1. Services
  2. Information Security Management
  3. Document Management

Users of document management solutions are subject to legal requirements for the audit-compliant storage of documents. The security of the document management solutions must be verified in terms of faithfulness to the original, integrity, availability and access security.

A study performed by IDC on the subject of “Print & Document Management in Germany 2016” shows that companies are struggling with the legally compliant archiving and protection of documents.

TÜViT supports users and operators of document management solutions in verifying these security requirements.


Audit criteria of VOI and TÜViT

The basis are the audit criteria for document management solutions (PK-DML) developed jointly by the VOI (Association of Organization and Information Systems) and TÜViT. They cover all statutory and non-statutory requirements for a document management solution. Regulations (GoBD), directives (TR-RESISCAN from BSI) and standards (e.g. EN 9300 for 3D documents) amend the audit criteria if required.

What are the factors in favor of certified document management?

Due to legal requirements and the individual implementation of document management solutions, operators frequently experience doubts regarding the destruction of paper documents, and the manner of archiving electronic copies. This is because the process steps for the digitalization of documents, from processing and archiving to reproduction, and the technical measures used, must be designed in such a way that the documents remain unchangeable and true to the originals throughout the archiving period.

When archiving originally electronic documents, there are also a number of pitfalls that need to be avoided. This affects e.g. signed and unsigned documents, and any required conversion of typical office formats into formats suitable for long-term archiving.

TÜViT performs a technical and organizational audit of the existing document management solution, adapted to the respective context. This allows customers to rely on the electronic long-term archiving, and to destroy paper documents after scanning.

Our services at a glance

  • workshop: presentation of the audit requirements and initial assessment of the document management solution
  • certifications based on the PK-DML criteria, DIN EN 9300 and TR-RESISCAN
  • full certifications for operators of document management solutions (with and without outsourcing)
  • partial certifications e.g. for scanning service providers and archiving service providers
  • proof of concept for manufacturers and system integrators

Your benefits at a glance

  • verification that measures for safeguarding audit-compliance of documents are applied in a targeted, effective and sustained manner
  • verification of fulfillment of the laws and legal requirements derived from compliance requirements
  • a certification allows you to demonstrate to third parties that legal requirements are fulfilled (e.g. German Principles of Proper Accounting “GoBD”) for the creation, processing and archiving of documents
  • an audited and certified document management solution increases the evidential value of your archived documents
  • the company management can specifically demonstrate that it fulfills its duty of care regarding the internal organization and risk management
  • the audit identifies potential for improvement in your document management solution

In the digital age, information and data are the currency of the future.

Dr. Stefan Spitz

Product Manager Enterprise Content Management

+49 201 8999-649
Fax: +49 201 8999-555

Further services

ISO 27001

As a certified IT security service provider by the German Federal Office of Information Security (BSI), TÜViT supports companies and public authorities with the planning, implementation, monitoring and continuous improvement of their information security management system.


With a certification under ISO 27001 based on the “BSI IT-Grundschutz” standard, you show your customers and business partners the importance you associate with IT security, since the level of your information security fulfills the requirements of the BSI.
Read more

ISMS for the Energy Industry

TÜViT supports grid operators with the rollout of their ISMS according to ISO 27001, taking into account ISO 27019.
Read more
We use cookies to optimize the functionality of the website and for web analysis. If you use our website, you agree.