Hi Penny, I assume you are talking about Canadian law, right? I spent some time in Canada deploying ERM projects, and encountered this issue regularly.

1. Review some of the laws and guidelines, start here. http://goo.gl/FqNpD
2. Make sure you have the proper access controls on users, define who can delete and remove content, and have consistent filing structures and metadata. These controls are all important, and will support your records management plan.
3. Make sure you have a thorough audit trail in place that tracks all documents and user access
4. Store documents in non-alterable file formats, such as TIFF or PDF for the image itself.
5. The main challenges you will encounter will be around your staff and process. Train, train, train!!! That will solve most problems before they start. For the process, some people will want to hang onto the paper, but assuming you have the right controls in place, the law is totally on your side.

If you need additional support, you can contact me at dan@lincware.com .

The rules may also be dependant upon what content type you're looking at. I've no insurance industry experience so take my comment for what it's worth.

Hi Penny,

You'll want to get hold of the document from the Canadian General Standards Board (CGSB) Standard “Electronic Records as Documentary Evidence” (CAN/CGSB-72.34-2005). This is core to defining your records management system, and pulls together all the major standards and legislation that allows you to manage records electronically (images and original electronic documents). It places great emphasis on procedures (through the definition of a procedures manual for your organization) and a means to demonstrate those procedures are in place and operate correctly (through audit).

In general, you'll need to involve your Chief Compliance Office and corporate counsel early in the process.

I ran a project for a financial services firm in Vancouver last year, so I have a bunch of other background information that I may be able to assist you with. Please feel free to contact me directly: phil.ayres [at] consected.com

Good luck,
Phil

Images of documents included into PDF A formats would be the most secure. AIIM can provide you with information you need regarding this ISO/ANSI/AIIM standard but this is a format now supported by most ... but not all ... image capture and processing solutions. Under standards recently developed for the annuity industry (in which John Hancock along with approximately 140 other major insurance and financial service companies participated), PDF A is the standard for records management of legal records of the transaction. You should be advised that ISO PDF (not to be confused with the proprietary Adobe PDF product) is the only formal standard for document formats. TIFF is not a standard however it is commonly found in legacy records. Unfortunately TIFF is not a secure format and can be demonstrated to be easily modifiable.

Hi Dan - do you happen to have a reference for the laws and guidelines for the U.S?