The information system made available by the Commission shall be designed to protect the integrity of the documents notified and held. In particular, it shall:

1. (a)

   allow each user to be unequivocally identified and shall incorporate effective control measures of access rights in order to protect against illegal, malicious or unauthorised access, deletion, alteration or movement of documents, files or metadata;

2. (b)

   be equipped with physical protection systems against intrusions and environmental incidents and with software protection against possible cyber-attacks;

3. (c)

   prevent any unauthorised changes and incorporate integrity mechanisms to check if a document has been altered over time;

4. (d)

   keep an audit trail for each essential stage of the procedure;

5. (e)

   safeguard stored data in an environment which is secure in both physical and software terms, in accordance with point (b);

6. (f)

   provide reliable format conversion and migration procedures in order to guarantee that documents are legible and accessible throughout the entire storage period required;

7. (g)

   have sufficiently detailed and up-to-date functional and technical documentation on the operation and characteristics of the system; that documentation shall be accessible at all times to the organisational entities responsible for the functional and/or technical specifications.