Electronic Document Storage:

Legal Admissibility
RICS guidance note

Published by RICS Business Services Limited,

a wholly owned subsidiary of
The Royal Institution of Chartered Surveyors
under the RICS Books imprint
Surveyor Court
Westwood Business Park
Coventry CV4 8JE
UK
No responsibility for loss occasioned to any person acting or refraining from action as a result of the material
included in this publication can be accepted by the author or publisher.
Produced by the Construction Faculty of the Royal Institution of Chartered Surveyors.
First edition published 2001
ISBN 1 84219 125 X
RICS 2003. Copyright in all or part of this publication rests with the
RICS, and save by prior consent of the RICS, no part or parts shall be reproduced
by any means electronic, mechanical, photocopying or otherwise, now
known or to be devised.
Typeset in Great Britain by Wyvern 21, Bristol.
Printed in Great Britain by Alphagraphics, Stockton-on-Tees.

Contents
RICS guidance notes

EFFECTIVE FROM APRIL

Introduction

part 1

Code of Practice - DISC PD 0008:1999

part 2

Weight of evidence and document

destruction

part 3

Authenticity

part 4

Photocopies, microfilm and image

processing

10

part 5

Document storage

11

part 6

Storage and access procedures

12

part 7

Format of the Code of Practice

General
Information management policy
Duty of care
Business procedures and processes
Enabling technologies

14

Conclusion

29

Appendix A
Specimen Form for Recording
Scanning Information

30

Appendix B
Specimen Form for Recording
Retrieval

31

Appendix C
References

32

2003

3 | ELECTRONIC DOCUMENT STORAGE

RICS guidance notes

This is a guidance note. It provides advice to members of RICS on aspects of
the profession. Where procedures are recommended for specific professional
tasks, these are intended to embody best practice, that is, procedures which in
the opinion of RICS meet a high standard of professional competence.
Members are not required to follow the advice and recommendations
contained in the guidance note. They should, however, note the following
points.
When an allegation of professional negligence is made against a surveyor, the
court is likely to take account of the contents of any relevant guidance notes
published by RICS in deciding whether or not the surveyor has acted with
reasonable competence.
In the opinion of RICS, a member conforming to the practices recommended
in this guidance note should have at least a partial defence to an allegation of
negligence by virtue of having followed those practices. However, members
have the responsibility of deciding when it is appropriate to follow the
guidance. If it is followed in an inappropriate case, the member will not be
exonerated merely because the recommendations were found in an RICS
guidance note.
On the other hand, it does not follow that a member will be adjudged negligent
if he or she has not followed the practices recommended in this guidance note.
It is for each individual chartered surveyor to decide on the appropriate
procedure to follow in any professional task. However, where members depart
from the good practice recommended in this guidance note, they should do so
only for good reason. In the event of litigation, the court may require them to
explain why they decided not to adopt the recommended practice.
In addition, guidance notes are relevant to professional competence in that
each surveyor should be up to date and should have informed him or herself
of guidance notes within a reasonable time of their promulgation.

4 | ELECTRONIC DOCUMENT STORAGE

EFFECTIVE FROM APRIL

2003

Introduction
The production and storage of documents and other information on
computer systems has become increasingly common and it is, therefore,
inevitable that these stored documents will be used in their electronic
form as a basis for business transactions, and will be produced,
transmitted and stored in significant numbers.
There is a need to store and retain records for professional and legal
purposes. However, paper storage is a significant problem for many
practices. The quantity of paper produced is increasing year on year and
would do so even without expansion of the business. Two factors have led
to the increase in the amount of documentation being produced by
businesses. Firstly, there is far more regulation being introduced into
everyday life, and this is linked directly to a more litigious population.
The need is now to be able to prove what actions occurred and when.
Secondly, the growth in management systems generally, as previously
promulgated in BS EN ISO 9001:1994 and now in BS EN ISO 9001:2000,
has led to an increase in documentation. In fact, the processes involved in
compliance with ISO 9001 are designed to provide the documentary
evidence which will satisfy the regulations which are relevant to the
particular business and, it is hoped, provide acceptable evidence in the
event of litigation.
The requirement for storage also has implications not least of which is
the cost of dedicated storage areas. Storage conditions must be right to
ensure that storage is effective. Using a local lock-up garage will probably
not be adequate to prevent deterioration of paper copies over a period of
time.
Increasingly, businesses are turning to electronic storage. This is a
medium that requires far less floor space and ensures longer term storage,
without deterioration, under the right conditions. However, there are a
number of problems related to electronic storage which have to be
addressed. In particular, legal admissibility has to be considered: there has
to be certainty that electronically stored documents will have the same
weight and validity as the original versions.
There is no current standard which guarantees legal admissibility
(although some countries have made a move towards this), but there is a
shift of emphasis away from admissibility towards evidential value or
weight which is in line with the Civil Evidence Act 1995. Annex G of the
Code of Practice (see Part 1) gives information on relevant national
legislation. The purpose of this text is to provide information on the best
practice principles which have thus far been identified.

EFFECTIVE FROM APRIL

2003

5 | ELECTRONIC DOCUMENT STORAGE

Part 1
Code of Practice - DISC PD 0008:1999
A Code of Practice for Legal Admissibility and Evidential Weight
of Information Stored Electronically
There has been considerable discussion about the value of documents stored
on document management systems (DMS) when documents are required to be
kept as evidence for a considerable time. It has been accepted by most
commentators that a common discipline needs to be agreed so that the value
of these documents as evidence can be maximized.
It has not been possible to develop a set of requirements and may not be for
some time. The difficulty is the range of issues which have to be considered,
the rate of change of technology and the need to consult our European
partners on all legal aspects. The Civil Evidence Act 1995 would have to be
updated annually just to keep pace and this clearly cannot happen. Instead, a
Code of Practice (DISC PD 0008) has been developed, which is evolving as the
technology and electronic commercial practices mature. It defines best practice
in document management and provides guidance that will help maximize the
value and integrity of information in a court of law. First prepared and
published in 1996, the Code came about as a result of the merging of the
research carried out by two organizations, namely the Legal Images Initiative
(formed by the Image and Document Management Association) and the
Document Management Forum (a group of the Computing Suppliers
Federation). In the absence of a formal set of requirements approved by the
courts through case law or by Parliament through the Civil Evidence Act,
leading institutions took the view that a Code was required which recognized
new technologies and would give a framework which reflected the existing legal
precedents but applied to the new technologies. A document entitled Principles
of Good Practice for Information Management, written by two of the authors
of the Code of Practice, contains a detailed explanation of the background to
each of the sections of the Code.
The Code of Practice should be used as a basic reference document. It covers
data files stored on Write-Once-Read-Many times (WORM) optical storage
systems and as such covers WORM, multi-function media systems used in a
write-once mode, and compact-disc-recordable (CD-R) systems. It has also
been extended from the original version to cover any type of electronic storage
medium, including those that are rewritable. The use of rewritable media
requires additional controls, as it is necessary to be able to demonstrate not
only that the correct data was stored in the first place, but also that the data
now present has not been modified in any way.

6 | ELECTRONIC DOCUMENT STORAGE

EFFECTIVE FROM APRIL

2003

It should be emphasized that the Code does not guarantee legal admissibility.
It seeks to define the current interpretation of best practice.
In this guidance note, where it is stated that and action should be carried out
in relation to the Code, the word should indicates that such action is necessary
in order to claim compliance with the code.
The Code pays particular attention to setting up authorization procedures and
to the subsequent ability to be able to demonstrate, in a court of law, that these
procedures have been followed. Whilst the Code defines essential procedures to
be implemented, it does not follow that documents held on a system that does
not conform are not legally acceptable. It is likely, however, that it will be more
difficult to prove their integrity in a court of law.
The Code contains examples of compliance statements in Annex I and
recommends that the Compliance Workbook PD 0009 be used to demonstrate
compliance with the Code.

EFFECTIVE FROM APRIL

2003

7 | ELECTRONIC DOCUMENT STORAGE

Part 2
Weight of
destruction

evidence

and

document

Each business will have its own requirements and it is important to determine,
in advance, how a document would be presented to a court of law, and if weight
of evidence or courtroom tactics could be unduly influenced by the
destruction of the original document, the document storage system or the
access control systems. It will rarely be possible to give a definitive
recommendation regarding the destruction of original documents because,
until there is a request to produce a document, the reason behind the request
may not be known. It is the reason for the request that will indicate whether,
if possible, the original document should be produced. Each business should
consult its solicitor, who will be able to provide a view as to which types of
document are most likely to be disputed regarding their authenticity rather
than their content.
There are different considerations for civil and criminal law. In a criminal case,
the prosecution faces a much higher burden of proof beyond reasonable
doubt than in civil proceedings on the balance of probability.

8 | ELECTRONIC DOCUMENT STORAGE

EFFECTIVE FROM APRIL

2003

Part 3
Authenticity
It is important to be able to demonstrate that a computer has been functioning
properly (i.e. according to agreed procedures) in order to authenticate
documents stored on the system. Documents may be rejected if this cannot be
shown. There are three methods for doing this:
1)

A maintenance record should be kept recording regular servicing of the

equipment and any repair work either by the supplier/maintenance
contract or by the in-house IT support where qualified/trained to do this.

2)

By having a control set of documents which have been used, scanned and
reproduced from the scanned version to set a benchmark for the quality
of copy.

3)

By keeping proper records of scanning and scanning difficulties, especially

of any modifications to settings required. This is explained in more detail
in Part 7.

In most cases, arguments are over what a document says rather than the
authenticity of the document. However, the adversarial legal process means
that the other party may try to discredit evidence on the basis of authenticity,
to avoid dealing with the content. Arguments over authenticity of evidence can
lead to investigation into the system that produced the paper and the method
of storage; operation and access control; and even to the computer programs
and source code.
It could be necessary to satisfy the court that the information is stored in a
proper manner. This issue could be used by an opponent to try to discredit the
evidence and to make inadmissible that and any similarly stored documents
that are produced. By questioning hardware reliability, for example, an
opponent could establish, to the satisfaction of the court, that the document
storage system is flawed and cannot be trusted. This would allow the whole
system to be brought into question and any documents stored within it to be
ruled inadmissible.

EFFECTIVE FROM APRIL

2003

9 | ELECTRONIC DOCUMENT STORAGE

Part 4
Photocopies, microfilm and image processing
In very general terms, image processed documents will be treated as secondary
evidence in the same manner as a photocopy or a microfilm image. However,
photocopies and microfilm images are admissible as evidence. Indeed, some
photocopies use a raster scan copying mechanism which is essentially the same
as an image processing scanner. It follows that image processed documents are
likely to be admissible with the same weight of evidence as photocopies and
microfilm images, although no cases have yet been reported where this has
been tested.

10 | ELECTRONIC DOCUMENT STORAGE

EFFECTIVE FROM APRIL

2003

Part 5
Document storage
It is very important to note that, no matter how an organization stores business
documents, it is the responsibility of the executives of the organization to be
able to produce the documents when required. The company secretary or
partners and the manager of the document storage systems are responsible for
this document retrieval process, not the vendor of the storage system.
Therefore, the advice of the company secretary (or solicitor) should always be
sought before implementing any document storage system, particularly when
the original documents are subsequently destroyed.
The Code recommends that all interested third parties should be consulted,
and it would be prudent to include professional indemnity insurers. It could
be disastrous for a business to find that it was uninsured because it had
introduced a scan and destroy procedure.
The procedures by which documents are stored and accessed are vital in
satisfying a court of law about the authenticity of a copy of a document and
the inability to tamper with it. All copies of documents (photocopy, microfilm
or image processing) will be treated as secondary evidence by a court of law,
with a subsequent reduction of weight of evidence if the authenticity of the
copy can be questioned. For example, where the content of a document is
under question, the original or a copy should be treated with equal weight, but
if a signature is being disputed, then the original is likely to carry more weight
than the copy.
There may be some confusion about originals and copies. Many items to be
scanned are actually themselves photocopies. The original document may
reside in a file elsewhere. It may be necessary, if this is not readily apparent, for
the image processing system to indicate whether an image taken was from the
original or from a copy of it.

EFFECTIVE FROM APRIL

2003

11 | ELECTRONIC DOCUMENT STORAGE

Part 6
Storage and access procedures
Due to the duration of storage of many documents, the person who certified
a system, or a document stored on it, may not be able to give evidence in
person. It is essential that a proper system for auditing and certifying is
implemented to demonstrate that the integrity of the system has been
maintained from the time the document was stored.
Regular audits of the system should be performed, and certificates obtained
from the company auditors. This is in line with current procedures for
microfilmed documents. Although formal affidavits will not usually be
necessary, advice should be sought from a company solicitor, particularly if the
original documents are to be destroyed.
It may help demonstrate the proper functioning of a system if a copy of the
audit record is stored in the image system at the time of audit.
As well as the specific details included in the Code, users should comply with
the relevant sections of BS 7799-1:2000 - Information Technology - Code of
Practice for Information Security Management.
Of major importance to this Code is the Civil Evidence Act 1995. The Act
introduces a flexible system whereby all documents and copy documents,
including computer records, can be admitted as evidence in civil proceedings.
However, the court judge or arbitrator still has to be persuaded to treat the
evidence as reliable and so organizations have to put in place procedures to
prove the authenticity and reliability of the record.
Sections 8 and 9 of the Act address the nub of this issue:
8)

(1) Where a statement contained in a document is admissible as evidence

in civil proceedings, it may be proved:
(a) by the production of that document; or
(b) whether or not that document is still in existence, by the
production of a copy of that document or of the material part of
it, authenticated in such manner as the court may approve.
(2) It is immaterial for this purpose how many removes there are
between a copy and the original.

9)

(1) A document which is shown to form part of the records of a business

or public authority may be received in evidence in civil proceedings
without further proof.

12 | ELECTRONIC DOCUMENT STORAGE

EFFECTIVE FROM APRIL

2003

(2) A document shall be taken to form part of the records of a business

or public authority if there is produced to a court a certificate to that
effect signed by an officer of the business to which the records belong.
Similar work is being undertaken by the Home Office on a Police and Criminal
Law amendment.

EFFECTIVE FROM APRIL

2003

13 | ELECTRONIC DOCUMENT STORAGE

Part 7
Format of the Code of Practice
The Code of Practice contains an introduction and six sections, each of which
includes details of processes and procedures that need to be put into place to
ensure conformity with the Code. In addition, there are ten annexes, including
one which identifies the changes made since the previous edition.
Sections two to six are structured in accordance with a set of five principles
established in BSI DISC PD 0010 - Principles of Good Practice for Information
Management, which are as follows:
1)
2)
3)
4)
5)

recognize and understand all types of information;

understand the legal issues and execute duty of care responsibilities;
identify and specify business processes and procedures;
identify enabling technologies to support business processes and
procedures;
monitor and audit business processes and procedures.

General
Scope
The Code describes the use of electronic management systems to store
information, where the issues of legal admissibility, authenticity and evidential
weight of information contained in these stored documents is important. It is
used with a document management system (DMS) incorporating write-once
optical media as the storage device, covering Write-Once-Read-Many times
(WORM) multi-functional media systems used in a write-once mode, and
compact-disc-recordable (CD-R) systems. It now incorporates re-writeable
media (for example, magnetic storage).
The Code covers any type of data file controlled by the DMS. Data files may
be created by the DMS, or may be imported into it. The Code covers all such
data files, either created or imported, directly or through a network system,
from the time at which the system assumes complete control of the data file.
Such networks may be local or wide area.
While the Code covers aspects of document management that impinge upon
the issue of legal admissibility of digitized images, it also covers aspects that
may affect the use of images in a legal context, even where admissibility per se
is not at issue. Such aspects include the legibility and completeness of the
document images, and the transfer of the images to other systems.
The Code covers the capture of digitized images both from the original
documents and from microform versions of the original documents. In the

14 | ELECTRONIC DOCUMENT STORAGE

EFFECTIVE FROM APRIL

2003

latter case, users should be aware of the implications of the processes used in
the microfilming of the original documents.
The Code is intended for:

systems integrators and developers whose equipment provides facilities to

meet the requirements of end users; and

end users who wish to ensure that the information created by, entered into
and/or stored within the information management system can be used
with confidence as evidence in a court of law.

Where users wish to claim adherence to the Code, the paragraphs identified by
text in bold type in the Code are considered essential in so far as they apply to
the specific application concerned. Other paragraphs contain
recommendations in italics that should be followed where practical.
DISC PD 0008 was first published by the BSI in 1996, covering the legal
admissibility of information stored on electronic management systems. It was
revised and reissued in 1999, and re-titled A Code of Practice for Legal
Admissibility and Evidential Weight of Information Stored Electronically.
Prior to this, BS 7799:1995 was published in 1995 setting out best practice for
information security management. The Code is heavily reliant on this
document, which has now been revised as Information Technology - Code of
Practice for Information Security Management.
BS ISO/IEC 17799:2000 (BS 7779-1:2000) specifies eight controls which are
either essential requirements, for example, legislative requirements, or are
considered to be fundamental building blocks for information security. These
are designated key controls and apply to all organizations and environments.
They are intended as a basis for use by organizations setting out to implement
information security controls.
The recommendations for essential controls include the following:
a)

data protection and privacy of personal information;

b)

safeguarding of organizational records;

c)

intellectual property rights.

The recommendations for common best practice include the following:

a)

development of an information security policy document;

b)

allocation of information security responsibilities;

EFFECTIVE FROM APRIL

2003

15 | ELECTRONIC DOCUMENT STORAGE

c)

information, security, education and training;

d) reporting of security incidents;

e)

business continuity management.

BS 7799-1 is to be read in conjuction with BS 7799-2:2002 - Information

Security Management Systems - Specification with Guidance for Use.

Information management policy

The Code advises that a policy document should be produced, dealing with the
policy on:

what information is covered;

security classification, where appropriate;

storage media;

data file format and version control;

relevant information management standards;

retention periods and destruction;

responsibilities; and

legal advice sought and acted upon, including any special regulations. In
addition, such bodies as professional indemnity insurers may wish to be
consulted.

This policy should be approved by senior management and reviewed at regular

intervals. It is also recommended that the policy document details the
responsibilities for compliance with the Code by identifying a person or job
function and specifying retention periods for compliance documentation.
The requirement for an information retention and destruction schedule is
amplified as being critical to the successful implementation of the revised
Code.
In order to define an organizations information management policy, the Code
recommends that information should be grouped into types, with the policy
for all information within a type being consistent.

16 | ELECTRONIC DOCUMENT STORAGE

EFFECTIVE FROM APRIL

2003

The policy should list all types which are to be stored in compliance with the
Code, such as:
1)

information generated by a computer system - also known as encoded

data files;

2)

scanned images/digitized voice and/or video; and

3)

information generated at a remote user or third party site, in either of the

above two types.

Duty of care
It is essential that an organization is aware of the value of information that it
stores and executes its responsibility with regard to that information under the
duty of care principle. Appropriate levels of security for managing information
should be agreed and documented; systems should be adequately managed;
and the relevant sections of the Code should be implemented. Consultation
with interested third parties at the planning stage, before the system is installed,
is also critical.
The revised Code contains more details of information security requirements
which would be satisfied by compliance with BS 7799. Where the full weight of
BS 7799 is not applicable, the controls listed in the Code should be
implemented.
In any event, there should be business continuity planning to ensure that all
data can be recovered successfully following major failures of equipment,
environment or personnel.

Business procedures and processes

The organization should develop its own manual for the DMS. This can be
incorporated in the quality management system, where the organization
already has one. Such a procedures manual, in addition to any vendor-supplied
manuals for the system, should include the following topics:

document capture;

data capture;

indexing;

authenticated output procedures;

authentication of copies of data files;

EFFECTIVE FROM APRIL

2003

17 | ELECTRONIC DOCUMENT STORAGE

file transmission;

information destruction;

backup and system recovery;

system maintenance;

security and protection;

use of contracted services;

use of trusted third parties;

workflow;

self-modifying files;

date and time stamps;

video, audio and voice data (if applicable);

version control; and

maintenance of documentation.

Procedures need to be implemented to ensure that staff who operate the system
comply with the requirements. Any changes to procedures have to be
documented and checked and it is necessary to keep copies of previous
versions of the procedure.
All procedures should be reviewed at least annually and the results of reviews
must be documented.
Document capture
There should be procedures dealing with situations where data files are either
created by the system or where they are imported into the system.
If the information management system is used for storing images, then these
procedures should be documented and users should comply with the
recommendations set out in Annex C of the Code.
Preparation of paper documents
The Code requires documents to be examined before scanning to ensure that
they are suitable. The business should, therefore, have procedures for the
examination process documented in its procedures manual.

18 | ELECTRONIC DOCUMENT STORAGE

EFFECTIVE FROM APRIL

2003

Factors which may affect the scanning process should be considered and there
must be a procedure to deal with scanning difficulties. There should also be a
method for identifying such things as post-it notes attached to the original
document or physical amendments which might not be visible after scanning.
Detailed procedures need to be established for general document preparation
and collation.
Document batching
Wherever possible, documents should be grouped in batches. Where workflow
is used, alternative methods of controlling the scanning process may need to be
established.
Photocopying
It may be necessary to photocopy a document prior to scanning and the
procedures used should ensure that there is no loss of quality or of the total
image. It is also advisable to provide some method of distinguishing between
scanned originals and scanned photocopies.
Scanning processes
The Code requires that the procedure manual should include details of the
operational procedures used in the scanning process and that records be kept
of all audit trails. In particular, it requires each document to have a unique
identity that cannot be changed or removed except on deletion and then only
under tightly controlled circumstances.
Information held in the records is expected to include as a minimum:

a unique identifier for each batch;

the date and time of scanning;

the name of the person who performed the scanning;

the type of material scanned;

the number of documents; and

details of post-scanning processes, if any.

In practice, the scanning software will take care of many of the requirements
and a paper record will fill the gaps. (Appendix A shows a specimen form for
recording scanning information.)

EFFECTIVE FROM APRIL

2003

19 | ELECTRONIC DOCUMENT STORAGE

The procedures should also describe how it is ensured that all documents in a
batch are scanned.
Quality control
To be able to assess the validity of any scanned copy, it is necessary to prepare
a benchmark for evaluation. The operator, using normal settings, should make
scanned copies of a range of types and conditions of document. Prints are then
obtained through the normal printing process. All hardware and settings are
recorded and the quality of each reprint is checked against the originals to
ensure it is acceptable by the standards required by the business. (It may be
acceptable, for example, for the copy to be fractionally smaller than the
original, where no scale is needed or where a drawn scale is available.)
This set of prints and originals are retained and periodically rescanned and
checked.
The Code gives a number of criteria which may be appropriate to the user,
including print size and grey scale, which can be used to establish the quality
of the scanned image.
The results of all quality control checks (including audits) should be recorded,
as should any problems or difficulties which are experienced. In addition, the
equipment should be properly maintained at all times.
Rescanning
If, following an audit, a document has to be rescanned, the procedures should
ensure that the original image is replaced and that the batch numbering and
audit trail are not compromised.
Image processing
If image processing is used to improve the quality of an image, this could
conceivably lead to image manipulation. The procedures manual should
define how this is managed.
Annex D of the Code describes some of the different documents and associated
image processing facilities that may be used.
Data capture
This is mainly used where the original data is provided by such methods as
Optical Mark Reading (OMR) or manual entry from an existing document.
Procedures need to be established which specify the quality and accuracy level
required and show that records of accuracy checking are retained.

20 | ELECTRONIC DOCUMENT STORAGE

EFFECTIVE FROM APRIL

2003

There should also be a procedure to deal with data migration from one system
to another.
Indexing
The procedures manual should describe the indexing technique to be used and
should include a method for checking the accuracy of the records. This is often
built in to scanning software and electronic document management systems.
Any changes to the index should be fully explained and audit trails dealing with
the amendment should be available. The Code also advises that in all cases the
index files should be retained for at least as long as the information to which
they relate.
There should be procedures for rebuilding indexes and for amending/
correcting information held in the indexes and ensuring its accuracy at all
times.
Authenticated output procedures
For the prints to be legally admissible, there should be a formal process for
recovery whereby the operator certifies that all equipment is operating
normally and for identifying the storage index data and document information
which confirms that the reproduction is a true and complete record.
Appendix B shows a specimen retrieval record for a scanned document/file,
which allows the operator to effectively certify that the document/file has been
correctly retrieved.
The Code also places great stress on the authentication process and on controls
where the output is not an exact reproduction, for example, monochrome
rather than coloured. If some aspect of the layout such as font or pagination is
not maintained, then retrieval characteristics should be agreed and
documented.
Authentication of copies of data files
It may be necessary to be able to identify whether a data file is original or a
copy. In these instances, the Code suggests that an electronic/digital signature
can be stored with a trusted third party and then be used to demonstrate
whether a file is a true copy of the original.
File transmission
If the documents are to be transmitted within a system, via a network or an
external, wide-area communications system to the storage device, then
procedures should be defined to ensure that changes cannot occur during the
transmission either accidentally or deliberately.

EFFECTIVE FROM APRIL

2003

21 | ELECTRONIC DOCUMENT STORAGE

When a data file is transmitted to another party, the original should be stored
on the system. Equally, a data file received from an external source should be
saved on the system and the time and date of any data file should be stored as
part of the audit trail.
The Code goes on to explain the benefits of this in questions of authenticity
where, for example, the original file purports to have been saved at a later date
than the copy.
Information retention and destruction
The procedure for retention and/or destruction of originals must be properly
documented. For the sake of the business, it should not be possible to destroy
an original before it is confirmed that it has been safely stored.
In some cases, the original document will need to be retained, for example,
where the original is of poor quality or holds annotations which cannot be
scanned, or where fraud is suspected. In each case, the procedures should deal
with this.
Backup and system recovery
Backup facilities on the system should allow for automatic backup and
verification of all data files and associated information, including audit trails at
regular intervals. Procedures used in these systems should be documented in
the procedures manual, including the requirement for secure off-site storage of
the backups. There should also be a record kept in the system audit trail of all
backup activity, which should include details of any problems incurred during
the procedure.
It is also important to ensure that the files can be read even when the original
hardware is no longer available.
Where backup data is used to recover from a system failure, there should be
documented procedures to ensure that data file integrity has not been
compromised. It is, therefore, important that the backup media be tested
regularly.
System maintenance
Obviously, the hardware and the software should be operating normally. It is
necessary, therefore, to have complete maintenance records, including records
of any down-time and reasons for faults and to undertake routine preventative
maintenance.
Under certain circumstances, it will be necessary to rescan documents
following the identification of a fault (see Information retention and
destruction).

22 | ELECTRONIC DOCUMENT STORAGE

EFFECTIVE FROM APRIL

2003

Where document scanning is used, the procedures for checking of quality

should be followed after maintenance procedures have been completed.
Security and protection
The system should operate within the guidelines provided in BS 7799-1:2000,
although this is not now referred to directly in the Code. The procedures
implemented should be described in the procedures manual and should
include the following:

appropriate security controls, e.g. limited access, encryption keys and

digital signatures;

mixed media may not be in write-once mode. This should be assessed;

removable media must be handled and stored as recommended;

data file transfers must be strictly controlled;

all media must be kept secure, with at least one backup off site;

user facilities may be in open areas, but the central system should be in a
secure area;

virus protection should be installed;

hardware must be protected against power failure; and

all information on status of documents, maintenance and quality control

and audit trails should be kept in a secure manner and be available for
inspection and audit.

Use of contracted services

Having gone to the trouble of defining an internal procedure which complies
with the Code, it would be unacceptable if the business used outside services
which afforded any less protection. The procedures manual should contain all
information relevant to the service provider; copies of their procedures and
audit records may be necessary.
Details of the procedures used and the transfer of documents and/or media
from the client to the service provider and from the service provider to the
client should be documented in the procedures manual.
The Code recommends that the contract between the supplier and the client
should set out details of the extent to which compliance is claimed.

EFFECTIVE FROM APRIL

2003

23 | ELECTRONIC DOCUMENT STORAGE

In addition, where the supplier also performs an indexing service, the client
should check that the required accuracy is being achieved.
If the documents have to be transported physically, there should be a procedure
for despatch and receipt, including checking.
The Code also describes the procedure where a copy is stored with a trusted
third party as a secure means of detecting tampering with data files.
Workflow
This process allows a number of individuals to review a document at various
stages. This record of review needs to be stored in conjunction with the
original document as a complete record.
Some workflow applications link documents by virtue of changes to the index
information. The creation and destruction of these links should be recorded in
the audit trail of each document affected.
The Code requires operational details such as flow diagrams to be
documented, as well as the process definition classification and the process
definition life cycle.
Self-modifying files
In some cases, document files contain automatic functions such as date entries
which change to the current date when the file is opened. This means that the
file cannot be frozen in the sense required by the Code. Either the automatic
functions need to be disabled before storing or there need to be procedures
which define how these files are to be stored and retrieved to ensure that
authenticated copies of the original can be produced.
Date and time stamps
Of key importance is an accurate record of the date and time and, to this end,
it is essential that the system is maintained with the correct information.
Regular checking of system clocks and changes to reflect seasonal changes, i.e.
summer time, must be incorporated into the procedures. Only authorized
personnel should be able to change the system clocks.
Voice, audio and video data
The procedures should define how voice, audio and video data are to be dealt
with. Where the recording is not under the control of the information
management system, the recording system should be up to the same standard
as that required by the Code for the information management system. There
also needs to be a procedure dealing with authentication of the source data.

24 | ELECTRONIC DOCUMENT STORAGE

EFFECTIVE FROM APRIL

2003

Version control
If changes are allowed to stored data files, then this should be in accordance
with a documented procedure which includes any requirement to keep
previous versions.
The information management system should include version control and
superseded versions should be kept for at least as long as the final version.
The Code makes the point that all changes to procedures and processes should
be implemented in accordance with an approved change control procedure.
Maintenance of documentation
Procedures and records should be maintained and stored in the same way as
information generally.

Enabling technologies
General
For a new system, the user should ensure that the system has been designed in
accordance with the requirements of the Code. For systems already in
operation, documents stored on the system prior to the introduction of the
Code cannot be considered as conforming to it unless controls which meet the
requirements of the Code were in place from the time of storing the
documents.
This section of the Code describes technologies and how they should be
utilized and controlled. The following elements need to be addressed to achieve
compliance with the Code.
Systems description manual
A list of hardware and software should be compiled, with information on how
they interact, including system configuration and details of changes to the
system.
Storage media and sub-system considerations
Access to information should be controlled with read only access or read
write access where appropriate and it should be possible to identify any
changes to the document or data by those with write access. It is also
important to prevent modifications being made without detection.

EFFECTIVE FROM APRIL

2003

25 | ELECTRONIC DOCUMENT STORAGE

Access levels
The manual should define the levels of access available, as follows:

system manager;

system administrator;

system maintenance;

authors or originators;

information storage and indexing; and

information.

Only authorized members of staff may have access and such authority may
only be given after suitable training.
System integrity checks
The system should ensure that the integrity of data files is maintained
throughout the system, including during the transfer of this data to and from
the storage media.
An additional element in the Code deals with digital and electronic signatures
and the ability to verify the true identity of a person prior to their being
enrolled as document signatory.
Compound documents
Where an image such as a CAD (computer-aided design) drawing or a linked
spreadsheet is stored, the parts may be separated electronically. The system
should ensure that they are stored in the same location and can be retrieved as
a complete facsimile of the image.
Image processing
There are a number of ways in which an image may be processed to improve
its appearance. These include the following:

deskew;

despeckle;

black border removal;

26 | ELECTRONIC DOCUMENT STORAGE

EFFECTIVE FROM APRIL

2003

background clean up;

noise removal; and

forms removal.

These should only be used with extreme care and should be fully documented.
It is safer not to allow image processing, as any interference could invalidate not
only that document but any other which may possibly have been adjusted.
Compression techniques
Two type of compression technique are recognized:
1)
2)

lossy; and
lossless.

Lossy should not be used on primarily text files, as the compressed image will
lose certain details which may be replaced by artificially generated data when it
is reproduced.
In general, it is safest not to use lossy compression at all, but the Code sets out
the requirements should this method be used.
Form overlays and form removal
Where the system software removes a fixed overlay from the digitized image,
leaving only the variable data, a record should be automatically generated to
record the removal and a copy of the template should be stored on the same
medium.
Environmental considerations
The hardware manufacturer may well have its own recommendations for the
operational environment. These must be acknowledged and addressed in the
system manual. Handling and storage procedures should also be described, as
well as the procedure for checking the storage media regularly.
Data file migration
With changes in technology, it is almost inevitable that the hardware and/or
software will cease to be supported. The business should have procedures in
place to handle the transfer of files at the appropriate time.

EFFECTIVE FROM APRIL

2003

27 | ELECTRONIC DOCUMENT STORAGE

Information deletion and/or expungement

It is essential that the system be able to delete or expunge documents as
described in the Data Protection Act 1998. This deletion can be accomplished
by the removal of index entries to the relevant documents. It is also essential to
be able to amend or remove incorrect or irrelevant data typically held in
contravention of the Data Protection Act. Such correction may be
accomplished by deleting the original document and substituting the corrected
document or by using masks.
In any event, the procedure for doing this should be documented.
Audit trails
To be able to use the stored information as evidence, it may be necessary to
provide supporting information on the history of the document or data,
including date of creation and/or storage, movements from one medium to
another and evidence of the controlled operation of the system.
This information will be the subject of the audit trails and the records kept
should be sufficient to provide a full historical record of all significant events
associated with the stored information, and the information management
system.
It is important that the audit trail be agreed with all stakeholders who might
need to refer to the information, including the user, audit and legal functions.
The Code recommends that, as far as possible, audit trail data should be
generated automatically and that where this does not occur, there should be
adequate procedures in place and that, in either case, the date and time should
be recorded contemporaneously.
Audit trail data should also be stored as a separate entity on the system. It
should be kept for at least as long as the information to which it refers
and should be accessible. In particular, it may be necessary to make it easily
accessible to third parties who have little or no experience in the use of the
system.
The audit trail information should be treated as having the same level of
security as the information to which it pertains, with secure backup copies
being kept. If paper copies are kept then the procedures should define how
frequently they should be removed and stored.
The procedures for data migration should be defined and the audit trail should
include this information.
Part of the audit trail should include the records of information capture; batch
information; indexing; change control; destruction information and workflow.

28 | ELECTRONIC DOCUMENT STORAGE

EFFECTIVE FROM APRIL

2003

Conclusion
The Code of Practice provides a sound basis for the use of electronic document
and information management systems which, if followed, should mean that
the information can be used as evidence in the civil courts.
Even without this requirement, it defines the best-practice approach for
electronic storage generally.
With the enactment of the Human Rights Act 1998 and the Data Protection Act
1998, it is expected that pressure will continue to increase for a formal
documented statement on legal admissibility. In time, this is likely to feature in
the Civil Evidence Act, either by reference to the Code or to some Europeanwide standard.
The danger, however, is that technology will continue to outpace any attempt
at legislation.

EFFECTIVE FROM APRIL

2003

29 | ELECTRONIC DOCUMENT STORAGE

Appendix A: Specimen Form for Recording Scanning Information

The following files are authorized for scanning
Project number

Project

Confirmation of scanning
The above files have been scanned by .. DIP Operator/Archivist
Date
Indexing information
Project number

File

Folder reference

Commentary

Confirmation of acceptance
The above scanned files have been checked, the images are true and complete representations
of the documents scanned.
The batch contains (No) images and consists of (No)documents.
Signed .. DIP Operator/Archivist
Disk reference ..............
Optical disk back-up confirmed by IT
..................................
Confirmation of destruction
The above original documents may now be destroyed

Date
.............................................................

Signed ............................................................................ Managing Partner

30 | ELECTRONIC DOCUMENT STORAGE

EFFECTIVE FROM APRIL

2003

Appendix B: Specimen Form for Recording Retrieval

Request for certified copies
The following files/documents are required as certified copies
Project number

Project

Documents or
drawings

Request authorized by Group Leader

...........................................
Authorization to make certified copies
The DIP Operator/Archivist/CAD Manager is authorized to make certified copies of the above
Signed .......................................... Managing Partner
Files/Documents/Drawings retrieved
The above files/documents/drawings have been retrieved from disk/tape reference:

Retrieved by ............................................................Name
Date
Indexing information
Project Number

File

Folder reference

Commentary

Certificate of authenticity
I .. being the DIP Operator/Archivist/CAD Manager employed by
, certify that the attached files/documents are a true reproduction of the originals
which were archived in accordance with the procedures set out in our user manual.
Signed ..
Date .............

EFFECTIVE FROM APRIL

2003

31 | ELECTRONIC DOCUMENT STORAGE

Appendix C: References
Further and more detailed information can be obtained from the British Standards
Institution (BSI). Publications include:
BSI-DISC PD 0005 Information Service Management
BSI-DISC PD 0008:1996 A Code of Practice for Legal Admissibility of Information Stored
on Electronic Document Management Systems (Edition 1)
BSI-DISC PD 0008:1999 A Code of Practice for Legal Admissibility and Evidential Weight
of Information stored Electronically
BSI-DISC PD 0009 Compliance Workbook
BSI-DISC PD 0010 Principles of Good Practice for Information Management
BSI-DISC PD 3000 Information Security Management: An Introduction
BSI-DISC PD 3001 Preparing for BS 7799 Certification
BSI-DISC PD 3002 Guide to BS 7799 Risk Assessment and Risk Management
BSI-DISC PD 3003 Are you ready for a BS 7799 Audit?
BSI-DISC PD 3004 Guide to BS 7799 Auditing
BS 4783 Parts 1 to 8 Storage, Transportation and Maintenance of Media used in Data
Processing and Information Storage
BS 7083:1996 Guide to the Accommodation and Operating Environment for Information
Technology Equipment
BS 7799-1:2000 Information Technology - Code of Practice for Information Security
Management
BS EN ISO 9000 Quality Management and Quality Assurance Standards
BSI publications are available from Customer Services, Sales Department, 389 Chiswick
High Road, London W4 4AL Tel: 020 8996 7000 Fax: 020 8996 7001 Web:
www.bsi-global.com
The following publications are available from The Stationery Office, 123 Kingsway, London
WC1 Tel: 0870 600 5522 Fax: 0870 600 5533 Web: www.tso.co.uk

Civil Evidence Act 1995;

Civil Evidence (Scotland) Act 1968;
Police and Criminal Evidence Act 1984;
Criminal Justice Act 1988;
Evidence Act (Northern Ireland) 1939;
Civil Evidence Act (Northern Ireland) 1971;
Statute Law Revision Act (Northern Ireland) 1973;
Police and Criminal Evidence (Northern Ireland) Order 1989;
Criminal Justice (Evidence) (Northern Ireland) Order 1988.

Data protection registrar, Data Protection Guidance for Users of Document Image Processing
Systems, 1995.
Available from the Information Commissioner, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF Tel: 01625 545700 Fax: 01625 524510

32 | ELECTRONIC DOCUMENT STORAGE

EFFECTIVE FROM APRIL

2003