managing electronic records in governmental bodies - National ...
managing electronic records in governmental bodies - National ...
managing electronic records in governmental bodies - National ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
15<br />
<strong>in</strong>validates account<strong>in</strong>g entries. In comput<strong>in</strong>g, the term is also used for an <strong>electronic</strong><br />
or paper log used to track computer activity. For example, a corporate employee<br />
might have access to a section of a network <strong>in</strong> a corporation such as bill<strong>in</strong>g but be<br />
unauthorized to access all other sections. If that employee attempts to access an<br />
unauthorized section by typ<strong>in</strong>g <strong>in</strong> passwords, this improper activity is recorded <strong>in</strong> the<br />
audit trail.<br />
Audit trails are used to record customer activity <strong>in</strong> e-commerce. The customer's<br />
<strong>in</strong>itial contact is recorded <strong>in</strong> an audit trail as well as each subsequent action such as<br />
payment and delivery of the product or service. The customer's audit trail is then<br />
used to respond properly to any <strong>in</strong>quiries or compla<strong>in</strong>ts. A company might also use<br />
an audit trail to provide a basis for account reconciliation, to provide a historical<br />
report to plan and support budgets, and to provide a record of sales <strong>in</strong> case of a tax<br />
audit.<br />
Audit trails are also used to <strong>in</strong>vestigate cyber crimes. In order for <strong>in</strong>vestigators to<br />
expose a hacker's identity, they can follow the trail the hacker left <strong>in</strong> cyberspace.<br />
Sometimes hackers unknow<strong>in</strong>gly provide audit trails through their Internet service<br />
providers' activity logs or through chat room logs.<br />
4.1.6.2 Digital certificates and digital signatures<br />
The best way to protect the authenticity of <strong>records</strong> is by way of digital certificates and<br />
digital signatures. A digital certificate conta<strong>in</strong>s a person’s name, a serial number,<br />
expiration dates and a copy of a person’s digital signature as well as the digital<br />
signature of the certificate-issu<strong>in</strong>g authority and is used to establish a person’s<br />
credentials when do<strong>in</strong>g bus<strong>in</strong>ess or other transactions. A digital signature is an<br />
<strong>electronic</strong> signature that can be used to authenticate the identity of a sender of a<br />
message or a signer of a document, and is used to ensure that the content of a<br />
document or message is unchanged.<br />
4.2 E-mail<br />
E-mail can be a form of official communication. Messages sent or received <strong>in</strong> the<br />
performance of the functions of an office (as well as their attached metadata) are<br />
public <strong>records</strong> that must be reta<strong>in</strong>ed for as long as they are needed for official<br />
purposes.<br />
Examples of messages sent by e-mail that are public <strong>records</strong> <strong>in</strong>clude:<br />
• policies and directives<br />
• correspondence or memoranda related to official bus<strong>in</strong>ess<br />
• work schedules and assignments<br />
• agendas and m<strong>in</strong>utes of meet<strong>in</strong>gs<br />
• drafts of documents that are circulated for comment or approval<br />
• any document that <strong>in</strong>itiates, authorizes, or completes an official bus<strong>in</strong>ess<br />
transaction<br />
Manag<strong>in</strong>g <strong>electronic</strong> <strong>records</strong>_Policy Guidel<strong>in</strong>es.doc<br />
First Edition<br />
Version 1.1<br />
April 2003