Revision security – Wikipedia

Posted on by

The term Revision security refers to the revision -proof archiving for electronic archive systems. The term is based on the understanding of the revision from an economic perspective and concerns information and documents that are subject to retention or retention.

In Germany, electronic archive systems must have the requirements of the Commercial Code (§§ 239, 257 HGB), the Tax Code (§§ 146, 147 AO), the principles for the proper management and storage of books, records and documents in electronic form as well as data access (GoBD ) and meet other tax and commercial law requirements.

The term revision -proof archiving was shaped in 1992 by Ulrich Kampffmeyer and published in a “Code of Practice” in 1996 by the association of the document management industry, Association of Organizational and Information Systems (VOI). In retrospect, revision security refers to the checkability of the procedure used and thus not only to technical components, but to the entire solution. Revision security includes secure processes, the organization of the user company, the proper use, secure operation and proof in a procedural documentation. An essential feature of revision -proof archive systems is that the information is again found, understandable, unchangeable and falsely archived. Revision -proof archiving is an essential part of the compliance of information systems.

Characteristics of revision security in electronic archiving [ Edit | Edit the source text ]

In the derivation of the HGB regulations, the following criteria apply to revision security:

  • accuracy
  • completeness
  • Security of the overall procedure
  • Protection against change and falsification
  • Securing against loss
  • Use only through legitimate
  • Compliance with the retention periods
  • Documentation of the procedure
  • Traceability
  • Testability

The requirements and their implementation are to be found in the HGB, the AO and in detail the GoBD.

The term revision security or revision-proof archiving is now also applied to the archiving of information outside the area of ​​commercial and tax law and used synonymously with the falsifying, long-term archiving of electronic information.

Certification of the revision security of electronic archive systems [ Edit | Edit the source text ]

The examination of compliance with the requirements and the certification of electronic archive systems, or archive components integrated in commercial applications or document management are usually carried out by an auditor at the user on site. On the part of the Institute of Auditors in Germany e. V. is available for this with the IDW RS FAIT 3 (specialist committee for information technology).

Compliance with revision security can also be certified by TÜVIT based on a procedural documentation. The basis for this is the test criteria for document management solutions (PK-DML) of the Voi e. V.

Generally applicable certifications for the revision security of individual hardware or software products such as B. there is no optical memory. The Gobd Measure Certificates of third parties. The revision security of a solution is individually checked by the individual user company and includes the orderality of the entire procedure, the use of the hardware and software systems used, the quality of the information and processes as well as secure operation. The exclusive operation of electronic document management is therefore not sufficient.

  • Ulrich Kampffmeyer, Jörg Rogalla: Principles of electronic archiving . Code of Practice Volume 1. Voi Association Organizational and Information Systems e. V., Bonn, 2nd edition 1997, ISBN 3-932898-03-6.
  • Principles of proper DV-based bookkeeping systems (GoBS) (PDF; 58 KB). Letter from the Federal Ministry of Finance to the Upper Finance Authorities of the States of November 7, 1995 – IV A 8 – S 0316 – 52/95 – BStBl 1995 I p. 738f.
  • Karl-Georg Henstorf, Ulrich Kampffmeyer, Jan Prochnow: Principles of procedural documentation according to GOBS . Code of Practice Volume 2. Voi Association Organizational and Information Systems e. V., Bonn, 1999, ISBN 3-932898-03-6.
  • PK-DML test criteria for document management solutions . VOI Association Organizational and Information Systems e. V., Bonn, 2nd edition 2004.
  • T. Brand, I. Geis, S. Groß, B. Lindgens, B. Zöller: Archive . Gabler, Wiesbaden, 1st edition 2011. ISBN 978-3-8349-2237-3