Starting points for the implementation of internal rules
When electronic documents have been uploaded to a server, this does not mean we have done enough to preserve their integrity, authenticity, availability, usability and permanence throughout the life cycle.
This is a complex procedure that requires a systematic, prudent and dedicated approach. When establishing long-term and legally compliant e-storage, internal rules are extremely helpful. In internal rules, organizations clearly define how they intend to conduct all procedures relating to the capture and storage of electronic documents.
What are internal rules?
Internal rules are internal legal acts defining the capture and storage of all material in an organization. In drawing up these rules, we need to consider the Protection of Documents and Archives and Archival Institutions Act (ZVDAGA), and the Decree on the protection of documents and archives, while also taking into account uniform technological requirements for capture and electronic storage. The internal rules actually contain all answers to the criteria specified in the uniform technological requirements.
The first step is a feasibility study
One of the most important, if not the most important, steps in drafting internal rules is to carry out a feasibility study. The feability study assesses the current situation at the company: we check the existing condition and format of materials, check whether all the needed resources for establishing e-storage are available, and assess the competency level of the staff to handle stored documents. The feasibility study tells us whether proper electronic storage system can be established in our environment.
There are many options for providing electronic storage. We can provide it ourselves, using our premises and infrastructure. We can outsource it to an external provider, and store our materials on their premises. The third option is the so-called ‘hybrid’ (and most commonly used) model, where we conduct some storage activities and let the external provider take care of the rest.
Information security and personal data protection compliance
In drawing up internal rules, we should not neglect the issue of information security. It is necessary to abide by regulatory requirements, minimize e-storage risks and costs, and ensure the protection of data of other confidentiality levels (e.g. personal, confidential and secret).
Establishing information security is a gradual and prudent process. A crucial step includes detemeining the responsibilities of staff memebers and their tasks related to electronic document management. We need to clearly define the possibility of accessing the system and the archived material, which in practice means that we need to assign user rights, ensure appropriate audit trail (who and when accessed a certain document and whether they had made any modifications of the material prior to exiting).
Choose certified e-storage services and solutions
We can set out on the journey to ensure secure and legally compliant e-storage on our own, but such a journey will require a considerable amount of dedication and consistency, specific expertise and infrastructure investment. One of the possibilities is to outsource the complete process to an external provider. However, if we decide to do that, we should stay in the driving seat and not leave anything to chance.
It is crucial that our chosen provider guarantees the highest level of information security and makes sure to carry out regular upgrades of mechanisms to ensure quality, security and legally compliant storage.
When choosing an external provider, it is advisable to hire one whose services and equipment are certified with the Archives of the Republic of Slovenia. Thus we will avoid the risk that our chosen provider does not act in compliance with the regulations governing e-storage. We also need to verify the provider's references and their experience.
Responding to most common issues
When drawing up internal rules and creating a comprehensive e-storage plan, we have to specify how storage will be carried out (fully insourced, fully outsourced, a hybrid approach).
During the feasibility study, it is important to be as open and honest as possible. Do you have the knowledge needed to draw up internal rules? Do you have enough staff who will be able to focus on this area? Something is certain: the journey you are about to take is riddled with challengesDuring the feasibility study, it is important to be as open and honest as possible. Do you have the knowledge needed to draw up internal rules? Do you have enough staff who will be able to focus on this area? Something is certain: the journey you are about to take is riddled with challenges.
Therefore, it is worth stressing the importance of setting the right priorities inside the organization since in ensuring secure and compliant storage there is not room for a half-hearted approach. If we do not have the resources needed to maintain proper electronic storage, we'd better find ourselves a qualified external provider.
Want to know more? Contact us!