What is an EAS (electronic archiving system)?
An EAS (electronic archiving system) is a system designed to receive, retain, manage and retrieve digital documents while maintaining guarantees of integrity, traceability and long-term preservation.
It implements rules (retention periods, rights, access, final disposition) and produces evidential elements relating to operations (logs, identifiers, controls).
The NF Z42-013 standard sets out requirements and recommendations relating to the design and operation of such systems in order to ensure the preservation and integrity of digital documents.
What is integrity in archiving?
Integrity in archiving refers to the ability to demonstrate that an archived document is identical to the one originally deposited and that no alteration has occurred (or, where a transformation is permitted, that it is controlled and traceable).
In archiving frameworks, integrity is generally supported by recalculable hash values, sealing mechanisms and, where applicable, immutable storage mechanisms.
ISO 14641 emphasises the combination of technical specifications and organisational policies to ensure, in particular, integrity and traceability throughout the retention period.
What is traceability (logs, records)?
Traceability is the ability to reconstruct, in a verifiable manner, the events that have affected a document or a batch: ingestion, control, access, export, migration, deletion, or changes to rights.
It relies on timestamped logs and records, linked to identifiers (document, file, transaction, user, role) and retained in accordance with an explicit policy.
Traceability is not merely a “history”: it must make it possible to explain the sequence of operations, identify the actors involved, and highlight the controls performed (for example, recalculation of a hash following an operation).
What is an audit trail?
An audit trail refers to the structured set of information enabling a third party (internal audit, statutory auditor, authority, court) to understand and verify what has been done.
Within an EAS, the audit trail generally consists of: logged events, applicable rules (rights, retention periods), evidence of controls (seals, hash verifications), and process documentation (ingestion, retrieval, migrations).
It differs from a simple application log by its evidential purpose: to provide a coherent view that can be relied upon and correlated with the retrieved records and metadata.
What is an evidential log?
An evidential log is a register (consolidated log) that collects significant preservation events and the associated controls: hash creation, sealing, periodic verification, access operations, export, incidents, and configuration changes affecting retention.
It is used to demonstrate continuity of preservation and to reduce blind spots (for example, proving that a hash recalculated at regular intervals continues to match the original hash).
From an evidential perspective, its value lies in the correlation between: the record, its metadata, and the events evidencing controls and the absence of alteration.
What is periodic sealing?
Periodic sealing is a scheduled operation consisting in “sealing” a state (a document, a batch, a log) at regular intervals, in order to fix that state and make any subsequent modification detectable.
Technically, it is generally based on a hash calculated over a set of data (for example, a batch of events) together with an associated evidential mechanism (signature, seal, timestamp, or a combination depending on the policy).
The objective is to provide a verifiable marker “at a given date”, which is particularly relevant where retention extends over the long term and where continuous monitoring of integrity must be demonstrated.
What is the lifecycle of an archive?
The lifecycle of an archive refers to the sequence of stages governing a record: ingestion (capture and controls), retention (storage, periodic controls, access management), changes (format migrations, infrastructure changes), followed by retrieval or final disposition (deletion, permanent archiving, anonymisation, depending on the applicable rule).
What is evidential metadata?
Evidential metadata is information associated with a record that is necessary to establish its context, traceability and verifiability: identifiers, ingestion dates, hashes, format information, event logs, retention policy, control status, and links to sealing evidence.
In an evidential retrieval, such metadata is not ancillary: it enables one to understand “what is being examined” and to verify the preservation mechanisms.
