What is an EAS (WORM)?
Complete Guide to Legally Compliant Electronic Archiving
In brief
EAS (Electronic Archiving System) is a solution ensuring the integrity, authenticity and durability of digital documents. WORM (Write Once Read Many) technology ensures archive immutability in compliance with ISO 14641.
EAS Definition
An EAS (Electronic Archiving System) is a software solution designed to:
- Preserve digital documents long-term
- Guarantee integrity: document hasn't been modified
- Ensure authenticity: origin is certified
- Maintain readability: document remains accessible
- Trace access: who viewed what and when
Unlike simple backup or EDM, EAS provides evidentiary value to archived documents.
The 4 Pillars of EAS
| Pillar | Meaning |
|---|---|
| Integrity | Document unmodified since archiving |
| Authenticity | Origin and author certified |
| Durability | Readability guaranteed over time |
| Traceability | Log of all operations |
WORM Technology
WORM stands for Write Once Read Many.
Principle
Once a document is written to WORM storage, it is impossible to modify or delete it before the end of its retention period.
Types of WORM
- Hardware WORM: Non-rewritable optical discs (CD-R, DVD-R, Blu-ray WORM)
- Software WORM: Logical protection preventing modification (more flexible)
- Hybrid WORM: Combination of both approaches
Benefits
- Immutability: Absolute integrity guarantee
- Compliance: Meets regulatory requirements
- Protection: Ransomware and human error resistance
- Evidence: Enhanced legal value
Use Cases
- Legal archiving (invoices, contracts)
- Evidence preservation (logs, audits)
- Financial sector (transactions)
- Healthcare sector (patient records)
ISO 14641 Standard
The ISO 14641 standard defines international requirements for legally compliant electronic archiving.
Main Requirements
- Capture: Integrity check at input (digital fingerprint)
- Storage: Medium guaranteeing integrity (WORM)
- Access: Traceability of all consultations
- Retrieval: Document identical to original
- Destruction: Controlled and traced procedure
Required Metadata
| Metadata | Description |
|---|---|
| Unique identifier | Immutable reference |
| Archive date | Certified timestamp |
| Digital fingerprint | SHA-256 hash or higher |
| Retention period | Legal retention duration |
| Source | Document origin |
Related Standards
- NF Z42-013: French national equivalent
- ISO 14721: OAIS model (Open Archival Information System)
- eIDAS: Qualified timestamp and electronic signature
Evidentiary Value
Definition
Evidentiary value is the ability of an electronic document to serve as evidence in court, with the same force as a paper original.
Legal Requirements
- The author can be identified
- The document was created under conditions guaranteeing its integrity
- The document is preserved in a manner guaranteeing its authenticity
What Provides Evidentiary Value
| Element | Role |
|---|---|
| Electronic signature | Author identity + integrity |
| Qualified timestamp | Certified date |
| WORM storage | Non-modification |
| Audit trail | Traceability |
| ISO 14641 certification | Recognized compliance |
Burden of Proof Shift
With a compliant EAS, it's up to the opposing party to prove the document was falsified (presumption of authenticity).
EAS Architecture
Components
- Capture module: Reception, validation, fingerprint calculation
- Storage module: WORM preservation, replication
- Search module: Indexing, metadata
- Access module: Authentication, authorization, logs
- Retrieval module: Export, format conversion
- Destruction module: Controlled deletion after retention
Processing Flow
- Submission: Document + metadata enter EAS
- Validation: Format check, SHA-256 calculation
- Archiving: WORM write + timestamp
- Indexing: Metadata stored for search
- Preservation: Periodic integrity monitoring
- Retrieval: Controlled access with verification
- Destruction: After legal period, traced deletion
Security
- Encryption at rest (AES-256)
- Encryption in transit (TLS 1.2+)
- RBAC access control
- Immutable logging
- Geographic replication
Retention Periods
Common Legal Retention Periods
| Document Type | Period | Jurisdiction |
|---|---|---|
| Customer/vendor invoices | 7-10 years | Most jurisdictions |
| Commercial contracts | 5-6 years after end | Contract law |
| Payroll records | 5-7 years | Labor law |
| Personnel files | 5 years after departure | Employment law |
| Tax declarations | 6-7 years | Tax law |
| Corporate documents | 10 years | Corporate law |
| Medical records | 10-30 years | Health regulations |
| Architect plans | 10-15 years | Liability period |
Best Practices
- Define a retention policy per document type
- Automate expiration alerts
- Plan a compliant destruction procedure
- Keep destruction certificates
EAS vs EDM
Comparison
| Criterion | EDM | EAS |
|---|---|---|
| Purpose | Daily management | Long-term preservation |
| Modification | Versioning allowed | Forbidden (WORM) |
| Evidentiary value | Limited | Full (ISO 14641) |
| Duration | Short/medium | Long (5-30 years) |
| Deletion | Free | Controlled after retention |
| Cost | Medium | Higher (compliance) |
Complementarity
EDM and EAS are complementary:
- Documents are created and managed in EDM
- Once validated, they are transferred to EAS for preservation
- EAS guarantees their evidentiary value during the legal period
This approach is recommended by standards and ensures complete document management.
KaliaOps and EAS
KaliaOps V2 will integrate electronic archiving features:
Planned Features
- WORM archiving: Immutable preservation of critical documents
- ISO 14641 compliance: Architecture respecting the standard
- Qualified timestamp: eIDAS TSP integration
- Retention policy: Automatic durations by type
Archivable Documents
- Contracts: Vendors, clients, maintenance
- Invoices: Incoming and outgoing
- Audit reports: CMDB, security, compliance
- ITSM logs: Incidents, changes, problems
- Signed documents: Via electronic signature
EDM Integration
- Automatic transfer to EAS after validation
- Bidirectional EDM ↔ EAS link
- Unified search
Key points
- EAS guarantees document integrity, authenticity, durability and traceability
- WORM (Write Once Read Many) prevents any modification after writing
- ISO 14641 defines requirements for legally compliant archiving internationally
- Legal retention periods range from 5 to 30 years depending on document type
- A document archived in a compliant EAS has the same value as a paper original
- WORM storage provides ransomware protection and human error resilience