Electronic Records Controls: Records Retained by Computer Storage

When e-records are retained in computer storage, the security-related procedures describe the access controls to the e-records that are retained throughout the retention period.†

The risk assessment for data servers, or any infrastructure that retains e-records, identifies potential hazards and vulnerabilities. In the context of e-records that are retained by computer storage (e.g., e-records in data servers), such hazards may result in threats to the integrity of the e-records, including modification and/or accidental destruction of the e-records without having proper authorization from the e-records owner(s).