Archives
Contributors
solution for audit compliant storage of documents for dematerialized document
Hello,
A customer of mine is asking if the storage of Documents is compliant
with the various audit requirements (inalterability, etc). I don't think
the standard (even in EE) can take care of this. But maybe I'm wrong.
I see requirements such as
"""
technical procedures, such as electronic signatures, must be used to
ensure the integrity of the recorded information. The time at which the
information was recorded must be verifiable without any possibility of
falsification (e.g. by time stamping). Information such as protocols,
log files, etc. must also be retained.
"""
Has anyone implemented something similar and would be willing to share
experience?
--
Alexandre Fayolle
Senior Software Engineer
Tel : +33 4 58 48 20 30
Camptocamp France SAS
18 rue du Lac Saint André
73 370 Le Bourget-du-Lac
France
http://www.camptocamp.com
by Alexandre Fayolle - 03:06 - 5 Oct 2022
Follow-Ups
-
Re: solution for audit compliant storage of documents for dematerialized document
Hi Alexandre,
I have a similar request. Specifically, the request is to meet the following french legislation:Article L243-16 - Code de la sécurité sociale - Légifrance (legifrance.gouv.fr)
Article A102 B-2 - Livre des procédures fiscales - Légifrance (legifrance.gouv.fr)
For the moment, we don't know yet if we will be able to realize something directly in Odoo or if we will have to interface with a service proposed by companies like universign, certeurope, certigna (we haven't checked the services of Lex Persona for the moment). The French legislation is a bit vague from my point of view.
We can discuss this next week in Liege or Brussels if you want.Regards,Adrien--Adrien PeifferTechnical LeadM : +352 661 506 211Atrium Building, Drève Richelle 167 | B-1410 Waterloo | BelgiumVal Benoit, Quai Banning 6 | B-4000 Liège | BelgiumZone industrielle 22 | L-8287 Kehlen | LuxembourgOn Wed, Oct 5, 2022 at 3:11 PM Alexandre Fayolle <notifications@odoo-community.org> wrote:Hello, A customer of mine is asking if the storage of Documents is compliant with the various audit requirements (inalterability, etc). I don't think the standard (even in EE) can take care of this. But maybe I'm wrong. I see requirements such as """ technical procedures, such as electronic signatures, must be used to ensure the integrity of the recorded information. The time at which the information was recorded must be verifiable without any possibility of falsification (e.g. by time stamping). Information such as protocols, log files, etc. must also be retained. """ Has anyone implemented something similar and would be willing to share experience? -- Alexandre Fayolle Senior Software Engineer Tel : +33 4 58 48 20 30 Camptocamp France SAS 18 rue du Lac Saint André 73 370 Le Bourget-du-Lac France http://www.camptocamp.com_______________________________________________
Mailing-List: https://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe
by Adrien Peiffer - 09:46 - 6 Oct 2022 -
Re: solution for audit compliant storage of documents for dematerialized document
Hello Alexandre,We are developing a connector to Lex Persona which can eidas sign documents (pdf, ms office or xml)It's almost finished.The user can launch a signature workflow from any object that inherits mail.thread.If you're interested, I can share our workBest regardsLe mer. 5 oct. 2022, 03:11, Alexandre Fayolle <notifications@odoo-community.org> a écrit :Hello, A customer of mine is asking if the storage of Documents is compliant with the various audit requirements (inalterability, etc). I don't think the standard (even in EE) can take care of this. But maybe I'm wrong. I see requirements such as """ technical procedures, such as electronic signatures, must be used to ensure the integrity of the recorded information. The time at which the information was recorded must be verifiable without any possibility of falsification (e.g. by time stamping). Information such as protocols, log files, etc. must also be retained. """ Has anyone implemented something similar and would be willing to share experience? -- Alexandre Fayolle Senior Software Engineer Tel : +33 4 58 48 20 30 Camptocamp France SAS 18 rue du Lac Saint André 73 370 Le Bourget-du-Lac France http://www.camptocamp.com_______________________________________________
Mailing-List: https://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe
by Cyril VINH-TUNG - 05:41 - 5 Oct 2022 -
Re: solution for audit compliant storage of documents for dematerialized document
Hi Alex,not within the standards of odoo, in particular not with it's ability to alter anything anytime in postgres (pSQL) and the way the documents are stored.We always use a document management system to fulfil what shall be holding up with compliance. If this a feasible solution for your project , let me know, and I can fill you in then.Together with all the requirements, including DigSig there. Which is often not enough to really prove unaltered records, as the time base and signature provider comes into play, too. We have done a particular Public Sector project in 2001/2 with qualified DigSig in Germany (waybill for hazardous transports) and learned it that way.Greeting to LucBest JoeVon: "Alexandre Fayolle" <notifications@odoo-community.org>
An: "Odoo Community Association, (OCA) Contributors" <contributors@odoo-community.org>
Gesendet: Mittwoch, 5. Oktober 2022 15:11:58
Betreff: solution for audit compliant storage of documents for dematerialized documentHello, A customer of mine is asking if the storage of Documents is compliant with the various audit requirements (inalterability, etc). I don't think the standard (even in EE) can take care of this. But maybe I'm wrong. I see requirements such as """ technical procedures, such as electronic signatures, must be used to ensure the integrity of the recorded information. The time at which the information was recorded must be verifiable without any possibility of falsification (e.g. by time stamping). Information such as protocols, log files, etc. must also be retained. """ Has anyone implemented something similar and would be willing to share experience? -- Alexandre Fayolle Senior Software Engineer Tel : +33 4 58 48 20 30 Camptocamp France SAS 18 rue du Lac Saint André 73 370 Le Bourget-du-Lac France http://www.camptocamp.com_______________________________________________
Mailing-List: https://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe
by Joerg Lorenz. - 03:46 - 5 Oct 2022 -
Re: solution for audit compliant storage of documents for dematerialized document
Hi Alex,
having dealt with that very requirement quite often and from a different angle, i would agree and say "no". However, there is more than one law that is relevant here (at least in the German case). Thinks that i am immediately aware of (but that may or may not apply to specific companies) are (but certainy not limited to).
- GoBD, HGB
- KassenSichV
- ProduktHaftG
- KontraG
- Basel3
- Kritis
- IDW
in U.S. additionally
- SOX
The most important requirement ist the digitally immutable "original" at the time of creation. So this is something that would require (in Europe and according to the most contemporary law) and eIDAS conform signature. I heard people wispering that this will probably be part of Odoo v16 EE (but lets see).
But even if you have eIDAS there is much more requirements to be fulfilled than only this. Maybe we can have a small discussion on that in Liege next week. As i said i am very much intersted in the topic as well and its gonna be more and more important
Best Frederik
Am 05.10.22 um 15:11 schrieb Alexandre Fayolle:
Hello, A customer of mine is asking if the storage of Documents is compliant with the various audit requirements (inalterability, etc). I don't think the standard (even in EE) can take care of this. But maybe I'm wrong. I see requirements such as """ technical procedures, such as electronic signatures, must be used to ensure the integrity of the recorded information. The time at which the information was recorded must be verifiable without any possibility of falsification (e.g. by time stamping). Information such as protocols, log files, etc. must also be retained. """ Has anyone implemented something similar and would be willing to share experience? -- Alexandre Fayolle Senior Software Engineer Tel : +33 4 58 48 20 30 Camptocamp France SAS 18 rue du Lac Saint André 73 370 Le Bourget-du-Lac France http://www.camptocamp.com_______________________________________________
Mailing-List: https://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe
-- Dr.-Ing. Frederik Kramer Geschäftsführer initOS GmbH Innungsstraße 7 21244 Buchholz i.d.N. Phone: +49 4181 13503-12 Fax: +49 4181 13503-10 Mobil: +49 179 3901819 Email: frederik.kramer@initos.com Web: www.initos.com Geschäftsführung: Dr.-Ing. Frederik Kramer & Dipl.-Ing. (FH) Torsten Francke Sitz der Gesellschaft: Buchholz i.d.N. Amtsgericht Tostedt, HRB 205226 Steuer-Nr: 15/200/53247 USt-IdNr.: DE815580155
by Frederik Kramer - 03:35 - 5 Oct 2022