1. The Principles: Integrity
A recordkeeping program shall be constructed so
the records and information generated or
managed by or for the organization have a
reasonable and suitable guarantee of authenticity
and reliability.
2. Two components:
● Integrity of a record is directly related to the
ability to prove that a record is authentic and
unaltered.
● Authenticity requires proof that a document
comes from the person, organization, or other
legal entity claiming to be its author or
authorizing authority.
3. Integrity means:
● Correctness of and adherence to the policies
and procedures of the organization
● Reliability of the information management
training and direction given to the employees
who interact with all systems
● Reliability of the records created
● An acceptable audit trail
● Reliability of the systems that control the
recordkeeping including hardware, network
infrastructure, and software
4. How:
● Embodied in policies and procedures.
● Training of employees in proper adherence to
said policies and procedures.
● Consistent practices throughout records
lifecycle.
● Proper audit and QA processes.
● Maintenance of reliable systems.
5. Why:
● Reliable and authentic records lie at the heart
of the purpose for a recordkeeping program:
● Business decisions, regulatory, and legal all figure
here.
● Without appropriate processes, you can't trust the
records you keep.
6. Who:
● Company executives are ultimately responsible
for records as business assets.
● Investors and regulators expect integrity.
● Employees/record creators share responsibility
for integrity of records they create.
7. When:
● The principle applies broadly to any
recordkeeping program.
● It is especially important during the creation and
management of records, as well as in auditing and
QA processes.
8. Where:
● Any organization maintaining records, but
probably most especially those subject to legal
and regulatory oversight by third parties.
9. A word on the Maturity Model
● Level 1: Sub-standard: No defined policies or procedures for
ensuring authenticity of records.
● Level 2: In development: Some records are kept with respective
metadata, but no formal process for metadata storage.
● Level 3: Essential: Formal processes, metadata standards, and
goals for integrity of records in place.
● Level 4: Proactive: Clear definition for metadata standards for
all records, metadata standards address security, chain of
custody requirements.
● Level 5: Transformational: Formal standards in place for
introduction of new record-generating systems, controls and
audits in place, initial goals have been met and are mechanism
devised for regular review/revision.