Electronic archiving – the right way

Electronic archiving – the right way

 

“Is it still important, or can it be omitted?” In the business environment, this question is generally difficult to respond to with a clear yes or no. Legislation has established some rules to help businesspeople find their way through the jungle of laws, directives and regulations. They also include very clear dispositions about archiving business-related email traffic.

 

The Commercial Code is the legal basis for business in Germany. For example, it also stipulates that companies must archive certain documents for certain periods so that processes can be tracked and verified at any time if needed. Account books and records, inventories, financial statements, management reports and the opening balance sheet as well as the work instructions necessary for their understanding these must be archived. Other documents that belong in the archive are received commercial or business letters and, not least, accounting documents and other documents that may be relevant to the tax authorities. This includes all correspondence used in the preparation, processing, conclusion or cancellation of a transaction. Examples include invoices, orders, letters of complaint, payment documents and contracts.

 

These rules of the game also apply if such documents are sent by email or as attachments to electronic messages. Appropriately adapted laws have already taken the digitization of business processes, as well as rapidly increasing IT-based communication, into account. The previous regulations were put under scrutiny last year. Since January 1, 2015, the GoBD (Principles for Duly Maintaining, Keeping and Storing Books, Records and Documents in Electronic Form and for Data Access) have stipulated the rules of conduct. In the process, several changes to the lawful storage of electronic business data have resulted. This also affects email archiving.

 

Not every email needs to be archived

 

However, not every business-related email that is drafted or received has to be kept on record. Tax-relevant emails that can be considered as a trade or business letter or an accounting record definitely have to be archived, even when in electronic form. However, an email that merely serves as a vehicle for a business-relevant document, such as an invoice, and does not contain any information that is business-relevant and subject to retention does not have to be archived. After all, you don’t keep normally any envelopes in which paper documents are sent, either.

 

Nor do emails lacking content relevant to the tax office have be archived or kept on record for data access. An exception to this is messages that should be stored in the interests of the company, for example, when it comes to agreements on warranties or product liabilities.

 

Companies that have to deal with electronic archiving should bear in mind that this is an application that is extremely critical for business processes. They should thus first inquire about several points before accepting a solution proposal. This includes asking questions such as:

 

  • Does the software comply with the principles to ensure the due maintenance and preservation of paper and electronic business documents according to GoBD?
  • Are the requirements of the German Commercial Code (HGB) and the German Federal Data Protection Act (BDSG) met?
  • What storage method is used?
  • How are documents stored and indexed to facilitate their retrieval?
  • Is the solution compatible with the existing infrastructure?

 

A number of other factors could be added to the list and it could be adapted to suit a given company’s specific requirements. However, to avoid having to constantly ask such questions, many companies choose to simply archive all their email traffic. Among others, cloud solutions are suitable for this purpose.

 

The archive in the cloud creates compatibility

 

The cloud-based email archiving solution Aeternum from Hornetsecurity has no compatibility issues and can be put into operation immediately with little effort. Aeternum stores business emails from both the inbox and the outbox. It creates a copy of every email, which is then stored on Hornetsecurity’s servers – unchanged and unchangeable. This happens automatically and without the intervention of administrators. Electronic communication with external partners is already archived during the incoming and outgoing SMTP dispatch.

 

Databases are the central repository for all emails. In order to facilitate retrieval, information such as the sender, recipient, subject and date are stored, and the complete email is also stored in a customer-dedicated SQL database. RAID hard disk drives with RAID level 5 or 6 are used for storage. In principle, data cannot be modified once stored, thus ensuring its revision security. Once data is stored in the archives, it can be only be deleted after expiry of the period specified in advance or is then deleted automatically by the application.

 

Security is an important aspect of the proper archiving of business documents. Only authorized users are given access to the information archived in the Hornetsecurity cloud. Its data centers operate according to high German security standards. Access control, video surveillance and locking systems as well as traditional security elements such as firewalls, virus protection and encryption are standard. The multi-level security process, which is continuously adapted to the latest technological advances, excludes the possibility of manipulation, making the electronic archiving solution a “data safe in the cloud.”

 

This is a guest post by Petra Adamik, a freelance specialist journalist for various IT trade media.