Auditing acceptability - what does it mean?
Auditing acceptability is based on the understanding of the revision process and therefore does not refer to individual components, but to the entire solution. It is an essential component for compliance of information systems.
In practice, auditing acceptability means tamper-proof long-term archiving of electronic information.
The Association of Organizational and Information Systems (Verband Organisations- und Informationssysteme, VOI) defines 10 key points for auditing acceptability:
- Compliance: The reliable and legally compliant storage of documents in a regulated manner.
- Completeness: All required documents must be fully recorded and stored in the archive.
- Security of procedure as a whole: According to the organizational framework, each document has to be archived at the earliest possible time.
- Protection against change and tampering: Each document must match its original and must be archived in a way that it cannot be changed.
- Use only by authorized persons: Each document may only be viewed by authorized users.
- Protection against loss: It must be possible to find and reproduce each document in a reasonable time.
- Compliance with retention requirements: Each document may be destroyed, meaning deleted from the archive, only after its retention period has expired.
- Traceability: Every changing action in the electronic archive system must be recorded in a manner
,that is comprehensible for authorized persons.
- Verifiability: The entire organizational and technical archiving process can be checked by an expert third party at any time.
- Documentation of processes: For all migrations and changes to the archive system, compliance with all of the principles listed above must be ensured.