Users of document management solutions are subject to legal requirements for the audit-compliant storage of documents. The security of the document management solutions must be verified in terms of faithfulness to the original, integrity, availability and access security.
A study performed by IDC on the subject of “Print & Document Management in Germany 2016” shows that companies are struggling with the legally compliant archiving and protection of documents.
TÜViT supports users and operators of document management solutions in verifying these security requirements.
Audit criteria of VOI and TÜViT
The basis are the audit criteria for document management solutions (PK-DML) developed jointly by the VOI (Association of Organization and Information Systems) and TÜViT. They cover all statutory and non-statutory requirements for a document management solution. Regulations (GoBD), directives (TR-RESISCAN from BSI) and standards (e.g. EN 9300 for 3D documents) amend the audit criteria if required.
What are the factors in favor of certified document management?
Due to legal requirements and the individual implementation of document management solutions, operators frequently experience doubts regarding the destruction of paper documents, and the manner of archiving electronic copies. This is because the process steps for the digitalization of documents, from processing and archiving to reproduction, and the technical measures used, must be designed in such a way that the documents remain unchangeable and true to the originals throughout the archiving period.
When archiving originally electronic documents, there are also a number of pitfalls that need to be avoided. This affects e.g. signed and unsigned documents, and any required conversion of typical office formats into formats suitable for long-term archiving.
TÜViT performs a technical and organizational audit of the existing document management solution, adapted to the respective context. This allows customers to rely on the electronic long-term archiving, and to destroy paper documents after scanning.
Our services at a glance
- workshop: presentation of the audit requirements and initial assessment of the document management solution
- certifications based on the PK-DML criteria, DIN EN 9300 and TR-RESISCAN
- full certifications for operators of document management solutions (with and without outsourcing)
- partial certifications e.g. for scanning service providers and archiving service providers
- proof of concept for manufacturers and system integrators
Your benefits at a glance
- verification that measures for safeguarding audit-compliance of documents are applied in a targeted, effective and sustained manner
- verification of fulfillment of the laws and legal requirements derived from compliance requirements
- a certification allows you to demonstrate to third parties that legal requirements are fulfilled (e.g. German Principles of Proper Accounting “GoBD”) for the creation, processing and archiving of documents
- an audited and certified document management solution increases the evidential value of your archived documents
- the company management can specifically demonstrate that it fulfills its duty of care regarding the internal organization and risk management
- the audit identifies potential for improvement in your document management solution