Self-assessment for Reliable Cash Register Quality Mark

Transcription

1 Secretariaat: ECP Postbus AG Leidschendam Self-assessment for Reliable Cash Register Quality Mark Version 0.3, 10 May 2012 The self-assessment is a questionnaire for producers and suppliers of cash registers on compliance with the standards. These standards are described in the document Norm voor een Betrouwbaar Afrekensysteem (Standard for a Reliable Cash Register). They have been set by the Provisional Participants' Council (Voorlopige Raad van Deelnemers) of the Reliable Cash Registers Foundation (Stichting Betrouwbare Afrekensystemen). The self-assessment provides the Reliable Cash Registers Foundation with information about the extent to which the cash register meets the standard for a reliable cash register. It also shows the possible risks involved. A score model is used to provide producers and suppliers of cash registers with insight into possible points of improvement. Quality demands continuous attention Producers of cash registers are aware of the fact that a growth strategy is required in order to continually improve the quality of the control measures and to obtain a higher score on the selfassessment. This is also necessary due to the strong increase in the number of (technical) features to influence the quality of the data. This threat must be dealt with at all times. The document 'Self-assessment for a Reliable Cash Register Quality Mark' is divided on the basis of the four control objectives stated in the document Standard for a Reliable Cash Register ( Norm voor een Betrouwbaar Afrekensysteem. The division into - chapters - paragraphs - key questions (in boxes) is in line with the document Standard for a Reliable Cash Register, as determined by the Provisional Participants' Council. The definitions used in this document have been laid down in a Standard for a Reliable Cash Register Each objective describes the following: - control objective. - description, the rationale (the why) - classification. - conformity requirements, the success criteria required in order to successfully complete the self-assessment. - explanatory questions. - score, which gives - for each standard - an overview of the scores obtained for each main question. - statement, which summarises the conclusion and confirms the applicant's opinion. The same format is used for all explanatory questions. This format has a number of fixed elements: - no.: the numbering of the questions for cash registers. The questions and numbering follow the division of Standard for a Reliable Cash Register. - questions: these must be answered in a concise and clear manner. - standard: criterion that a cash register must meet. 'Objective' explains the purpose of a Keurmerk Het Betrouwbare Afrekensysteem Page 1 of 40

2 standard that has been set. - description: explanation of the objective. - classification: describes the degree of effectiveness of the objectives within the selfassessment. This could be low, medium or high. The classification can be adjusted in a specific situation as a result of a risk analysis. Score You determine the degree of conformity on the basis of a score. This score is expressed in a percentage between 0 and 100. As an indication, we state the significance you can attach to five percentages. 100% excellent The measures are highly effective. Users are unable to circumvent the measures taken in the cash register. Nor outside the cash register. The measures have undergone extensive testing. 80% good The measures are effective. Users are unable to circumvent the measures taken in the cash register or are only able to do so with special efforts. The system contains sufficient measures in order to detect and identify a violation. 60% sufficient The measures taken are sufficiently effective. The cash register is, however, insufficiently able to prevent a conscious violation. 40% mediocre The measures taken are insufficiently effective. 20% poor The measures taken are incomplete and ineffective. N/A Not applicable. Each section contains guidelines on the basis of which a score is given. These guidelines are still being developed. If the measures taken meet all conformity requirements, this will result in a 100% score, or 'excellent'. This is the aspiration level. Keurmerk Het Betrouwbare Afrekensysteem Page 2 of 40

3 1. Record all events Control objective The cash register must record all events entered by the user as early as during the formalisation phase. The formalisation phase is the phase of the sale before it is formally concluded by means of a payment. Special events, such as discounts, returns, terminated transactions, withdrawals and training mode are characterised as such. This allows for an assessment of whether the transactions actually conducted have also been registered and paid in a correct, complete and timely manner. Explanation The cash register records the data of and on the sales transactions in detail. The data of and on incomplete sales transactions remain stored as well. NB: for the concept of 'event', this document uses the broad definition of actions and activities resulting in input or output in the cash register. A transaction falls under the concept of 'event'. Description, the rationale (the why) The cash register must record all relevant events. As a result, it will create an audit trail, which makes it possible to reconstruct reality afterwards. The presence of a relevant audit trail supports the correctness, completeness and timeliness of the transactions recorded. A cash register records both the data of a sales transaction and the data of an action or activity in the framework of the registration process. If the user records all actions in a cash register, including the data of the person conducting them, the cash register will record information that can be used by the user to control the business. This also offers the opportunity to assess the correctness and completeness of the recording of the actual activities afterwards. It also has a preventive effect. Data are recorded (and stored) before and independently from the fact whether the transactions are formally completed. Classification The classification shows the extent to which a cash register meets the objective to meet the standard which has been set for each question and detailed question. You state the score for each standard. Conformity requirements The cash register registers the data elements of the actions performed during the various processes (events also including transactions). These continue to be archived during the retention period. The cash register must not only record data. It must also offer the possibility to assess them. The cash register contains measures to protect critical data against unauthorised and undocumented changes. You must document the system of measures to protect the data against unauthorised changes. Explanatory questions By conducting the self-assessment, you form a picture of the extent to which the cash register meets the system of standards. The questions will help you with this. Keurmerk Het Betrouwbare Afrekensysteem Page 3 of 40

4 1.1. The cash register records events from the very beginning in a timely, complete and correct manner. This record continues to be available. No. Questions Objectives Classification Are all events recorded? Prevention of incomplete recording of transactions and revenue manipulation. High Which measures does the cash register contain in order to guarantee that all events are recorded? Which measures are taken in order to determine that all recordings have been fully processed? Examples are cross-checks, totals in daily reports and suchlike Which entry fields must be completed at least automatically or by the user? Does the cash register force the user to complete them? Keurmerk Het Betrouwbare Afrekensysteem Page 4 of 40

5 Of each event, does the cash register record the person who conducted it and the time when it was conducted? Does the cash register support the segregation of duties used within the user's organisation? Which possibilities does the cash register offer for showing at any desired moment the authorisations that are used? Does the cash register store the history? Which measures are taken in the cash register to record events in case of a power failure, computer breakdown, broken connection and suchlike? Keurmerk Het Betrouwbare Afrekensysteem Page 5 of 40

6 Keurmerk Het Betrouwbare Afrekensysteem Page 6 of 40

7 No. Questions Objectives Classification Which measures does the cash register contain in order to guarantee that the correct sales price is charged for all articles or services sold? Measures to improve a correct recording of transactions. Medium Which measures does the cash register contain in order to guarantee that the correct sales price is charged for all articles or services sold? Which measures guarantee that the cash register uses the correct calculation rules for each recording? No. Questions Objectives Classification Suppose the cash register consolidates transactions. Will the primary data remain stored in that case and will there be an audit trail? Primary data of transactions remain stored in detail. High Suppose the cash register consolidates transactions. Will the primary data remain stored in that case? And will there be an audit trail? Keurmerk Het Betrouwbare Afrekensysteem Page 7 of 40

8 Keurmerk Het Betrouwbare Afrekensysteem Page 8 of 40

9 Which functionalities does the cash register contain in order to remove transaction lines? And how does the cash register ensure that the changes can be assessed afterwards (audit trail)? Score Question Classification Conformity expressed in a percentage N/A High Medium High If relevant, you briefly state the improvements you will make and the period within which you will do so. Statement I state that the cash register records events from the very beginning in a timely, complete and correct manner. I also state that the data continue to be available. Keurmerk Het Betrouwbare Afrekensysteem Page 9 of 40

10 1.2. The cash register records transaction data right from the moment of selling of an article. No. Questions Objectives Classification Does the cash register record transaction data from the moment when the formalisation phase has been passed? Prevention of pilfering of values during the sales process. High Does the cash register record transaction data right from the moment of selling of any article of service? That is before the completion of the ticket by entering total, subtotal or void Suppose that during the process (before the subtotal button is pressed), it is decided not to purchase a product that has already been registered. What is recorded of this? Prevention of pilfering of values during the execution of the sales process. High Suppose that during the process (before the subtotal button is pressed), it is decided not to purchase a product that has already been registered. What is recorded of this? Keurmerk Het Betrouwbare Afrekensysteem Page 10 of 40

11 1.2.3 How are special events (such as discounts, returns, terminated transactions, withdrawals, personal use, free provisions, opening the till, training mode and suchlike) provided with a specific reference that cannot be changed? References of special transactions allow for checking the business process. High How are special events (such as discounts, returns, terminated transactions, withdrawals, personal use, free provisions, opening the till, training mode and suchlike) provided with a specific reference that cannot be changed? Score Quest ion Classificatio n High High High Conformity expressed in a percentage N/A If relevant, you briefly state the improvements you will make and the period within which you will do so. Statement I state that the cash register records transaction data from the moment when the formalisation phase has been passed. Keurmerk Het Betrouwbare Afrekensysteem Page 11 of 40

12 1.3. The cash register processes corrections without changing the original transaction. Incorrect transactions are not deleted. Changes are recorded by means of an audit trail to the original transaction. No. Questions Objectives Classification Does the cash register process corrections without changing the original transaction? Are incorrect transactions fully or partly processed as a reversal? Are additional changes recorded by means of an audit trail to the original transaction? The correctness of corrections can be audited. High How does the cash register record corrections? What can the user see of this in the recording? Suppose that corrections were made after a transaction has been concluded. Are these corrections processed without changing the original transaction lines and/or the total transaction? How can the corrections be traced back to the original transaction? Keurmerk Het Betrouwbare Afrekensysteem Page 12 of 40

13 Keurmerk Het Betrouwbare Afrekensysteem Page 13 of 40

14 Score Quest Classificatio ion n High Conformity expressed in a percentage N/A If relevant, you briefly state the improvements you will implement and the period within which you will do so. Statement I state that the cash register processes corrections without changing the original transaction. Incorrect transactions are not deleted. Changes are recorded by means of an audit trail to the original transaction. Keurmerk Het Betrouwbare Afrekensysteem Page 14 of 40

15 2. Integrity of recordings Control objective The cash register may not contain any functionality that affects the integrity of the recording. It processes all the data entered and records them in files, counters and reports. This is done in a way that shows the correct, on time and complete processing. The cash register does not support any functions that affect this objective. Explanation of this control objective: the cash register supports the processing of provable reliable information that allows the user to keep accounts that meet the statutory requirements. The cash register does not contain any functionality that can be used to change or delete recorded data without showing who is responsible for this, what was changed or deleted and when this was done. Are any changes made to the software of the cash register? In that case, you record who did this, what was changed and why and when this was done. If the user of the cash register has the possibility to change the cash register, the cash register will record the changes. These data must be archived for seven years. You adequately record the documentation of the functionalities of the cash register and of the changes thereto (version management). Description, the rationale (the why) The cash register may not contain any functionality that changes or deletes recorded data. Changes to the cash register by the producer or supplier must be recorded. Moreover, the various versions of cash registers must be stored. This makes it possible to reconstruct reality afterwards. The essence of this control objective is to determine the correctness and completeness of the recorded events. This prevents the unauthorised mutation of recorded data. Here, a distinction can be made between, on the one hand, using functionality within the cash register itself and, on the other hand, access the database outside the cash register. The architecture of the cash register partly determines the extent to which the measures are more or less aimed at data protection. Payment systems with architecture with embedded software and closed files require a different set of measures than cash registers whereby software and data are managed by on-line solution providers. Payment systems in an accessible PC automation environment require appropriate techniques in order to secure the data. Classification The classification shows the extent to which a cash register meets the objective to meet the standard which has been set for each question and detailed question. You state the score for each standard. Conformity requirements The functionalities and the changes thereto are documented. Keurmerk Het Betrouwbare Afrekensysteem Page 15 of 40

16 The software is protected against unauthorised changes. The recorded events must be correct and complete. It should be possible to audit the recorded events. Changes to recorded events are provably filed. The audit trail of changes is filed provable. Any (attempt) of access of the database from outside the cash register is detected and recorded. The cash register records changes to recorded events. It protects the data against unauthorised changes. Explanatory questions During the self-assessment, you answer questions with reference to the standards. The following questions can help you with this The cash register does not contain any functionality that can be used to change or delete recorded data without showing who is responsible for this, what was changed or deleted and when this was done. No. Questions Objectives Classification Does the cash register contain any functionality that can be used to change or delete recorded data without showing who is responsible for this, what was changed or deleted and when this was done? Recorded data cannot be changed or deleted. High Is it possible to change or delete data already recorded within the cash register? How is this managed? Is it possible to access the database outside the cash register? If so, is an external access (changes and/or deletions) of the database detected, recorded and reported by the cash register? How is this managed? Keurmerk Het Betrouwbare Afrekensysteem Page 16 of 40

17 Score Quest Classificatio ion n High Conformity expressed in a percentage N/A If relevant, you briefly state the improvements you will make and the period within which you will do so. Statement I state that the cash register does not contain any functionality that can be used to change or delete recorded data without showing who is responsible for this, what was changed or deleted and when this was done Changes to the software of the cash register are recorded. These changes (who made the change, what was changed, why and when) are stored during the retention period. No. Questions Objectives Classification Do you record changes to the software of the cash register? Do you store the documentation of these changes (who made the change, what was changed, why and when) for at least seven years? The cash register is maintained by officers authorised for this purpose. Changes are documented. High Keurmerk Het Betrouwbare Afrekensysteem Page 17 of 40

18 How is the history of the development of the cash register recorded? How is the software protected against unauthorised changes? Score Quest Classificatio ion n High Conformity expressed in a percentage N/A If relevant, you briefly state the improvements you will make and the period within which you will do so. Keurmerk Het Betrouwbare Afrekensysteem Page 18 of 40

19 Statement I state that changes to the software of the cash register are recorded. These changes (who made the change, what was changed, why and when) are archived during the retention period The documentation of the cash register is also part of the cash register. You use this to record data on the functionalities of the cash register. Moreover, you record data on changes to these functionalities (version management). No. Questions Objectives Classification Do you adequately record the documentation of the functionalities of the cash register and of the changes thereto (version management)? The documentation partly allows for assessing the reliability of the functioning of the cash register. High Are the functionalities of the cash register fully documented? Where is this documentation stored? How do you make sure that the documentation of the development of the cash register remains up-to-date and in accordance with the current version? How do you determine the product name and the version of the cash register? Keurmerk Het Betrouwbare Afrekensysteem Page 19 of 40

20 Keurmerk Het Betrouwbare Afrekensysteem Page 20 of Which possibilities does the cash register offer for showing at any time the modules it uses and used in the past? Which possibilities does the cash register offer for showing at any time the parameter settings it uses and used in the past?

21 Score Quest Classificatio ion n High Conformity expressed in a percentage N/A If relevant, you briefly state the improvements you will make and the period within which you will do so. Statement I state that the cash register contains an adequate documentation of the functionalities and the changes thereto (version management). Keurmerk Het Betrouwbare Afrekensysteem Page 21 of 40

22 3. Storing recordings Control objective Recordings are permanently stored. This applies to the data of trans actions, events, permanent and semi-permanent data. The information can be provided quickly and properly. Explanation of this control objective The cash register provides provable reliable information that allows the user to keep accounts that meet the requirement of auditability within a reasonable period. Recordings are archived during the retention period. The authenticity, auditability and integrity of the recordings are demonstrably guaranteed. Any violations of the authenticity and integrity of the recordings are prevented and actively detected. Description, the rationale (the why) Recordings are permanently stored and the information can be provided quickly and properly. The archiving of the data must be organised such that it is possible to establish afterwards that the data are a correct and sufficiently complete representation of reality. A reliable cash register gives a permanently reliable picture of the sales concluded in reality. It does so on the basis of the data on the sales transactions and the events, and on the basis of the related reports. For a proper operational management, these data must be recorded correctly in a cash register. First of all in order to be able to quickly and properly implement and, where possible, improve the business process of direct sales to consumers. But also in order to account for the operational management. The quality of the data must be sufficient so that they can have and continue to have evidential value. Data derive their evidential value from the degree to which they are indisputably correct, complete and timely. The degree of integrity, authenticity and auditability determines the indisputability and evidential value. The cash register contains measures in order to guarantee the evidential value. The functioning of the cash register is supervised during the execution of the process, but also after some time. For instance, an external accountant or the Tax and Customs Administration carries out the supervision after the end of the period in which the sales transactions have been recorded by means of the cash register. This control objective aims to have the quality of the recordings in the cash register keep its evidential value throughout the retention period. This way, the recording forms the basi s of a quick and proper audit. A cash register takes measures in order to give the data sufficient evidential value and to have these data keep this value throughout the retention period. An audit trail ensures that information in a report or file can be traced back to the data recorded in the cash register. The audit trail can also establish a link with related processes and events. For example, with accounts, payments, stock movements and management information systems that each have their own audit tra il. In the cash register, functions are included in the software in order to secure data and record changes. Appropriate techniques are used to protect the digital data against changes that cannot be audited properly and quickly. The definition of auditability is: the possibility to establish how information provision and its components are structured. The aim is to have a picture of reality that is as reliable as possible at the moment when the data are assessed. This is necessary in order to make the ri ght decision on the basis of the information presented. Keurmerk Het Betrouwbare Afrekensysteem Page 22 of 40

23 Information must be provided properly and quickly. The aim of the requirement of auditability within a reasonable period is to keep the completion time of an audit as short as possible. A usable def inition of a reasonable period is: following the period of time a cash register needs in order to provide reports and files on the basis of the recorded data. In view of the current state of the art, most reports and files can be supplied almost immediately. In special circumstances, it is acceptable if the information is provided within a few weeks. All recordings in the cash register are archived throughout the retention period. This is done in such a way that the data can be provided to the supervisory authority within a reasonable period from the moment when this authority asks for it. Throughout the retention period, the correctness and completeness of the recorded data are guaranteed. Classification The classification shows the extent to which a cash register meets the objective to meet the standard which has been set for each question and detailed question. You state the score for each standard. The recorded data must be stored. It should be possible to audit the recorded data. The recorded data must be provided within a reasonable period. Critical data must be protected against unauthorised and undocumented changes. The system of measures to store the data throughout the retention period and protect them against unauthorised changes is documented. The data are protected against unauthorised changes. The cash register ensures that a regular backup is made. All data are stored, so that the audit trail continues to exist. Explanatory questions During the self-assessment, you answer questions with reference to the system of standards. The following questions can help you with this The cash register demonstrably provides reliable information that allows the user to keep records that meet the requirement of auditability within a reasonable period. No. Questions Objectives Classification Which measures are taken in order to demonstrably guarantee the authenticity and integrity? The data may not be changed. This must be demonstrably guaranteed. High Which measures does the cash register contain in order to guarantee the evidential value of the recordings throughout the retention period? Keurmerk Het Betrouwbare Afrekensysteem Page 23 of 40

24 How is the database secured? Have the measures taken been checked against attempts to tamper information by deliberately changing data without an audit trail? What were the findings? How is the permanent audit trail of the information made clear? Score Quest Classificatio ion n High Conformity expressed in a percentage N/A Keurmerk Het Betrouwbare Afrekensysteem Page 24 of 40

25 If relevant, you briefly state the improvements you will make and the period within which you will do so. Statement I state that the cash register demonstrably provides reliable information that allows the user to keep accounts that meet the requirement of auditability within a reasonable period Recordings are archived during the retention period No. Questions Objectives Classification How do data continue to be archived throughout the retention period? The statutory requirements with respect to the retention period are met. High Which method does the cash register use in order to keep the data available throughout the retention period in a correct and complete manner? Does the archiving facility of the cash register form part of the standard configuration? Keurmerk Het Betrouwbare Afrekensysteem Page 25 of 40

26 Keurmerk Het Betrouwbare Afrekensysteem Page 26 of 40

27 No. Questions Objectives Classification Where and how are the detailed data from the cash register archived throughout the retention period? It is clear to the user of the cash register where the data are stored and how they can be provided. Medium How are the data from the internal memory (such as RAM, EPROM or the memory of the cash register) stored in the external memory? Do any consolidations take place without a trail to the original data? Opmerking [BZ1]: De som van gegevens bewaren en details weggooien? Summarise, aggregation eerdere dan consolidation. (gebruik je voor financiële informatie) What happens in case of a data overflow of the cash registers internal memory? Which facilities does the cash register offer in order to make a backup? Keurmerk Het Betrouwbare Afrekensysteem Page 27 of 40

28 Is the user's attention actively drawn to making a backup in time and periodically testing a recovery? Can only experts and authorised officers perform a recovery that may affect the storing of data (such as data recovery, system recovery, replacing hardware)? No. Questions Objectives Classification How and within what period can the cash register supply all detailed data recorded? NB: it does not concern 'totals' here. Data are supplied within a reasonable period. Medium Can requested reports be produced by the system immediately and at all times? Keurmerk Het Betrouwbare Afrekensysteem Page 28 of 40

29 Keurmerk Het Betrouwbare Afrekensysteem Page 29 of 40

30 No. Questions Objectives Classification Does the data set supplied meet the guidelines for the audit file for cash register systems? The data set is supplied in a standard format. Medium Does the cash register contain an export feature to the format of the ML Audit File Cash Register (ML Auditfile Afrekensysteem or AA)? No. Questions Objectives Classification How can data be converted to another cash register? This question applies to both a new version and to a cash register of another supplier. The original information also continues to be available in case of system changes. Medium How is the cash register able to convert data to a new version or to a new cash register? How is the cash register able to copy data from a previous version or from a previous cash register? Keurmerk Het Betrouwbare Afrekensysteem Page 30 of 40

31 Score Quest ion Classificatio n High Medium Medium Medium Medium Conformity expressed in a percentage N/A If relevant, you briefly state the improvements you will make and the period within which you will do so. Statement I state that the recordings are archived during the retention period. 3.3 Any violations of the authenticity and integrity of the recordings are prevented and actively detected. No. Questions Objectives Classification Which actions are performed if the integrity of the database is corrupted? For example, as a result of a direct mutation in the database. Guaranteeing the continuous integrity of the database. High Which measures does the cash register contain in order to prevent, detect and report any direct changes to the database? Keurmerk Het Betrouwbare Afrekensysteem Page 31 of 40

32 Keurmerk Het Betrouwbare Afrekensysteem Page 32 of 40

33 Does the cash register report any changes to the database (with an audit trail)? Score Quest Classificatio ion n High Conformity expressed in a percentage N/A If relevant, you briefly state the improvements you will make and the period within which you will do so. Statement I state that any violations of the authenticity and integrity of the recordings are prevented and actively detected. Keurmerk Het Betrouwbare Afrekensysteem Page 33 of 40

34 4. The report is clear and reliable Control objective The reports provide a reliable and clear picture of the recordings in the cash register. Explanation of this control objective: the authenticity and integrity of the recordings and the reports are guaranteed. The reports clarify the connection with the recordings in the cash register. Recordings are stored during the retention period. Any changes to the configuration of the report can only be made by the manufacturer, the supplier or the installer of the cash register. Description, the rationale (the why) The reports of a cash register offer a clear and reliable picture of reality for a certain period. Any report can be traced back to reality using the recording of data and the audit trail in particular. The reports must be complete and the cash register must guarantee this completeness. Opmerking [BZ2]: Jargon: A correct, timely and complete report of the recorded information is necessary in order to use the information from the cash register in the organisation. This information is necessary in order to manage the organisation, but also in order to account for the operational management. The value of reports and selections from data files, text reports or information provided in another manner increases if it is clear that they form part of the total. But also how they form part of this. An example is revenue that is recorded for training purposes. This revenue does not form part of the revenue that is recorded in the financial accounts. This revenue does, however, form part of the total revenue recorded and is described as such. Moreover, this revenue is visibly eliminated as revenue that cannot be recorded in the financial accounts. The aim of this control objective is to have the cash register produce correct, timely and complete reports. The reports must also contain an audit trail to the data originally recorded. As a result, the reports will correspond with the data actually entered. Vice versa, the cash register ensures that the data correspond with the reports. Classification The classification shows the extent to which a cash register meets the objective to meet the standard which has been set for each question and detailed question. You state the score for each standard. Conformity requirements The reports are correct, timely and complete. The reports have an audit trail. The role of the reports in the daily closing is clear. The set of measures taken in order to have correct, timely and complete reports is documented. All data are reported, so that the audit trail continues to exist. The cash register supports the export of data to common formats, preferably ML Auditfile Afrekensystemen. The data set to be supplied meets the guidelines for the ML Auditfile Afrekensystemen. Keurmerk Het Betrouwbare Afrekensysteem Page 34 of 40

35 Explanatory questions During the self-assessment, you answer questions with reference to the system of standards. The following questions can help you with this Are the authenticity and integrity of the recordings and the reports guaranteed? No. Questions Objectives Classification How does the daily closing proceed? Please explain using print screens. How are discrepancies presented? The daily closing is performed in a transparent manner. High Which standard reports can the system produce? Who can have the reports drawn up? In which format and in which form can the reports be drawn up? Score Quest ion Classificatio n Conformity expressed in a percentage Keurmerk Het Betrouwbare Afrekensysteem Page 35 of 40 N/A

36 4.1.1 High If relevant, you briefly state the improvements you will make and the period within which you will do so. Statement I state that the system is able to guarantee the authenticity and integrity of the recordings and the reports Do reports clearly show the connection with the recordings in the cash register? No. Questions Objectives Classification How do reports show the connection with the recordings in the cash register? The reports provide a correct, complete and timely picture of the data in the cash register. High Do standard reports provide a balanced overview of recorded data, showing a correct, complete and timely picture of the recordings? Which measures are taken in order to show the consistency between the report and the totals of the recording? Keurmerk Het Betrouwbare Afrekensysteem Page 36 of 40

37 No. Questions Objectives Classification Which possibilities are there in order to produce client-specific reports? The cash register offers the possibility to tailor reports to the information requirements of the user. Medium Can any client-specific reports be produced? If so, do client-specific reports provide a balanced overview of recorded data, showing a correct, complete and timely picture of the recordings? Which measures are taken in order to show the consistency between the reports and the totals of the recordings? Who can draw up client-specific reports? Do reports clearly show the variables on the basis of which data are requested? Score Quest ion Classificatio n High Medium Conformity expressed in a percentage Keurmerk Het Betrouwbare Afrekensysteem Page 37 of 40 N/A

38 If relevant, you briefly state the improvements you will make and the period within which you will do so. Statement I state that the reports clearly show the connection with the recordings in the cash register Can any changes to the configuration of reports only be made by the manufacturer, the supplier or the installer of the cash register? No. Questions Objectives Classification Who can make changes to the programming and the creation of standard reports that consist of the prime recordings of the cash register? How can they do that? Changes to the composition of the reports can be audited. High Which measures are taken in order to provide a correct, complete and timely picture of changes to the composition of standard reports? Who can change the composition of standard reports? Keurmerk Het Betrouwbare Afrekensysteem Page 38 of 40

39 Keurmerk Het Betrouwbare Afrekensysteem Page 39 of 40

40 Score Quest Classificatio ion n High Conformity expressed in a percentage N/A If relevant, you briefly state the improvements you will make and the period within which you will do so. Statement I state that any changes to the configuration of the report can only be made by the manufacturer, the supplier or the installer of the cash register. Keurmerk Het Betrouwbare Afrekensysteem Page 40 of 40