Documentation and evidence storage
Documentation and evidence is captured for requests, claims and activities.
This control is underpinned by:
- The National Archives of Australia’s Information Management Standards
- The Protective Security Policy Framework.
Some examples of this type of countermeasure include:
- All claim forms are stored on the system.
- All evidence for a claim is scanned and uploaded to the system.
- Decisions must be documented on the system before the activity can be processed.
- All procurement decisions and documentation is kept on file.
Purpose of this countermeasure
A lack of documentation and evidence can make it difficult to detect, analyse, investigate and disrupt fraudulent activity.
The Commonwealth Director of Public Prosecutions may also reject a Brief of Evidence if you have not captured sufficient evidence to prove an offence.
Under the Criminal Code Act 1995, the prosecution bears a legal burden of proving every element of an offence relevant to the guilt of the person charged. Furthermore, the offence must be proven beyond reasonable doubt.
This type of countermeasure is supported by:
- Managerial, independent or expert oversight
- Procedural instructions or guidance
- A specific form, process or system must be used
- Evidence must be provided to confirm identity
- Identity is authenticated for each interaction
- Mandatory information is required to complete the request or claim
- Data protected from manipulation or misuse
- Audit logging
How do I know if my countermeasures are effective?
You can apply the following methods to measure the effectiveness of these types of countermeasures:
- Confirm documentation and evidence is captured and stored in compliance with the National Archives of Australia’s Information Management Standards. In particular:
- Principle 4: Business information is suitably stored and preserved
- Principle 7: Business information is saved in systems where it can be appropriately managed
- Principle 8: Business information is available for use and reuse.
- Consult with investigators about evidentiary requirements.
- Confirm that sufficient documentation and evidence is captured to support an investigation.
- Check the method of storage. Is it automatic and reliable?
- If processes are manual, are staff instructions clearly documented and followed?
- Confirm that documentation or evidence is stored securely. Test this if required.
- Confirm that documentation or evidence is available to investigators.
- Review who has access to documentation and evidence.
- Check if documentation or evidence can be altered. If so, is an original retained?
- Confirm that audit logging applies to all access/updates to documentation and evidence.
- Confirm that documentation or evidence is retained as per the relevant Records Authority.
- Confirm that you can access evidence held by another party, e.g. using coercive powers.