Lesson 6: Copy of Record (COR)
Checklist items 18 through 20 are grouped under the fifth and final process, the COR Process. These items represent CROMERR requirements that the system must satisfy in creating and maintaining CORs. The items address:
- What data CORs must capture;
- How access to CORs must be provided to program and enforcement staff; and
- How the CORs must be maintained.
Checklist items 18 through 20 are listed below.
18. Creation of COR
§ 3.2000(b)(1) through (2): For each legitimate submittal received, CROMERR requires the system to create a COR. The COR must be a true and correct copy of the submittal, in the sense that it must have exactly the same informational content as the submittal; otherwise, it must document any changes to this content after submittal.
The COR must include all associated signatures, the date and time of receipt, and any other information necessary to interpret the submittal.
Finally, the COR must be viewable in a human-readable format that makes the meaning of each information item clear; although it need not be maintained in this format or in the format in which the submittal was originally received.
19. Timely Availability of COR, as needed
§ 3.2000(b)(1) through (2): CROMERR requires the system to provide program and enforcement staff with timely access to the CORs and the associated documentation.
20. Maintenance of COR
CROMERR requires the system to maintain the CORs for as long as needed by program or enforcement staff. The CORs must be maintained together with any information needed to document their integrity, such as records or logs of associated signature validation processes. Finally, the CORs must be maintained in a way that protects them from alteration or deletion on a system that is electronically and physically secure.