We have updated our pricing. Nothing has changed for private customers. Brand new: fileee Business

Audit-proof archiving

As part of the GoBD, audit-proof storage describes the storage of digital data in terms of correctness, completeness, security, availability, traceability, immutability and access protection.

Definition of the GoBD

The abbreviation GoBD stands for: Principles for the proper keeping and storage of books, records and documents in electronic form and for data access. These principles, issued by the German Federal Ministry of Finance (BMF), contain criteria and guidelines that companies must fulfill when using electronic accounting.
Revision security briefly explained:

The 6 requirements for audit-proof archiving and storage

As part of the GoBD, audit-proof storage describes the storage of digital data in terms of correctness, completeness, security, availability, traceability, immutability and access protection. These are to be understood as central requirements for audit security and are recorded in chapter three under "General requirements" of the GoBD guidelines.

In addition, these requirements must be met for the entire duration of the retention periods specified in Section 147 (3) of the German Fiscal Code (AO) of 6 or 10 years (to be found under Chapter 3, Point 27 of the GoBD Guidelines). What do these requirements look like? We explain briefly:

1. traceability and verifiability

GoBD chapter 3.1: Each document must be stored in such a way that it is clear at what time and by whom it was stored. Every change to this document must be logged and thus be traceable and verifiable.

For this purpose, fileee provides a history. Each document and also all messages and fileee Spaces have a chronological history as a log.

2. completeness

GoBD Chapter 3.2.1: All documents must be filed without gaps. In order to fulfill retention obligations, documents that are relevant under tax law must be recorded in full. In addition, the same business transaction may not be recorded more than once. In this context, it is also important that you or your company not only ensure the technical part of compliance, but also the organizational aspect: "The complete and gapless recording and reproduction of all business transactions must be ensured for data processing systems through an interaction of technical (including programmed) and organizational controls (e.g. recording controls, page 12 plausibility checks for data entries (...))".

So you "only" have to make sure that you store all your business transactions in fileee. This way you can easily import documents from business emails directly. You can find more import options here.

3. correctness

GoBD chapter 3.2.2: A central requirement is the accuracy of the data. Therefore, the original and the digital document must have a certain degree of correspondence. The digital document must be as close as possible to the original and must not, for example, contain any artifacts or image distortions that would make part of it illegible. Therefore, when scanning or transmitting, make sure that the documents are legible.

When you scan your documents with the fileee app, you can adjust the result of the scan before you file your document. With the new image enhancement, there's usually little you need to adjust yourself. Changes of this type do not need to be logged to be considered audit-proof. It is only important that the original and the digital document match as closely as possible. For the storage of paper documents, you can use the fileeeBox.

4. timely posting and records

GoBD chapter 3.2.3: All incoming documents must find their way into the digital filing system as quickly as possible, i.e. they must be recorded "as soon as possible after they are created" (point 46). For example, a period of 10 days for "non-cash business transactions" is unobjectionable, whereas "cash receipts and cash disbursements must be recorded daily in accordance with Section 146 (1) Sentence 2 AO" (Item 48).

The various import options of fileee are also suitable for this purpose, in order to comply with the timely recording. In addition, all input channels can be scanned as quickly as possible.

5th order

GoBD chapter 3.2.4: This stipulates that documents and records must not be filed "haphazardly". There must be a recognizable structure that is clear, unambiguous and also comprehensible. It is therefore advisable to transfer as much information as possible to the digital archive. It is also important that, in addition to compliance with the retention periods, there is also a corresponding reference to these periods.

Recognizable structures and the associated order can be created in fileee using tags and fileee Spaces. In contrast to a classic filing system, this type of storage does not require duplicate filing. Likewise, the retention period can be mapped directly through the audit-proof storage in fileee and the automatic deletion date as a function:
Functionality of audit-proof storage in the DMS.

6. immutability

GoBD chapter 3.2.5: A document should be unchangeable through audit-proof storage. This is an essential requirement of the GoBD. Documents must be secured in such a way that subsequent modification or manipulation of the document can be ruled out. Documents may be transferred to new versions, but these changes must be documented and the original information must still be retained.

In fileee, you can download the original file at any time via the history and thus always prove in which form the document was uploaded. In addition, further versioning of documents is not necessary for compliance with GOBD requirements in fileee, since currently no changes can be made "in the document itself" or on its pages (e.g. stamps or texts can be placed on the document). As soon as you activate the function "Revision-safe storage" for a document in fileee, the document can no longer be edited. Pages can neither be edited nor deleted.

With fileee Business as a DMS, we have taken all these points into account for audit-proof archiving. Thus, when used properly with regard to the GoBD guidelines, this enables audit-proof storage in your company as well.
Any questions?

Revision security - Frequently asked questions

What is revision security?
"Revision" means "alteration", "correction" or also "revision" and is understood in connection with "security", i.e. protection against it, in such a way that something is protected from change in this sense. In the context of documents, this term is used both in the technical and organizational area in the context of the electronic storage of data. The GoBD regulates the requirements for audit-proof storage.
What does GoBD mean?
The GoBD are the "Principles for the proper keeping and storage of books, records and documents in electronic form and for data access" and were rewritten and defined by the German Federal Ministry of Finance on November 28, 2019. These principles regulate the requirements to be met by digitally mapped processes from the perspective of the tax authorities.
What is the difference between GoBD and audit security?
The GoBD is the set of rules with the requirements for audit-proof storage and how audit security is given. Audit security is therefore a part of the GoBD and whoever acts in conformity with the GoBD, acts audit secure at the same time. The GoBD regulates beyond that for example the "data security" under the point 103 in chapter 7: The taxpayer has to protect its DV-system (...) against unauthorized inputs and changes (e.g. by access and access controls)". (from: https: //
To whom does audit-proof filing apply?
Audit-proof filing applies to all companies, self-employed persons and freelancers without exception. All documents that must be kept must be archived in an audit-proof manner in accordance with the GoBD guidelines. The GoBD are aimed at income from profits. Thus, all persons are affected who generate profit income in any form and depict their business processes in digital form. (See also Chapter 1.5, point 10 from
What must be stored in an audit-proof manner?
Tax-relevant documents such as business books and records, receipts, incoming and outgoing invoices, e-mails with business-relevant information, commercial and business letters, inventories and annual financial statements must be stored in an audit-proof manner. The respective retention period of 6 or 10 years must be observed here.
When is a DMS audit-proof?
A DMS is audit-proof if the above-mentioned GoBD requirements are present. The GoBD checklist from Bitkom breaks these down again directly for document management systems and explains the various points in connection with implementation.

All-round security and GoBD compliance through audit-proof storage with fileee

Start now with fileee Business
DSGVO Compliant
Developed and hosted in Germany
Secure SSL encrypted
© 2024 fileee. All Rights Reserved.
DSGVO Compliant
Developed and hosted in Germany
© 2024 fileee. All Rights Reserved.