United Nations Development Programme Proposed Policy Decision for the Executive Team On Electronic Documents and their Management (draft 20 March 2003)
Feedback: Patrick.Gremillet@undp.org Ask questions: Patrick.Gremillet@undp.org 2 Validity/legality of the Policy 3.3 Business Transaction Documents 3.3.1 Admissibility and evidential value of business transaction documents in electronic form 3.3.2 Preservation of original content and appearance 3.3.4 Compliance with a requirement for signature 3.3.5 Access to electronic documents 4 Annex 1: Rationale for the Decision 5 Annex 2: Definition of selected terms 1 Policy Decision Resolved that:
2 Validity/legality of the PolicyThis policy decision is based on the following UN resolutions and recommendations:
3 Application of the PolicyBased on the above recommendations and Model Laws, the Assistant Administrator, Bureau of Management (BOM), in close consultation with relevant units, shall be responsible for the development and implementation of standard global procedures for electronic documentation and document management that will ensure availability of important business documents for an appropriate period of time, their security, and their integrity, especially when such documents are legal instruments or are required for audit purposes in relation to business processes. 3.1 General principlesThe key principles that shall govern the development of these procedures are as follows: 1. E-documentation refers to making knowledge and information available in electronic form for storage, access and retrieval throughout the organization. Procedures shall be developed for a systematic approach to e-documentation that can be generally applied to all forms of internal documentation, including e-mail. The procedures will also address specific legal recordkeeping requirements, support audit requirements, and provide mechanisms for the capture of business process information. 2. The
procedures shall determine at what point an electronic copy of a document can
become the UNDP operational copy, and shall reflect the principle of
non-discrimination between information supported by a paper medium and
information communicated or stored electronically, as defined in the UNCITRAL
Model Law on Electronic Commerce (Guide for Enactment,
para. 24). 3. The
procedures should place particular emphasis on metadata and metadata capture
through the development of corporate metadata standards. These will ensure
long-term access and retrieval and support the migration of stored documents by
describing technical attributes, document structure, contents, relationship to
other documents, business process information, and other attributes of
electronic records. The procedures will clarify relationships between the
existing Global Filing List, the Taxonomy, and other emerging organizational
schema for documentation 4. The
procedures should recommend standards and models regarding inter-alia scanning
processes, organizational schema for electronic records, document
format/templates and file naming conventions. 5. The procedures shall clearly define the requirements related to the maintenance, appraisal, archive retention and disposal of electronic records and provide recommendations on electronic preservation issues, preferred storage media and migration of electronic documents for long-term archival retention. In addressing these particular issues, UNDP shall work closely with the UN Digital Archive Programme (DAP), which is presently looking at the preservation and archival of records of long-term value.
6. The procedures shall be compatible with the on-going development of the corporate Portal, and shall take into account the impact that the ERP will have on the management of documents using on-line processing and approval. Consequently, the procedures shall be flexible to allow for technical innovations and may have to be periodically adapted. 7. The procedures shall be shared with other UN agencies to ensure that they are in line with procedures and practices in place among the UN System. Validation of the procedures shall also be sought through review by outside expertise. 8. The procedures shall provide a phased implementation plan for shifting from paper to electronic documents. The implementation plan shall address the particular needs of all country offices and of UNDP headquarters. The procedures shall promote the use of open, public, non-proprietary standards that shall facilitate communications between multiple systems and software, and enable UNDP to implement this policy across its decentralized network. 3.2 Prescriptive DocumentsPrescriptive documents are separated into two large types: 1) legislation and policy statements, and 2) administrative procedures. The validity of prescriptive documents in electronic format is ensured as long as such documents are produced, made available and announced to UNDP staff members in compliance with the workflow and format defined in the Policy on Prescriptive Content Management approved on 19 March 2003.
3.3
Business Transaction Documents
Documents related or supporting UNDP business transactions include:
The procedures shall reflect the changes which will derive from the PeopleSoft ERP implementation in respect of business transaction documents embedded in the ERP and as such becoming system-dependant records (as opposed to records that can exist independently from the ERP, but related to a business transaction). The WITs Team, in collaboration with key units shall establish a list of business transaction documents required to produce a full and accurate accounting of a decision or a transaction under the ERP. The list shall make a distinction between system-dependant and system-independent records, thus enabling UNDP to develop comprehensive procedures for electronic records management. 3.3.1 Admissibility and evidential value of business transaction documents in electronic formBusiness transaction documents in electronic form shall be given due evidential weight and become the operational versions for UNDP. In assessing the evidential value of an electronic document, regard shall be given to the reliability of the manner in which the electronic document was generated, stored or communicated, to the reliability of the manner in which the integrity of the information was maintained, to the manner in which its originator was identified, and to any other relevant factor. 3.3.2
Preservation of original content and appearance
If business transaction documents are received in paper format, the procedures shall ensure that the documents scanned, then filed or delivered electronically are preserved so that the content of the original document is not altered in any way and that the appearance of the document when displayed or printed closely resembles the original without any material alteration. When scanned or filed electronically, the operational copy for business transaction documents shall be the stored electronic copy, provided that one original paper-based copy remains available for a minimum period of two years. If business transaction documents are produced or received in electronic form, mechanisms shall be developed to provide reliable assurance as to the integrity of the information from the time it was first generated or received in final form, to the conversion to an electronic record. 3.3.3 Integrity and SecurityUNDP shall develop and
codify security standards and employ security procedures that prevent unauthorised
modification or deletion of the electronic filed document related or supporting
business transactions. This shall include: § Having written procedures outlining the controls in place to ensure the integrity of electronic documents so that any copies electronically produced may be deemed to be true and correct copies of the original document. § Performing virus check to ensure that the documents are free from viruses. § Using media storage that comply with international standards 3.3.4 Compliance with a requirement for signatureWhen internal UNDP procedures require a signature by a person, that requirement is met using electronic documents if an electronic signature is used in compliance with international standards. An electronic signature is considered to be reliable if:
UNDP may employ acceptable technologies or procedures including:
3.3.5 Access to electronic documentsElectronic documents must be maintained so that they are accessible and secure for the duration of their scheduled lifecycle. Integrity of the data and information is the responsibility of the creating unit and the designated custodian. The designated custodian will ensure that data and information are not lost or altered during any step in the ongoing maintenance of the storage media.
Feedback: Patrick.Gremillet@undp.org Ask questions: Patrick.Gremillet@undp.org
4 Annex 1: Rationale for the Decision The following arguments are presented to support this policy decision. 1.
Essential for implementation of the Information and
Communication Technology (ICT) Strategy.
The UNDP ICT Strategy (January 2002) facilitates UNDP’s transition to a
decentralized, networked organization that can provide timely access to practical
information. This strategy accelerates
the ongoing shift in organizational practice from the use of paper to
electronic documents. An electronic
document management policy is necessary to enable the successful implementation
of the ICT strategy. 2.
The ERP system and Portal will obviate the need for
many paper documents. The ERP will
embed many paper documents and forms into web-based software. Electronic
documentation will be generated, processed and archived by the system and will
also be sent to partners and suppliers in electronic format. While the system
may not be entirely paperless, it is moving in that direction. A strong policy defining the legal value of
electronic documents generated by the system is therefore necessary to ensure
the corporate implementation of the ERP across the UNDP network. Similarly, the
portal will become the authoritative repository of UNDP’s prescriptive and
substantive content. With a few
possible exceptions, there will no longer be the need to print manuals or other
prescriptive documents. Indeed, after
manual content has been successfully uploaded to the portal, the need for the
manual will disappear. However, UNDP needs to recognize that prescriptive
content in electronic form will be the norm. 3. Need for electronic document management standards and procedures to ensure accountability. UNDP needs to establish new or revised standards and procedures for electronic document management in order to establish whether the electronic copy of a document has legal status for auditing purposes. In other words, corporate document management standards and procedures must be developed and applied to electronic documents to fulfil all requirements for accountability for the use of UNDP resources. In this regard, the UN Model Law proposes a new approach, sometimes referred to as the "functional equivalent approach", which is based on an analysis of the purposes and functions of the traditional paper-based requirement with a view to determining how those purposes or functions could be fulfilled through electronic techniques. For example, among the functions served by a paper document are the following: to provide that a document would be legible by all; to provide that a document would remain unaltered over time; to allow for the reproduction of a document so that each party would hold a copy of the same data; to allow for the authentication of data by means of a signature; and to provide that a document would be in a form acceptable to authorities and auditors. It should be noted that in respect of all of the above-mentioned functions of paper, electronic records can provide the same level of security as paper and, in most cases, a much higher degree of reliability and speed, especially with respect to the identification of the source and content of the data, provided that a number of technical and legal requirements are met. However, the adoption of the functional-equivalent approach should not result in imposing on users of electronic commerce more stringent standards of security (and the related costs) than in a paper-based environment. [1]. It would be a mistake to assume that courts or audits would reject electronic forms of signatures because they are electronic, or that electronic signatures using strong secure technologies are nonetheless somehow inferior to hand-written signatures. First of all, it must be noted that hand-written signatures on paper can be forged. The person relying on a paper-based document often has neither the names or the persons authorized to sign nor specimen signatures available for comparison. Even where a specimen of the authorized signature is available for comparison, only an expert may be able to detect a careful forgery. Where large numbers of documents are processed, signatures are often not compared with specimen signatures when they are available, except for the most important transactions. Paper documents can be lost or destroyed. Even where there is an original hand-written signature, a contract can still be repudiated or declared void for a variety of reasons relating to the law of contract. Thus, hand-written signatures do not by themselves create binding, enforceable agreements. An electronic signature actually provides a greater degree of security than a handwritten signature. The recipient of a digitally signed message can verify both that the message originated from the person whose signature is attached and that the message has not been altered either intentionally or accidentally since it was signed. Furthermore, secure digital signatures cannot be repudiated; the signer of a document cannot later disown it by claiming the signature was forged. For these reasons, legislations in a large number of countries have recognised the legal value of electronic signature, based on the UNCITRAL Model Law presented above[2]. Need to promote reliance on electronic signatures. In moving towards an electronic environment, there is a need to facilitate the use of electronic signature when a form of approval or certification by a person is required on a document. The increasing use of email also requires that UNDP adopt a policy in this respect and be then in a position to expand an experiment introduced 3 years ago
5. Need
for control over electronic documents to ensure coherent global management. The massive increase in the use of e-mail
has created an immediate need for an improved electronic document management
system. The uncontrolled use of e-mail bypasses document management procedures
that are in place. For example, important or substantive information is
increasingly conveyed directly in e-mail communications. These messages thus become “documents” that
need to be classified and filed for institutional purposes in accordance with
corporate norms. If done at all, e-mail archiving is generally carried out on
an individual basis without any standard procedures or classification. E-mail
documents thus archived reside on the user’s computer and are usually not
available to other staff. 6. Increasing
costs and administrative burdens associated paper document management.
Management of paper records has become more onerous
as a result of decentralization of records management responsibilities and the
shortage of staff trained in records management. Lack of guidance and excessive
caution have led to duplication of paper files among sub-units and at the
country office level. Paper is still the most widely used medium for the
storage of UNDP information. Storage of paper documents has become cost factor as
considerable square footage of office space is devoted to filing cabinets and
other storage. Due to the growing
volume of paper archives, off-site storage is often required resulting in
additional costs. Retrieval of paper
documents, especially archived documents, is also time-consuming and
expensive. Electronic document storage
on CD-ROMs will drastically reduce the need for document storage space and will
simplify retrieval. 7. Need
to ensure that electronic documents are carefully managed over time. Ensuring
the availability of electronic documents over time raise the same issues that
apply to paper-based records in order to maintain the institutional memory of
the organization and satisfy retention requirements. In most cases, electronic
records should be maintained in electronic form, because preserving the context
and structure of and facilitating access to those records are best accomplished
in the electronic environment. However, new procedures adapted to an electronic
environment need to be developed covering inter-alia, storage requirements,
supported standards, security measures and environment control. 5 Annex 2: Definition of selected termsMetadata – metadata are information about information, or “data about data”. It consists of labels like “title”, “author”, “language”, “date created” etc. used to describe electronic documents. A metadata model defines the kinds of information that can be captured in a system and an approved vocabulary for referring to these “metadata elements”. By standardizing the metadata that we use, a metadata model makes it possible to easily search across systems. Taxonomy - A taxonomy is a concept map expressed as a hierarchical list of terms. A taxonomy can be used to define a single metadata element (i.e. subject) in a content management system and can help groups of people organize things. Corporate taxonomies are symbolic and value laden. Taxonomies speak to “what we think we do” within an organization by communicating management priorities and reinforcing efforts to change entrenched work cultures. Digital ID - Digital IDs are the electronic counterparts to driver licenses, passports, and membership cards. A user can present a Digital ID electronically to prove his/her identity or right to access information or services online. Digital IDs, also known as digital certificates, bind an identity to a pair of electronic keys that can be used to encrypt and sign digital information. A Digital ID makes it possible to verify someone's claim that they have the right to use a given key, helping to prevent people from using phony keys to impersonate other users. Used in conjunction with encryption, Digital IDs provide a more complete security solution, assuring the identity of all parties involved in a transaction.
Public Key Infrastructure (PKI) - PKI describes a system that uses public keys and Digital IDs to ensure security of the system and to confirm the identity of its users. PKI is based on a system of trust, where two parties mutually trust a Certificate Authority (CA) to check and confirm the identity of both parties. For example, most people and companies trust the validity of a driver's license or passport. This is because they trust the way the government issues these documents. However, a student ID is typically accepted as proof of identity only to the school that issues the ID. The same holds true for Digital IDs. Electronic Signature - A electronic (or digital) signature
functions for electronic documents like a handwritten signature does for
printed documents. The signature is an unforgeable piece of data that asserts
that a named person wrote or otherwise agreed to the document to which the
signature is attached. [1] Digital signature is used by the Office of Budget for issuing allotment advice via email. This pilot was introduced in June 2000 using Verisign as Certificate Authority (CA). At a lower level of security, UNV Bonn and the JPO Service Centre in Copenhagen have also been using electronic signatures for specific work processes. [2] See the Digital Signature Law Survey, presenting an overview by country of existing and proposed legislation with respect to electronic authentication and more specifically digital signatures. |