Federal Ordinance on Company Accounts (GeBüV)
If the company accounts are managed and stored electronically or in a comparable form and the accounting records are compiled and stored electronically or in a comparable form, then the principles of proper data processing must be adhered to.
Source: Swiss Federal Tax Administration
The Federal Ordinance on Company Accounts (GeBüV) regulates in detail the principles for keeping records in accordance with the law as well as the permitted information carriers.
The company accounts, accounting records, and business correspondence must be stored such that they can be viewed and inspected by an authorized person within a reasonable timeframe until the end of the storage period (they must be available and it must be possible to make them available to read). Insofar as required for viewing and inspecting the documents, the appropriate staff and devices or tools must be kept available.
The information must be systematically inventoried and protected from unauthorized access. Each time the information is accessed, this must be recorded. These records are subject to the same storage obligation as data carriers. Archiving must follow a specific system that can be chosen at the company’s discretion. For example, records may be organized by date, person, business area, or subject matter.
Responsibility for the archived information must be clearly regulated and documented. It must be possible to access archived data within a useful period of time. Ideally, operating procedures should be produced to document the technical processes, organization, and responsibilities for storing the documents. The written specification should ensure that the records procedure is carried out in accordance with plans, and that the data can be quickly found later on.
d) Permitted information media
The GeBüV describes the permitted information carriers. According to the GeBüV, information carriers permitted for storing documents include non-modifiable information carriers such as paper, image carriers, and non-modifiable data carriers, and also modifiable information carriers, provided that:
- Technical procedures are in place to ensure the integrity of the stored information (e.g. digital signature procedures);
- The time that information was stored can be verified and this cannot be falsified (e.g. by means of a time stamp);
- Further provisions on the use of the relevant technical procedures in force at the time that information was stored are observed; and
- The processes and procedures for their use are defined and documented, and the corresponding supporting information (such as protocols and log files) is also stored.
Information carriers are considered modifiable if the information stored on them can be changed or deleted without this change or deletion being traceable on the data carrier (such as magnetic tapes, magnetic or magneto-optical disks, hard disks or removable disks, solid-state storage).
e) Integrity (being authentic and non-modifiable)
Integrity, or being authentic and non-modifiable, means that the company accounts, accounting records, and business correspondence must be stored such that they cannot be changed without such changes being visible.