1、ANSI/AIIM TR31-2004Legal Acceptance ofRecords Produced byInformationTechnology SystemsDecember 26, 2004TECHNICALREPORTANSI/AIIM TR31-2004ANSI/AIIM TR 31-2004 Technical Report for Information and Image Management Legal Acceptance of Records Produced by Information Technology Systems a Technical Repor
2、t prepared by AIIM and Registered with ANSI December 26, 2004 Abstract: This report is a 2004 composite of material published in 1992-1994 as ANSI/AIIM TR31-1992, ANSI/AIIM TR31-1993, and ANSI/AIIM TR31-1994 (Part III). Those reports dealt with the admissibility in USA federal and state courts of pr
3、intouts of document and data records that are stored digitally. The reports gave performance guidelines and a self-assessment checklist to help ensure the admissibility and trustworthiness of the printouts. In combining the material the portions dealing with problems in state laws at that time and a
4、dvocating changes to the laws were dropped, while the portions dealing with fundamental legal principles and expectations were consolidated. The three-part organization was retained. Part I gives an overview of evidence law. Part II presents a performance guideline for the legal acceptance of record
5、s produced by IT systems. Part III offers a self-assessment for accomplishment of the performance guideline. Although the report is oriented heavily towards information recorded initially on paper and then entered into an IT system, much of the material applies also to system environments that are e
6、ntirely digital. AIIM TR 31-2004 TECHNICAL REPORT LEGAL ACCEPTANCE OF RECORDS PRODUCED BY INFORMATION TECHNOLOGY SYSTEMS Copyright 2004 by AIIM 1100 Wayne Avenue, Suite 1100 Silver Spring, MD 20910-5603 USA Telephone: 301/587-8202 Fax: 301/597-2711 Email: aiimaiim.org Web site: http:/www.aiim.org IS
7、BN 0-89258-407-6 No part of the publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any meanselectronic, mechanical, photocopying, recording, or otherwisewithout prior written permission of the publisher. Printed in the United States of America. 2004 AIIM In
8、ternational i AIIM TR 31-2004 TECHNICAL REPORT LEGAL ACCEPTANCE OF RECORDS PRODUCED BY INFORMATION TECHNOLOGY SYSTEMS Contents 1 Part I: Evidence law and guidelines for performance3 1.1 Evidence law: definitions and doctrines.3 1.2 Evidence guidelines.8 2 Part II: Performance Guideline for the legal
9、 acceptance of records produced by information technology systems 14 2.1 Applicability14 2.2 Information technology system assessment criteria 14 2.3 Form of evidence .15 2.4 Process or system used to produce records16 2.5 Documentation.17 2.6 Access and availability.18 3 Part III: Implementation of
10、 the Performance Guideline for the legal acceptance of records produced by information technology systemsSelf-assessment .20 3.1 Self-assessment procedure .20 3.2 Assessment strategy, organization, and resources .20 3.3 Description of the system environment and functions .21 3.4 Description of the r
11、ecords produced22 3.5 Disposition of the records 22 3.6 Description of the system processes .22 3.7 Laws and regulations governing the system recordkeeping22 3.8 Assessment criteria23 3.9 Self-assessment documentation28 3.10 Management review .28 Annex A Sample Self-Assessment Checklist29 2004 AIIM
12、International ii AIIM TR 31-2004 TECHNICAL REPORT LEGAL ACCEPTANCE OF RECORDS PRODUCED BY INFORMATION TECHNOLOGY SYSTEMS Foreword Foreword to the first edition (reprinted from TR31-1993) Many government and private organizations have developed some type of performance guidelines that address require
13、ments for the legal acceptance of records applicable to their own particular operational environments. Some have done so despite having to contend with poorly drafted legislation or regulations, which have confusing or outdated technical definitions or phraseology. With or without formal guidelines,
14、 organizations often find they are ill-prepared to deal with statutes, regulations, and rules of evidence that specify or limit the form of records maintained in information technology systems, particularly those relating to electronic imaging systems. On January 22, 1991, a task force was formed to
15、 develop a performance guideline that should provide guidance to information systems managers, records custodians, legislators, and government agencies in implementing legally acceptable methods for maintaining records using commonly employed or emerging information technology systems. The task forc
16、e was to develop a guideline that addressed two basic concerns: 1) admissibility of such records as evidence in federal or state courts; and 2) acceptance of such records by federal or state government agencies. A notification letter, which detailed the modification of existing laws affecting optica
17、l disk records was distributed by the task force to various state and local agencies. Beyond its operational utility, the guideline was intended to provide a general functional perspective that should foster uniformity among the various forums that enact laws or set forth rules concerning the legal
18、acceptance of records produced by information technology systems. The goal is to minimize disparity in the adoption of performance guidelines designed to facilitate compliance with these laws and rules, regardless of the operational environment. To this end, the guideline is couched in terms applica
19、ble to information technology systems in general without preference for any particular approach. The task force consisted of managers, specialists, consultants, and attorneys representing many years of experience with various information technology systems in both the government and private sectors.
20、 The need for a performance guideline was confirmed by the response to a comprehensive survey questionnaire mailed to records managers throughout the country. The guideline evolved during numerous meetings in which the task force considered presentations from government and private sector informatio
21、n systems specialists and attorneys, and reviewed relevant federal and state statutes, regulations and agency guidelines, and pertinent conference papers and publications. In this guideline, an Information Technology System is any process or system that employs a mechanical, photo-optical, magnetic,
22、 electronic, or other technological device for producing or reproducing records. The guideline sets forth criteria for consideration by information systems managers, records custodians, legislatures, government agencies, and organizational legal counsel, and individuals involved in drafting laws reg
23、arding the legal acceptance of records. The criteria apply to records produced by information technology systems regardless of the physical characteristics of the record media or technology employed. This includes records produced by any technique employing an information technology system as define
24、d above. Part I of the guideline provides an overview of the definitions and doctrines of discovery, admissibility, and laying a proper foundation, which are embodied in the Federal Rules of Evidence. An understanding of these definitions and doctrines is crucial to the establishment of a legally ad
25、missible records or information management program using information storage technology systems. 2004 AIIM International iii AIIM TR 31-2004 TECHNICAL REPORT LEGAL ACCEPTANCE OF RECORDS PRODUCED BY INFORMATION TECHNOLOGY SYSTEMS Part II of the guideline provides an overview of the laws that affect r
26、ecordkeeping requirements, including requirements to maintain records, form of records, and records retention. It also provides guidance to systems developers on how to establish information technology systems that meet existing legal requirements until a legal consensus is reached related to this g
27、uideline. Part III of the guideline presents a systematic approach for assessing the implementation of the findings and recommendations in Parts I and II. Specifically, it is intended to assist information system developers in establishing policies and procedures that meet legal requirements for acc
28、eptance of records produced by information technology systems. Foreword to this edition (2004) In 2003, the members of AIIM Standards Committee C22, Evidentiary Support, acknowledged that although much of the decade-old TR31 reports was out of date, much remained valid. Therefore they decided to del
29、ete the portions that were out of date and consolidate the still-valid portions of TR31-1992 (Part I), TR31-1993 (Part II), and TR31-1994 (Part III) into this single report, TR31-2004. This report follows generally the organizational approach of the original reports. The material is changed very lit
30、tle from its first publication. New information is being woven into a new committee report that eventually will replace this report. The new report will cover such current issues as digital alteration, derivation, and combination; encryption; voice, video, and multimedia; web services; privacy, secu
31、rity, and intellectual property considerations; hybrid recordkeeping systems; media transformation; compliance certification; and such third-party involvements as PKI processes. Those issues will be addressed in relation to both the legal principles and laws covered in this report and to the many im
32、portant new laws that have evolved and are still evolving after this report was originally written in 1992-94. The largest change in this report from TR31-1992 and TR31-1993 is the dropping of sections describing uniform laws that failed to gain widespread adoption and have since been dropped from a
33、ctive pursuit by the National Conference of Commissioners on Uniform State Laws. Reader cautions: 1. This report reprints content that was written in 1991-1993. Some of the content is about U.S. federal and state law as of that time, and it cites law cases decided in prior years. In compiling this e
34、dition, the law cases were not researched to see if they have been superseded. The C22 committee believes that basic legal principles discussed in this report have not changed significantly since 1992, but some of the specifics and details have changed. Readers should not expect that cases cited are
35、 the most recent, or that their holdings are the most current law. Similarly, some extracts from laws used in the first edition are reprinted in this edition. They, too, might have been modified or superseded. 2. This report was written before privacy laws and regulations, special security concerns,
36、 intellectual property protection issues, and digital rights management issues added complex new dimensions to the topics of availability and access that are discussed in Parts II and III of this report. The impacts of those laws, regulations and concerns, as well as compliance with them, will be di
37、scussed in the C22 committees new report. Much of the material in the original reports was directed at influencing state lawmaking regarding the technology and media for recordkeeping. The reports argued for technology-neutral laws and regulations. The C22 committee dropped that material in compilin
38、g this report. The committee also dropped the annexes that restated information that was available in 1992-94 only in hard-copy. Today, the original annex materials are available electronically on the World Wide Web. Readers of this report who desire the most current versions of such materials can g
39、et them easily from Web sites. The result of the committees work is a concise report that has three parts. The first is a summarization of some basic legal evidentiary principles and their application to electronic records. The second is a set of general performance guidelines to help ensure the evi
40、dentiary admissibility and trustworthiness of 2004 AIIM International iv AIIM TR 31-2004 TECHNICAL REPORT LEGAL ACCEPTANCE OF RECORDS PRODUCED BY INFORMATION TECHNOLOGY SYSTEMS electronic records. The third part and the Annex are a self-assessment process and a checklist by which enterprises can eva
41、luate their internal processes for electronic recordkeeping. The committee deeply appreciates the assistance of Robert Breslawski and the Eastman Kodak Company in creating, by optical character reading, an editable text file of the original published TR31 reports, whose word processor tapes and flop
42、py disks had long ago gone to the landfill along with the machines that recorded and played them. AIIMs C22 Committee welcomes comments on this report as well as participation in the work of creating its new report that deals with the technology world of the decade 2000-2010. For information about t
43、he committee and to assist in its work, see http:/www.aiim.org/standards. This document was developed under the auspices of the Standards Board, which approved it as an AIIM technical report. The Standards Board had the following members at the time it processed and approved this technical report: N
44、ame of representative Organization represented Charles Dollar, Chair Dollar Consulting Leslie Banach IBM Corporation Betsy Fanning AIIM Chuck Fay FileNET Bruce Holroyd Eastman Kodak Company Virginia Jones Newport News Department of Public Utilities Linda Koontz U.S. General Accounting Office William
45、 E. Neale U.S. TAG to ISO TC 171 Dan Schneider Louis E. Sharpe Picture Elements Inc. Chris Thompson Recognition Research Inc. This technical report was prepared by the C22 Subcommittee, Evidentiary Support, which had the following Principal members: Name of Principal member Organization affiliation
46、Robert Blatt Electronic Image Designers, Inc. John Breeden Virginia Department of Transportation Robert Breslawski Eastman Kodak Company Michael Cherry GMC7, Inc. Rae N. Cogar RCS Consulting Vigi Gurushanta eVIDA Group Juris Kelley Knowledge in Motion LLC Nancy L. Richards City of Bellevue, WA Danie
47、l Schneider 2004 AIIM International v AIIM TR 31-2004 TECHNICAL REPORT LEGAL ACCEPTANCE OF RECORDS PRODUCED BY INFORMATION TECHNOLOGY SYSTEMS Tom J. Sas Hewlett-Packard Company Janet P. Stauss National Geographic Society 2004 AIIM International vi AIIM TR 31-2004 TECHNICAL REPORT LEGAL ACCEPTANCE OF
48、 RECORDS PRODUCED BY INFORMATION TECHNOLOGY SYSTEMS Background Laws and government regulations sometimes include recordkeeping requirements. They do so for the following reasons: Information gathering Lawmakers review the activities of organizations to uncover problems for which laws may offer solut
49、ions. By requiring an organization to maintain or report information government is relieved of the enormous burden of gathering the information using its own resources. From the information received, lawmakers can prepare regulations that respond to the problems and conditions that exist in the “real world.“ Rulemaking Rules are the likely result of information gathered from regulated organizations. The impact of existing and proposed laws can be determined based upon the information received. The information can also lead to the repea