Documente Academic
Documente Profesional
Documente Cultură
ABSTRACT:
It is widely understood that a chain of custody record must be maintained for corporate information as it is transferred between the various information management shareholders; what is less understood, is the importance of demonstrating that the chain of custody has not been breached and that measures are in place to ensure that any breaches are detected. In the past, information has only been considered lost when someone required it, looked for it and couldnt find it. While corporate governance laws such as Sarbanes-Oxley and privacy laws such as HIPAA are not prescriptive in their mandating of information management practices, they are clear in their definition of who bears the responsibility for information loss and disclosure. This white paper discusses how Chain of Custody Transaction Certification provides a critical framework for information management best practice and compliance.
Introduction
Increasingly, it is being recognized that information, and more importantly access to information is the differentiator between failure and success. The recipe for resilient success is now understood to be more than simply being at the right place at the right time; to be successful one must be at the right place at the right time, with the right understanding and the right information. Information is the building block for knowledge, and therefore any loss of information is a severe risk to the potential of all future success. For a number of reasons, ranging from information protection to information disclosure (agreed or required), information is transferred between stakeholders. As these transactions occur, it is critical that a complete chain of custody record be maintained, and that quality control mechanisms are in place to ensure the chain of custody record is accurate and reflective of reality. While the mechanisms for establishing a chain of custody framework are nothing new, these mechanisms have been traditionally built upon the flawed premise that information is not lost unless it cannot be found. This very definition of loss is not consistent with the original objectives of establishing a chain of custody. Chain of Custody Transaction Certification (CCTC) inverts the contemporary nature of a chain of custody, in that it places a burden of proof upon each stakeholder in the chain of custody to make representations that they have taken ownership of each individual item. The effect of CCTC is to conservatively redefine loss as anything which has not been accounted for, rather than simply what has been searched for and cannot be located. In addition to redefining the terms of loss, CCTC provides a formal mechanism for chain of custody quality control and most importantly a trigger for the immediate resolution of loss.
On an agreed schedule: 1. The information Owner provides a complete inventory of all certifiable items, along with who should be in custody of each item to the Certifier. 2. The Certifier creates a list of items whose custody differs from the previous certification period. 3. The Certifier sends an electronic document that is digitally signed with the Certifiers digital certificate to each of the information Custodians, listing all items they are to return and all items they are to take custody of. 4. After an agreed period all information Custodians provide a complete list of all items they have in their possession to the Certifier. 5. Based upon the representations made by the Custodians to the Certifier, if all items held by the Custodian correspond with the directives of the Owner, the Certifier will issue a digitally signed electronic certificate document to the Owner and each of the Custodians. 6. In the event that a certificate cannot be issued, the Custodian will be issued a detailed formal explanation for denial of certification and given an agreed period of time to represent that they have remedied the identified problems. 7. If the Custodian fails to obtain certification the Certifier will issue a Notice of Intent to Certify Loss to the Custodian and the Owner giving the Custodian an opportunity to remedy their representation of custody. 8. If the Custodian fails to remedy the problem in their representation of custody the Certifier will issue a Certificate of Loss to both the Owner and Custodian.
About GazillaByte
GazillaByte LLC is based in Colorado USA where it develops and supports its flagship TapeTrack tape management software. Today TapeTrack is used by over 4000 enterprises around the world. These companies range from the top of the Fortune 500 through to newly created technology companies that you are yet to hear of. To learn more about TapeTrack, visit the product website at www.tapetrack.com, or call GazillaByte LLC on +1-720-583-8880 to organize a free 90 day no obligation trial of our unique technology.