involved in the formation of online contracts , especia l ly i ts cert ificat ion, timestamping, evidence management and archiving policies, as well as the associated procedures and the different qualifications or certifications, such as compliance with ETSI standards for its services and/or trust service providers.

Eric A. Caprioli, Barrister, Paris, Doctor of Laws

• Integration into the EDM system. Many organisations confuse "EDM" and "electronic archiving" systems. In actual fact, they are two separate, yet complementary tools. For instance, EDM systems can be used to manage the electronic documents required for the organisation's day-to-day operations (downloads, modifications, versioning, sharing, deletion, etc.), but they cannot store those documents while guaranteeing their authenticity and durability. The electronic archiving system is responsible for incorporating the records management rules defined by the organisation (retention period, document typology, confidentiality level, etc.). The organisation needs to decide whether it wants an EDM system with built-in electronic archiving functionality or two clearly separate systems. By separating both systems, the organisation ensures that nobody has direct access to the archiving system. Users never see the documents directly, since there is always a back-end server acting as an interface between them and the archived data, which improves security. However, in the case of an EDM system, users can add a new document, a new version, and so on. "Separating both applications can improve the company's performance and avoid any speed issues in the archiving system, which takes time to verify integrity." Building electronic archiving functionality into the EDM system will clearly affect performance.

• The presence of a web services interface enabling the software to integrate seamlessly into existing environments (workflow, ERP, etc.).

• The software's ability to support multiple operating systems (Microsoft, Linux and Unix), multiple databases (PostgreSQL, SQL Server, etc.) and multiple languages.

10

• Indexing and search functionality. The software must be able to archive structured and unstructured files and databases (e.g. in .csv format) and perform searches. It must also be capable of indexing several millions of rows/transactions and providing users with intuitive interfaces for quick and effective searches. Depending on their access rights, users can then view the list of results, look up the archive and subsequently print, export or destroy the record (only if the retention period has been reached). Some types of software also offer asynchronous searches (offline and deferred), which is an advantage for companies with high volumes of data. Other features are also available, allowing organisations to check the integrity of their records, extract metadata, define the retention period, index records, manage rights and permissions, administer archiving profiles and manage the archive lifecycle.

• Compliance with regulations and standards. The AFNOR NF Z42-013 standard serves as the benchmark in the French electronic archiving market. This standard lists the technical and organisational specifications for designing and operating an electronic archiving system, which helps reassure organisations when choosing their software. Other standards are also used, including AFNOR NF Z42-020 which provides the functional specifications for a "digital safe-deposit box component" (one of the core components of the electronic archiving system) designed for the preservation of digital information in such conditions as to guarantee its long-term integrity.

Organisations need to go through a long list of questions when choosing the right archiving software, since each program

addresses a specific need.

11

If one of the parties is unable to produce the originals of the contracts or other documents, will a copy suffice? Case law has shown that when one of the parties is unable to produce the original document, it may present digital copies of those documents. However, case law requires the copy to be a faithful and long-lasting reproduction in accordance with Section 1348, Paragraph 2, of the French Civil Code.

In a decision taken by the Lyon Court of Appeal at first instance on 3 September 2015, the magistrates held, without good reason, that the copies of the originals submitted by the bank at best supported the oral evidence given by the party but did not actually constitute irrefutable evidence, even though such copies were deemed to be faithful and long-lasting reproductions conforming to the requirements of the AFNOR Z 42-013 standard and satisfying the provisions of Section 1348, Paragraph 2, of the French Civil Code.

Since 1 October 2016, Section 1379 of the French Civil Code has specified: "until the contrary has been proven, any copy resulting from an identical reproduction of the content and form of the document is deemed to be authentic, and whose integrity is guaranteed over time by a process conforming to the terms and conditions specified by Regulation (…). If the original exists, its presentation may still be required".

Eric A. Caprioli, Barrister, Paris

With the advent of electronic documents and digital signatures, the sales teams at the Electricité de Strasbourg (ES) Group wanted access to the new contracts electronically signed by their customers. "We needed to store these documents and maintain their evidential value," explains Sébastien Heitz, DTP Manager in the IT Department at the ES Group. To achieve that aim, the group identified a software program during a preliminary study in 2012.

INSTALLATION, MIGRATION AND COMPRESSIONIn 2015, the group rekindled the project to determine whether the latest version of the software still ticked all its boxes. "A consultant came and installed the product for us and then began training the teams how to use it," adds Mr Heitz. "He also gave us a tool for migrating our data and guided us throughout the process." In terms of the retention period, Electricité de Strasbourg has chosen to retain all its documents dating back over the last 15 years, representing 2 TB of data. The software's compression algorithms should reduce the entire data volume to 1 TB.

IMPROVED SECURITYSecurity is ensured by the technological architecture. "We used web services and we set up a DMZ strategy for the server hosting the software," advises Mr Heitz. In other words, in a physically separate network called a DMZ (demilitarised zone). The new software has not had a major change on the company's business processes, but the

ability to maintain the "evidential value" of its documents brings greater security on top of the security already provided by the architecture. It was extremely easy to physically delete a file with the old software, but that will no longer be the case with the new software. Once a file has been injected into the EAS (electronic archiving system), it is retained for the entire configured retention period. "We have set the retention period to 10 years," adds Mr Heitz. "During that time, files can only be viewed or hidden, which guarantees extra security." The software also satisfies the requirements of the Z42-013 standard (which played a decisive role in the company's choice) and uses newer technologies than the old software (based on Java with an Oracle database). "Furthermore, it includes new functionality that we thought would create value for the company," says Mr Heitz.

SOFTWARE DESIGNED AS A SIMPLE ADD-ONOnce the software had been installed, the company checked how users got on with the document access system. "We wanted to assess the impact that this new tool would have on users and whether we would need to lay on training," explains Mr Heitz. Ultimately, the software perfectly conforms to specifications, and no problems have been reported during the archiving and lookup processes. The software offers other advantages, such as the fact that it can be customised and easily interconnected with the existing information system. "Installing and configuring the software takes hardly any time at all. The most time-intensive process is migrating the data," confides Mr Heitz, who is acting as operations manager for the project.

FEEDBACK: ELECTRICITE DE STRASBOURG

12

3. SOFTWARE: THE BACKBONE OF AN ELECTRONIC ARCHIVING SYSTEM

To build an electronic archiving system, you need software

Organisations in both the public and private sectors have started pursuing electronic archiving strategies. But projects need to follow a strict set of rules, meaning that organisations cannot simply make it up as they go along, especially since the design for today's electronic archiving systems (EAS) has somewhat changed. The previous model that was heavy on hardware and light on software has been inverted in favour of a design that features a minimum of hardware and prioritises the software. Therefore, no software = no EAS. The design for electronic archiving systems is now modelled on the principle that the dedicated hardware layer for storage (SSD, Cloud, etc.) must be transparent and play a supporting role for the management software, which knows where the data is, how to fetch the data, how to manage its integrity, and so on. In tomorrow's world, this software will incorporate a growing number of technological strategies for better managing availability or traceability, and should be increasingly standardised (at least in terms of traceability).

The profusion of standardsRewind back to the turn of the 21st century and there were hardly any standards relating to archiving. But since then, every year has brought its share of new standards from some ISO committee or other, AFNOR, professional communities and even the European Union. As a result, the number of standards has increased exponentially, with each standard having its own scope, strategy and terminology, which muddies the waters ever more for organisations.

Insight

"Electronic archiving is on its way to becoming the main segment of the archiving market as a whole. In France, this segment generated close to €400 million in revenue last year, after reaching €353 million in 2014, i.e. an increase of 8%".

(source: SerdaLab 2016 survey) 

13

It is hard for decision-makers to see a clear way through the dozen or so standards covering electronic archiving, such as AFNOR NF Z44-022 (MEDONA - Modelling of data exchange for archiving) based on the Data Exchange Standard for Archiving (SEDA), which provides a normative framework for different information exchanges (data such as metadata) between users and their archiving partners, NF Z42-025 relating to electronic payslip management, NF Z42-020 relating to the "digital safe-deposit box" component, NF Z42-013 on electronic archiving and ISO 27001, which identifies confidentiality as an element of the archiving system's security.

Recommended, but not indispensable?One standard stands out from the rest: NF Z42-013. This standard is highly beneficial for a complete electronic archiving system when looking to guarantee the integrity, security and durability of the organisation's documents. But this standard is not actually indispensable, since conforming to its requirements is a highly expensive exercise and organisations are not necessarily clamouring to use it. Many companies are simply content to use its specifications for guidance.

Hallmarks and best practicesThis explosion in standards should not hide the fact that organisations very rarely address this particular issue, and when they do, they often get backups, archiving and storage muddled up. Some associations, such as the FNTC (National Federation of Trusted Third Parties), may also provide a helping hand by bestowing quality hallmarks (best practices) upon third-party archiving and electronic vault services and solutions. These hallmarks also serve to guarantee quality for organisations in search of guidance.

14

Are there too many standards for electronic archiving?

No, there are not too many standards on archiving, since only a few are actually effective in the market. If I had to mention two or three, the main ones for archiving would be AFNOR Z42-013 and its international counterpart ISO 14641-1, as well as Z42-020 for electronic vaults. 

For general guidance, I would mention the ISO 27001 suite, which can be tailored to the target archiving system according to the findings of the organisation's risk assessment.

Eric A. Caprioli, Barrister, Paris, Doctor of Laws

Why comply with standards?Despite being a complex topic, complying with standards benefits the organisation in many respects: ease of looking up documents through standardised document descriptors, greater trust among users and customers by using archiving providers or archive services, and guaranteed integrity of the archived documents. Complying with standards can also prevent organisations from using proprietary systems, where data durability is dependent on the economic or strategic incidents of those systems' vendors. In addition to choices in technology, the NF Z42-013 standard covers electronic archiving systems according to how they are used on a day-to-day basis. This is how the aspects relating to the technical documentation for the software and hardware installed and an exact description of all the operating procedures are developed to provide operators with the necessary technical knowledge to manage or upgrade their archiving system.

Archiving means anticipatingShould organisations really comply with NF 42-013 (ISO 14641)? If so, to what level of compliance? Should organisations apply this standard to their electronic archiving system and go as far as achieving AFNOR NF 461 certification? Providing an answer to these questions is anything but straightforward. That is why it is important to consult with legal and archiving experts to obtain a clearer insight and determine which standards are best suited to the organisation's plans. Ultimately, the legal, technical, functional and organisational aspects of implementing an electronic archiving solution are closely related, and the company must focus on these aspects concurrently according to requirements. Organisations should also not forget the economic aspect or lose sight of the fact that even though technology is coming along in leaps and bounds (the retention period for archived documents is longer than the life span of the technologies involved), the legal framework is not necessarily evolving at the same pace and requires time to adapt.

The 15 questions that organisations should ask when

implementing electronic archiving software

Why archive?For use as evidence or information assets? What needs archiving? Native digital documents? Digitised documents? Incoming and outgoing documents, and company-produced documents? What volume? What retention period? What level of risk? What value?Which sources? Which formats?Which methods for looking up documents?Method for integrating into the legacy architecture? Procedure for purging documents?

15

NF Z42-013 This French standard (AFNOR) provides the technical and organisational specifications for the operation of an electronic archiving system (EAS). It focuses on the traceability of all EAS-related processes (digitisation, recording, storage and retrieval of electronic documents within the EAS, etc.). The standard aims to guarantee document integrity, i.e. an archiving system with evidential value.

ISO 14721 - OAISThe OAIS standard (open archival information system) describes the implementation of an electronic archiving system offering long-term preservation irrespective of changing technologies. It explains and describes the reference model for archiving and the operation of an EAS. It provides a conceptual diagram of the EAS.

NF Z42-020This standard provides the functional specifications for a digital safe-deposit box component (electronic vault) designed for the preservation of digital information in such conditions as to guarantee its long-term integrity. It describes the best practices for ensuring that an EAS (Electronic Archiving System) according to NF Z42-013 can interact with its electronic vault.

Other related standards include ISO 19005-1 (which defines PDF/A-1 as an electronic document file format for long-term preservation), ISO 30300, ISO 30301 and ISO 30302 (2011 to 2014), the new 2016 version of ISO 15489-1, ISO 23081-1 and ISO 23081-2 (metadata), ISO/TR 26122 (work process analysis), ISO 16175-1 to 3 (focusing on electronic office documents) relating to records management and ISO 20652, the child of the OAIS standard, PAIMAS for the Producer-Archive Interface Methodology Abstract Standard, which explains how to best prepare and carry out the transfer of digital information objects between the producer and the "Archive", and ISO 15836 (the "Dublin Core" standard) for structuring minimal descriptive metadata irrespective of the type of document submitted to the EAS.

MAKING SENSE OF THE DIFFERENT STANDARDS

ISO 14641-1 In 2012, the AFNOR NF Z42-013 standard served as the blueprint for international standard ISO 14641-1. Despite a slight adaptation to the content of the French standard, ISO 14641-1 also describes a number of specifications for the design and operation of an EAS. Like NF Z42-013, ISO 14641-1 describes the full range of archival information preservation functions, including ingest, storage in the EAS (format, retention period, etc.) and check-out for viewing purposes.

16

ARCHIVIST & ARCHIVING PROVIDER: INSTRUMENTAL IN BUILDING DIGITAL TRUSTAs communication drivers, forms of evidence and data storage tools, archives fulfil three key functions and are associated with two similar, but radically different roles: archivists, who are responsible for managing every stage in the archiving chain (collection and filing of documents, final processing, preservation and dissemination to the public) and archiving providers, which act as trusted third parties and are responsible for receiving, preserving and retrieving electronic documents (texts, signatures, certificates, timestamp tokens, login data, etc.) and the attached data. Be careful not to confuse both terms and both roles, since they relate to two different notions: information assets (archivist) and evidence (archiving provider).

Having said that, the archivist's opinion is especially important in leading an electronic archiving project, since it is often his or her role to alert the organisation's different departments to the importance of archives. Even when archives are no longer used, they are still valuable to the organisation, especially in the event of a dispute, as explained by one archivist, who adds that there is no one-size-fits-all solution and that a clear insight is required into the organisation and its needs when installing an effective system, of which the software will form the backbone.

CONCLUSION

17

Cecurity.com is a trusted third party and software vendor for the secure exchange and archiving of digital originals. Cecurity.com's solutions include Electronic Archiving Systems (EASs), electronic vaults, certified electronic exchanges and digitisation services, respectively with its PEA (Proof, Exchange & Archiving) and Smart Electronic Vault (CFEC) software.

As a vendor, Cecurity.com offers client access and SaaS licensing arrangements. Its software is designed, developed and operated in France.

Cecurity.com's expertise includes electronic transaction tracking, data protection and archiving of digital evidence in such fields as electronic billing, archiving of accounting data, electronic payslips, protection of personal information and online contract formation.

Cecurity.com is the only company in France to have been awarded the electronic vault hallmark from CNIL, NF Software - Digital Safe-Deposit Box Component certification from AFNOR Certification, the Electronic Vault hallmark from the FNTC (National Federation of Trusted Third Parties) and CSPN certification from ANSSI (National Agency for Information Systems Security).

18

IN PARTNERSHIP WITH