Generally speaking, "audit-proof archiving" means that archived data is protected against subsequent changes. It is therefore about protection against manipulation. The legal framework for an audit-proof archive is provided by the GoBD or the Kassensicherungsverordnung - in short KassenSichV - before. In the guidelines, the authorities point out that the information must not only be protected from modification. It must also be archived in a traceable, retrievable and unchangeable manner.
How can auditability be ensured?
Audit-proof archiving refers to the verifiability of the procedure used. Verified is:
- the user organization
- the safe operation and process
- the proper use
- proof of procedural documentation
You can find detailed information about the requirements HERE.
So what does this mean for POS data? Legislation prescribes the audit-proof archiving of Cash register datai.e. from receipts and cash register reports. Retailers must be able to provide this data with an identifier on a daily basis, with totals and in an analyzable form! In technical terms, this means that electronic cash registers must be upgraded with a Technical Security Device (TSE) and a Archiving solution needed.
The TSE provides each business transaction with a signature and generates a so-called TAR file. Retailers can purchase a TSE as a hardware or cloud solution. The POS data is also transferred to the POS system of the respective provider and ultimately end up in SAP modules such as SAP CAR, BW, FI CO etc. Depending on the structure of the ERP system, the archive is available physically or via the cloud.
GoBD /KassenSichV stipulate that Z1, Z2 and Z3 access to POS data must be guaranteed. Z1 and Z2 refer to access in that an auditor of the financial authorities is shown the data in the system or is allowed to retrieve it himself. Z3 refers to the transfer of data, e.g. on a USB stick. This means that not only audit-proof archiving, but also data retrieval must be ensured at the same time. There are also specifications for this data format: DSFinV-K. The DSFinV-K export enables auditors to carry out a standardized evaluation with tools such as IDEA.
In addition to the technical requirements, there must be process documentation that makes it possible to trace exactly where and how the POS data moves in the system. The path from the receipt to the FI document and vice versa must be clearly visible through this document!
By the way: The regulations of the KassenSichV also fall public administrations and Disposer!
EN 
DE