(a) The Guidelines for the Management of Electronic
Transactions and Signed Records shall describe
(1) Electronic transactions and signed records, including:
(A) Electronic records;
(B) Electronic signatures; and
(C) Trustworthy records;
(2) Risks pertaining to electronic transactions and
signed records: including
(A) Common types of risks;
(B) Assessments of risk;
(C) Cost-benefit analysis; and
(D) Risk mitigation and security relating to electronic
records and signatures; and
(3) Records management issues, including:
(A) Records life cycle and system development life
cycle;
(B) Preserving trustworthy records;
(C) Records managers and auditors; and
(D) Other records management issues.
(b) The Guidelines shall include the following appendices:
(1) Current electronic signature technologies;
(2) Checklist for evaluating electronic signatures;
(3) Technical considerations of various electronic
signature alternatives; and
(4) Comments on the International Organization for
Standardization nonrepudiation model.
|