Functional Requirement: 1
Citation Performance Guideline for the Legal Acceptance of Records Produced by Information Technology
Systems: "Part III: Implementation of the Performance Guideline for the Legal Acceptance of Records
Produced by Information Technology Systems;" Technical Report ANSI/AIIM TR31-1994; Association
for Information and Image Management.
Pages 4
Extract With the aid of the organization's legal counsel, the pertinent recordkeeping statues, regulations,
rules, and policies with which the organization must comply should be identified, compiled, and
included with the system documentation. (Note: Regulations and rules also have the force of law.) A
review of these laws and policies should be conducted and a determination made as to which
organizational unit is responsible for assuring compliance with their various provisions.
Functional Requirement: 1a
Citation Skupsky, D.S. Record retention procedures. 1991.
Pages 19
Extract The United States federal government, state and local government entities, and other countries
have an interest in your organization's activities. Most are primarily interested in collecting taxes. Your
accounting, sales, and tax records, for example, are important to these government entities in
determining the amount of tax due. Employment and personnel records are also important to
government entities. Government has developed laws to protect employees, ensure the payment of
proper wages, protect the health and safety of employees, and eliminate discrimination. While you
maintain employment records primarily to better manage your employees, government looks to these
records to monitor your activities and enforce compliance with the law.
Citation Skupsky, D.S. Record retention procedures. 1991.
Pages 21
Extract The law generally views doing business as a privilege rather than a right. To transact business and
exercise other privileges such as employing others, government requires that you follow its rules. Failure
to follow these requirements may subject you to fines, penalties, and other adverse consequences, such
as losing the privilege of doing business.
Functional Requirement: 1b
Citation Skupsky, D.S. Record retention procedures. 1991.
Pages 33
Extract Legal research will uncover the laws affecting the retention of records for legal purposes. Some
laws clearly state the legal requirements. If you operate in several states, however, you can encounter
different requirements affecting the same records. You must then determine which of these laws to
follow.
Functional Requirement: 1c
Citation Skupsky, D.S. Record retention procedures. 1991.
Pages 27
Extract You must comply with the federal laws affecting your records and the state laws for each state in
which your organization does business. Government and private publications containing federal laws are
available ... Most records requirements are found in published regulations, although a few appear in
statutes.
Functional Requirement: 2
Citation Performance Guideline for the Legal Acceptance of Records Produced by Information Technology
Systems: "Part III: Implementation of the Performance Guideline for the Legal Acceptance of Records
Produced by Information Technology Systems;" Technical Report ANSI/AIIM TR31-1994; Association
for Information and Image Management.
Pages 20
Extract Accuracy may be increased by systematic quality control and audit procedures, as well as
operational oversight by persons with detailed knowledge of the process or system used to produce the
records.
Citation Performance Guideline for the Legal Acceptance of Records Produced by Information Technology
Systems: "Part III: Implementation of the Performance Guideline for the Legal Acceptance of Records
Produced by Information Technology Systems;" Technical Report ANSI/AIIM TR31-1994; Association
for Information and Image Management.
Pages 24
Extract The measures taken to insure the accuracy of the data entered may be challenged. Normally,
introduction of the systems documentation will be sufficient to demonstrate the accuracy of the data.
However, it may be necessary to have expert testimony on verification, proof reading, internal audit
trails, or computer security in general. It may be necessary as well to introduce the training records of
the data entry staff.
Functional Requirement: 2a
Citation 36 CFR Part 1234 -- Electronic Records Management. Subpart C -- Standards for
the Creation, Use, Preservation, and Disposition of Electronic Records
Pages 1234.20
Extract (b) Agencies shall maintain adequate and up-to-date technical documentation for each electronic
records system that produces, uses, or stores data files. Minimum documentation required is a narrative
description of the system; physical and technical characteristics of the records, including a record layout
that describes each field including its name, size, starting or relative position, and a description of the
form of the data (such as alphabetic, zoned decimal, packed decimal, or numeric), or a data dictionary
or the equivalent information associated with a data base management system including a description of
the relationship between data elements in data bases; and any other technical information needed to read
or process the records.
Citation Performance Guideline for the Legal Acceptance of Records Produced by Information Technology
Systems: "Part I: Performance Guideline for Admissibility of Records Produced by Information
Technology Systems as Evidence;" Technical Report AIIM TR31-1992; Association for Information and
Image Management.
Pages 6
Extract Of particular importance in fending off these assaults is to assure the existence of up-to-date
documentation that fully and accurately describes the procedural controls employed in producing the
records.
Citation Performance Guideline for the Legal Acceptance of Records Produced by Information Technology
Systems: "Part II: Performance Guideline for the Acceptance by Government Agencies of Records
Produced by Information Technology Systems;" Technical Report ANSI/AIIM TR31-1993; Association
for Information and Image Management.
Pages 11
Extract If the records were produced on the current or a very similar system, access to the system by
government representatives must be provided to enable them to process independent test data and review
the hardware, software and data. If the system used to produce the records no longer exists, existing
documentation describing the above operations must be made available. Failure to produce pertinent
documentation may jeopardize the acceptance of the records if their trustworthiness cannot otherwise be
established.
Citation Performance Guideline for the Legal Acceptance of Records Produced by Information Technology
Systems: "Part III: Implementation of the Performance Guideline for the Legal Acceptance of Records
Produced by Information Technology Systems;" Technical Report ANSI/AIIM TR31-1994; Association
for Information and Image Management.
Pages 3
Extract ...valid documentation of these descriptions are invaluable in supporting system integrity in the
event of a government audit. They are also useful for preparing a witness to testify as to the accuracy
and reliability of the system or process in laying a foundation for admissibility of records as evidence in
litigation.
Citation Performance Guideline for the Legal Acceptance of Records Produced by Information Technology
Systems: "Part III: Implementation of the Performance Guideline for the Legal Acceptance of Records
Produced by Information Technology Systems;" Technical Report ANSI/AIIM TR31-1994; Association
for Information and Image Management.
Pages 6
Extract Effective system procedures reflect the detailed steps to be followed when creating, modifying,
duplicating, destroying, or otherwise managing records. They provide for consistent quality control
activities, problem resolution approaches and other functions that might otherwise be subject to
inconsistent action, multiple interpretation, or misinterpretation.
Citation Performance Guideline for the Legal Acceptance of Records Produced by Information Technology
Systems: "Part III: Implementation of the Performance Guideline for the Legal Acceptance of Records
Produced by Information Technology Systems;" Technical Report ANSI/AIIM TR31-1994; Association
for Information and Image Management.
Pages 6
Extract Documentation should be regularly updated to reflect any changes This provides new employees
with a credible reference for understanding the system, isolating and solving problems, and recording
subsequent modifications. However, documentation is also important if the documented procedure is
ever questioned in court.
Citation Performance Guideline for the Legal Acceptance of Records Produced by Information Technology
Systems: "Part III: Implementation of the Performance Guideline for the Legal Acceptance of Records
Produced by Information Technology Systems;" Technical Report ANSI/AIIM TR31-1994; Association
for Information and Image Management.
Pages 6
Extract For purposes of laying a foundation for the admissibility of records in evidence, actual system
procedures followed during the period the records in question were produced should be documented in
sufficient detail to allow a qualified witness (e.g., the records custodian) to depend on the documentation
in describing the process or system to the court. The documentation should include an explanation of
deviations from established procedures.
Citation Performance Guideline for the Legal Acceptance of Records Produced by Information Technology
Systems: "Part I: Performance Guideline for Admissibility of Records Produced by Information
Technology Systems as Evidence;" Technical Report AIIM TR31-1992; Association for Information and
Image Management.
Pages 10-11
Extract Established procedures demonstrate what an organization plans to do in managing and controlling
the process or system--as opposed to what it actually does. The trustworthiness of an organization's
records offered in evidence might well be judged by the established procedures and how closely they are
followed. Deviations can be expected to be closely scrutinized, especially if the deviations are from
legally required procedures.
Citation Performance Guideline for the Legal Acceptance of Records Produced by Information Technology
Systems: "Part III: Implementation of the Performance Guideline for the Legal Acceptance of Records
Produced by Information Technology Systems;" Technical Report ANSI/AIIM TR31-1994; Association
for Information and Image Management.
Pages 3
Extract An initial task in a self-assessment procedure is to update or verify the accuracy of existing
documentation that describes the system environment in terms of the organizational structure, functions
and responsibilities, and system processes. Updated documentation should include descriptions of the
elements listed.
Functional Requirement: 2b
Citation 36 CFR Part 1234 -- Electronic Records Management. Subpart B -- Program
Requirements
Pages 1234.10
Extract The head of each Federal agency shall ensure that the management of electronic records
incorporates the following elements: (a) Assigning responsibility to develop and implement an
agencywide program for the management of all records created, received, maintained, used, or stored on
electronic media
Citation Performance Guideline for the Legal Acceptance of Records Produced by Information Technology
Systems: "Part I: Performance Guideline for Admissibility of Records Produced by Information
Technology Systems as Evidence;" Technical Report AIIM TR31-1992; Association for Information and
Image Management.
Pages 10-11
Extract (b) Accuracy Records produced by methods to ensure or enhance accuracy will be more readily
admissible in evidence. This may include systematic quality control and audit procedures, as well as
operational oversight by somebody with detailed knowledge of the process or system used to produce
the records.
Functional Requirement: 2c
Citation 36 CFR Part 1234 -- Electronic Records Management. Subpart B -- Program
Requirements
Pages 1234.10
Extract The head of each Federal agency shall ensure that the management of electronic records
incorporates the following elements: .. (i) Specifying the methods of implementing controls over
national security-classified, sensitive, proprietary, and Privacy Act records stored and used
electronically.
Functional Requirement: 2d
Citation 36 CFR Part 1234 -- Electronic Records Management. Subpart C -- Standards for
the Creation, Use, Preservation, and Disposition of Electronic Records
Pages 1234.26
Extract Agencies shall implement and maintain an effective records security program that incorporates the
following: (b) Provides for backup and recovery of records to protect against information loss.
Functional Requirement: 3
Citation Performance Guideline for the Legal Acceptance of Records Produced by Information
Technology Systems: "Part I: Performance Guideline for Admissibility of Records Produced by
Information Technology Systems as Evidence;" Technical Report AIIM TR31-1992; Association for
Information and Image Management.
Pages 3-4
Extract Computer business records are admissible if (1) they are kept pursuant to a routine procedure
designed to assure their accuracy. (2) they are created for motives that tend to assure accuracy (e.g., not
including those prepared for litigation), (3) they are not themselves mere accumulations of hearsay."
United States v. Sanders 749 F.2d 195, 198 (5th Cir. 1984).
Citation Performance Guideline for the Legal Acceptance of Records Produced by Information Technology
Systems: "Part I: Performance Guideline for Admissibility of Records Produced by Information
Technology Systems as Evidence;" Technical Report AIIM TR31-1992; Association for Information and
Image Management.
Pages 10
Extract Records produced as part of a regularly conducted activity such as those produced in the regular
course of business are admissible subject to a showing that the process or system used to produce them
is reliable and accurate. A regularly conducted activity may include a regular pattern of activity to
produce the records on a daily, weekly, monthly, yearly or other cyclical schedule.
Functional Requirement: 3c
Citation Performance Guideline for the Legal Acceptance of Records Produced by Information Technology
Systems: "Part III: Implementation of the Performance Guideline for the Legal Acceptance of Records
Produced by Information Technology Systems;" Technical Report ANSI/AIIM TR31-1994; Association
for Information and Image Management.
Pages 23
Extract Because equipment which is not functioning properly can alter the content of computerized
information, the reliability of the data processing equipment used to store and produce the records may
be challenged. The information contained in the systems documentation should be sufficient to
overcome this. However, if the hardware is challenged, it may be necessary to present evidence that the
equipment operated reliably the day the data were initially entered and on the day the computer record
was produced. A log of computer operations indicating the absence, or presence, of any malfunction that
did or did not affect the data is generally adequate. The agency may also be required to produce a
person who has actually tested the equipment.
Functional Requirement: 4
Citation 36 CFR Part 1234 -- Electronic Records Management. Subpart C -- Standards for
the Creation, Use, Preservation, and Disposition of Electronic Records
Pages 1234.24
Extract Electronic records may be admitted in evidence to Federal courts for use in court proceedings
(Federal Rules of Evidence 803(8)) if trustworthiness is established by thoroughly documenting the
recordkeeping system's operation and the controls imposed upon it. Agencies should implement the
following procedures to enhance the legal admissibility of electronic records. (a) Document that similar
kinds of records generated and stored electronically are created by the same processes each time and
have a standardized retrieval approach.
Citation "Part I: Performance Guideline for Admissibility of Records Produced by Information Technology
Systems as Evidence;" Technical Report AIIM TR31-1992; Association for Information and Image
Management.
Pages 3
Extract Much of the need for evidence rules equating products of specified technologies to originals can be
eliminated by focusing instead on the reliability and accuracy of the process or system used to produce
the records in question.
Citation "Part I: Performance Guideline for Admissibility of Records Produced by Information Technology
Systems as Evidence;" Technical Report AIIM TR31-1992; Association for Information and Image
Management.
Pages 3
Extract Federal Rules of Evidence. 901(b) lists examples of authentication requirements. Of particular
notes regarding computer evidence is example (9): Evidence describing a process or system used to
produce a result showing that the process or system produces an accurate result. This would seem to
particularly include evidence describing a computer "process" or "system" to show that a computer
printout is accurate.
Citation Performance Guideline for the Legal Acceptance of Records Produced by Information
Technology Systems: "Part I: Performance Guideline for Admissibility of Records Produced by
Information Technology Systems as Evidence;" Technical Report AIIM TR31-1992; Association for
Information and Image Management.
Pages 5
Extract ...[T]he foundation for admission of (computerized records) consists of showing the input
procedures used, the test for accuracy and reliability and the fact that an established business relies on
the computerized records in the ordinary course of carrying on its activities. The (opposing) party then
has the opportunity to cross-examine concerning company practices with respect to the input and as to
the accuracy of the computer as a memory bank and retriever of information....[T]he court (must) "be
satisfied with all reasonable certainty that both the machine and those who supply its information have
performed their functions with utmost accuracy."...[T]he trustworthiness of the particular records should
be ascertained before they are admitted and...the burden of presenting an adequate foundation for
receiving the evidence should be on the parties seeking to introduce it rather than upon the party
opposing its introduction.... [United States v. Russo, supra, at 1241, citing De Georgia, supra. See also,
United States v. Weatherspoon, 581 F.2d 595, 598 (7th Cir. 1978).]
Citation Performance Guideline for the Legal Acceptance of Records Produced by Information Technology
Systems: "Part I: Performance Guideline for Admissibility of Records Produced by Information
Technology Systems as Evidence;" Technical Report AIIM TR31-1992; Association for Information and
Image Management.
Pages 8
Extract 3.2.1.2 Uniform Rules of Evidence This law provides for the admissibility in evidence of both
original and duplicate records. Records will be admissible contingent on "...evidence sufficient to
support a finding that the matter in question is what its proponents claim..." such as by "...evidence
describing a process or system used to produce a result and showing that the process or system produces
an accurate result...."
Citation Performance Guideline for the Legal Acceptance of Records Produced by Information Technology
Systems: "Part I: Performance Guideline for Admissibility of Records Produced by Information
Technology Systems as Evidence;" Technical Report AIIM TR31-1992; Association for Information and
Image Management.
Pages 6
Extract Common assaults on the integrity of computer-based technologies include challenges to: a: the
source of the input data and the process for transcribing it to machine-readable form; b. the process that
creates, edits and updates the files; c. the process that produces the output or retrieves the records; and
d. the reliability of the equipment and vendor supplied software that systematically manages the internal
system processes.
Functional Requirement: 4b
Citation Performance Guideline for the Legal Acceptance of Records Produced by Information Technology
Systems: "Part III: Implementation of the Performance Guideline for the Legal Acceptance of Records
Produced by Information Technology Systems;" Technical Report ANSI/AIIM TR31-1994; Association
for Information and Image Management.
Pages 23
Extract Errors in computer records can result from errors in the computer programs. Consequently, the
reliability of the computer programs and formulas used to process the data may be challenged.
Normally, introduction of the systems documentation will be sufficient to demonstrate the reliability of
the programs and formulas. However, evidence about the development and testing of the programs may
also be required, as well as expert testimony from the creator of the software or from individuals who
have run validation tests on the software.
Functional Requirement: 6c
Citation 36 CFR Part 1234 -- Electronic Records Management. Subpart C -- Standards for
the Creation, Use, Preservation, and Disposition of Electronic Records
Pages 1234.20
Extract (b) Before a document is created electronically on electronic records systems that will maintain the
official file copy on electronic media, each document shall be identified sufficiently to enable authorized
personnel to retrieve, protect, and carry out the disposition of documents in the system.
Functional Requirement: 7a1
Citation "Part I: Performance Guideline for Admissibility of Records Produced by Information Technology
Systems as Evidence;" Technical Report AIIM TR31-1992; Association for Information and Image
Management.
Pages 1
Extract The court must be convinced that the process or system used is trustworthy in producing accurate
records, i.e., the records reflect the source data used to create them.
Functional Requirement: 7c
Citation Skupsky, D.S. Recordkeeping requirements. 1988.
Pages 173
Extract [In reference to state tax laws], ADP [automated data processing] records must provide an
opportunity to trace any transaction back to the original source or forward to a final point total. If detail
printouts are not made of transactions at the time they are processed, the systems must have the ability
to reconstruct these transactions.
Functional Requirement: 8
Citation 36 CFR Part 1234 -- Electronic Records Management. Subpart C -- Standards for
the Creation, Use, Preservation, and Disposition of Electronic Records
Pages 1234.26
Extract Agencies shall implement and maintain an effective records security program that incorporates the
following: (a) Ensures that only authorized personnel have access to electronic records.
Functional Requirement: 9a
Citation 36 CFR Part 1234 -- Electronic Records Management. Subpart C -- Standards for
the Creation, Use, Preservation, and Disposition of Electronic Records
Pages 1234.24
Extract Electronic records may be admitted in evidence to Federal courts for use in court proceedings
(Federal Rules of Evidence 803(8)) if trustworthiness is established by thoroughly documenting the
recordkeeping system's operation and the controls imposed upon it. Agencies should implement the
following procedures to enhance the legal admissibility of electronic records. (b) Substantiate that
security procedures prevent unauthorized addition, modification or deletion of a record and ensure
system protection against such problems as power interruptions.
Functional Requirement: 9b
Citation 36 CFR Part 1234 -- Electronic Records Management. Subpart C -- Standards for
the Creation, Use, Preservation, and Disposition of Electronic Records
Pages 1234.28
Extract Agencies shall select appropriate media and systems for storing agency records throughout their
life, which meet the following requirements: (3) Retain the records in a usable format until their
authorized disposition date
Functional Requirement: 9c
Citation Performance Guideline for the Legal Acceptance of Records Produced by Information Technology
Systems: "Part I: Performance Guideline for Admissibility of Records Produced by Information
Technology Systems as Evidence;" Technical Report AIIM TR31-1992; Association for Information and
Image Management.
Pages 11
Extract Audit trails document who used the system, when they used it, what they did while using the
system, and what were the results. Properly implemented audit trails can automatically detect who had
access to the system, whether staff followed standard procedures or whether fraud or other unauthorized
acts occurred or might be suspected. They provide independent confirmation that proper procedures
were in fact followed.
Citation Performance Guideline for the Legal Acceptance of Records Produced by Information Technology
Systems: "Part III: Implementation of the Performance Guideline for the Legal Acceptance of Records
Produced by Information Technology Systems;" Technical Report ANSI/AIIM TR31-1994; Association
for Information and Image Management.
Pages 7
Extract Audit Trail. An audit trail documents who used the system, when they used it, what they did while
using the system, and what the results were. An audit trail can detect who had access to the system,
whether staff followed standard procedures, or whether fraud or other unauthorized acts occurred.
Functional Requirement: 10
Citation 36 CFR Part 1234 -- Electronic Records Management. Subpart C -- Standards for
the Creation, Use, Preservation, and Disposition of Electronic Records
Pages 01234.20
Extract For electronic records systems that produce, use, or store data files, disposition instructions for the
data shall be incorporated into the system's design.
Citation Performance Guideline for the Legal Acceptance of Records Produced by Information Technology
Systems: "Part II: Performance Guideline for the Acceptance by Government Agencies of Records
Produced by Information Technology Systems;" Technical Report ANSI/AIIM TR31-1993; Association
for Information and Image Management.
Pages 13-14
Extract Uniform Preservation of Private Business Records Act. 2. Period of preservation Unless a specific
period is designated by law for their preservation, business records which persons by the laws of this
state are required to keep or preserve may be destroyed after the expiration of three years from the
making of such records without constituting an offense under such laws.
Functional Requirement: 11
Citation Performance Guideline for the Legal Acceptance of Records Produced by Information Technology
Systems: "Part III: Implementation of the Performance Guideline for the Legal Acceptance of Records
Produced by Information Technology Systems;" Technical Report ANSI/AIIM TR31-1994; Association
for Information and Image Management.
Pages 19
Extract The information maintained on the media and the ability of the system to produce records from the
information must achieve the required retention period. This means that for some technologies it may be
necessary to periodically convert, regenerate, copy or transfer the information from one medium or
technology to another to preserve the information for the required period.
Functional Requirement: 12
Citation 36 CFR Part 1234 -- Electronic Records Management. Subpart C -- Standards for
the Creation, Use, Preservation, and Disposition of Electronic Records
Pages 1234.28
Extract (a) Agencies shall select appropriate media and systems for storing agency records throughout
their life, which meet the following requirements: (1) Permit easy retrieval in a timely fashion;
Functional Requirement: 12a
Citation Performance Guideline for the Legal Acceptance of Records Produced by Information Technology
Systems: "Part II: Performance Guideline for the Acceptance by Government Agencies of Records
Produced by Information Technology Systems;" Technical Report ANSI/AIIM TR31-1993; Association
for Information and Image Management.
Pages 11
Extract 3.5.1 Availability of records. Records must be available for inspection for the full period required
by law. The life expectancy of the media, per se, has no bearing on the legal status or legal acceptance
of the records. The information maintained on the media and the system used to produce the records
must achieve the required retention period. This means that for some technologies it may be necessary
to periodically convert, regenerate, copy or transfer the information from one medium or technology to
another to preserve the information for the required period.
Last Modified: 7/3/96 [kjb]
Additional Warrant by Professions:
Lawyers |
Auditors |
Information Technologists |
Managers |
Medical Professions
MAIN MENU |
Functional Requirements |
Production Rules |
Metadata Specifications |
Glossary
|