March 25, 2025
Digitisation has fundamentally changed the way companies manage documents. Electronic archiving systems offer efficiency and convenience, but they also come with specific requirements. Particularly in accounting, companies are obliged to ensure that documents are archived in an audit-proof manner. But what does this mean exactly, and how does a solution like ArchiveKeeper help meet these requirements?
Audit compliance means that archived documents must meet the requirements for immutability, completeness, traceability and availability throughout the entire legally prescribed retention period. This is regulated in particular by the GoB and GoBD and applies to both original digital documents and digitised paper documents.
In particular, it must be ensured that immutability is guaranteed at all times. This means that once a document has been archived, it must not be possible to make any technical changes to it or manipulate its content. This requires the use of appropriate technical measures such as tamper-proof storage, cryptographic verification procedures or write-once storage technologies. Only in this way can it be ensured that every archived document is still available in its original state years later – a key criterion for legally secure evidence and for internal and external audits.
Another important criterion is traceability, i.e. the ability to seamlessly reconstruct a document's origin, creation and development at any time. This includes not only the content itself, but also metadata such as the time of creation, the person responsible, versioning and logs of access and changes. An audit-proof archiving system must automatically capture this information and keep it permanently available. This is the only way to prove that a document is authentic and correct when needed – for example, in the context of tax or internal audits. Therefore, systems for tamper-proof archiving must provide transparent documentation and audit functions that are comprehensible to auditors and internal compliance officers alike.
Finally, long-term availability plays a central role. Documents must remain readable, retrievable and interpretable for the entire legal retention period – usually six to ten years, but in some cases significantly longer. This requires that both the data format and the archiving infrastructure be maintained and updated over the long term. Formats should be standardised, open and documented (e.g. PDF/A) so that access remains possible even in the event of technological change. In addition, it must be ensured that archived information is regularly checked, migrated if necessary and checked for consistency – for example, as part of a digital preservation concept. Only in this way can a company ensure that archived documents are not only available but can also be used when they are needed.
With ArchiveKeeper, companies have a central platform that meets all the requirements for tamper-proof archiving – and does so with maximum efficiency and security. Documents are stored centrally, encrypted and supplemented by integrated automatic versioning. This means that changes to documents are seamlessly logged. This means that the entire document history remains traceable without compromising the integrity of the original documents. Another advantage of ArchiveKeeper is the role-based access control. Through clearly defined rights, companies can ensure that only authorised persons can access sensitive information. In addition, ArchiveKeeper supports digital signatures, which ensures the authenticity of documents.
A central aspect of revision security in ArchiveKeeper is the use of modern cryptography. By means of hashing, digital fingerprints are created for each document, making any manipulation immediately recognisable. To verify the state of the archived data at a specific point in time, ArchiveKeeper integrates an external trust service provider (TSP). This adds time stamps that document the authenticity and immutability of the documents. Regular timestamping runs ensure that not only individual documents, but the entire archive remains audit-proof. This continuous protection is an essential component for meeting the high long-term requirements for electronic archiving procedures.
ArchiveKeeper has been audited and certified by independent auditors in accordance with the strictest auditing standards, including IDW PS 880, KFS/DV 1, IDW RS FAIT 1 and IDW RS FAIT 3. These certifications prove that, when used properly, ArchiveKeeper fully meets legal and regulatory requirements. Companies can therefore be confident that their archiving solution meets the highest standards.
Audit-proof archiving is more than just a legal requirement – it is a crucial factor for digital trustworthiness and for securing business processes. With ArchiveKeeper, companies receive a solution that not only fulfils all legal requirements, but also impresses with its modern technology and user-friendly functions. By combining encryption, versioning, digital signatures and external timestamp services, ArchiveKeeper offers a comprehensive package for secure and audit-compliant archiving.