It is undisputed that the procedures for storage and archiving must be documented (Art. 4 GeBüV). The basic requirement here is to understand and be able to trace the core processes of archiving and retention. The primary purpose of the documentation is to be able to verify the regularity of the processes, systems and procedures used (especially ICS). What this documentation should look like is not determined and is left to practice. Swiss law focuses on the entire life cycle, i.e. from the creation of the data to its destruction. The scope and content of documentation depends on the type of business and risk exposure. In this respect, there can be no generally applicable instruction as to what this documentation should look like. In particular, it is completely unnecessary to describe components and processes that are already documented (e.g., how software change management works). You can find out how we design the documentation and what the important contents are in the Information Governance Practice Guide.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Related articles