Papers out, files in; replacement of hard copies with softcopies is a significant and necessary fallout of work from home. For company secretaries responsible for maintaining secretarial records, it is a critical choice, since a legally valid document is the only evidence of corporate decisions. Given its criticality, Rule 27 and 28 of the Companies (Management & Administration) Rules, 2014 defines the features of a legally valid electronic record in corporate law.
We have formulated five simple questions that enables you to assess the validity of your electronic records. Please note, you have to answer not one, but each and every one of these five questions in affirmative. Further a few other criteria need to be met, but it is highly probable that you will meet them if your answer is affirmative to these five questions. Ready to take the test to know where you stand?
- Are your electronic records protected from unauthorized access to prevent unauthorized alteration or tampering?
The software you use to create and update the electronic records should have access control that restricts access only to the authorized users. Further the software should also have the feature to have an audit trail of who created or modified the records along with the date and time of such action.
- Are adequate systems in place to protect your electronic records against loss due to damage or failure of the media on which it is maintained?
While it is prudent and sensible to have Business Continuity Process (BCP) and Disaster Recovery Plans (DRP) in place for your electronic records, the company law rules mandates for daily data backup of your records along with evidence of the daily data backup.
- Are your electronic records capable of being accessed and reproduced accurately for reference later?
Electronic records need specific software and operating systems to create, access and reproduce the files originally created. However with file forms like pdf (portable document format), all the required software and fonts to access and reproduce the files is embedded in the document file itself, giving files like pdf the ability to view and generate out put in formats created without any external dependence.
- Are your computer systems, software and hardware adequately secured and validated to ensure their accuracy, reliability and consistent intended performance?
The software and hardware used to create and store the electronic records should be adequately secured and validated to ensure accuracy, reliability and consistent intended performance. As the word ‘adequately’ is used, a prudence approach would be to have a software that is certified for security and availability using accepted standards like ISO 27001 and ISO 27017.
- Are your records capable of being dated and signed digitially?
Class 2 and Class 3 digital signatures as defined in the Information Technology Act, 2000 are the approved modes for signing digitally. In Class 2 -the identity of the individual is verified with recognized consumer data bases and in Class 3, personal appearance is needed, before the certifying authorities issue the digital certificates.