Characteristics of a Trustworthy Electronic Record
There are four essential characteristics used to describe trustworthy records from a records management perspective:
- Reliability: A reliable record is one whose content can be trusted as a full and accurate representation of the transactions, activities, or facts to which it attests and can be depended upon in the course of subsequent transactions or activities.
- Authenticity: An authentic record is one that is proven to be what it purports to be and to have been created or sent by the person who purports to have created and sent it. A record should be created at the point in time of the transaction or incident to which it relates, or soon afterwards, by individuals who have direct knowledge of the facts or by instruments routinely used within the business to conduct the transaction. To demonstrate the authenticity of records, organizations should implement and document policies and procedures which control the creation, transmission, receipt, and maintenance of records to ensure that records creators are authorized and identified and that records are protected against unauthorized addition, deletion, and alteration.
- Integrity: The integrity of a record refers to it being complete and unaltered. It is necessary that a record be protected against alteration without appropriate permission. Records management policies and procedures should specify what, if any, additions or annotations may be made to a record after it is created, under what circumstances additions or annotations may be authorized, and who is authorized to make them. Any authorized annotation or addition to a record made after it is complete should be explicitly indicated as annotations or additions. Another aspect of integrity is the structural integrity of a record. The structure of a record, that is, its physical and logical format and the relationships between the data elements comprising the record, should remain physically or logically intact. Failure to maintain the record's structural integrity may impair its reliability and authenticity.
- Usability: A usable record is one which can be located, retrieved, presented, and interpreted. In any subsequent retrieval and use, the record should be capable of being directly connected to the business activity or transaction which produced it. It should be possible to identify a record within the context of broader business activities and functions. The links between records which document a sequence of activities should be maintained. These contextual linkages of records should carry the information needed for an understanding of the transaction that created and used them.
An organization needs to consider these characteristics when planning to implement an electronic recordkeeping system and/or electronic signature technology so that it can meet its internal business and legal needs, and external regulations or requirements. The degree of effort an organization expends on ensuring that these characteristics are attained is dependent on the organization's business needs or perception of risk. Transactions that are critical to the business operational needs may need a greater assurance level that they are reliable, authentic, maintain integrity and are usable than transactions of less critical importance.