WARRANT

Literary Warrant for Functional Requirement #2b

This requirement derives from the law, customs, standards and professional best practices accepted by society and codified in the literature of different professions concerned with records and recordkeeping. The warrant is as follows:

Citation Statements on Auditing Standards 55. Consideration of the Internal Control Structure in Financial Statement Audit
Pages 09
Extract The control environment represents the collective effect of various factors on establishing, enhancing, or mitigating the effectiveness of specific policies and procedures. Such factors include the following ... Methods of assigning authority and responsibility.

Citation 36 CFR PART 1234 -- Electronic Records Management. Subpart B -- Program Requirements
Pages 1234.10
Extract The head of each Federal agency shall ensure that the management of electronic records incorporates the following elements: (a) Assigning responsibility to develop and implement an agencywide program for the management of all records created, received, maintained, used, or stored on electronic media

Citation Ian B. Gilhooley Information Systems Management, Control and Audit (Altamonte Springs, Fla.: The Institute of Internal Auditors 1991)
Pages 346
Extract * Ensure that the roles and responsibilities of the personnel involved in data management are defined and incorporated into the developement, maintenance and operation of theorganization's application systems.

Citation "Guideline for the Analysis of Local Area Network Security" Category: Computer Security; Subcategory: Risk Analysis and Contingency Planning. Federal Information Processing Standards Publication 191 (U.S. Department of Commerce/Technology Administration and National Institute of Standards and Technology, 9 November 1994)
Pages 42
Extract GP1. Every personal computer should have an "owner" or "system manager" who is responsible for the maintenance and security of the computer, and for following all policies and procedures associated with the use of the computer. The primary user of the computer may fill this role. These users should be trained and given guidance so that they can adequately follow all policies and procedures.

Citation "`GOSIP' Government Open Systems Interconnection Profile" `NVLAP' National Voluntary Laboratory Accreditation Program (U.S. Department of Commerce/Technology Administration and National Institute of Standards and Technology, NIST Handbook 150-12)
Pages 8
Extract The laboratory shall maintain a list of personnel designated to fulfill NVLAP requirements including: laboratory director, Authorized Representative, Approved Signatories, and key technical persons in the laboratory. The laboratory must assign a staff member who has overall responsibility for the quality system and the quality manual.

Citation Performance Guideline for the Legal Acceptance of Records Produced by Information Technology Systems: "Part I: Performance Guideline for Admissibility of Records Produced by Information Technology Systems as Evidence;" Technical Report AIIM TR31-1992; Association for Information and Image Management.
Pages 10-11
Extract (b) Accuracy Records produced by methods to ensure or enhance accuracy will be more readily admissible in evidence. This may include systematic quality control and audit procedures, as well as operational oversight by somebody with detailed knowledge of the process or system used to produce the records.

Citation Miller GAAS Guide. 1994.
Pages 7.14
Extract The entity enhances the control environment if appropriate attention is given to methods of assigning authority and responsibility within the entity.

Citation Bradgate, R. Evidential Issues of EDI. In: EDI & the Law. 1989.
Pages 17
Extract The court must be satisfied that these conditions are fulfilled, either by oral evidence or by a certificate signed by a person occupying "a responsible position in relation to the management of the activities for the purposes of which the computer was used" at the time the document was produced (not at the time the information was recorded). As with sections 2 and 4 [of England's Civil Evidence Act of 1968], a litigant wishing to rely on s.5 must serve notice of his intention on all other parties to the litigation, identifying persons occupying a "responsible position" ...

Citation Johnson, P.L. ISO 9000: meeting the new international standards. 1993.
Pages 46
Extract Management Responsibility: ISO 9001, 4.1; ISO 9004-2, 5.2. Checklist of requirements. * Management designates a representative with authority and responsibility for implementing and maintaining the requirements of the standard.

Citation 41 CFR Sec. 201 - 9.103 Procedures.
Extract Each Federal agency shall take the following actions to establish and maintain the agency's records management program: (a) Assign specific responsibility for the development and implementation of agencywide records management programs to an office of the agency and to a qualified records manager.

Citation Federal Rules of Evidence Article VIII. Historical Notes and Commentary Notes to Rule 803
Extract The Uniform Act, however, abolished the common law requirement in express terms, providing that the requisite foundation testimony might be furnished by "the custodian or other qualified witness."