SER Blog  Information Governance

Ensure credibility, prove compliance: certifications

Julia Pedak

Information is the basis of credibility. Whether it's at a court hearing, in an audit or in business dealings, your company must be able to prove that it complies with the EU GDPR, domestic tax regulations, industry standards and norms. On top of this, you have to ensure that your company’s documents and data are accurate. With the right software solution — for example, an ECM system — it's possible to manage and record documents and data not only securely, but also compliantly. Before you select an ECM system, however, a closer look at the market may be worthwhile, as not all ECM solutions are created equal.

When selecting a software solution for your business, certifications provide orientation and security. They give you the certitude that digitally processed and archived information cannot be manipulated. ECM platforms like Doxis that have multiple certifications offer a solid foundation upon which your company can conduct information and process management both digitally and compliantly. This means that all your bases are covered when it comes to tax and liability risks. What’s more, a certified ECM platform adds an extra layer of trust to your business relationships.

Who's afraid of the auditor?

Invoices, contracts, order confirmations, annual reports: the list is long of tax-relevant information that companies have to store — sometimes for as long as ten years, depending on where you do business. Some companies are under the impression that original paper documents are not allowed to be destroyed during this storage period. Taking a closer look at the general accounting principles in Europe, however, paints a different picture: Bookkeeping may be conducted electronically, as long as it complies with the domestic requirements. In Germany, for example, GoBD, AO and HGB apply. In Austria it's öBAO; in Switzerland, EIDI-V, GeBüV and OR. These laws lay out how companies must store digital tax and commercial documents to be audit-proof — namely, in manner that is complete, immutable, traceable, and in machine-readable form until the legal retention period ends. In other words, the necessity of archiving paper copies is a thing of the past. Of course, if you don't fulfill the legal requirements, there will be consequences. Worst case scenario, the authorities will reject your accounting work and taxable amounts will be estimated. To avoid this, many companies rely on a certified ECM system like Doxis that ensures audit-proof archiving and fulfills domestic accounting guidelines, tax laws and auditing standards, e.g. GoBD, IDW PS 880, etc. With a certified ECM system in place, you have the security of knowing not only that tax-relevant documents are immutable and complete, but that you can also prove this in an audit. Who’s afraid of the auditor now?!

Protect data, build trust

Of course, the secure storage of information is one major concern for companies – another is the matter of how to protect personal data. The EU General Data Protection Regulation (GDPR) went into effect in May 2018, making data privacy a priority for every business, if it wasn’t one already before. Which personal data has to be protected? And how? Can your company guarantee that personal data is deleted upon request? An ECM system with the appropriate certifications can guide your company here, as it stores, processes and traceably deletes personal data in compliance with the EU GDPR.  This builds trust among your customers, partners and employees, who can be rest assured that their data is in safe hands. Although challenges may arise when you have to comply with conflicting legal requirements, e.g. when retention periods keep you from deleting information, a storage and deletion concept can help to circumvent this (more on this topic on page xx).  The technical and organizational prerequisites for the implementation of such a concept are fulfilled with an ECM platform such as Doxis. If properly used, companies can manage all information in a way that demonstrates compliance with data protection laws.

A solid foundation for business relationships

Norms and standards, e.g. regarding production, play a very important role not only in the public sector, but also among pharmaceutical, food and industrial companies. In such regulated sectors, companies face numerous country-specific compliance hurdles. In the United States, for example, the FDA requires that the food and drug industries comply with Part 11, Title 21 of the Code of Federal Regulations regarding electronic recordings and signatures. The MoReq2010 are European records management requirements for public administrations. In Russia, the GOST standard is a quality and security norm placed on domestic products. The list goes on. Finding a business partner in these countries will be feasible if your company can accomplish three things: one, manage and protect information according to domestic requirements, two, maintain production and data processing records with the right software, and, three, meet local quality standards. Before customers or investors sign a business agreement, you first have to demonstrate that your company fully complies with the local and industry requirements. An ECM platform such as Doxis, with its extensive list of certifications for both international and domestic norms and standards, can give you the assurance you need to expand your business internationally. When entering a new market, you are prepared for the local information management requirements and can prove this with ECM certificates.

Internationally recognized

As if country-specific norms and standards aren’t enough to fulfill, companies also have the challenge of meeting international requirements. The International Organization for Standardization (ISO) is the most well-known publisher of countless standards for a wide range of industries. When it comes to information management, for instance, ISO 16175-2 is a widespread standard. It describes the principles and functional requirements for records in digital business operations. The specifications regarding the design and operation of information systems for security electronic documents, ISO 14641-1:2012-02, are also relevant in this context. They pose a number of organizational procedures and technical requirements for capturing, storing and accessing electronic documents. For companies that operate on an international scale, the fulfillment of these and other international norms and standards is a must. Those who meet international requirements will have a competitive edge in the global market. That’s why it's definitely worth checking the certifications for ISO standards and more when selecting an ECM software solution.

Added security

Laws, norms and standards don’t just apply to information from your own ECM system, but also to information that comes from outside of it. Companies need a way to securely manage documents and data that come from third-party systems. Doxis is an integrative platform that incorporates information from business applications such as SAP, Microsoft and more. Vendor-certified interfaces ensure that the communication between the systems and the ECM platform runs securely.

No matter in which industry or country you do business, there is no getting around the topic of compliance.  To find the right ECM software for your company, however, look for certified software that will enable you to meet laws, norms and standards and ensure the validity of your information.

You might also be interested in

The latest digitization trends, laws and guidelines, and helpful tips straight to your inbox: Subscribe to our newsletter.

How can we help you?

+49 (0) 30 498582-0
Please add 9 and 2.

Your message has reached us!

We appreciate your interest and will get back to you shortly.

Contact us