Triggered by the lockdown imposed on our society due to the Covid-19 pandemic, onsite activities like even the secretarial audit, with a higher sanctity, have moved online. Secretarial Auditors, given their statutory position, need to examine and verify original secretarial records. Given the shift from onsite audit to online audit, what meets the criteria of ‘original’ secretarial records in the digital world? and how is it authenticated and secured?
We have listed down five simple questions that enables you to assess the authenticity and security of your secretarial records. Higher the number of affirmative answers, more authentic and secure is your secretarial records.
Ready to answer the questions?
- Do you share or send your secretarial records?
Secretarial records can be sent to the Auditor as an email attachment or the location where the secretarial records are stored can be shared with the auditor. Where secretarial records are sent as email attachments, there is no certainty that the records sent is the final version; however where the location of secretarial records is shared with the auditor, as one other user, like it is done with Directors, mismatch in versions is less likely.
- Are the secretarial records digitally signed?
In the traditional world, secretarial records are signed manually, and the original copy refers to the documents manually signed. However, in the digital world, documents signed digitally using class 2 or class 3 digital signature tokens are considered equivalent to the original.
- Are there controls enforced for accessing your secretarial records?
Corporate law for listed companies and business prudence demands maintaining confidentiality of secretarial records as they contain business plans, key financial information and sensitive corporate information. In its traditional mode, sharing of secretarial records is done in closed room and only to select audit staff thereby ensuring confidentiality. In the online mode, it is important to ensure the same level of confidentiality is maintained by enforcing access controls in the form of enforcing a minimum password strength and multi-factor authentication s that only the authorized individuals have access to these records, in view only mode, i.e without the right to modify the document.
- Are the access logs maintained for your secretarial records that are shared?
Like justice, security should not only be there, but also be visible for all to see. Moving to online sharing of secretarial records, availability of access logs of who accessed the records and at what time should not only be recorded and available, but the users should know that it is being recorded and available for scrutiny.
- Are the digital records which are shared capable of capturing the identity of the individual forwarding, printing or otherwise transmitting the document to others?
Digital records can be copied, forwarded or printed in seconds if not minutes. Hence confidentiality of digital records is ensured, when the identity, often the email id of the transmitter is watermarked in the documents transmitted by them.