...
Create a Long-Term Retention and Access Policy
Retention and access policies already exist for this logbook data under NOAA file series 1505-11, Catch Statistics Files. This section discusses the special records management considerations which arise due to incorporation of an electronic signature.
NMFS policy directive 32-110 specifies
Electronic audit trails must provide a chain of custody for the secure electronic transaction that can be used to ensure the integrity of the document. The audit trail information may be needed for audits, disputes, or court cases many years after the transaction itself took place and long-term retention of not only the signed document but the accompanying audit trail should be addressed (See Sub-section 6 below).... As a general rule when the risk associated with a transaction increases the number of components tracked as part of the audit trail should increase.... The original
document along with it audit trail should not be deleted from the agency's records.... Additional information on audit trails can be found in the NARA guidelines for records management with regard to implementing electronic signatures Records Management Guidance for Agencies Implementing Electronic Signature Technologies.
Retention and access policies already exist for this logbook data under NOAA file series 1505-11, Catch Statistics FilesNARA's Records Management Guidance for Agencies Implementing Electronic Signature Technologies establishes characteristics of trustworthy records in terms of reliability, authenticity, integrity, and usability. NARA advises that these characteristics are a matter of degree. Transactions that are critical to the agency business needs may need a greater assurance level that they are reliable, authentic, maintain integrity and are usable than transactions of less critical importance.
- Reliability is established by capturing the content and context of the transaction and recording that content and context in database tables through a mechanism which allows inserts but which disallows updates or deletes.
- Authenticity is established by checking logbook-related data elements against permit-related data elements, and adding the results of that validity check as a part of the context of the logbook record, stored in the database through a mechanism which allows inserts but which disallows updates or deletes.
- Integrity is established by the database mechanism which allows database inserts but which disallows updates or deletes.
- Usability is established by the linkages among the permit records and the logbook records and the e-signature receipts. Using these linkages it is possible to connect the signer and the time of the signature with the details of the signed transaction.
NARA's Records Management Guidance for Agencies Implementing Electronic Signature Technologies states "for a record to remain reliable, authentic, with its integrity maintained, and usable for as long as the record is needed, it is necessary to preserve its content, context, and sometimes its structure." The proposed e-signature preserves content (logbook data), context (audit trail data and permit data), and structure (links among related tables).
NARA's Records Management Guidance for Agencies Implementing Electronic Signature Technologies describes two approaches to ensuring the trustworthiness of electonically-signed records over time. This e-signature implementation will maintain documentation of record validity (including trust verification records, or audit trails) gathered at or near the time of record signing (the first approach specified in NARA's Records Management Guidance for Agencies Implementing Electronic Signature Technologies).
The agency will address NARA's steps to ensure trustworthy electronically-signed records as follows:
...