Electronic document storage in the cloud
An organization that decided to store its data with a certified outsourced e-storage provider has ensured the legality of its documents and improved security, since outsourced storage is normally safer than storing the documents at our own premises.
Electronic documents created in the course of operations still too often stored on unprotected servers, unencrypted hard drives or in shared network folders that are freely accessible to employees or otherwise exposed to external threats.
However, the EU legislation clearly stipulates that documents must be stored securely, for the prescribed retention period based on the document type, and that they should be kept in their integral form and unchanged. Electronic documents are legally valid only if they are archived in a manner that that preserves their integrity.
Principles of e-storage
- Accessibility of information
- Usability of content
- Integrity of documents
- Authenticity of data
Challenges of secure long-term storage of electronic documents
With so many electronic documents, secure long-term storage is a key issue. In addition to the statutory requirements which apply to the storage of physical documents, the storage of electronic documents must also comply with various electronic business and electronic signature regulations, allow for the conversion of documents into long-term storage formats and the recognition of electronic signatures within the EU (eIDAS) and take into account medical data and personal data protection (GDPR) guidelines.
- Invoices, private documents, contracts, conditions, insurance claims, and other types of documents may be stored exclusively in electronic form, while original documents in another form are destroyed (unless otherwise provided by the law).
Proper document security in accordance with the law provides an appropriate level of security against cyberattacks, enables the storage of legally valid documents for any potential disputes, and effectively avoids data theft. As this is a very complex IT, communication, and procedural issue, in practice, storing documents with a certified external electronic storage provider is proving ever more popular.
Ensuring the integrity of archived documents
Electronic documents are subject to the same legal restrictions as paper documents. Even if a document isn't subject to a specific retention period, in order to protect yourselves, you have to maintain its integrity and ensure its legal validity. A PDF document stored on a network drive or in an uncertified document system is not compatible with high storage standards. The lack of traceability makes such storage legally invalid.
In the event of a legal dispute, you'll need to provide authorized experts determining whether the submitted document is valid as evidence with proof of traceability, containing:
- descriptions of implemented processes,
- data security specifications,
- proof that the electronic signature was valid at the document was signed,
- information on the procedures implemented to ensure document integrity in accordance with the eIDAS Regulation, and,
- proof the secure signature algorithm was not breached.
Risks of inadequate document management and storage
Inadequate storage and poor document management increase the probability of risk. Here are a few examples:
- The GDPR requires extreme caution when working with personal data. Unauthorized document access and sharing poses great risk.
- If companies lose access to a document, they're no longer able to defend themselves in the event of a dispute, which may present significant financial and legal risks for the management.
- Disorderly storage of secure documents opens up the possibility that sensitive business documents may be stolen, or false documents may be created.
These reasons provide justification for a comprehensive review of all documents, versions and accesses, which will enable better document and data protection against potential risks. We need to remember that proper document protection requires special knowledge and skills, as well as financial and technical resources that not all organizations may have at their disposal.
Focus on your business and leave storage to the experts
Documents stored with a certified external electronic storage provider cannot be deleted, hidden or modified. Access to stored data is permitted only to authorized persons, and all interventions are recorded. The audit trail of documents and events and the readability of long-term storage formats are ensured.
The role of an external electronic storage provider is to protect company documents, including against malicious employees seeking to cause damage to their employer. Certified digital archive by a specialized external provider in accordance with the latest archiving and security standards is also proven to be more secure economical than keeping sensitive material on your premises.
- Certified InDoc EDGE e-storage system is managed, developed and maintained by top experts in accordance with the principles of secure and compliant long-term e-storage.
Want to know more? Contact us!