The KRM certificate – one more proof value
The KRM GeBüV Certificate provides information that a product in the described and documented configuration fulfills the requirements of the Business Records Ordinance (GeBüV). It must be implemented as documented in the configuration sheet. The manufacturer or integrator ensures that this is done exactly as specified. For this reason, during the test, the implementation parameters and options are closely examined and HOW the configuration must be set up and implemented is checked. For this reason, many of the products tested are adapted during testing to meet the stringent requirements of the GeBüV.
This means that the customer can expect to receive a compliant solution after proper installation. An additional check is unnecessary or is reduced to checking the correct configuration.
Certificates from other testing companies at most provide information that a product can be set up in compliance with GeBüV:
“By means of the “DOC” software solution, the requirements for compliance with audit security can be met in accordance with the test criteria for document management solutions ….. fulfill.”
The basic functionalities are tested, but not operational aspects or implementation issues. The main difference is that no statements about the configuration be made. The customer thus contains a product that can be made compliant by the integrator. This means that the customer has to commission a test once again in any case if he wants to be sure that conformity is guaranteed.
In addition, all foreign examiners do not take into account the CH specific GeBüV requirements (as well as the related doctrine and practice) because they do not know them. In addition, the term “audit-proof” is used again and again, a term that does not occur in Swiss jargon and has no legal meaning whatsoever.
The KRM certificate – one more proof value
The table below shows how the certificates described above differ:
| Prüfinhalte | GeBüV Zertifikat | Fremdzertifikate | Anmerkung |
|---|---|---|---|
| Integritätsschutz | Praktisch | Theoretisch | Praktisch = in Testumgebung |
| Speicheranbindung | Praktisch | Theoretisch | Theoretisch = gemäss Dokumentation |
| Protokollierung und Audit Trail | VOLL | BASIC | BASIC = minimale Grundfunktionalität |
| Rechteverwaltung | VOLL | BASIC | |
| Suchen & Finden | VOLL | BASIC | |
| Produkt Setup und Konfiguration nach GeBüV (Konfigurationsbeschreibung) | ✔ | ❌ | |
| Legal Hold | ✔ | ❌ | |
| Migrationsfähigkeit | ✔ | ❌ | |
| Produktbetrieb | ✔ | ❌ | |
| Self Contained Archive | ✔ | ❌ | |
| Suchen & Finden Spezialfunktionen | ✔ | ❌ | |
| Lifecycle Management & Trigger Mechanismus nach GeBüV | ✔ | ❌ | |
| Zeitstempel | ✔ | ❌ | |
| GeBüV Unvervänderbarkeitsanforderungen nach Art. 9 | ✔ | ❌ | |
| Softwareentwicklung | ✔ | ❌ | |
| CH Lehre und Praxis | ✔ | ❌ | |
| Elektronische Signatur | ✔ | ✔ | |
| Dokumentation | ✔ | ✔ | |
| Löschung / Kassation | ✔ | ✔ | |
| Metadaten-Management | ✔ | ✔ |
CONTACT NOW
Call: +41 44 888 10 11
or by mail to digitalkonform@krm.swiss