Literary Warrant for Functional Requirement #2b
This requirement derives from the law, customs, standards and
professional best practices accepted by society and codified in the literature of different professions concerned with records and
recordkeeping. The warrant is as follows:
Citation Statements on Auditing Standards 55. Consideration of the Internal Control Structure in Financial
Extract The control environment represents the collective effect of various factors on establishing,
enhancing, or mitigating the effectiveness of specific policies and procedures. Such factors include the
following ... Methods of assigning authority and responsibility.
Citation 36 CFR PART 1234 -- Electronic Records Management. Subpart B -- Program
Extract The head of each Federal agency shall ensure that the management of electronic records
incorporates the following elements: (a) Assigning responsibility to develop and implement an
agencywide program for the management of all records created, received, maintained, used, or stored on
Citation Ian B. Gilhooley Information Systems Management, Control and Audit (Altamonte Springs, Fla.:
The Institute of Internal Auditors 1991)
Extract * Ensure that the roles and responsibilities of the personnel involved in data management are
defined and incorporated into the developement, maintenance and operation of theorganization's
Citation "Guideline for the Analysis of Local Area Network Security" Category: Computer Security;
Subcategory: Risk Analysis and Contingency Planning. Federal Information Processing Standards
Publication 191 (U.S. Department of Commerce/Technology Administration and National Institute of
Standards and Technology, 9 November 1994)
Extract GP1. Every personal computer should have an "owner" or "system manager" who is responsible
for the maintenance and security of the computer, and for following all policies and procedures
associated with the use of the computer. The primary user of the computer may fill this role. These
users should be trained and given guidance so that they can adequately follow all policies and
Citation "`GOSIP' Government Open Systems Interconnection Profile" `NVLAP' National Voluntary
Laboratory Accreditation Program (U.S. Department of Commerce/Technology Administration and
National Institute of Standards and Technology, NIST Handbook 150-12)
Extract The laboratory shall maintain a list of personnel designated to fulfill NVLAP requirements
including: laboratory director, Authorized Representative, Approved Signatories, and key technical
persons in the laboratory. The laboratory must assign a staff member who has overall responsibility for
the quality system and the quality manual.
Citation Performance Guideline for the Legal Acceptance of Records Produced by Information Technology
Systems: "Part I: Performance Guideline for Admissibility of Records Produced by Information
Technology Systems as Evidence;" Technical Report AIIM TR31-1992; Association for Information
and Image Management.
Extract (b) Accuracy Records produced by methods to ensure or enhance accuracy will be more readily
admissible in evidence. This may include systematic quality control and audit procedures, as well as
operational oversight by somebody with detailed knowledge of the process or system used to produce
Citation Miller GAAS Guide. 1994.
Extract The entity enhances the control environment if appropriate attention is given to methods of
assigning authority and responsibility within the entity.
Citation Bradgate, R. Evidential Issues of EDI. In: EDI & the Law. 1989.
Extract The court must be satisfied that these conditions are fulfilled, either by oral evidence or by a
certificate signed by a person occupying "a responsible position in relation to the management of the
activities for the purposes of which the computer was used" at the time the document was produced (not
at the time the information was recorded). As with sections 2 and 4 [of England's Civil Evidence Act
of 1968], a litigant wishing to rely on s.5 must serve notice of his intention on all other parties to the
litigation, identifying persons occupying a "responsible position" ...
Citation Johnson, P.L. ISO 9000: meeting the new international standards. 1993.
Extract Management Responsibility: ISO 9001, 4.1; ISO 9004-2, 5.2. Checklist of requirements. *
Management designates a representative with authority and responsibility for implementing and
maintaining the requirements of the standard.
Citation 41 CFR Sec. 201 - 9.103 Procedures.
Extract Each Federal agency shall take the following actions to establish and maintain the agency's records
management program: (a) Assign specific responsibility for the development and implementation of
agencywide records management programs to an office of the agency and to a qualified records
Citation Federal Rules of Evidence Article VIII. Historical Notes and Commentary Notes to Rule 803
Extract The Uniform Act, however, abolished the common law requirement in express terms, providing
that the requisite foundation testimony might be furnished by "the custodian or other qualified