What exactly is audit-proof archiving?

Audit-proof archiving is a term that every manufacturer of storage and archiving systems likes to claim as their own. But what exactly makes an archive audit-proof?

What characterises an audit-proof archive?
What characterises an audit-proof archive?

By definition, audit security primarily refers to information and documents that must be retained or are worthy of retention and that must be held for the legislator, and here especially the tax authorities, for a set period of time in accordance with a wide variety of directives. In various laws and regulations, legislators define time periods for how long certain information must be kept.

Although the archiving systems used should comply with the requirements of the German Commercial Code (§§ 239, 257 HGB), the German Fiscal Code (§§ 146, 147 AO), the Principles for the Proper Keeping and Retention of Books, Records and Documents in Electronic Form and for Data Access (GoBD) and other tax law and commercial law requirements, the requirements formulated there, which are rather vague, can be interpreted very broadly.

In a nutshell, the documents may only be stored in an unchangeable form, similar to a printed document, an invoice or a delivery note which, once created, is stored in the file folder in the archive. With electronic files, of course, one is always faced with the problem that with a certain amount of criminal energy, any file can be changed as long as the data carrier allows it.

How complicated the topic of archiving is becomes clear when taking a closer look at the data sources and all the rules, because while, for example, accounting-relevant data remains virtually untouchable, the legislator explicitly demands deletability or modifiability for other data via the DSGVO.

Most archive providers achieve revision security by applying encryption algorithms over their storage systems, which set the files in the file system to "read only". With these "SoftWORM"* based solutions, the write-protected files are then stored on hard disks or tape drives. Depending on the storage obligation, however, one quickly encounters technological limits here, because no hard drive or tapes survive the 10 years required by the authorities. With these storage media, the first migration must usually take place after 5 years, in which the data is then copied onto new data media. Although it is possible to protect the files again separately via PDF/A, this is not practicable for all applications that need to be able to create or re-read archive files.

By definition, true audit-proof archiving can therefore only take place on a write-once "trueWORM"* data carrier, such as Blu-ray. The data written to the optical medium can no longer be physically changed and the extremely long media shelf life of up to 100 years means that data migration for the legal retention periods is no longer necessary.

With the StorEasy WormAppliance, INCOM offers a hybrid system that combines the advantages of both worlds. While hard disks with high access speed keep the data protected via a SoftWORM system, the data is mirrored on optical media, which can then be stored safely in the safe or a separate fire protection section without consuming energy.

Are you interested in long-term data storage for your archive data? Contact us and our storage experts will advise you further.

* WORM stands for Write Once Read Many and is synonymous with physically unchangeable storage of data on optical media.