Best practice

Storing electronic documents in the cloud

  14. 09. 2018

Storage with a certified external digital archive provider ensures the legal validity of documents, and is also usually more secure than keeping material on premises.

The electronic documents businesses generate every day are still too often stored on unsecured servers, unencrypted hard drives, or in network folders that are freely accessible to employees or otherwise exposed to external threats. However, European legislation clearly stipulates that documents must be stored securely, retention periods - clearly defined according to document type - must be respected, and the integrity and stability of documents must be ensured. Electronic documents are legally valid only if they are archived in a manner that ensures their integrity.

Challenges of secure long-term storage of electronic documents

With so many electronic documents, secure long-term storage is a key issue. In addition to the statutory requirements which apply to the storage of physical documents, the storage of electronic documents must also comply with various electronic business and electronic signature regulations, allow for the conversion of documents into long-term storage formats and the recognition of electronic signatures within the EU (eIDAS) and take into account medical data and personal data protection (GDPR) guidelines. Consequently, invoices, private documents, contracts, conditions, insurance claims, and other types of documents may be stored exclusively in electronic form, while original documents in another form are destroyed (unless otherwise provided in the law).

Proper document security in accordance with the law provides an appropriate level of security against cyber attacks, enables the storage of legally valid documents for any eventual disputes, and effectively avoids data theft. As this is a very complex IT, communication, and procedural issue, in practice, storing documents with a certified external electronic storage provider is proving ever more popular.

Ensuring the integrity of archived documents

Electronic documents are subject to the same legal restrictions as paper documents. Even if a document isn’t subject to a specific retention period, in order to protect yourselves, you have to maintain its integrity and ensure its legal validity. A PDF document stored on a network drive or in an uncertified document system is not compatible with high storage standards. The lack of traceability makes such storage legally invalid.

In the event of a legal dispute, you’ll need to provide proof of traceability on request: descriptions of implemented processes, data security specifications, proof that the electronic signature was valid at the time the document was signed, and information on the procedures implemented to ensure document integrity in accordance with the eIDAS Regulation, including proof the secure signature algorithm was not breached. All this enables experts to conduct technical controls to determine whether the submitted electronic document is valid as evidence.

Risks of inadequate document management and storage

The GDPR requires extreme caution when working with personal data. Unauthorized document access and sharing poses great risk. Three-quarters of all unplanned document deletions occur due to human error. Viruses with malicious code that encrypts storage media are spreading rapidly, with a new organisation attacked every 40 seconds. Despite paying thousands of euros, one in five small and medium-sized businesses fails to recover data and documents. Disorderly storage of secure documents opens up the possibility that sensitive business documents may be stolen, or false documents may be created. If companies lose access to a document, they’re no longer able to defend themselves in the event of a dispute, which may present significant financial and legal consequences.

All these are reasons why it makes sense to implement a comprehensive overview of documents, versions and access, which also allows you to protect documents and data from possible risks. Remember that proper document security requires staff with specific knowledge and skills, as well as financial and technical resources that aren’t necessarily available to all companies.

Focus on your business and leave storage to the experts

Documents stored in with a certified external electronic storage provider cannot be deleted, hidden, or modified. Access to stored data is permitted only to authorised persons, and all interventions are recorded. The audit trail of documents and events and the readability of long-term storage formats are ensured. IT solutions managed by leading experts ensure the integrity, security, confidentiality, and accessibility of data and documents in electronic storage.

The role of an external electronic storage provider is to protect company documents, including against malicious employees seeking to cause damage to their employer. Certified digital archive by a specialized external provider in accordance with the latest archiving and security standards is also proven to be more secure and economical than keeping sensitive material on your premises.

David Habot, Director of strategic development at Mikrocop