Functional Requirement: 1
Citation 20 USC Sec. 1082 - Education. Chapter 28 - Higher Education Resources and Student Assistance.
Subchapter IV - Student Assistance
Extract (4) Audit procedures In conducting audits pursuant to this subsection, the Comptroller General and
the Inspector General of the Department of Education shall audit the records to determine the extent to
which they, at a minimum, comply with Federal statutes, and rules and regulations prescribed by the
Secretary, in effect at the time that the record was made, and in no case shall the Comptroller General
or the Inspector General apply subsequently determined standards, procedures, or regulations to the
records of such agency, lender, or Authority.
Functional Requirement: 2a
Citation Department of Health and Human Services Food and Drug Administration 21 CFR Part 11 [Docket No. 92N-0251] Electronic Signatures; Electronic Records
Pages 11.10
Extract Controls for closed systems. Closed systems used to create, modify, maintain, or transmit
electronic records shall employ procedures and controls designed to ensure the authenticity, integrity,
and confidentiality of electronic records, and to ensure that the signer cannot readily repudiate the
signed record as not genuine. Such procedures and controls shall include the following (k) Use of
appropriate systems documentation controls including: (i) Adequate controls over the
distribution, access to, and use of documentation for system operation and maintenance. (ii)
Records revision and change control procedures to maintain an electronic audit trail that documents
time-sequenced development and modification of records.
Citation Wright, B. The law of electronic commerce. 1991.
Pages 89
Extract Many controls could enhance record credibility: 1. Written policies and routines could be
developed with the help of independent accountants.
Citation Wright, B. The law of electronic commerce. 1991.
Pages 85
Extract Electronic records can be fabricated. ... One practical solution ... is to appoint a trusted
recordkeeper--an entity insulated from the incentive and ability to falsify its records.
Citation United States v. Scholle, , 553 F2d 1109 (8th Cir. 1977)
Pages 1125
Extract Even where the procedure and motive for keeping business records provide a check on their
trustworthiness..., The complex nature of computer storage calls for a more comprehensive foundation.
Assuming properly functioning equipment is used, there must be not only a showing that the
requirements of the Federal Business Records Act have been satisfied, but in addition the original source
of the computer program must be delineated, and procedures for input control including tests used to
assure accuracy and reliability must be presented.
Functional Requirement: 2b
Citation Bradgate, R. Evidential Issues of EDI. In: EDI & the Law. 1989.
Pages 17
Extract The court must be satisfied that these conditions are fulfilled, either by oral evidence or by a
certificate signed by a person occupying "a responsible position in relation to the management of the
activities for the purposes of which the computer was used" at the time the document was produced (not
at the time the information was recorded). As with sections 2 and 4 [of England's Civil Evidence Act
of 1968], a litigant wishing to rely on s.5 must serve notice of his intention on all other parties to the
litigation, identifying persons occupying a "responsible position" ...
Citation 41 CFR Sec. 201 - 9.103 Procedures.
Extract Each Federal agency shall take the following actions to establish and maintain the agency's records
management program: (a) Assign specific responsibility for the development and implementation of
agencywide records management programs to an office of the agency and to a qualified records
manager.
Citation Federal Rules of Evidence Article VIII. Historical Notes and Commentary Notes to Rule 803
Extract The Uniform Act, however, abolished the common law requirement in express terms, providing
that the requisite foundation testimony might be furnished by "the custodian or other qualified
witness."
Functional Requirement: 2d
Citation Miller GAAS Guide. 1994.
Pages 7.10
Extract It is management's responsibility to establish and maintain an adequate internal control structure
that accurately reflects transactions and events in its financial statements.
Citation Bradgate, R. Evidential Issues of EDI. In: EDI & the Law. 1989.
Pages 22-23
Extract A party seeking to rely on computer output in civil or criminal proceedings must be in a position
... to testify to the working of the system and the likely effect of any malfunction or breakdown ...
Functional Requirement: 3
Citation Federal Rules of Evidence. 1990.
Pages 128
Extract Rule 803. Hearsay exceptions; availability of declarant immaterial. The following are not excluded
by the hearsay rule, even though the declarant is available as a witness ... 6) Records of regularly
conducted activity. A memorandum, report, record, or data compilation, in any form, of acts, events,
conditions, opinions, diagnoses, made at or near the time by, or from information transmitted by, a
person with knowledge, if kept in the course of a regularly conducted business activity, and if it was the
regular practice of that business activity to make the memorandum, report, record, or data compilation,
all as shown by the testimony of the custodian or other qualified witness, unless the source of
information or the method or circumstances of preparation indicate lack of trustworthiness.
Citation Bradgate, R. Evidential Issues of EDI. In: EDI & the Law. 1989.
Pages 16-17
Extract The conditions for admissibility ... are that: 1. The document was prepared during a period over
which the computer was regularly used to process information for the purposes of any activities
regularly carried on over that period.
Citation Wright, B. The Law of electronic commerce. 1991.
Pages 118-119
Extract ... courts seem to presume that if businesses rely on the records in the ordinary course of their
affairs, then the means by which the businesses process and record the data under their control is
accurate.
Functional Requirement: 3b
Citation "Federal Rules of Evidence" Article VIII. Historical Notes and Commentary
Extract Rule 34(a) of the Rules of Civil Procedure. Exception (7). Failure of a record to mention a matter
which would ordinarily be mentioned is satisfactory evidence of its nonexistence. Uniform Rule
63(14)
Functional Requirement: 3c
Citation Bradgate, R. Evidential Issues of EDI. In: EDI & the Law. 1989.
Pages 23
Extract ... It is vital that a log be kept dealing with all aspects of the operation of the system.
Functional Requirement: 4
Citation Department of Health and Human Services Food and Drug Administration 21 CFR Part 11 [Docket No. 92N-0251] Electronic Signatures; Electronic Records
Pages 11.10
Extract Controls for closed systems. Closed systems used to create, modify, maintain, or transmit
electronic records shall employ procedures and controls ... Such procedures and controls shall include
the following (h) Use of device (e.g., terminal) location checks to determine, as appropriate, the
validity of the source of data input or operational instruction.
Citation Wright, B. The Law of electronic commerce. 1991.
Pages 169
Extract ... internal control over computer systems relies on such devices as system access barriers and the
professional development, testing, maintenance, and backup of software.
Citation Federal Rules of Evidence. Article IX Authentication or Identification Rule 901.
Extract Requirement of Authentication or Identification. (a) General provision. The requirement of
authentication or identification as a condition precedent to admissibility is satisfied by evidence
sufficient to support a finding that the matter in question is what its proponent claims. (b) Illustrations.
By way of illustration only, and not by way of limitation, the following are examples of authentication
or identification conforming with the requirements of this rule: ... (9) Process or system. Evidence
describing a process or system used to produce a result and showing that the process or system produces
an accurate result.
Citation United States v. Russo, 480, F2d 1228 (6th Cir. 1973)
Extract The foundation for admission of (computerized records) consists of showing the input procedures
used, the tests for accuracy and reliability and the fact that an established business relies on the
computerized records in the ordinary course of carrying on it activities. ....[T]he court (must) "be
satisfied with all reasonable certainty that both the machine and those who supply its information have
performed their functions with utmost accuracy."...[T]he trustworthiness of the particular records should
be ascertained before they are admitted and...the burden of presenting an adequate foundation for
receiving the evidence should be on the parties seeking to introduce it rather than upon the party
opposing its introduction....
Functional Requirement: 5
Citation "Federal Rules of Evidence" Article VIII. Historical Notes and Commentary
Extract ...the Committee concluded that the additional requirement of Section 1732 that it must have been
the regular practice of a business to make the record is a necessary further assurance of its
trustworthiness.
Citation Federal Rules of Evidence. Uniform Rules. 1990.
Pages 340-341
Extract Rule 902. Self authentication. Extrinsic evidence of authenticity as a condition precedent to
admissibility is not required with respect to the following: ... 11) Certified records of regularly
conducted activity (i) was made, at or near the time of the occurrence of the matters set forth, by (or
from information transmitted by) a person with knowledge of those matters, (ii) is kept in the course of
regularly conducted activity, and (iii) was made by the regularly conducted activity as a regular practice,
unless the sources of information or the method or circumstances of preparation indicate lack of
trustworthiness ...
Citation Federal Rules of Evidence. 1990.
Pages 129
Extract Rule 803. Hearsay exceptions; availability of declarant immaterial. The following are not excluded
by the hearsay rule, even though the declarant is available as a witness ... 7) Absence of entry in records
kept in accordance with the provisions of paragraph (6). Evidence that a matter is not included in the
memoranda, reports, records, or data compilations, in any form, kept in accordance with the provisions
of paragraph (6), to prove the nonoccurrence or nonexistence of the matter, if the matter was of a kind of
which a memorandum, report, record, or data compilation was regularly made and preserved, unless the
sources of information or other circumstances indicate lack of trustworthiness.
Functional Requirement: 5b
Citation Wright, B. The law of electronic commerce. 1991.
Pages 60
Extract Some advanced firms permit their computers to initiate transactions. An inventory management
program might, for instance, issue EDI purchase orders automatically when it determines inventory
stocks are low.
Functional Requirement: 6
Citation 21 CFR Sec. 1304 .02 Definitions
Extract The term readily retrievable means that certain records are kept by automatic data processing
systems or other electronic or mechanized recordkeeping systems in such a manner that they can be
separated out from all other records in a reasonable time and/or records are kept on which certain items
are asterisked, redlined, or in some other manner visually identifiable apart from other items appearing
on the records.
Functional Requirement: 6b
Citation Wright, B. The law of electronic commerce. 1991.
Pages 58-59
Extract Binding communications ... should contain only the intended information.
Functional Requirement: 7a
Citation Condition of Participation: Medical Records Services, Health Care Financing Administration, 42
CFR, Chapter 4, 482.24
Extract (b) Standard: Form and retention of record. The hospital must maintain a medical record for each
inpatient and outpatient. Medical records must be accurately written, promptly completed, properly filed
and retained, and accessible. The hospital must use a system of author identification and record
maintenance that ensures the integrity of the authentication and protects the security of all record
entries.
Citation Wright, B. The Law of electronic commerce. 1991.
Pages 114
Extract To admit electronic message contents into evidence or, ultimately, to prove their authenticity to the
trier of fact, the proponent generally must show origin and integrity. He must show who or what
originated the message and whether its contents are complete and in the form intended, free from error
or fabrication.
Functional Requirement: 7b
Citation 20 USC Sec. 1082 - Education. Chapter 28 - Higher Education Resources and Student Assistance.
Subchapter IV - Student Assistance
Extract The Secretary, in cooperation with representatives of guaranty agencies, eligible lenders, and
organizations involved in student financial assistance, shall prescribe a common application form and
promissory note to be used for applying for loans under this part. (B) Requirements The form prescribed
by the Secretary shall - (i) use clear, concise, and simple language to facilitate understanding of loan
terms and conditions by applicants; (ii) be formatted to require the applicant to clearly indicate a choice
of lender; and (iii) permit, to the maximum extent practicable, application for any loan under this
part.
Citation 21 CFR Sec. 1305.11 Food and Drugs Chapter II Part 1305 Unaccepted and defective order
forms .
Extract (a) No order form shall be filled if it: (1) Is not complete, legible, or properly prepared,
executed, or endorsed; or (2) Shows any alteration, erasure, or change of any description.
Functional Requirement: 7c
Citation Title 21-Food and Drugs. Sec. 1304.21 General requirements for continuing records .
Extract (a) On and after May 1, 1971, every registrant required to keep records pursuant to Sec. 1304 .03
shall maintain on a current basis a complete and accurate record of each such substance manufactured,
imported, received, sold, delivered, exported, or otherwise disposed of by him, except that no registrant
shall be required to maintain a perpetual inventory... (c) Separate records shall be maintained by a
registrant for each independent activity for which he is registered, except as provided in Sec.304.25 and
1304.26. (d) In recording dates of receipt, importation, distribution, exportation, or other transfers, the
date on which the controlled substances are actually received, imported, distributed, exported, or
otherwise transferred shall be used as the date of receipt or distribution of any documents of transfer
(e.g., invoices or packing slips).
Functional Requirement: 8
Citation Department of Health and Human Services Food and Drug Administration 21 CFR Part 11 [Docket No. 92N-0251] Electronic Signatures; Electronic Records
Pages 11.10
Extract Controls for closed systems. Closed systems used to create, modify, maintain, or transmit
electronic records shall employ procedures and controls designed to ensure the authenticity, integrity,
and confidentiality of electronic records, and to ensure that the signer cannot readily repudiate the
signed record as not genuine. Such procedures and controls shall include the following: (g) Use of
authority checks to ensure that only those individuals who have been so authorized can use the system,
electronically sign a record, access the operation or device, alter a record, or perform the operation at
hand.
Citation Department of Health and Human Services Food and Drug Administration 21 CFR Part 11 [Docket No. 92N-0251] Electronic Signatures; Electronic Records
Pages 11.10
Extract Controls for closed systems. Closed systems used to create, modify, maintain, or transmit
electronic records shall employ procedures and controls designed to ensure the authenticity, integrity,
and confidentiality of electronic records, and to ensure that the signer cannot readily repudiate the
signed record as not genuine. Such procedures and controls shall include the following: (d) Limiting
system access to authorized individuals.
Citation Condition of Participation: Medical Records Services, Health Care Financing Administration, 42
CFR, Chapter 4, 482.24
Extract (c) Standard: Content or record. The medical record must contain information to justify admission
and continued hospitalization, support for the diagnosis, and describe the patient's progress and response
to medications and services. (1) All entries must be legible and complete, and must be authenticated
and dated promptly by the person (identified by name and discipline) who is responsible for ordering,
providing, or evaluating the service furnished.
Citation Condition of Participation: Medical Records Services, Health Care Financing Administration, 42
CFR, Chapter 4, 482.24
Extract (i) The author of each entry must be identified and must authenticate his or her entry.
Citation "Federal Rules of Evidence" Article VIII. Historical Notes and Commentary
Extract The element of unusual reliability of business records is said variously to be supplied by
systematic checking, by regularity and continuity which produce habits of precision, by actual
experience of business in relying upon them, or by a duty to make an accurate record as part of a
continuing job or occupation.
Citation 19 USC Sec. 1484 Customs Duties Chapter 4 - Tariff Act Of 1930 Subtitle III - Administrative
Provisions Part III - Ascertainment, Collection, and Recovery of Duties Sec. 1484. Entry of
merchandise
Extract d) Signing and contents Entries shall be signed by the importer of record, or his agent, unless filed
pursuant to an electronic data interchange system. If electronically filed, each transmission of data shall
be certified by an importer of record or his agent, one of whom shall be resident in the United States for
purposes of receiving service of process, as being true and correct to the best of his knowledge and
belief, and such transmission shall be binding in the same manner and to the same extent as a signed
document. The entry shall set forth such facts in regard to the importation as the Secretary may require
and shall be accompanied by such invoices, bills of lading, certificates, and documents, or their
electronically submitted equivalents, as are required by regulation.
Functional Requirement: 8a
Citation Bradgate, R. Evidential Issues of EDI. In: EDI & the Law. 1989.
Pages 32
Extract In general, signed documents are regarded as possessing special evidential weight. Signature of
transaction documents and transaction records generally has the effect of authenticating those records in
that the signature (a) identifies the signer as party to the transaction and (b) indicates his assent to the
contents of the signed document.
Citation Wright, B. The Law of electronic commerce. 1991.
Pages 105-106
Extract In simple form, the data controls in and electronic messaging system might be analyzed as follows:
1. Controls ... which ensure transaction originators are identified ...
Functional Requirement: 9a
Citation Wright, B. The Law of electronic commerce. 1991.
Pages 105-106
Extract In simple form, the data controls in and electronic messaging system might be analyzed as follows:
... 4. Security features throughout the system to preclude intentional tampering with messages and
records.
Citation Federal Rules of Evidence Article IX. Authentication and Identification Rule 901
Extract Requirement of Authentication or Identification (8) Ancient documents or data compilation.
Evidence that a document or data compilation, in any form, (A) is in such condition as to create no
suspicion concerning its authenticity, (B) was in a place where it, if authentic, would likely be, and (C)
has been in existence 20 years or more at the time it is offered.
Functional Requirement: 9b
Citation 8 CFR Sec. 299. 4 Chapter I Subchapter B Part 29. Reproduction of forms by private
parties.
Extract An electronic reproduction must be complete, containing all question which appear on the official
form. The wording and punctuation of all data elements, and identifying information must match
exactly. No data elements may be added or deleted. The sequence and format for each item on the
form must be replicated to mirror the authorized agency form. Each item must be printed on the same
page in the same location.....2) Final form must match the design, format, and dimensions of the official
form. All blocks must remain the same size and lines must remained the length. No variation will be
permissible.
Functional Requirement: 9c
Citation Wright, B. The Law of electronic commerce. 1991.
Pages 14
Extract X.400's distinguishing attributes are that it provides for an audit trail that spans from sender to
receiver (despite the crossing of multiple network boundaries) and furnishes automatic message tracking
and acknowledgments.
Functional Requirement: 9c2
Citation Department of Health and Human Services Food and Drug Administration 21 CFR Part 11 [Docket No. 92N-0251] Electronic Signatures; Electronic Records
Pages 11.10
Extract Controls for closed systems. Closed systems used to create, modify, maintain, or transmit
electronic records shall employ procedures and controls designed to ensure the authenticity, integrity,
and confidentiality of electronic records, and to ensure that the signer cannot readily repudiate the
signed record as not genuine. Such procedures and controls shall include the following: (e) Use of
time stamped audit trails to document record changes, all write to file operations, and to independently
record the date and time of operator entries and actions. Record changes shall not obscure previously
recorded information. Such audit trail documentation shall be retained for a period at least as long as
required for the subject electronic documents and shall be available for agency review and copying.
Functional Requirement: 10
Citation 41 CFR Sec. 201 - 9.103 Procedures.
Extract (e) Control the creation, maintenance, and use of agency records and the collection and
dissemination of information to ensure that the agency - (1) Does not accumulate unnecessary
records;
Functional Requirement: 11
Citation 20 USC Sec. 1082 - Education. Chapter 28 - Higher Education Resources and Student Assistance.
Subchapter IV - Student Assistance
Extract (3) Common reporting formats The Secretary shall promulgate standards including necessary rules,
regulations (including the definitions of all relevant terms), and procedures so as to require all lenders
and guaranty agencies to report information on all aspects of loans made under this part in uniform
formats, so as to permit the direct comparison of data submitted by individual lenders, servicers, or
guaranty agencies.
Functional Requirement: 12a
Citation Department of Health and Human Services Food and Drug Administration 21 CFR Part 11 [Docket No. 92N-0251] Electronic Signatures; Electronic Records
Pages 11.10
Extract Controls for closed systems. Closed systems used to create, modify, maintain, or transmit
electronic records shall employ procedures and controls designed to ensure the authenticity, integrity,
and confidentiality of electronic records, and to ensure that the signer cannot readily repudiate the
signed record as not genuine. Such procedures and controls shall include the following: (c)
Protection of records to enable their accurate and ready retrieval throughout the records retention
period.
Citation Condition of Participation: Medical Records Services, Health Care Financing Administration, 42
CFR, Chapter 4, 482.24
Extract (2) The hospital must have a system of coding and indexing medical records. The system must
allow for timely retrieval by diagnosis and procedure, in order to support medical care evaluation
studies.
Functional Requirement: 12b
Citation Wright, B. The Law of electronic commerce. 1991.
Pages 168
Extract Retention of an EDI invoice ... requires the recordmaker to think ahead as much as seven or more
years to consider what resources will be available to retrieve and understand the record.
Citation Wright, B. The law of electronic commerce. 1991.
Pages 78
Extract To prove assent [in an electronic contract], the system should retain a secure record that permits
reconstruction of the information displayed to the buyer and his response.
Citation Wright, B. The Law of electronic commerce. 1991.
Pages 141
Extract An electronic message can be manipulated and distorted after the time it effects a legal event. An
EDI invoice, for example, can be translated, condensed, broken into pieces for entry into various parts
of a database, and so forth after its receipt. The way in which this occurs depends on programmer
decisions, which can infect the system with biases and judgment errors. Thus, resulting records can be
hearsay. The ideal electronic message recordkeeping system would avoid this "programmer" hearsay
altogether. It would keep a record of all transactions exactly as sent and received.
Functional Requirement: 13
Citation Condition of Participation: Medical Records Services, Health Care Financing Administration, 42
CFR, Chapter 4, 482.24
Extract (3) The hospital must have a procedure for ensuring the confidentiality of patient records.
Information from or copies of records may be released only to authorized individuals, and the hospital
must ensure that unauthorized individuals cannot gain access to or alter patient records. Original medical
records must be released by the hospital only in accordance with Federal or State laws, court orders, or
subpoenas.
Citation 41 CFR Sec. 105 - 735.207 Misuse of information.
Extract For the purpose of furthering a private interest, GSA personnel shall not, except as provided in
Sec. 105 - 735.204(c), directly or indirectly use, or allow the use of, official information obtained
through or in connection with their GSA employment which has not been made available to the general
public. Criminal penalties are imposed for disclosure of classified or confidential information.
Citation 41 CFR Sec. 105.64 .101-4 Safeguarding systems of records . Extract Managers must ensure that
administrative, technical, and physical safeguards are established to ensure the security and
confidentiality of records and to protect against possible threats or hazards which could be harmful,
embarrassing, inconvenient, or unfair to any individual.
Citation 21 CFR Sec. 20.64 Investigatory records compiled for law enforcement purposes.
Extract (a) An investigatory record for law enforcement purposes may be withheld from public
disclosure pursuant to the provisions of this section to the extent that disclosure of such records would:
(1) Interfere with enforcement proceedings. (2) Deprive a person of a right to a fair trial or an impartial
adjudication...
Citation 21 CFR Sec. 20.64 Investigatory records compiled for law enforcement purposes.
Extract (4) Prior to disclosure of any record specifically reflecting consideration of possible criminal
prosecution of any individual, all names and other information that would identify an individual who
was considered for criminal prosecution but who was not prosecuted shall be deleted unless the
Commissioner concludes that there is a compelling public interest in the disclosure of such names. (e)
Names and other information that would identify a Food and Drug Administration employee shall be
deleted from investigatory records prior to public disclosure only pursuant to Sec. 20.32.
Last Modified: 7/3/96 [kjb]
ADDITIONAL WARRANT BY PROFESSIONS:
Auditors |
Records Managers |
Information Technologists |
Managers |
Medical Professions
MAIN MENU |
Functional Requirements |
Production Rules |
Metadata Specifications |
Glossary
|