Audit-proof archiving with nscale
Numerous data and documents are created in companies every day. When these are no longer needed in day-to-day business, they are moved to the archive. There is a lot to consider here: Many data and documents must be archived in an audit-proof manner due to legal requirements. The nscale information platform provides valuable support for audit-proof archiving using software.
What does "archive" mean?
The archiving of documents refers to their controlled, systematic and long-term storage. The aim is to store documents and data in such a way that they are available and retrievable at all times.
Definition: What is "audit-proof archiving"?
Audit-proof archiving is a term that describes the long-term electronic storage of documents subject to retention requirements that are relevant under tax or commercial law. It must be ensured that the documents are protected against changes, forgery and manipulation, but also against damage, loss and unauthorized access during audit-proof archiving using software. With audit-proof archiving, companies fulfill legal requirements – more on this later.
Archiving documents is not the same as creating backups. The latter are copies of productive data – i.e. data that is used in day-to-day business – and allow it to be restored in the event of loss, deletion or manipulation, thereby maintaining business continuity.
Why digital archiving is important for companies
The primary purpose of audit-proof archiving is to fulfill legal requirements. These include retention and verification obligations set out in the German Commercial Code (HGB), the German Fiscal Code (AO) and the Principles for the Proper Keeping and Storage of Books, Records and Documents in Electronic Form and for Data Access (GoBD). In addition, audit-proof archiving may be subject to industry-specific regulations, such as the German Medicines Act (AMG) or the German Hazardous Goods Ordinance (GGVSEB). If companies violate the requirements for digital archiving, they may face severe penalties.
In addition, audit-proof archiving can provide important services in the event of product liability and compensation claims: By providing complete and transparent documentation during audit-proof archiving via software, companies can prove that they did not make any mistakes during product development and production – and thus protect themselves against the financial consequences of legal action.
In addition, companies benefit from numerous other added values in their day-to-day business and administration, which we will discuss below in the section “The advantages of audit-proof archiving”.
The principles of audit-proof archiving
The GoBD outlines several elementary basic principles for audit-proof archiving. The Verband Organisations- und Informationssysteme e. V. (VOI), which was instrumental in coining the term “audit-proof”, has formulated these principles in ten guiding principles.
Regularity
“Every document must be stored properly in accordance with legal and internal company regulations.”
Compliance forms the basis for audit-proof archiving. It requires adherence to legal provisions, compliance specifications and other regulatory requirements.
Completeness
“Digital archiving must be complete – no document may be lost on the way to the digital archive or in the archive itself.”
The archiving of documents must be complete and digital archiving must be fully documented.
Security/early digital filing
“Every document must be archived at the earliest possible organizational point in time.”
Documents can be damaged or lost. Companies can minimize this risk with GoBD-compliant archiving as early as possible.
Immutability
“Every document must match its original and be archived unalterably.”
Archived documents must always correspond to the original document. This also applies to scanned paper documents. This requires reliable logging during GoBD-compliant archiving as proof.
Authorizations
“Each document may only be viewed by authorized users.”
Audit-proof archiving requires restrictive authorization management and corresponding access controls, including logging. This applies in particular to the archiving of documents containing personal and confidential information.
Research and display
“Every document must be able to be searched for and displayed in a reasonable amount of time.”
Companies must be able to present relevant archived documents at any time, for example as part of an audit.
Delete
“The unauthorized and/or untraceable deletion of documents must be technically and organizationally excluded and organized in such a way that both retention periods and legal deletion requirements can be met.”
Companies must ensure that all retention periods are reliably adhered to when archiving documents on the one hand; on the other hand, certain data must be deleted after a certain period of time. This is stipulated by the General Data Protection Regulation (GDPR).
Testability
“It must be ensured that the entire organizational and technical process of the archive solution can be checked by an expert third party at any time.”
This requires procedural documentation that includes all measures, settings, logs and other data required for GoBD-compliant archiving. Auditors and reviewers must be able to read, view and understand these at any time.
Traceability
“Every changing action in the digital archive must be logged in a way that is comprehensible for authorized persons.”
Changes in the archive system must be traceable and therefore logged. This also means that the original status of a document can be restored at any time.
System migrations
“For all migrations and changes to the archive system, compliance with all the principles listed above must be ensured.”
In the event of a migration to a new archiving solution, it must be ensured that all basic principles for GoBD-compliant archiving are adhered to. Reliable logging during audit-proof archiving ensures that all migration measures are documented completely and transparently.
Which companies are obliged to audit-proof archiving?
All companies and all self-employed and freelance professionals who are subject to record-keeping or accounting obligations must archive in an audit-proof manner.
The obligations for audit-proof archiving via software are anchored in various laws:
- Fiscal Code: Section 90 (3); Sections 141 to 144
- Value Added Tax Act (UStG): § Section 22; Section 4 (3) sentence 5; Section 4 (4a) sentence 6; Section 4 (7)
- Income Tax Act (EstG): § 41
Which files need to be archived?
Companies must archive all data and documents that are relevant under tax and/or commercial law in an audit-proof manner for ten years. Other documents that must be retained, such as business letters, quotations, order confirmations, reminders, insurance policies or consignment notes, must be kept for six years. In individual cases, there are even longer periods, such as for patient files (30 years) or certificates (up to 100 years).
Companies should also ensure that accompanying documents such as work instructions or organizational documents are archived in an audit-proof manner. In addition, the retention obligation applies not only to outgoing but also to incoming documents. What’s more, there is also data and documents that are not subject to retention requirements but are still valuable and worth archiving. This could be analysis data, for example, or documents that contain specialist knowledge.
Do e-mails have to be archived?
Companies must archive all incoming and outgoing emails that are tax-relevant or equivalent to a business letter in an audit-proof manner. Advertising emails, newsletters and emails that are only used as a carrier medium – for example for a document in an attachment – do not necessarily have to be part of audit-proof archiving.
The advantages of audit-proof archiving
- fulfills legal requirements.
- enables efficient, fast and automated document management and storage.
- protects against data loss and damage and ensures the integrity of data and documents.
- enables traceable logging of changes and transparent versioning.
- allows efficient and flexible searching and finding of information.
- saves costs – and space – for paper files and storage space.
- reduces the time and effort required for document management
and audit-proof archiving. - is flexible and easily scalable.
Audit-proof archiving via DMS: optimally equipped with nscale
As a powerful information platform, nscale organizes the entire document management in the company, including audit-proof archiving. The nscale Server Storage Layer manages the physical storage of documents on the storage medium.
It contains certified standard connectors for various storage and archiving systems and ensures high speed and transparency for audit-proof and GoBD-compliant archiving. Retention and deletion periods can be defined centrally in the nscale Server Storage Layer for various document types and files. And thanks to its open system architecture, it can be easily adapted to new technological developments in the storage sector. This allows companies to future-proof their digital archiving and benefit from a reliable, tried-and-tested solution.
Get in touch.
"*" indicates required fields
Ceyoniq Technology GmbH is a group company of Kyocera Document Solutions.
Ceyoniq Technology GmbH
Boulevard 9 | 33613 Bielefeld
Together we develop strong ideas and implement tailor-made and individual solutions for companies and public administrations – contact us, we look forward to hearing from you!
Optimize your contract management with nscale CM
Manage your contracts easily and clearly with nscale CM. Optimize your processes, minimize risks and keep an eye on deadlines.
