AC-DMS Audit Criteria for Document Management and Enterprise Content Management-Solutions
A joint project of VOI e.V. with the collaboration of TÜV Informationstechnik GmbH, TÜV NORD Group, IT-Infrastructure Division
Foreword of the VOI* – Voice of Information
* Verband Organisations- und Informationssysteme e.V - Federation of Organisation and Information System Suppliers for Enterprise Content Management (ECM) and Document Management Systems (DMS)
Many things start with an idea and then develop into something big. The Audit Criteria for Document Management Solutions (AC-DMS) were first published in the year 2000 and have developed over the years into a standard work of the VOI (Verband Organisations- und Informationssysteme e.V.). The list of criteria, which was drawn from practice, is used today in many companies and by many consultants and serves as a basis for proof of non-alterability, i.e. audit compliance of documents and data in Document Management (DMS) and Enterprise Content Management (ECM) solutions.
Despite all the resources that IT has to offer, it is still necessary to transform paper documents into electronic form in a way which complies with the requirements of security so that they are suitable for use in later audits or legal processes. Typical examples of such requirements are those from the GDPdU/GoBS (GDPdU - Grundsätze zum Datenzugriff und zur Prüfbarkeit digitaler Unterlagen - Principles of data access and auditing of digital documents / GoBS - Grundsätze ordnungsgemäße Buchführung - Generally Accepted German Accounting Principles) within the framework of the Federal Fiscal Code (Abgabenordnung - AO), and also the handling of e-mails. Audit and legal compliance cannot be achieved by means of technology alone, but always results from an appropriate combination of organisational and technical measures.
How can the appropriate framework for this compliance be found and defi ned? The AC-DMS offer unique support for the analysis and identification of these questions and contribute to the creation of transparency, even within highly-complex solutions. The division into the individual themes is organised in such a way that the necessary auditing and inspection bodies can work together effectively, while individual responsibilities are clearly defi ned.
It has also been proven that the method, the clear structure and the universal approach of the AC-DMS provide a high level of benefit, while the work and cost involved are realistic in practice.The current 3rd edition of the AC-DMS has been thoroughly revised and expanded as compared with the previous edition, in order to include themes of current interest and importance. New, for example, are subjects such as electronic signatures, handling of business e-mails, consideration of outsourcing and the possibility of partial certifi cation for certain part-functionalities of document management solutions (e.g. scanning and/or archiving by external service providers). This means that the AC-DMS provide an
important building block in the drive to minimise operational and liability risks and to fulfi l those aspects of laws and legal regulations which result, for example, from compliance requirements.
The AC-DMS are primarily directed towards managers in companies and IT staff from all sectors as well as towards manufacturers, system integrators and management consultants working in the DMS and ECM environment. We would like to thank everyone who has helped and is helping to improve the AC-DMS and also all those who have made and make the AC-DMS what they are by accepting them as users and confirming them as an important element for proof and security of the actions of organisations in relation to the law, compliance and liability protection.
Dipl.-Inform. Ralf Kaspras
Head of the Northern Germany Regional Group and the AC-DMS working group of VOI e.V.