United Nations Development Programme

 

 

Policy on Electronic Document Management

 

 

Document Name

Policy on Electronic Document Management

Language(s)

English, French, Spanish

Responsible Unit

Bureau of Management

Creator (individual)

Jan Mattsson jan.mattsson@undp.org

Subject (taxonomy)

Organizational Procedures, Information Management

Date approved

7 May 2003 (official announcement)

Mandatory Review

31 October 2003

Audience

This Policy is to be used by all UNDP staff at Headquarters, in the Country Offices and at other offices worldwide. 

Applicability

UNDP's policy is applicable to the management of documents in electronic format, and include specific provisions when such documents are legal instruments or are required for audit purposes. 

Replaces

N/A

Is part of

UNDP ICT Strategy, January 2002

Related documents

Policy on Prescriptive Content Management, Feb. 2003

E-Document Management – Discussion and background paper

MPN Discussion Summary – April 2003

Manual of Management, Chapter 5 Records Management

UN Record Ref.

Not yet available

 

Version

Date

Author(s)

Revision Notes

-

-

-

-

 

Feedback: Patrick.Gremillet@undp.org

Ask questions: Patrick.Gremillet@undp.org

 

 

1      Policy Decision. 1

2      Validity/legality of the Policy. 2

3      Application of the Policy. 2

3.1       General principles. 2

3.2       Prescriptive Documents. 3

3.3       Business Transaction Documents. 3

3.3.1        Admissibility and evidential value of business transaction documents in electronic form.. 3

3.3.2        Preservation of original content and appearance. 3

3.3.3        Integrity and Security. 4

3.3.4        Compliance with a requirement for signature. 4

3.4       Access to electronic documents. 4

3.5       Pilots on E-Documentation and E-signature. 4

4      Annex 1: Rationale for the Decision. 4

5      Annex 2: Definition of selected terms. 7

 

 

 

1         Policy Decisions

 

Resolved that:

  • UNDP shifts in a gradual and phased manner to the fullest possible use of electronic documentation in place of paper.
  • The electronic versions of documents become the operational versions for UNDP, provided that criteria for assessing the authenticity and integrity of electronic are met to prevent any alteration to informational content.
  • When internal requirements necessitate the signature of a person on a document, these requirements can be met through electronic documents using an electronic signature that satisfies certain criteria of technical reliability. As such the electronic signature shall be functionally equivalent to a handwritten signature.

 

2         Validity/legality of the Policy

This policy decision is based on the following UN resolutions and recommendations:

  • The Recommendation on the Legal Value of Computer Records adopted the United Nations Commission on International Trade Law (UNCITRAL) at its 8th session in 1985.
  • The General Assembly resolution 40/71 of 11 December 1985 in which the Assembly called upon Governments and international organizations to take action, where appropriate, in conformity with the recommendation of the Commission, so as to ensure legal security in the context of the widest use of automated data.
  • The Model Law on Electronic Commerce (MLEC) with Guide to Enactment, adopted by UNCITRAL in 1996, and revised in 1998, which removes legal barriers to the use of electronic communications and provides “functional equivalents” to the use of paper documents for legal purposes. The Model Law recognizes the admissibility and evidential value of data messages provided that certain criteria are met in terms of security and integrity.
  • The General Assembly resolution 51/162 of 16 December 1996, in which the Assembly recommended to all States to give favorable consideration to the Model Law in view of the need for uniformity applicable to alternatives to paper-based methods of communication and storage of information.
  • The Model Law on Electronic Signature (MLES) with Guide to Enactment adopted by UNCITRAL in 2001, which supplements the MLEC and brings additional legal certainty regarding the use of electronic signatures. Following a technology neutral approach and without favoring any specific products, the Model Law indicates that electronic signatures shall be treated as equivalent to hand-written signatures, if they meet certain criteria of technical reliability.

 

 

3         Application of the Policy

Based on the above recommendations and Model Laws, the Assistant Administrator, Bureau of Management (BOM), in close consultation with relevant units, shall be responsible for the development and implementation of standard global procedures for electronic documentation and document management that will ensure availability of important business documents for an appropriate period of time, their security, and their integrity, especially when such documents are legal instruments or are required for audit purposes in relation to business processes. 

 

3.1      General principles

The key principles that shall govern the development of these procedures are as follows:

 

1.      E-documentation refers to making knowledge and information available in electronic form for storage, access and retrieval throughout the organization.  Procedures shall be developed for a systematic approach to e-documentation that can be generally applied to all forms of internal documentation, including e-mail. The procedures will also address specific legal record-keeping requirements, support audit requirements, and provide mechanisms for the capture of business process information.

 

2.      The procedures shall determine at what point an electronic copy of a document can become the UNDP operational copy, and shall reflect the principle of non-discrimination between information supported by a paper medium and information communicated or stored electronically, as defined in the UNCITRAL Model Law on Electronic Commerce (Guide for Enactment, para. 24).

 

3.      The procedures should place particular emphasis on metadata and metadata capture through the development of corporate metadata standards. These will ensure long-term access and retrieval and support the migration of stored documents by describing technical attributes, document structure, contents, relationship to other documents, business process information, and other attributes of electronic records. The procedures will clarify relationships between the existing Global Filing List, the Taxonomy, and other emerging organizational schema for documentation

 

4.      The procedures should recommend standards and models regarding inter-alia scanning processes, organizational schema for electronic records, document format/templates and file naming conventions.

 

5.      The procedures shall clearly define the requirements related to the maintenance, appraisal, archive retention and disposal of electronic records and provide recommendations on electronic preservation issues, preferred storage media and migration of electronic documents for long-term archival retention. In addressing these particular issues, UNDP shall work closely with the UN Digital Archive Programme (DAP), which is presently looking at the preservation and archival of records of long-term value. 

 

 

6.      The procedures shall be compatible with the on-going development of the corporate Portal, and shall take into account the impact that the ERP will have on the management of documents using on-line processing and approval. Consequently, the procedures shall be flexible to allow for technical innovations and may have to be periodically revised.

 

7.      The procedures shall be shared with other UN agencies and other UNDP partners to ensure that they are in line with international procedures and practices. Validation of the procedures shall also be sought through review by outside expertise.

 

8.      The procedures shall provide a phased implementation plan for shifting from paper to electronic documents. The implementation plan shall address the particular needs of all country offices and of UNDP headquarters. The procedures shall promote the use of open, public, non-proprietary standards that shall facilitate communications between multiple systems and software, and enable UNDP to implement this policy across its decentralized network.

 

 

3.2      Prescriptive Documents

Prescriptive documents are separated into two large types: 1) legislation and policy statements, and 2) administrative procedures. The validity of prescriptive documents in electronic format is ensured as long as such documents are produced, made available and announced to UNDP staff members in compliance with the workflow and format defined in the Policy on Prescriptive Content Management approved on 19 March 2003.

  • Standard HTML templates shall be the norm for the publishing and dissemination of prescriptive content.
  • The information published in electronic format on the UNDP Portal shall be considered the correct or official version.
  • Procedures for storage and archival retention shall be developed specifically for prescriptive content.

 

Country Offices and HQ units shall be responsible for ensuring that staff having no access to computers are informed in a timely manner about new policies and procedures disseminated electronically.

 

3.3      Business Transaction Documents

Documents related or supporting UNDP business transactions include:

  • Documents which commit UNDP to an action or a formal request from UNDP to a third party. This includes purchase orders, SSA contracts, service contracts, employee contracts, offer letters, leases, project documents, trust funds, cost-sharing agreements, memorandum of understanding, notes verbale, etc.
  • Internal and external documents which form part of UNDP formal internal control system.  This includes mandatory month end reports, disbursement vouchers, travel authorizations, travel claims, invoices, cash receipt vouchers, journal vouchers, IOVs, etc.

 

 

The procedures shall reflect the changes which will derive from the PeopleSoft ERP implementation in respect of business transaction documents embedded in the ERP and as such becoming system-dependant records (as opposed to records that can exist independently from the ERP, but related to a business transaction). The WITs Team, in collaboration with key units shall establish a list of business transaction documents required to produce a full and accurate accounting of a decision or a transaction under the ERP. The list shall make a distinction between system-dependant and system-independent records, thus enabling UNDP to develop comprehensive procedures for electronic records management.

 

3.3.1      Admissibility and evidential value of business transaction documents in electronic form

Business transaction documents in electronic form shall be given due evidential weight and become the operational versions for UNDP. In assessing the evidential value of an electronic document, regard shall be given to the reliability of the manner in which the electronic document was generated, stored or communicated, to the reliability of the manner in which the integrity of the information was maintained, to the manner in which its originator was identified, and to any other relevant factor.

 

3.3.2      Preservation of original content and appearance

If business transaction documents are received in paper format, the procedures shall ensure that the documents scanned, then filed or delivered electronically are preserved so that the content of the original document is not altered in any way and that the appearance of the document when displayed or printed closely resembles the original without any material alteration. When scanned or filed electronically, the operational copy for business transaction documents shall be the stored electronic copy, provided that one original paper-based copy remains available for a minimum period of two years. This parallel approach acknowledges that this is a transitional period for paper and digital records. While the goal is to rely exclusively on electronic records, as a temporary measure it is considered appropriate to retain the hard copy for a reasonable period of time in case of failure of the electronic system and to give staff time to gain confidence in electronic documents. 

 

If business transaction documents are produced or received in electronic form, mechanisms shall be developed to provide reliable assurance as to the integrity of the information from the time it was first generated or received in final form, to the conversion to an electronic record.

 

 

3.3.3      Integrity and Security

UNDP shall develop and codify security standards and employ security procedures that prevent unauthorised modification or deletion of the electronic filed document related or supporting business transactions. This shall include:

§         Having written procedures outlining the controls in place to ensure the integrity of electronic documents so that any copies electronically produced may be deemed to be true and correct copies of the original document.

§         Performing virus check to ensure that the documents are free from viruses.

§         Using appropriate media storage and archival procedures ensuring long-term preservation of records.

§         Procedures and techniques to ensure confidentiality and restricted access to certain documents as defined in the Policy on Records Management.

 

 

3.3.4      Compliance with a requirement for signature

When internal UNDP procedures require a signature by a person, that requirement is met using electronic documents if an electronic signature is used in compliance with international standards. An electronic signature is considered to be reliable if:

  • The signature creation data are, within the context in which they are used, linked to the signatory and to no other person
  • The signature creation data were, at the time of signing, under the control of the signatory and of no other person
  • A process for validating that the content has not been altered after the time of signing can be established

 

UNDP may employ acceptable technologies or procedures including:

  • Digital time-stamps
  • Digital certificate, electronic signatures and encryption technologies

 

 

The use of electronic signature shall be assigned to officers who have been granted authority within the UNDP accountability framework. The levels of responsibilities and delegation for e-signatures shall be equivalent to those governing hand-written signatures.

 

3.4      Access to electronic documents

Electronic documents must be maintained so that they are accessible and secure for the duration of their scheduled lifecycle. The procedures shall define the responsibilities of creating units and designated custodians to ensure that data and information are properly maintained, regardless of their physical type. The existing Records Management Policy shall then be revised to reflect these new procedures. The procedures shall also establish a comprehensive programme for protecting UNDP vital electronic records from catastrophe or disaster.

 

3.5      Pilots on E-Documentation and E-signature

UNDP shall capitalize on existing experiences and pilots related to electronic archive and e-signature throughout its network. Whenever appropriate, selected pilot initiatives shall be documented and shared on the Management Practice Network for review and for exploring possible replication within UNDP.

 

 

 

 

Feedback: Patrick.Gremillet@undp.org

Ask questions: Patrick.Gremillet@undp.org

 

Back to top

 

 

 

 

 

4         Annex 1: Rationale for the Decision

 

The following arguments are presented to support this policy decision.

 

Essential for implementation of the Information and Communication Technology (ICT) Strategy.  The UNDP ICT Strategy (January 2002) facilitates UNDP’s transition to a decentralized, networked organization that can provide timely access to practical information.  This strategy accelerates the ongoing shift in organizational practice from the use of paper to electronic documents.  An electronic document management policy is necessary to enable the successful implementation of the ICT strategy. The purpose of such a policy is to demonstrate the baseline process for managing all forms of electronic communication throughout the organisation.

 

The ERP system and Portal will obviate the need for many paper documents.  The ERP will embed many paper documents and forms into web-based software. Electronic documentation will be generated, processed and archived by the system and will also be sent to partners and suppliers in electronic format. While the system may not be entirely paperless, it is moving in that direction.  A clear policy defining the legal value of electronic documents generated by the system is therefore necessary to ensure the corporate implementation of the ERP across the UNDP network, including in countries where an e-documentation law does not exist. Similarly, the portal will become the authoritative repository of UNDP’s prescriptive and substantive content.  With a few possible exceptions, there will no longer be the need to print manuals or other prescriptive documents.  Indeed, after manual content has been successfully uploaded to the portal, the need for the manual will disappear. However, UNDP needs to officially recognize that prescriptive content in electronic form will be the norm.

 

Need for electronic document management standards and procedures to ensure accountability.  UNDP, like other organisation,s create records for a wide variety of purposes. Records document transactions and decisions, provide evidence of past actions, and keep track of rights and obligations. Organizations and individuals rely increasingly on electronic systems to communicate, transact business, formulate and develop policies, and disseminate regulations, policies, and directives. The records created, transmitted, and stored as a result of the use of these systems must be subject to the same statutes, regulations, standards, policies, and professional practices that pertain to records in all other formats. UNDP should review policies governing access, privacy, security, and retention of records to ensure that consistent standards are in place for all records regardless of format. In other words, corporate document management standards and procedures must be developed and applied to electronic documents to fulfill all requirements for accountability for the use of UNDP resources. In this regard, the UN Model Law proposes a new approach, sometimes referred to as the "functional equivalent approach", which is based on an analysis of the purposes and functions of the traditional paper-based requirement with a view to determining how those purposes or functions could be fulfilled through electronic techniques. For example, among the functions served by a paper document are the following: to provide that a document would be legible by all; to provide that a document would remain unaltered over time; to allow for the reproduction of a document so that each party would hold a copy of the same data; to allow for the authentication of data by means of a signature; and to provide that a document would be in a form acceptable to authorities and auditors. It should be noted that in respect of all of the above-mentioned functions of paper, electronic records can provide the same level of security as paper and, in most cases, a much higher degree of reliability and speed, especially with respect to the identification of the source and content of the data, provided that a number of technical and legal requirements are met. However, the adoption of the functional-equivalent approach should not result in imposing on users of electronic documents more stringent standards of security (and the related costs) than in a paper-based environment. 

 

Need to promote reliance on electronic signatures. In moving towards an electronic environment, there is a need to facilitate the use of electronic signature when a form of approval or certification by a person is required on a document. The increasing use of email also requires that UNDP adopt a policy in this respect and be then in a position to expand an experiment introduced 3 years ago[1]. It would be a mistake to assume that courts or audits would reject electronic forms of signatures because they are electronic, or that electronic signatures using strong secure technologies are nonetheless somehow inferior to hand-written signatures. First of all, it must be noted that hand-written signatures on paper can be forged. The person relying on a paper-based document often has neither the names or the persons authorized to sign nor specimen signatures available for comparison. Even where a specimen of the authorized signature is available for comparison, only an expert may be able to detect a careful forgery. Where large numbers of documents are processed, signatures are often not compared with specimen signatures when they are available, except for the most important transactions. Paper documents can be lost or destroyed. Even where there is an original hand-written signature, a contract can still be repudiated or declared void for a variety of reasons relating to the law of contract. Thus, hand-written signatures do not by themselves create binding, enforceable agreements. An electronic signature actually provides a greater degree of security than a handwritten signature. The recipient of a digitally signed message can verify both that the message originated from the person whose signature is attached and that the message has not been altered either intentionally or accidentally since it was signed. Furthermore, secure digital signatures cannot be repudiated; the signer of a document cannot later disown it by claiming the signature was forged. For these reasons, legislations in a large number of countries have recognised the legal value of electronic signature, based on the UNCITRAL Model Law presented above[2].

 

 

 

Need for control over electronic documents to ensure coherent global management.  The massive increase in the use of e-mail has created an immediate need for an improved electronic document management system. The uncontrolled use of e-mail bypasses document management procedures that are in place. For example, important or substantive information is increasingly conveyed directly in e-mail communications.  These messages thus become “documents” that need to be classified and filed for institutional purposes in accordance with corporate norms. If done at all, e-mail archiving is generally carried out on an individual basis without any standard procedures or classification. E-mail documents thus archived reside on the user’s computer and are usually not available to other staff.

 

Increasing costs and administrative burdens associated with paper document management. Management of paper records has become more onerous as a result of decentralization of records management responsibilities and the shortage of staff trained in records management. Lack of guidance and excessive caution have led to duplication of paper files among sub-units and at the country office level. Paper is still the most widely used medium for the storage of UNDP information.  Storage of paper documents has become cost factor as considerable square footage of office space is devoted to filing cabinets and other storage.  Due to the growing volume of paper archives, off-site storage is often required resulting in additional costs.  Retrieval of paper documents, especially archived documents, is also time-consuming and expensive.  Electronic document storage will drastically reduce the need for physical storage space and will simplify retrieval.

 

Need to ensure that electronic documents are carefully managed over time. Ensuring the availability of electronic documents over time raise the same issues that apply to paper-based records in order to maintain the institutional memory of the organization and satisfy retention requirements. In most cases, electronic records should be maintained in electronic form, because preserving the context and structure of and facilitating access to those records are best accomplished in the electronic environment. However, new procedures adapted to an electronic environment need to be developed covering inter-alia, storage requirements, supported standards, security measures and environment control.

 

 

Back to top

 

5         Annex 2: Definition of selected terms

Metadata – metadata are information about information, or “data about data”. It consists of labels like “title”, “author”, “language”, “date created” etc. used to describe electronic documents. A metadata model defines the kinds of information that can be captured in a system and an approved vocabulary for referring to these “metadata elements”. By standardizing the metadata that we use, a metadata model makes it possible to easily search across systems.

 

Taxonomy - A taxonomy is a concept map expressed as a hierarchical list of terms.  A taxonomy can be used to define a single metadata element (i.e. subject) in a content management system and can help groups of people organize things. Corporate taxonomies are symbolic and value laden. Taxonomies speak to “what we think we do” within an organization during a specific period of time by communicating management priorities and reinforcing efforts to change entrenched work cultures.

 

Digital ID - Digital IDs are the electronic counterparts to driver licenses, passports, and membership cards. A user can present a Digital ID electronically to prove his/her identity or right to access information or services online. Digital IDs, also known as digital certificates, bind an identity to a pair of electronic keys that can be used to encrypt and sign digital information. A Digital ID makes it possible to verify someone's claim that they have the right to use a given key, helping to prevent people from using phony keys to impersonate other users. Used in conjunction with encryption, Digital IDs provide a more complete security solution, assuring the identity of all parties involved in a transaction.

 

 

Public Key Infrastructure (PKI) - PKI describes a system that uses public keys and Digital IDs to ensure security of the system and to confirm the identity of its users. PKI is based on a system of trust, where two parties mutually trust a Certificate Authority (CA) to check and confirm the identity of both parties. For example, most people and companies trust the validity of a driver's license or passport. This is because they trust the way the government issues these documents. However, a student ID is typically accepted as proof of identity only to the school that issues the ID. The same holds true for Digital IDs. With PKI, both parties in a transaction (be it an online bank and its customers or an employer and its employees) agree to trust a CA who issues their Digital IDs. Typically, the software application that uses a Digital ID has some mechanism for trusting CAs. For example, a Web browser contains a list of CAs that it trusts. Usually a browser gives options for permanently or temporarily trusting the CA or not trusting it at all. As a user, there is control over which CAs one wants to trust, but the trust management is done by the software application (in this example, it is by the Web browser).

 

Electronic Signature - A electronic (or digital) signature functions for electronic documents like a handwritten signature does for printed documents. The signature is an unforgeable piece of data that asserts that a named person wrote or otherwise agreed to the document to which the signature is attached.

 

 

Back to top

 

 



[1] Digital signature is used by the Office of Budget for issuing allotment advice via email. This pilot was introduced in June 2000 using Verisign as Certificate Authority (CA). At a lower level of security, UNV Bonn and the JPO Service Centre in Copenhagen have also been using electronic signatures for specific work processes.

 

[2]  See the Digital Signature Law Survey, presenting an overview by country of existing and proposed legislation with respect to electronic authentication and more specifically digital signatures.