25-08-2017, 09:32 PM
INTEGRITY AND AUTHENTICITY AND STANDARDS OF EVIDENCE
INTEGRITY AND AUTHENTICITY.ppt (Size: 90.5 KB / Downloads: 43)
Integrity and authenticity
What are they?
Why do you care?
for business reasons
have to trust your records
for legal reasons
others may have to trust them
The legal reasons
administrative – a government department (such as the tax people) wants to see them
regulatory – a public agency (such as the Securities Commission) wants to see them
judicial – they are needed for a court case
Judicial reasons - Court rules
We focus on court rules here because:
they are a general standard – not specific to an agency
they are a single standard – not multiple as with agencies
their standard influences others’ rules
Note on Audit Standards
See later discussion by Brian Ludmer
CICA has information security audit standard
The Law of Evidence in a (small) nutshel
the “normal” rule: oral evidence, under oath, subject to cross-examination
but: lots of exceptions
notable exception: documents
“documentary evidence” includes papers, pictures, audio and videotapes, and contents of computers
The Legislation
The key to the legislation: system integrity
general application: the best evidence rule – no original needed
In addition: any evidence supporting system integrity may be used to support admissibility
To ease admission, the law provides presumptions that the record-keeping system has integrity:
for one’s own computer, OK if one can show
the computer was working fine all the time, or
if it wasn’t, the problem did not affect the integrity of the record-keeping system
for a record from an adverse party’s computer, OK (since the other party knows more about it)
for a record from an independent third party, OK if kept in the ordinary course of business
The CGSB Standard and you
Characteristics of the Standard:
high level language
it applies to lots of records
it applies to lots of record-keepers
question: small and medium-sized enterprises
technology neutral
it is flexible in its application now
it is adaptable to evolution of technology
it does not make business choices for its users
Conclusions
If your electronic records can meet these tests, then evidence law does not make you produce the paper
even if the paper still exists, i.e. you don’t have to destroy it but you can
BUT there are other laws that require retention of records, e.g. tax law, industry-specific regs
SO you may have to keep the paper anyway.
A sound records retention and destruction schedule can only help.