Digital Witness Statement Evidential Authenticity Standards
|
|
- Vernon Young
- 8 years ago
- Views:
Transcription
1 Digital Witness Statement Evidential Authenticity Standards Version: 2.1 Publication Date: 26/06/2014 Description: Author: The standards and associated tools required to create, transport and store a Digital Witness Statement (DWS) with sufficient evidential authenticity and integrity. Paul Filby For more information regarding this standard, please contact: openstandards@homeoffice.gsi.gov.uk Crown copyright 2014 This information is licensed under the Open Government Licence v2.0. To view this licence, visit or write to the Information Policy Team, The National Archives, Kew, Richmond, Surrey, TW9 4DU. DWS Evidential Authenticity Standards v2.1 Page 1 of 10
2 Change control Version Date Record of change Author /11/2013 Initial Draft Paul Filby /02/2014 Amendments following peer review Paul Filby / Mark Osborne / John Hughes /02/2014 Amendments following peer review Paul Filby / Mark Osborne / John Hughes /04/2014 Signed off Version Paul Filby /05/2014 Final Version Paul Filby /06/2014 Released under the Open Government Licence Mark Osborne/ Peter Barden Controlling documents Description Revision Digital Witness Statement Business Process V 1.1 Legal Guidance on digital working across Criminal Justice System October 2012 DWS Evidential Authenticity Standards v2.1 Page 2 of 10
3 Document Set This document forms part of a set of documents defining the requirements for an EWS application. The documents must be used and implement as one. They are:- Description Revision Digital Witness Statement Business Process V 1.1 DWS Evidential Authenticity Standards v2.1 Page 3 of 10
4 Summary The standards and associated tools required to create, transport and store a Digital Witness Statement (DWS) with sufficient evidential authenticity and integrity are well established and feasible to implement and use. To prove the chain of authenticity of a DWS requires a secure hash to be created for the entire witness statement. This will provide the capability for ensuring integrity of the statement. Additionally, a signing process is the preferred method of providing authenticity to the witness statement. By providing these it will be possible to verify that the witness statement has not been tampered with and has originated from a recognised source. It is both feasible and practical to apply the technical solution for integrity and authenticity in a standalone solution using free and open-source tools that implement industry standards, with content versioning presenting the most likely area for bespoke development. These technical features could provide an affordable and compliant solution for evidential weight and legal admissibility. Terms Used In this section there are four commonly used terms. They are must, recommended, should and could. For clarity in the rest of this document these mean:- Must / Required o This is used when the process or functionality is mandatory and its absence will mean non compliance with the standard Recommended or Should o Could o This is used when the process or functionality is highly desirable and although not mandated its exclusion would be the exception and cause for justification This is used where the process of functionality is suggested and would enhance the application. DWS Evidential Authenticity Standards v2.1 Page 4 of 10
5 Key Requirements 1: that the industry standard secure hash algorithm SHA-256 must be used for the purposes of witness statement integrity. 2: the witness must be fully aware of the implications of signing. 3: the mechanism for proving a document must be agreed by the National Prosecution Team. 4: where vector representations of signatures are used, these shall use open standards and must also include a simple image of the signature. Note: SHA-256 is a cryptographic hash function used to determine whether data has been accidentally or intentionally altered. Designed by the U.S. National Security Agency. DWS Evidential Authenticity Standards v2.1 Page 5 of 10
6 Current position These technical standards for DWS have been developed following feedback from EWS users, other Police forces and the CPS. They specifically detail: 1. Platform agnostic technical standards and/or solutions required to support the creation, transport and storage of witness statements; 2. Methods for proving the chain of authenticity of witness statements for evidential use; The standards provided within this document will support the creation of an information management policy required to demonstrate compliance with the code of practice for legal admissibility and evidential weight of information transferred and stored electronically. The following assertions are made on the current paper based wet-signature process and their part in establishing integrity and authenticity. 1. Paper based statements are entered into a computer system (by scanning handwritten statements or typed directly). This electronic version is not the master statement and wet-signatures replaced with typed text. These electronic copies are typically those used in court and their authenticity is never challenged as the signed paper version is regarded as the authentic master copy. 2. Each page of the paper statement has a witness signature and, possibly, a witnessed-by signature. The requirement to record the witnessed-by signature is determined by local policy. 3. The signature at the bottom of each page is there for the purpose of authenticity where a statement may span pages. 4. A witness signature, and possibly an Appropriate Adult signature, is required for witness consent purposes. 5. The signature captured is used to evidence the witness acceptance that the entire statement is accurate (authentic) and duplicating the signature after the last word of the statement provides integrity. This document contains the following sections: 1. Proving the chain of authenticity of a witness statement. 2. Versioning 3. Transfer and Storage 4. Location and Mobility DWS Evidential Authenticity Standards v2.1 Page 6 of 10
7 1. Proving the chain of authenticity of a witness statement There are a number of criteria to sufficiently protect a digital document throughout its life. These are access, authorisation, accountability, integrity, authenticity and nonrepudiation. This document focuses on integrity (how do you know if the statement has been changed), authenticity (how do you know where the document came from) and non-repudiation (can the witness deny signing the document). Integrity To maintain the integrity of a digital document a secure hash, essentially a fingerprint for a file, must be created. The SHA-256 algorithm 1 must be used. This is an official standard with an open specification and publically available test suites. This is consistent with the integrity solution being applied to digital interview recordings. With a hash integrated into the original digital document, a recipient can determine if the message was altered by recalculating the hash and comparing the result to the attached hash. The value generated is one-way, you cannot determine what the text is from the code, and it is significantly different even for minor changes to text as illustrated below. The hash values created will be collision resistant/unique. Test case This is the original text that we need to ensure is versioned. This is the updated text that we need to ensure is versioned. SHA-256 hash value ae0039cf404404b5aa541c d1df bf145009b134f6847d 5b000af7f8ceff3588c68f2ec51fd5b81d1a e4b4c6e57fa986a1ff4 Digital document integrity is not technically complex and achievable in short timeframes. SHA-256 is a FIPS approved hash algorithm. SHA-256 is generally recommended for high-security applications and is required here for consistency with the technical approach of the file integrity standard for digital interviewing. Typically MD5 or SHA1 would be used for file integrity and authenticity purposes. These algorithms must not be used for digital witness statements. The digital interview process takes the approach that, at the conclusion of the interview, the hash-value is displayed and made available to the interviewee to assure authenticity. This process mirrors the existing procedure which makes a copy of the tape available. It is not recommended that witness statements follow the same model. Statements can be taken anywhere, without access to printers, and handwritten (or SMS or messages) are not considered to significantly add to the authenticity of the statement. Requirement 1: that the industry standard secure hash algorithm SHA-256 must be used for the purposes of witness statement integrity. 1 SHA-256 is a cryptographic hash function used to determine whether data has been accidentally or intentionally altered. Designed by the U.S. National Security Agency. The SHA-2 family of algorithms is patented in US The United States has released the patent under a royalty-free license. DWS Evidential Authenticity Standards v2.1 Page 7 of 10
8 Authenticity To prove the authenticity of an electronic document the source of the document needs to be proven. Ideally that source would be linked to an identifiable individual via a smartcard, but could also be achieved by authenticating the device used to send the data and relying on that device to authenticate the individual. In either case, it is recommended that system should integrate with a police force authentication regime (i.e. Active Directory) when identifying who the individual taking the statement is. The authentication technique must be active at the point of capture of the statement. Signatures To achieve authentication to an identifiable individual entity (be that a person or a device), it is a requirement that a process for incorporating or associating a signature is used. The signature capture process and resulting product are of equal importance and should reflect the sequence of events leading to the document being signed. Prior to signing the witness should be instructed how to independently review the document. Any requested changes being made immediately. On presenting the device for signature capture the witness should be informed that: The entry made will be incorporated into or logically associated with this statement. By making an entry here you are agreeing to the following declaration which is also within the statement:- o This statement (consisting of x pages(s) each signed by me) is true to the best of my knowledge and belief and I make it knowing that if it is tendered in evidence I shall be liable to prosecution if I have wilfully stated in it anything which I know to be false, or do not believe to be true. Be warned that after an entry is made no alterations can be made and amendments will require a further statement. Should digital signatures be used as part of the implementation, then as with hash-value created for integrity purposes, the resulting digital signature should be stored alongside the original file. The above should be considered the minimum standard to be applied and more advanced methods of signature capture should be encouraged. Requirement 2: Witness will be made fully aware during the signing procedure of how, why, where the signature is used and the overall importance of the signature. Once a signature has been obtained the document sealed and no amendments will be made. NOTE: Should digital signatures be used as part of the implementation then personal certificates can be held on smartcards, or on the device. Requirement 3: Where vector representations of signatures are used, these shall use open standards and must also include a simple image of the signature. DWS Evidential Authenticity Standards v2.1 Page 8 of 10
9 2. Versioning When completing a statement as in any other part of an investigation the Criminal Procedures and Investigation Act 1996 must be considered in respect of the pre-trial disclosure to the defence. The issue of disclosure is an integral part of a Student Officer training and is emphasised in a number of areas and reinforced during the module on statement taking. The use of a DWS does not change or remove the need to use notes as part the statement taking process. They must be retained and disclosed as unused material as per CPIA and the local process. This is a formal part of Student Officer training nationally. It is the responsibility of the officer taking the statement to disclose to the CPS any items of inconsistently which occur during the investigation. Should inconsistencies be identified by an officer during the taking of a statement they will inform the CPS. During the recording of the statement the content should be considered an incomplete document capable of being added to, changed and deleted. At the point of signing where the opportunity to correct, alter or add has taken place and the content of the declaration been viewed versioning should take place and the document then referred to as a record. This record is now the Original or Master statement. 3. Transfer and Storage Consideration could be given to the implementation of the BS Evidential Weight and Legal Admissibility of Digital Evidence; however this does not guarantee legal admissibility of digital documents. The Legal Guidance of October 2012 clearly states Creation Any doubts as to the provenance, authenticity or integrity of a digital document containing a digital signature would need to be tested in the same way that they would be tested in respect of a traditional wet signature on paper by the calling of relevant evidence. All witness statements, irrespective of their format, must have a SHA-256 secure hash value associated with it at the point of completion and submission. Any compound data in the witness statement such as an image of the hand-written witness signature must be treated as a separate object and a hash-value associated with it. Hash-values of image signatures must also form part of the calculation of the overall hash-value of the witness statement. Transport The basis for compliance is met by implementing the integrity and authenticity advice provided in section 1. Data transfer should be controlled by application software and incorporate a file integrity check mechanism. Transfer should also incorporate a mechanism to ensure files are from authorised sources. To ensure the authenticity of the date and time of the transfer and receipt the data must be obtained and applied by the system and not entered by the officer. To ensure DWS Evidential Authenticity Standards v2.1 Page 9 of 10
10 accuracy the device used to record the statement must have been sufficiently synchronised with a trusted time source. Sender and recipient authentication requirements can be met by appropriate articulation that the sender (officer) and recipient (Force staff, courts) are trusted entities. Storage The authenticity of the witness statements should be established when importing them into an information/records management system. This is achieved by either providing a hash-value or digital signature of the document when it was created and being provided along with the statement. Storage of digital witness statements must be accompanied by associated metadata. This must include agreed document format, time and date stamps, sender and recipient details, checksums and hash-value or digital signatures. Files that can be self-modifying, such as those containing macros must be avoided as it will be difficult to assess the evidential weight if changes to the file are saved. Macros and/or code would be acceptable providing dynamic content is not generated, for example, date changes when the document is opened for reading. 4. Location and Mobility An important aspect to consider when deciding on the appropriate solution is where the witness statement could be taken. Some locations or areas on the United Kingdom do not have appropriate mobile connectivity; therefore all solutions should be capable of operating in a standalone configuration. Standalone options tend not to be web-based applications due to the restrictions on saving data to the client. While it would be possible to have a standalone web-based application they are likely to introduce platform specific aspects. When the HTML5 standard is fully supported by modern-browsers a standalone and platform agnostic web-based application for witness statements may be possible and should be a consideration for the future. For standalone systems the management of stored data that is at rest on the client capture device becomes a key requirement. All devices must download any unsubmitted signed witness s statements as soon as connectivity is achieved. Once synchronised the stored data will be delete from the device. Data at rest on the capture device and other aspects of mobile security should follow general best practice on the use of mobile devices and local policies and procedures applied by the Information Security Officer. DWS Evidential Authenticity Standards v2.1 Page 10 of 10
Revised Code of Practice for Disclosure and Barring Service Registered Persons. November 2015
Revised Code of Practice for Disclosure and Barring Service Registered Persons November 2015 Revised Code of Practice for Disclosure and Barring Service Registered Persons Presented to Parliament pursuant
More informationElectronic Commerce ELECTRONIC COMMERCE ACT 2001. Act. No. 2001-07 Commencement LN. 2001/013 22.3.2001 Assent 14.3.2001
ELECTRONIC COMMERCE ACT 2001 Principal Act Act. No. Commencement LN. 2001/013 22.3.2001 Assent 14.3.2001 Amending enactments Relevant current provisions Commencement date 2001/018 Corrigendum 22.3.2001
More informationHow encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and
How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and non-repudiation. How to obtain a digital certificate. Installing
More informationGuide 4 Keeping records to meet corporate requirements
Guide 4 Keeping records to meet corporate requirements This guidance has been produced in support of the good practice recommendations in the Code of Practice on Records Management issued by the Lord Chancellor
More informationMANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s
More informationCoSign for 21CFR Part 11 Compliance
CoSign for 21CFR Part 11 Compliance 2 Electronic Signatures at Company XYZ Company XYZ operates in a regulated environment and is subject to compliance with numerous US government regulations governed
More information(b) Why do you believe that those documents relate to a matter relevant to the investigation?
APPLICATION FOR SEARCH WARRANT (Criminal Procedure Rules, rule 47.31; section 2, Criminal Justice Act 1987) Use this form ONLY for an application for a search warrant under section 2 of the Criminal Justice
More informationIdentity Cards Act 2006
Identity Cards Act 2006 CHAPTER 15 Explanatory Notes have been produced to assist in the understanding of this Act and are available separately 6 50 Identity Cards Act 2006 CHAPTER 15 CONTENTS Registration
More informationProfession Practice Advice for the Profession
Profession Practice Advice for the Profession The Society has recently introduced Smartcards for the Scottish legal profession. If you have queries in relation to the administrative process for obtaining
More informationTrustis FPS PKI Glossary of Terms
Trustis FPS PKI Glossary of Terms The following terminology shall have the definitions as given below: Activation Data Asymmetric Cryptosystem Authentication Certificate Certificate Authority (CA) Certificate
More informationChap. 1: Introduction
Chap. 1: Introduction Introduction Services, Mechanisms, and Attacks The OSI Security Architecture Cryptography 1 1 Introduction Computer Security the generic name for the collection of tools designed
More informationNotebook guidance Valid from 23 January 2014
Page 1 of 23 Notebook guidance version 6.0 Valid from 23 January 2014 Checking s completed s Lost or stolen s How s can be This guidance provides information on how Home Office immigration enforcement
More informationELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION
ELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION This can be a complex subject and the following text offers a brief introduction to Electronic Signatures, followed by more background on the Register of
More informationArticle. Robust Signature Capture Using SigPlus Software. Copyright Topaz Systems Inc. All rights reserved.
Article Robust Signature Capture Using SigPlus Software Copyright Topaz Systems Inc. All rights reserved. For Topaz Systems, Inc. trademarks and patents, visit www.topazsystems.com/legal. Table of Contents
More information1 L.R.O. 2001 Electronic Transactions CAP. 308B ELECTRONIC TRANSACTIONS
1 L.R.O. 2001 Electronic Transactions CAP. 308B CHAPTER 308B ELECTRONIC TRANSACTIONS ARRANGEMENT OF SECTIONS SECTION PART I Preliminary 1. Short title. 2. Interpretation. 3. Non-application of Parts II
More informationInformation Security Basic Concepts
Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,
More informationElectronic and Digital Signatures
Summary The advent of e-government and e-services has changed the way state agencies and local government offices do business. As a result, electronic systems and processes have become as important as
More informationIY2760/CS3760: Part 6. IY2760: Part 6
IY2760/CS3760: Part 6 In this part of the course we give a general introduction to network security. We introduce widely used security-specific concepts and terminology. This discussion is based primarily
More informationDerbyshire Constabulary GUIDANCE ON THE ISSUE OF TRAFFIC OFFENCE REPORTS AND VEHICLE DEFECT RECTIFICATION SCHEME POLICY REFERENCE 05/035
Derbyshire Constabulary GUIDANCE ON THE ISSUE OF TRAFFIC OFFENCE REPORTS AND VEHICLE DEFECT RECTIFICATION SCHEME POLICY REFERENCE 05/035 This guidance is suitable for Public Disclosure Owner of Doc: Head
More informationLAW FOR THE ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE. Chapter two. ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE
LAW FOR THE ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE Prom. SG. 34/6 Apr 2001, amend. SG. 112/29 Dec 2001, amend. SG. 30/11 Apr 2006, amend. SG. 34/25 Apr 2006, amend. SG. 38/11 May 2007 Chapter one.
More informationStaff Investigation Protocol
Version: 3.0 Document author(s): Stuart Selkirk Approved by: Executive Partnership Forum Date approved: 17 July 2014 Review date: 30 September 2016 Document scope: Trust-wide Version History Log Use this
More informationAn Act to provide for the facilitation of the use of electronic transactions and signatures and for related matters.
Electronic Transactions and Electronic Signatures Act Act No. [ ] of [ ] An Act to provide for the facilitation of the use of electronic transactions and signatures and for related matters. ENACTED by
More information[SECURE ZONE REG1.WESTMOUNTCHARTER.COM] Westmount Charter School. Family Zone Reference Extended
2014 Westmount Charter School Family Zone Reference Extended The Family Zone was launched on March 6, 2008 to all families of Westmount Charter School. This reference is mainly to help new users quickly
More informationComplying with the Records Management Code: Evaluation Workbook and Methodology
Complying with the Records Management Code: Evaluation Workbook and Methodology Page 1 of 110 Crown copyright 2006 First edition published February 2006 Author: Richard Blake The National Archives Ruskin
More informationFixity Checks: Checksums, Message Digests and Digital Signatures Audrey Novak, ILTS Digital Preservation Committee November 2006
Fixity Checks: Checksums, Message Digests and Digital Signatures Audrey Novak, ILTS Digital Preservation Committee November 2006 Introduction: Fixity, in preservation terms, means that the digital object
More informationNOTICE OF THE POWERS TO SEARCH PREMISES AND OF THE RIGHTS OF OCCUPIERS UNDER SECTION 194 OF THE ENTERPRISE ACT 2002 ( THE ACT )
NOTICE OF THE POWERS TO SEARCH PREMISES AND OF THE RIGHTS OF OCCUPIERS UNDER SECTION 194 OF THE ENTERPRISE ACT 2002 ( THE ACT ) Subject matter and powers [In this notice, references to an officer or officers
More informationOB10 - Digital Signing and Verification
Global Headquarters 90 Fetter Lane London EC4A 1EN Tel: +44 (0) 870 165 7410 Fax: +44 (0) 207 240 2696 OB10 - Digital Signing and Verification www.ob10.com Version 2.4 March 2013 Summary In order to comply
More informationThe legal admissibility of information stored on electronic document management systems
Softology Ltd. The legal admissibility of information stored on electronic document management systems July 2014 SOFTOLOGY LIMITED www.softology.co.uk Specialist Expertise in Document Management and Workflow
More informationREPUBLIC OF LITHUANIA. LAW ON ELECTRONIC SIGNATURE
REPUBLIC OF LITHUANIA. LAW ON ELECTRONIC SIGNATURE CHAPTER I. GENERAL PROVISIONS... 1 ARTICLE 1. Purpose of the Law... 1 ARTICLE 2. Basic Definitions of this Law... 2 CHAPTER II. SIGNATURE CREATION, VERIFICATION,
More informationU.S. DEPARTMENT OF EDUCATION
U.S. DEPARTMENT OF EDUCATION STANDARDS FOR ELECTRONIC SIGNATURES IN ELECTRONIC STUDENT LOAN TRANSACTIONS April 30, 2001 (Revised as of July 25, 2001) PURPOSE This document establishes standards regarding
More informationVictim Personal Statement. Procedure
Victim Personal Statement Procedure Reference No. P15:2001 Implementation date and version number 6 th Sept 2010 (Version 1.7) Overarching Dorset Policy Linked document Reference No / Name. P04-2007 Vulnerable
More informationApple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc.
Apple Inc. Certificate Policy and Certification Practice Statement Version 2.0 Effective Date: April 10, 2015 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2. Table of acronyms... 4 1.3.
More informationMapping the Technical Dependencies of Information Assets
Mapping the Technical Dependencies of Information Assets This guidance relates to: Stage 1: Plan for action Stage 2: Define your digital continuity requirements Stage 3: Assess and manage risks to digital
More informationChapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012
Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All
More informationROAD TRAFFIC COLLISION - SELF REPORTING SCHEME
Rev 02/15 ROAD TRAFFIC COLLISION - SELF REPORTING SCHEME Please read these notes carefully. The purpose of this form is to reduce the inconvenience to you. Police staff are sometimes not immediately available
More informationSSLPost Electronic Document Signing
SSLPost Electronic Document Signing Overview What is a Qualifying Advanced Electronic Signature (QAES)? A Qualifying Advanced Electronic Signature, is a specific type of digital electronic signature, that
More informationDissecting Electronic Signatures for the Life Sciences
Vol. 12, No. 1, January 2016 Happy Trials to You Dissecting Electronic Signatures for the Life Sciences By Robert Finamore and John Harris Electronic signatures (e-signatures) can save substantial time
More informationLAWS OF BRUNEI CHAPTER 194 COMPUTER MISUSE ACT
LAWS OF BRUNEI CHAPTER 194 COMPUTER MISUSE ACT S 65/00 REVISED EDITION 2007 B.L.R.O. 3/2007 CAP. 194] LAWS OF BRUNEI Computer Misuse [2007 Ed. p. 1 LAWS OF BRUNEI REVISED EDITION 2007 CHAPTER 194 COMPUTER
More informationCase CATalyst is digital-signature ready! Introduction... 2. What are digital signatures?... 3
Case CATalyst is digital-signature ready! Help insure that your transcript is only seen by your intended recipient. Restrict what other people can do with your transcript. Keep your annual cost to as low
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationIMPLEMENTATION OF AN ELECTRONIC DOCUMENT MANAGEMENT SYSTEM
IMPLEMENTATION OF AN ELECTRONIC DOCUMENT MANAGEMENT SYSTEM TECHNICAL SPECIFICATIONS FOR AGENCIES AND BROKERS ACTING ON THEIR ACCOUNT DATA PRESERVATION EXPLANATORY NOTES : The preservation of information
More informationA BILL ENTITLED. AN ACT To Facilitate electronic transactions and for connected matters. PART 1 Preliminary
1 A BILL ENTITLED AN ACT To Facilitate electronic transactions and for connected matters ENACTING CLAUSE PART 1 Preliminary Short title 1. This Act may be cited as the Electronic Transactions Act, 2008.
More informationMANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But
More informationWhy is British Standard BIP0008 important for a Document Management System?
Softology Ltd. Why is British Standard BIP0008 important for a Document Management System? July 2014 SOFTOLOGY LIMITED www.softology.co.uk Specialist Expertise in Document Management and Workflow 01925
More informationAppendix 11 - Swiss Data Protection Act
GLEIF- LOU Restricted Appendix 11 - Swiss Data Protection Act GLEIF Revision Version: 1.0 2015-09-23 Master Copy page 2 of 11 Applicable Provisions of the Swiss Data Protection Act (DPA) including the
More informationAdvanced Authentication
White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is
More informationElectronic Submission of Medical Documentation (esmd) CDA Digital Signatures. January 8, 2013
Electronic Submission of Medical Documentation (esmd) CDA Digital Signatures January 8, 2013 Wet Signatures Standards and legal standing Standards are based on legal precedence Non-repudiation inherent
More informationDigital Continuity in ICT Services Procurement and Contract Management
Digital Continuity in ICT Services Procurement and Contract Management This guidance relates to: Stage 1: Plan for action Stage 2: Define your digital continuity requirements Stage 3: Assess and manage
More informationDigital Continuity to Support Forensic Readiness
Digital Continuity to Support Forensic Readiness This guidance is produced by the Digital Continuity Project and is available from www.nationalarchives.gov.uk/dc-guidance Crown copyright 2011 You may re-use
More informationELECTRONIC TRANSACTIONS ACT 1999 BERMUDA 1999 : 26 ELECTRONIC TRANSACTIONS ACT 1999
BERMUDA 1999 : 26 ELECTRONIC TRANSACTIONS ACT 1999 [Date of Assent 5 August 1999] [Operative Date 4 October 1999] ARRANGEMENT OF SECTIONS 1 Citation PART I PRELIMINARY 2 Definitions 3 Crown to be bound
More information2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy
Version History Author Approved Committee Version Status date Eddie Jefferson 09/15/2009 Full Governing 1.0 Final Version Body Eddie Jefferson 18/08/2012 Full Governing Body 2.0 Emended due to the change
More informationEstonie Loi sur la signature électronique Entrée en vigueur le 15 décembre 2000
Estonie Loi sur la signature électronique Entrée en vigueur le 15 décembre 2000 Estonia - Digital Signatures Act Passed 8 March 2000 (RT I 2000, 26, 150), entered into force 15 December 2000. Chapter I
More informationBERMUDA ELECTRONIC TRANSACTIONS ACT 1999 1999 : 26
QUO FA T A F U E R N T BERMUDA ELECTRONIC TRANSACTIONS ACT 1999 1999 : 26 TABLE OF CONTENTS 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Citation Definitions Crown to be bound Objects Regulatory policy
More informationUniversity of Birmingham. Closed Circuit Television (CCTV) Code of Practice
University of Birmingham Closed Circuit Television (CCTV) Code of Practice University of Birmingham uses closed circuit television (CCTV) images to provide a safe and secure environment for students, staff
More informationELECTRONIC COMMERCE AND ELECTRONIC SIGNATURE ACT (ZEPEP-UPB1) (Official consolidated text)
ELECTRONIC COMMERCE AND ELECTRONIC SIGNATURE ACT (ZEPEP-UPB1) (Official consolidated text) On basis of article 153 of the National Assembly of Slovenia Rules of Procedure the National Assembly of the Republic
More informationPART 33 EXPERT EVIDENCE
Contents of this Part PART 33 EXPERT EVIDENCE When this Part applies rule 33.1 Expert s duty to the court rule 33.2 Introduction of expert evidence rule 33.3 Content of expert s report rule 33.4 Expert
More informationAlixPartners, LLP. General Data Protection Statement
AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection
More informationTHIRD SUPPLEMENT TO THE GIBRALTAR GAZETTE No. 4,167 of 7th May, 2015
THIRD SUPPLEMENT TO THE GIBRALTAR GAZETTE No. 4,167 of 7th May, 2015 B. 13/15 Clause PRIVATE TRUST COMPANIES BILL 2015 1. Short title and commencement. 2. Interpretation. 3. Registration of Private Trust
More informationDigital Signatures The Silver Bullet for E-Signature Laws
Digital Signatures The Silver Bullet for E-Signature Laws Date: May, 2001 Version: 1.0 Copyright 2001-2003 Entrust. All rights reserved. Digital Signatures: The Silver Bullet for E-Signature Laws During
More informationATTORNEY GENERAL S GUIDELINES ON PLEA DISCUSSIONS IN CASES OF SERIOUS OR COMPLEX FRAUD
ATTORNEY GENERAL S GUIDELINES ON PLEA DISCUSSIONS IN CASES OF SERIOUS OR COMPLEX FRAUD A FOREWORD A1. These Guidelines set out a process by which a prosecutor may discuss an allegation of serious or complex
More informationDanske Bank Group Certificate Policy
Document history Version Date Remarks 1.0 19-05-2011 finalized 1.01 15-11-2012 URL updated after web page restructuring. 2 Table of Contents 1. Introduction... 4 2. Policy administration... 4 2.1 Overview...
More informationDigital Signature Verification using Historic Data
Digital Signature Verification using Historic Data Digital signatures are now relatively common; however historic verification of digitally signed data is not so widely understood. As more data is held
More informationNEMA Standards Publication PS 3 Supplement 41. Digital Imaging and Communications in Medicine (DICOM) Digital Signatures
NEMA Standards Publication PS 3 Supplement 1 Digital Imaging and Communications in Medicine (DICOM) Digital Signatures Status: Final Text Sep 001 Prepared by DICOM Standards Committee, Working Group 1
More informationHow to Time Stamp PDF and Microsoft Office 2010/2013 Documents with the Time Stamp Server
How to Time Stamp PDF and Microsoft Office 2010/2013 Documents with the Time Stamp Server Introduction Time stamping is an important mechanism for the long-term preservation of digital signatures, time
More informationFord Motor Company CA Certification Practice Statement
Certification Practice Statement Date: February 21, 2008 Version: 1.0.1 Table of Contents Document History... 1 Acknowledgments... 1 1. Introduction... 2 1.1 Overview... 3 1.2 Ford Motor Company Certificate
More informationDocument Management Getting Started Guide
Document Management Getting Started Guide Version: 6.6.x Written by: Product Documentation, R&D Date: February 2011 ImageNow and CaptureNow are registered trademarks of Perceptive Software, Inc. All other
More informationRecruitment Sector. Consultation on prohibiting employment agencies and employment businesses from advertising jobs exclusively in other EEA countries
Recruitment Sector Consultation on prohibiting employment agencies and employment businesses from advertising jobs exclusively in other EEA countries JULY 2014 Contents Contents... 2 Prohibiting employment
More informationPolicy on Public and School Bus Closed Circuit Television Systems (CCTV)
DEPARTMENT OF TRANSPORT Policy on Public and School Bus Closed Circuit Television Systems (CCTV) Responsibility of: Public Transport Division TRIM File: DDPI2010/3680 Effective Date: July 2010 Version
More informationPublicly trusted certification authorities (CAs) confirm signers identities and bind their public key to a code signing certificate.
Code Signing Code signing is the process of digitally signing executables and scripts to confirm the identity of the software author and guarantee that the code has not been altered or corrupted since
More informationElectronic Transactions Law
Electronic Transactions Law Royal Decree No. )M/18( 8 Rabi' I- 1428H 26 March 2007 Chapter One General Provisions Definitions Article (1): The following words and phrases, wherever mentioned in this Law,
More informationELECTRONIC PRESENTATION AND E-SIGNATURE FOR ELECTRONIC FORMS, DOCUMENTS AND BUSINESS RECORDS ALPHATRUST PRONTO ENTERPRISE PLATFORM
W H I T E P A P E R ELECTRONIC PRESENTATION AND E-SIGNATURE FOR ELECTRONIC FORMS, DOCUMENTS AND BUSINESS RECORDS ALPHATRUST PRONTO ENTERPRISE PLATFORM This white paper is written for senior executives,
More informationLAW FOR THE ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE
LAW FOR THE ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE Prom. SG. 34/6 Apr 2001, amend. SG. 112/29 Dec 2001, amend. SG. 30/11 Apr 2006, amend. SG. 34/25 Apr 2006, amend. SG. 38/11 May 2007, amend. SG.
More informationTHE ELECTRONIC TRANSACTIONS LAW,
CAYMAN ISLANDS Supplement No.2 published with Gazette No.19 dated Monday 11 th September, 2000 THE ELECTRONIC TRANSACTIONS LAW, 2000 (LAW 7 OF 2000) 2 THE ELECTRONIC TRANSACTIONS LAW, 2000 ARRANGEMENT
More informationInstalling your Digital Certificate & Using on MS Out Look 2007.
Installing your Digital Certificate & Using on MS Out Look 2007. Note: This technical paper is only to guide you the steps to follow on how to configure and use digital signatures. Therefore Certificate
More informationIP AUSTRALIA B2B ONLINE TRANSACTION SYSTEM AGREEMENT
IP AUSTRALIA B2B ONLINE TRANSACTION SYSTEM AGREEMENT Name of Customer: (The Customer) A.C.N. A.B.N. IPA Customer Number Telephone Fax Email Physical Address Postcode Mail Address Postcode Name of the Customer
More informationCertipost Trust Services. Certificate Policy. for Lightweight Certificates for EUROCONTROL. Version 1.2. Effective date 03 May 2012
Certipost Trust Services Version 1.2 Effective date 03 May 2012 Certipost NV ALL RIGHTS RESERVED. 2 13 Definitions : Activation Data Certificate Certificate Holder Certificate Public Registry Certificate
More informationAutomation for Electronic Forms, Documents and Business Records (NA)
Automation for Electronic Forms, Documents and Business Records (NA) White Paper Learn more. www.alphatrust.com Automation for Electronic Forms, Documents and Business Records (NA) White Paper About AlphaTrust
More informationIN THE SUPREME COURT OF THE STATE OF NEVADA
IN THE SUPREME COURT OF THE STATE OF NEVADA IN THE MATTER OF THE ADOPTION OF STATEWIDE ELECTRONIC FILING STANDARDS AND RULES. ADKT 404 ORDER ADOPTING NEVADA ELECTRONIC FILING RULES WHEREAS, this court
More informationCONDITIONS FOR ELECTRONIC DATA EXCHANGE VIA ČSOB MULTICASH 24 SERVICE
This translation of the Conditions for Electronic Data Exchange via ČSOB MultiCash 24 Service from Slovak to English language is for information purposes only and does not represent a binding version.
More informationElectronic Signature, Attestation, and Authorship
Electronic Signature, Attestation, and Authorship Appendix C: Electronic Signature Model Policy This template document is not intended for adoption as a substitute for a customized organizational policy
More informationInvest NI Document Scanning Policy
Document Title: Invest NI Document Scanning Policy Version No: 4 Date: 28 January 2009 Original Author: Reviewer: Approver: Amanda Latimer Michelle Davidson Nigel Sands Head Page: 1 of 16 1 Introduction
More informationthe parties may request a review of the provisions of this MoU.
MEMORANDUM OF UNDERSTANDING between THE CROWN PROSECUTION SERVICE and the AIR ACCIDENTS INVESTIGATION BRANCH, MARINE ACCIDENT INVESTIGATION BRANCH, AND RAIL ACCIDENT INVESTIGATION BRANCH. Introduction
More informationElectronic Documents Law
Disclaimer: The English language text below is provided by the Translation and Terminology Centre for information only; it confers no rights and imposes no obligations separate from those conferred or
More information[Brought into force by appointed day notice on 16 th June 2003.]
[Brought into force by appointed day notice on 16 th June 2003.] AN ACT TO PROVIDE FOR THE LEGAL RECOGNITION OF ELECTRONIC WRITING, ELECTRONIC CONTRACTS, ELECTRONIC SIGNATURES AND ORIGINAL INFORMATION
More informationAPGO GUIDANCE ON DOCUMENT AUTHENTICATION. Table of Contents
1.0 Introduction Table of Contents 2.0 Document Authentication: The Basics 2.1 The Purpose of the Seal 2.2 The Practice of Authentication 3.0 Document Authentication: Application 3.1 The Authentication
More informationHong Kong E-Account Registration Requirements and Procedure
Print Director-General of Trade and Industry Strategic Trade Controls Branch Trade and Industry Department Trade and Industry Tower 3 Concorde Road, Kowloon City Hong Kong TRADE AND INDUSTRY DEPARTMENT
More informationDirect Recruitment Privacy Policy
Direct Recruitment Privacy Policy Direct Recruitment manages personal information in accordance with the Privacy Act 1988 and Australian Privacy Principles (APP). This policy applies to information collected
More informationEPA Classification No.: CIO 2155-P-3.0 CIO Approval Date: 04/04/2014 CIO Transmittal No.: 13-011 Review Date: 04/04/2017
EPA Classification No.: CIO 2155-P-3.0 CIO Approval Date: 04/04/2014 CIO Transmittal No.: 13-011 Review Date: 04/04/2017 Collection and Retention Procedures for Electronically Stored Information (ESI)
More informationPublic Audit (Wales) Act 2004
Public Audit (Wales) Act 2004 CHAPTER 23 CONTENTS PART 1 AUDITOR GENERAL FOR WALES New functions of the Auditor General for Wales 1 Transfer of functions of Assembly 2 Additional functions of Auditor General
More informationELECTRONIC TRADING FACILITIES SUPPLEMENTAL TERMS AND CONDITIONS OF TRADING
ELECTRONIC TRADING FACILITIES SUPPLEMENTAL TERMS AND CONDITIONS OF TRADING This Supplemental Terms and Conditions of Trading is supplemental to and forms part of the terms and conditions set out in the
More informationElectronic Transactions Law
Kingdom of Saudi Arabia Bureau of Experts at the Council of Ministers Official Translation Department Electronic Transactions Law Royal Decree No. M/18, 8 Rabi I - 1428H 26 March 2007 Translation of Saudi
More informationUnsolicited visits and surprise requests for information by the Financial Services Authority. April 2009
Unsolicited visits and surprise requests for information by the Financial Services Authority April 2009 Contents 1. Introduction 1 2. The FSA s investigatory powers 2 3. Confidentiality of information
More informationElectronic And Digital Signatures
Electronic And Digital Signatures Summary The advent of e-government and e-services is changing the way we do business. Traditionally, we created records on paper and we authenticated a record by signing
More informationDATA PROVIDER AGREEMENT For supply of data to the Royal Botanic Gardens Kew for display in the Millennium Seed Bank Partnership Data Warehouse
DATA PROVIDER AGREEMENT For supply of data to the Royal Botanic Gardens Kew for display in the Millennium Seed Bank Partnership Data Warehouse BACKGROUND The Millennium Seed Bank Partnership (MSBP) Data
More informationAnnex 4 Operational Certification Procedures. Rule 1 Definitions
Annex 4 Operational Certification Procedures Rule 1 Definitions For the purposes of this Annex, the term: (a) competent governmental authority means the authority that, according to the laws and regulations
More informationHKUST CA. Certification Practice Statement
HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 2.1 Date : 12 November 2003 Prepared by : Information Technology Services Center Hong Kong University of
More informationCERTIFICATION PRACTICE STATEMENT UPDATE
CERTIFICATION PRACTICE STATEMENT UPDATE Reference: IZENPE-CPS UPDATE Version no: v 5.03 Date: 10th March 2015 IZENPE 2015 This document is the property of Izenpe. It may only be reproduced in its entirety.
More informationCERTIMETIERSARTISANAT and C@RTEUROPE ELECTRONIC SIGNATURE SERVICE SUBSCRIPTION CONTRACT SPECIFIC TERMS AND CONDITIONS
CERTIMETIERSARTISANAT and C@RTEUROPE ELECTRONIC SIGNATURE SERVICE SUBSCRIPTION CONTRACT SPECIFIC TERMS AND CONDITIONS Please fill in the form using BLOCK CAPITALS. All fields are mandatory. 1 1. SUBSCRIBER
More informationIMPLEMENTATION OF AN ELECTRONIC DOCUMENT MANAGEMENT SYSTEM TECHNICAL SPECIFICATIONS FOR AGENCIES AND BROKERS ACTING ON THEIR ACCOUNT
IMPLEMENTATION OF AN ELECTRONIC DOCUMENT MANAGEMENT SYSTEM TECHNICAL SPECIFICATIONS FOR AGENCIES AND BROKERS ACTING ON THEIR ACCOUNT IMPORTANT The OACIQ reserves the right to change its requirements based
More informationMANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both.
More information