Most enterprises already have one or several solutions for storing electronic data and documents. However, those systems might not meet compliance requirements for storing original electronic invoices and similar legally critical documents.
Here is a brief guide to some of the prominent international requirements for acquiring a compliant e-archiving system. The full guide is available here.
Regulatory monitoring and change-management are critical for adjustments as mandates shift.
Well-maintained documentation of archive systems and processes is key for surviving audits.
Strong logical separation of business departments
The system should be able to restrict auditor access to just one specific business operation.
Audit search criteria
Auditors need to be able to search on both key mandatory fields and country-specific criteria.
As with any system, security prevents loss, destruction, corruption, or change of stored data.
Long-term archive preservation in Italy and Hungary
Both countries have strict mandates regarding treatment and storage of invoices.
Getting rid of an archiving service shouldn’t involve leaving sensitive information exposed.
Integrity and authenticity evidence features
Auditors should be able to confirm the validity of an invoice by using a signature validation tool.
The system must retain invoices for the required period of time while also upholding privacy law.
Audit access rights
A business unit must be able to create and remove exclusive auditor access rights to its archive.
The system must comply with laws for physical storage location of invoices in some countries.
The archive must enable a business to provide printed invoices to auditors upon request.
Conversion to mandatory audit formats from archive
The archive must accommodate requirements for presenting an invoice in a specified format.
Viewer for different structured formats
Auditors need to be able to view XML invoices in a format that is readable to humans.
Italian archive delegation documentation
The archive service should include template documentation to comply with Italian law.
Businesses need a chief privacy officer to protect the rights of data owners.
Tax audit-oriented interface
The archive service should include a GUI tailored for use by a tax auditor.
Attachment upload per invoice
Business attachments such as contracts should be logically associated with archived invoices.
Outside undue law enforcement access
Archives should be accessible by intelligence agencies only as the result of due process.