Info

DigiStamp provides some thoughts on the subject of data authentication below that may help you. Additional web resources on this subject are here. The DigiStamp customers have traditionally used our services for external witnessing of their electronic data - proof of the What and When. More recently, our customers use our service to authenticate the chain of custody for medical testing records. A primary value to the customer is that our software works with the existing electronic documents and business process - making the transition to authentic electronic records easier to manage. Our API toolkit is used to easily automate the process of applying an electronic notary type transaction to the daily collections of all data. Our technology does not enforce the privacy of medical record, but it can help to prove that your business process is being followed and that your internal records are authentic. Is a third-party time stamp for proving authentic records required in order to fulfill regulatory requirements? Our service may help in passing regulatory inspection but is usually not required. The technology of digital signatures is far superior to what is described in the basic regulatory requirement. So generally, an external witness to your electronic data is not required by the regulations. You would need an external time stamp if you perceive some additional legal risk and you need external proof that your data is authentic. The external or third-party time stamp proves that people within your organization did not alter nor backdate electronic data. For example, your system administrators under duress from the CEO cannot tamper with our time stamp or use an employee's password or backdate an altered system log file. Are digital signatures required for auditing the actions of people who use electronic records? No, overall, it appears that existing system login procedures may be adequate to fulfill the regulatory requirements. In this approach, there is assumed trust of the company and the company's internal system administrators. You would consider using digital time stamps and signatures if you perceive these types of risks:You need to prove the authenticity of the records of your company or to avoid the risk that an external party would claim that there was collusion within the company to alter their records. Password-based authentication systems are designed so that an employee's password is stored in multiple locations; the system administrators commonly have access to the employee's password. Alternatively, when an employee creates a digital signature, only that employee has the private key. Having the single key in the sole possession of the employee avoids the potential risks of someone with administrator privileges using the employee's password and compromising the audit trail. Digital signatures standards have been designed with strong non-repudiation qualities. You would consider using digital time stamps and signatures if you perceive these types of values:You value a workflow improvement that ties employee actions directly to the electronic document and can flow with the document. You need to have standard signature qualifiers, such as counter and multiple signatures, receipt, approval, or originator. You want to communicate documents outside your organization with industry standard signatures and independent proof of authenticity.