The importance of traceable records

Issue 8 2021 Editor's Choice, Security Services & Risk Management

The topic of traceable records is very important to me. Perhaps it is because of a specific incident; I was the victim of fraud when a page with my signature for a specific document was used with a totally different document. I was able to prove that the document was not authentic and that my signature was fraudulently added to a document. But I was lucky as the page with my signature basically was a ‘blank cheque’.

Since then, I am very aware of the lack of traceable records in South Africa. Referring to records, I include digital records. It is very important to realise that such records can still be printed, uploaded, changed and used for various purposes such as performance assessments, job applications and supporting evidence in criminal and disciplinary cases. Some organisations and departments are still stuck on hard copies and most probably will be for some time.

This tendency is evident even in prominent organisations and departments. On my retirement, I had to embark on securing debit orders with my bank (a major bank group) that were previously coming straight off my salary. There, I was expected to sign a document with various pages while the page with my signature had no reference to the reason for my signature. The document did not even include the total number of pages for the specific document.

This naturally raises concerns on the level of fraud and corruption in South Africa. We are creating opportunities for fraud and corruption with records, forms and contract documents that are not traceable.

A few examples

Training records are very important in terms of being traceable as these records form the foundation of the person’s career. During the various recruitment drives in my career, it was very concerning to notice the lack of information on degrees, diplomas and certificates. Are these records traceable with absolute certainty to the trainee and training intervention? Will a record be available to certify – without doubt – who the person is that completed the specific qualification? Internal training records must include traceable information. Any name changes must be supported with records as previous training will be on record with a different name.

Training manuals need to be traceable to indicate for which period the specific training manual was effective. Any references in the training manual must be traceable for easy access and to ensure use of correct references.

Official correspondence needs to reflect on each page to which document or topic all the pages relate.

It is important that official directives, such as standard operating procedures, work instructions, health and safety directives, strategic plans and policies are traceable as these are regularly used, are often updated, often referred to, or become obsolete. Working instructions need to be uniquely identified to avoid any confusion.

Attendance registers need to include the topic of the meeting as well the date and venue on all pages. Often these records are part of disciplinary cases.

Forms without references and implementation date provide a question mark whether the form is the most recent or the correct form. If a form is traceable, it is very easy to ensure the correct form is completed and the reference can be used in other documents.

A certifiable and auditable chain

Supply chain processes and financial records are critical to have traceability for auditing purposes. Signatures on financial approvals for procurement, payments, contracts and services cannot be without traceability to ensure certainty on the purpose of the signatures. It is a good practise to utilise the serial numbers of items, such as equipment, as traceable information for payments, services and repairs. The serial number of equipment has a definite trail from the manufacturer, distributor, to the end user.

With legal records such as affidavits and wills, traceability is not negotiable. I believe a book can be written on the reasons that wills become invalid.

Another area where traceability is essential is with personnel records to avoid ghost workers and workers getting paid while not at the company anymore. Medical records can be secured with the patient details on all pages for traceability.

Certified copies of original documents need to include all references as on the original documents, even if outside the contents of the document as a footnote. Such an example is some matric certificates where it is often found that the document number is not included in the certified copy.

The purpose of witnesses’ signatures on documents and certification of documents must be taken seriously and done correctly. This exercise is not even done correctly by some of our legal practitioners.

Any corrections or changes on records and documents need to be done in such a manner that the original information is readable. With digital records the trail must be available on any changes.

Signing for traceability

Signatures must include date of the signature, especially where the record has more than one signature and there is more than one document with the same reference. The sequence of signatures as well as time frames is often a dispute in disciplinary hearings and even criminal matters.

Digital signatures and watermarks are effective, but require certain information once presented as part of legal records.

It is good to see many records and documents have barcodes, however, very seldom are the barcodes used to capture the information on systems and databases. Too often the information is manually captured, which leaves room for error. The majority of items are equipped with barcodes, which should be used as an available advantage and to ensure data integrity.

The advantages of traceable records

• Records relate to the purpose of the record.

• All the pages of documents are linked to the same document.

• Signatures are linked to the specific contents and purpose.

• Performance agreements are linked to specific standards and manuals.

• Records are not easily questioned on whether applicable or not.

• Uncertainty reduced in terms of which record/document is the most recent or active.

• Fraud and corruption reduced.

• A paper trail becomes an easy exercise when requested for criminal and disciplinary cases.

It is a mindset change, but once in place, management of any process or system is much easier and traceable records are the new normal. It leaves the following questions to be answered.

• How traceable are the records at your organisation to the signatures, contents, purpose and time frames?

• Was an audit performed to determine the level of compliance?

• When was the last audit performed? Does the process followed reduce opportunities for corruption and fraud?

If more organisations, departments and companies concentrate on the basics, such as traceable records, financial and time losses can be prevented.

Sonja de Klerk.

Sonja de Klerk retired from the SAPS Forensic Science Laboratory as a Brigadier. She provides expert advice on CCTV management to secure the images as evidence. She presents training courses on CCTV Management for the images to be presented in court, forensic evidence typical to expect as part of criminal activities, how to present expert testimony in court and the importance of traceable records. Her expertise is also available for independent and confidential audits or evaluations and consultation on traceability of the records of your organisation. She can be contacted at or +27 82 778 9249.


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

FortiGuard labs reports disruptive shift of cyber threats
Editor's Choice
Threat intelligence from the second half of 2020 demonstrates an unprecedented cyber-threat landscape where cyber adversaries maximised the constantly expanding attack surface to scale threat efforts around the world. Adversaries proved to be highly adaptable, creating waves of disruptive and sophisticated attacks.

Obituary: Steven James Meyer
January 1957 - January 2022

Technews Publishing News
It is with deep sadness and shock that we announce the sudden death of SA Instrumentation & Control Editor, Steven Meyer. Steven joined Technews in October 2007 in the position of Deputy Editor. His ...

From the editor's desk: In the cyber trenches
Technews Publishing News
Hi-Tech Security Solutions is proud to launch its first Smart Cybersecurity Handbook, a publication aimed at making sense of the complex world of cyber risks.

The worst of times
Technews Publishing Editor's Choice
Cyber resilience in terms of people, processes and technology is where it’s at when it comes to prevailing in a world beset with cybercriminals.

Cyber trends for 2022
Editor's Choice
In the last six months, an organisation in South Africa was attacked on average 1737 times per week. This is more than double the global average (819) of attacks per organisation per week.

Cybersecurity for the board of directors
Editor's Choice
Bike-shedding is a common distraction in boardrooms, especially when discussing issues board members are responsible for, but don’t understand – like cybersecurity.

Cybersecurity is now a digital transformation imperative
Editor's Choice
New research from the IDC reveals cloud security is the number one priority for investment, 50 percent of South African business leaders are concerned with the consequences of security breaches.

Providing real-time visibility
Technews Publishing Editor's Choice
Comprehensive visibility is critical, but not always attainable without the support of a managed service provider dedicated to monitoring and securing your cyber environment around the clock.

Getting the basics right
Technews Publishing Editor's Choice
Cybersecurity is like any other discipline, you can’t start at the top, you need to get the basics right. Hi-Tech Security Solutions asks how to best do this.

Ransomware doesn’t take holidays
Technews Publishing Cyber Security
Cybereason has published a global study of 1200+ security professionals at organisations that have previously suffered a successful ransomware attack on a holiday or weekend, titled Organizations at risk: Ransomware attackers don’t take holidays.