There are many reasons to invest in an electronic archiving system (EAS). During an office move, for example, you may uncover a mountain of documents that are still in use or need to be archived. It’s often at key moments like this that an electronic archiving system is implemented. But it is wise to choose your EAS with care, particularly when it comes to legal compliance and data confidentiality.
An EAS is not an EDM
Before choosing an EAS, it’s best to understand what it is. An electronic archiving system archives, indexes and ensures traceability of electronic documents over the long term, guaranteeing their integrity so that they may serve as proof in the event of a dispute.
An EAS should not be confused with EDM (Electronic Document Management) software, which is used to facilitate a company’s management and use of all document flows.
Complying with regulations
In France, Electronic Archiving Systems must comply with certain standards, in particular NF Z 42-013, which covers the design and operation of electronic archiving solutions. The international equivalent of this French standard is ISO 14641-1. Depending on the contents of the documents being archived, your France-based EAS may also require a SIAF certification (for public authority archives) or an HDS certification (for personal health data). HDS certifications are issued by ASIP subject to approval from the French Data Protection Agency (CNIL).
Guaranteeing data security
To comply with CNIL rules, your data must be hosted in France or another EU country. You can also implement cyber-security features for added protection. Similarly, it’s wise to build redundancy into your EAS by hosting the data in several separate, geographically distant sites. This guarantees you will not lose any data in the event of an incident.
Choosing a service provider
Using a third-party service provider guarantees that you will comply with all the regulations. All that remains is to establish a relationship of trust with them. And with good reason: you are entrusting them with confidential and sensitive data. Don’t hesitate to ask them all the necessary questions, such as the human, technical and financial resources put in place to secure your data, the rules of separation regarding their other customers or their commitment to respecting retention periods.
Ensuring traceability
In the event of a dispute, like a breach of contract or litigation, your service provider must be able to provide the archived documents you request, as well as the data that ensures their traceability (timestamps, fingerprints, access, etc.). They must be able to provide a complete file of evidence, and it’s best to make sure they can do this before entering into a service agreement.
Your service provider must also guarantee continuity, meaning that your electronic archiving system can seamlessly be taken over by another service provider or by your in-house team should it prove necessary in future.
By ensuring these criteria are met, you can choose an EAS solution that is durable, reliable and complies with legal requirements. This reassures your employees, customers and suppliers alike, and ensures that your documents are properly preserved for the long term.
In France, AGS Records Management is NF 461 certified, a standard that attests to the compliance of its electronic archiving system, which fully complies with the fundamental principles of fidelity, integrity, durability and traceability of the digital documents it stores.
Would you like to set up an electronic archiving system within your organisation? Contact our experts today.