A new set of electronic record keeping standards for IT systems — which have federal government sponsorship — will be released in draft form this week. IT professionals will be invited to provide feedback before the formal introduction in July.
The IT forensic evidence standard, which applies to all enterprise systems, is detailed in a draft handbook released by Standards Australia that has been jointly funded by the Attorney General's Department and the Australian Federal Police (AFP).
IT professionals will need to assess what level of record keeping their company needs to satisfy evidentiary requirements outlined in the handbook as part of good corporate governance as it is not simply about a forensic standard but designing record keeping capabilities into processes and systems.
Recognising that company regulations today require 'reasonable care' is taken to protect the company, particularly from litigation, the handbook has been developed with the support of the Australian Securities and Investment Commission and the Australian Prudential Regulation Authority.
Handbook author and forensic expert Ajoy Ghosh said that, or enterprise electronic record keeping, there is little guidance currently available which provides the ability for business to defend and initiate litigation in an environment increasingly dependent on electronic information systems.
Attorney General's Department legal adviser Marcella Hawkes said the initiative came out of recommendations made by the joint government and business critical infrastructure taskforce. Federal agencies will be taking a leading role in the adoption of the handbook guidelines.
Australian Taxation Office (ATO) forensics and investigations section director, Dean Edwards, said the ATO will be introducing the guidelines, including education programs such as end user training.
Computer forensic team leader at the Australian Federal Police and chair of the International Organisation of Computer Evidence, Chris Buttner, said that, by adopting the forensic standard, Australia is way ahead of other countries including the US and Canada and is setting world's best practice.
Buttner called on Australian business to use the guidelines to fills gaps in their information systems as a total IT overhaul may not be required to meet the standard. He said the handbook will be used as a guide for specific training for police investigators.
"The guidelines ensure evidentiary benchmarks are in place allowing businesses to qualify damages critical to criminal and civil proceedings and also protect them from litigation," Buttner said.
Standards Australia IT projects manager, Brahman Thiyagalingham, said that once feedback is received from industry the draft handbook will be revised and will be available on sale in the $70 price range in July.
He said proof on whether the handbook is effective will be determined when it is eventually tested in court.