Академический Документы
Профессиональный Документы
Культура Документы
2014 ISACA. All rights reserved. www.isaca.org ISACA JOURNAL VOLUME 3, 2014 1
The record types listed in figure 1 are examples of what fundamental in establishing the authenticity and, therefore,
might be considered in each classification. It is the responsibility the evidentiary weight of the stored records.
of each organization to determine the classification of the
records and information for that organization.10 CONCLUSION
The laws pertaining to electronic documents in most
Audit Trail countries are not sector-specific. The enactment of these laws
When preparing electronic records for use as evidence, it is means that all organizations will have to take appropriate
often necessary to detail the storage date of the information, measures to protect document integrity while using electronic
the movement of the information from one medium to another documents in their ordinary course of business. Failure to take
and the evidence of the controlled operation of the records these measures is no longer just lack of due professional care,
management system (RMS). These details are known as audit but constitutes a violation of legal obligations and can result
trail information. The audit trail consists of a historical record of in fines.
all significant events associated with the RMS.11 Application of such laws requires knowledge from various
Procedures for audit trails and any changes to the accepted fields, including familiarity with a number of regulations that
procedures must be documented in an RMS procedures manual. are directly or indirectly related to its provisions. Additionally,
Audit trails must contain sufficient and necessary management of IT and information security is a prerequisite
information to provide evidence of the authenticity of stored for their proper utilization.
records. The audit trail of an RMS shall consist of system- Electronic records processing systems designed and
generated and operator-generated logs containing data about implemented in a fashion to ensure that records cannot be
changes to the stored records. If the authenticity of stored altered or modified without audit trails and/or history logging
records is questioned, the integrity of the audit trail may be can produce accurate results. Such systems must follow a
2 ISACA JOURNAL VOLUME 3, 2014 2014 ISACA. All rights reserved. www.isaca.org
well-documented business process demonstrating that the
process used to create, store and access the records is reliable
and contains appropriate levels of security for users and
system administrators, preventing unauthorized access and/or Read COBIT 5: Enabling Information.
records deletion/modification. www.isaca.org/cobit
No matter how strong its data security policies and
controls are, an organization will not really know the Collaborate on and discuss cloud computing
adequacy of its defenses unless it continually verifies that and information security management in the
its defenses are sound, uncompromised and applied in a Knowledge Center.
consistent manner. To achieve such assurance, internal
www.isaca.org/knowledgecenter
audit has to play a far more substantial role in evaluating
information security practices or implementation than is often
the case today. 6 O
fficial Gazette of the Federation of Bosnia and
Herzegovina, Law on Electronic Documents, no. 55,
ENDNOTES 17 July 2013
1 The United Nations Commission on International 7 AIIM International, AIIM TR31-2004, Legal
Trade Law (UNCITRAL), Model Law on Electronic Acceptance of Records Produced by Information
Commerce, 1996 Technology Systems, 2004
2 Montana, John C.; John R. Kain; Kathleen Nolan, 8 Tester, Darlene; Is the TJ Hooper Case Relevant for
Legal Obstacles to E-Mail Message Destruction, Todays Information Security Environment?, ISACA
ARMA International Educational Foundation, Journal, vol. 2, 2013
19 October 2003 Hilliard, Mary; Vital Records, ARMA Austin RIM 101,
9
5 This act established a legal basis for administrative bodies, Programs: Identifying, Managing, and Recovering
local authorities, business enterprises and individuals to Business-Critical Records, 2010
accept and use electronic documents in their work and Canadian General Standards Board, CAN/CGSB-72.34-
11
daily operations. The act is fully harmonized with related 2005, Electronic Records as Documentary Evidence, 2005
European Union (EU) legislation and current global best
practice. Its adoption is in line with the directives of the
European Union, under which Bosnia and Herzegovina
must create all preconditions for electronic access to
information and e-commerce.
2014 ISACA. All rights reserved. www.isaca.org ISACA JOURNAL VOLUME 3, 2014 3