Trusted Systems

In 2012, California adopted regulations that require state agencies to employ a trusted system for maintaining all electronic records created or stored as an official record. The State of California defines a trusted system as, “a combination of techniques, policies, and procedures for which there is no plausible scenario in which a document retrieved from or reproduced by the system could differ substantially from the document that is originally stored.” (Source: California Government Code 12168.7(c))  

The aforementioned is achieved through a combination of incorporated technology and documented procedures regarding the plan, development and execution of the system.

Why a Trusted System?

Agencies that wish to destroy paper documents and rely solely on electronic versions will need a trusted system in place. A trusted system certifies that electronically stored information (ESI) is an authentic copy of the original document or information.  An agency may choose to eliminate paper due to lack of storage space and improve speed and efficiency of processing documents with faster access based on electronic versions of documents.  

Given the relative ease one can manipulate an electronic record, a trusted system is crucial for ensuring official records are non-alterable. At the minimum, an agency has a responsibility to ensure that their records are safe and secure, but litigation issues should also be considered. Electronic documents presented in a court of law will need to be proven as authentic to serve as evidence.  

What is Required of a Trusted System?

A trusted system must include an avenue for maintaining at least two separate copies of an electronic resource. A combination of proper hardware and media storage techniques are necessary to prevent any unauthorized additions, modifications, or deletions to a document. A trusted system must also stand up to the rigors of an independent audit process that ensures that no plausible scenario for altering documents is feasible. Lastly, a trusted system requires that at least one copy of a stored electronic document or record is written that does not permit any unauthorized alterations or deletions and is stored and preserved in a separate and safe location.  

Achieving a Trusted System

The task of establishing a trusted system is one that should not rest solely on an agency’s records manager. Establishing a trusted system requires support from an agency’s management and information technology department. The task requires the involvement of many parties because a trusted system is not simply putting the proper technology in place but also requires an organization to document policies and procedures that provide for proper electronic record handling and processing.