The Principles: IntegrityA recordkeeping program shall be constructed so the records and information generated or managed by or for the organization have areasonable and suitable guarantee of authenticity and reliability.
Two components:● Integrity of a record is directly related to the ability to prove that a record is authentic and unaltered.● Authenticity requires proof that a document comes from the person, organization, or other legal entity claiming to be its author or authorizing authority.
Integrity means:● Correctness of and adherence to the policies and procedures of the organization● Reliability of the information management training and direction given to the employees who interact with all systems● Reliability of the records created● An acceptable audit trail● Reliability of the systems that control the recordkeeping including hardware, network infrastructure, and software
How:● Embodied in policies and procedures.● Training of employees in proper adherence to said policies and procedures.● Consistent practices throughout records lifecycle.● Proper audit and QA processes.● Maintenance of reliable systems.
Why:● Reliable and authentic records lie at the heart of the purpose for a recordkeeping program: ● Business decisions, regulatory, and legal all figure here. ● Without appropriate processes, you cant trust the records you keep.
Who:● Company executives are ultimately responsible for records as business assets.● Investors and regulators expect integrity.● Employees/record creators share responsibility for integrity of records they create.
When:● The principle applies broadly to any recordkeeping program. ● It is especially important during the creation and management of records, as well as in auditing and QA processes.
Where:● Any organization maintaining records, but probably most especially those subject to legal and regulatory oversight by third parties.
A word on the Maturity Model● Level 1: Sub-standard: No defined policies or procedures for ensuring authenticity of records.● Level 2: In development: Some records are kept with respective metadata, but no formal process for metadata storage.● Level 3: Essential: Formal processes, metadata standards, and goals for integrity of records in place.● Level 4: Proactive: Clear definition for metadata standards for all records, metadata standards address security, chain of custody requirements.● Level 5: Transformational: Formal standards in place for introduction of new record-generating systems, controls and audits in place, initial goals have been met and are mechanism devised for regular review/revision.