|
|
|
|
|||||||||
|
VERS STORY | STANDARD | ASSESSMENT | PROJECTS | DIGITAL ARCHIVE | TRAINING | TOOLKIT | PUBLICATIONS | |
|
|||||||||
|
|||||
|
3.1 Record authenticity (Specification 1, section 2.1) The recordkeeping system must be capable of demonstrating that a record is authentic; that is, the system must prove that the content is what it appears to be, who created it, and when it was created. The recordkeeping system must record the identity of the user creating the record and the time it was created. This information must not be forgeable or capable of being altered by either users or system administrators. Authenticity is derived from the business processes associated with the creation of the record, in particular where the record is captured as part of the normal process of doing business. The recordkeeping system demonstrates authenticity by means of metadata captured when the record is registered. From a technology perspective, demonstrating authenticity is dependent upon the accuracy of the metadata being captured and whether this metadata can be shown to be unaltered. The system must capture:
VERS does not require the recordkeeping system to prove that a specific user was operating the account when the record was created. In particular, VERS does not require any special technology (such as biometrics, digital signatures, or smartcards) to demonstrate who registered a record, though, obviously, such technology can result in a stronger proof of authenticity.
It is expected that responsibility for demonstrating conformance to these functions will lie with the vendor of the recordkeeping application. Conformance is demonstrated by showing that the system captures the identity of the user registering the record and the time the record was registered. The time must be from a source not under the control of the user registering the record. Ensuring that the metadata proving authenticity is unchanged after capture is an aspect of record integrity and is discussed in the next section. | |||||
 |
 |
|