Swiss electronic records management system, audit-proof DMS and eArchiving solution for organizations with high accountability standards

What are the benefits of 360 Documents

360 Documents is a highly available Swiss document management system (DMS) and an audit-proof e-Archiving solution embedded in an office suite with sophisticated records retention and document lifecycle management functionalities for organizations with high accountability standards.

360 Documents complies with ISO 15489 ("Records management") and the Swiss Business Records Ordinance ("GeBüV"), as it registers all user interactions with documents and prevents them from being deleted without leaving a trace. Part of the reason for using 360 Documents is therefore the enhanced evidential value of an organization’s records because of the way in which they can be shown to have been managed.

In terms of usability, 360 Documents enables companies and public authorities in Switzerland to extract and index extensive metadata during document capture, including through user-defined identifiers, and apply disposal schedules based on business classes.

The Swiss legal retention periods for the most important document types in Switzerland are already preconfigured in 360 Documents:

Private sector

• Accounting records: retain for 10 years from the end of the financial year in which the last entry was made
• HR records: retain for 5 - 10 years from the date of departure
• AML records: retain for 10 years (data residency Switzerland) from termination of the business relationship
• AML transactions: retain for 10 years (data residency Switzerland) from completion of the transaction

Public sector

• Medical records: retain for 20 years from the last entry in the patient file
• Education records: retain for 1 - 50 years and until all available legal remedies are exhausted
• University records: retain for 18 months - 20 years from the exam date or completion date of the curriculum

Public administration

• Civil status files: retain for 50 years
• Documents of debt collection and municipal offices: retain for 2 / 10 / 15 / 20 / 30 years
• Records of guardianship proceedings: retain for 50 years
• Records from adoption proceedings: retain for 100 years
• Social benefits records: retain for 15 years
• HR records: retain for 10 years
• Pension fund records: retain for 10 years
• Budget, annual financial statements and annual report: retain for 50 years
• Accounting and inventory: retain for 30 years
• Accounting records: retain for 10 years
• Tax records: retain for 25 years
• VAT records: retain for 10 years

The multilingual software in the Swiss public cloud provides its users with a variety of advanced search mechanisms, from literal to synonyms search to the targeted prompting of best-in-class LLMs in German, English, French and Italian.

What features should modern document management software have?

With a digital archiving software in the cloud, Swiss companies and public authorities can store their most important documents electronically without having to keep the originals. We believe that a high-performance records and document management system is the prerequisite for any serious digital transformation project in Switzerland.

Almost all employees in Swiss companies work with documents today. A good DMS or enterprise content management (ECM) software in Switzerland must therefore consider the needs of a wide range of stakeholders:

• For management, it is of key importance to maintain an overview of all information resources and to easily manage role-based access control (RBAC) using an intuitive authorization system
• For the legal department, it is essential that archived PDF files comply with legal retention requirements and can be used as evidence in Swiss courts
• For accounting and controlling, what matters is being able to logically link the supporting documents stored in the archive to commonly used accounting software
• The external auditor appreciates being able to check documents directly in the primary system at the file-producing location without having to create a special data room
• Operational staff want to be able to immediately reintegrate archived documents into daily business processes and access them in milliseconds
• And the IT department is looking for ways to transfer data to peripheral systems via APIs, ensure that documents are protected against cyberattacks, and, if necessary, migrate to another data center smoothly

360 Documents allows cross-functional digitization of business operations

• Comply with Swiss recordkeeping law: Observe recordkeeping and document retention legislation in Switzerland (here) and make sure the archive is audit proof
• Digitize the accounting, controlling and audit process in one go: electronic bookkeeping (here) retrieves daily business records at the touch of a button and the dreaded VAT audit (here) can take place remotely
• Benefit from faster retrieval times (milliseconds) compared to archives on tape drives (here) or other on-premises storage devices and relieve your staff from the associated IT overhead
• Harvest supposedly "dark data": dark data is invisible data (here) that your company processes as part of its regular business activities but fails to see or understand
• Operationalize business data across your organization with a single source of truth (SSoT): engage customers, automate business processes and foster collaboration by eliminating information silos
• Define and monitor precise access controls: grant access to individual documents, data rooms or entire markets and give permission to external stakeholders such as accountants, auditors, supervisory bodies, regulators, shareholders or investors
• Use OCR and intelligent document processing (here) to turn raw data into business insights and marvel at unexpected correlations
• Find a wide spectrum of enterprise search tools at your fingertips, from verbatim to synonyms search up to the targeted prompting of large language models (here) to summarize long PDFs or get the confidential answer to a sensitive question from several documents

Breakdown of retention obligations in Switzerland by business context

1. Accounting records

Swiss retention periods for accounting records

Every company registered in Switzerland or with a Swiss VAT number must retain the following business-relevant documents in a secure archive for a period of 10 years in an unalterable form in compliance with the Swiss Code of Obligations - CO (here) and the Swiss Ordinance on Business Records (here):

• All accounting records, accounting cards, annual reports and audit reports (Art. 958f para. 1 CO): retain for 10 years from the end of the financial year in which the last entry was made
• The share register (AG), register of beneficial owners, register of capital contributions (GmbH) or register of members (cooperative): retain for 10 years from the deletion of the company or partnership (Art. 590 para. 1, Art. 747 para. 1 CO)
• All records on which an entry therein is based (Art. 686 para. 5 CO): retain for 10 years from the deletion of the owner or usufructuary (AG), company member (GmbH) or cooperative member (Art. 686 para. 5, Art. 697l para. 3, Art. 790 para. 1, Art. 837 para. 2 CO)
• All business records expected to have evidentiary value in, or influence on, potential legal proceedings (Art. 8 CC)

After expiry of the statutory archiving period of ten years, Swiss companies - including banks - can permanently delete the respective documents and all claims expire (Art. 127 CO).

An interesting case dealing with the retention period for bank account statements heard by the Swiss Banking Ombudsman can be found under this link (here).

Definition and typology

Swiss accounting records are "all written documents on paper or in electronic or comparable form necessary to understand and reconstruct a business transaction or facts on which an accounting entry is based" (Art. 957a para. 3 CO).

Swiss accounting records include the following document types:

• Contracts
• Invoices
• Receipts
• Shipping documents such as waybills and bills of lading
• Payroll accounting: pay slips, social insurance, pension agreements
• Business correspondence (only if relevant to accounting)

In 2013, Switzerland abolished the general legal obligation to retain business correspondence.

Also, it is not required to archive public deeds and entries in public registers such as extracts from the Swiss commercial registry and inscriptions in the land registry (Art. 9 CC).

2. AML records

Definition and typology

Swiss Banks and financial institutions must retain for 10 years the following records as per Art. 74 para. 1 AMLO-FINMA (here):

• All documents used to identify the contracting partner, controlling person, BO, as well as Forms A or K
• A written note on the results of the application of the criteria for identifying business relationships with increased risks ("customer risk scoring")
• A written note or the documents containing the findings of the additional investigations into business relationships or transactions with increased risks
• The documents underlying the executed transactions
• A copy of suspicious activity reports (SARs) filed to the Money Laundering Reporting Office Switzerland (MROS)
• A list of all business relationships subject to the Swiss AML Act

While ordinary Swiss companies can retain their accounting documents (apart from the share register and its equivalents) in foreign data centres, FINMA-regulated financial institutions must store the above records and file notes "in a secure location in Switzerland that is accessible at all times" (Art. 74 para. 3 AMLO-FINMA).

It should be noted that "if the server used is not located in Switzerland, the financial intermediary must have up-to-date physical or electronic copies of the relevant documents in Switzerland" (ibid., para. 4).

3. Medical records

Definition and typology

The Swiss Medical Association FMH stipulates in its Code of Professional Conduct, which is binding for all members, under Art. 12 entitled "Duty to take and keep records" (here) that "doctors must keep adequate records about the observations made and any measures taken in the exercise of their profession. They must be kept for at least 20 years following the last entry".

In addition, in Switzerland the relationship between doctor and patient is subject to the provisions of the simple mandate as stated in the FMH Guidelines: Legal Principles in Everyday Medical Practice (here): "As a service provider, the doctor is accountable to the patient at all times (cf. Art. 400 para. 1 CO). He must keep a proper medical history. The recordkeeping duty also ensues from the FMH Code of Professional Conduct and from cantonal healthcare laws" (ibid., p. 36).

In Switzerland, the medical recordkeeping duty in the form of a patient record includes in particular:

• Documentation of the medical data and facts that are relevant to the medical treatment (BGE 141 III 363)
• Preparation of medical reports to ensure proper treatment, in particular in the case of treatment by several doctors or a transfer to another doctor
• Records to secure documentary evidence in the event of claims alleging medical malpractice made by patients
• Documents about the treatment: Diagnosis, X-rays, laboratory results, medical imagery, (electronic) prescriptions, eMediplans (here), nursing reports, surgery reports, surgery videos, outpatient hospital reports, etc.
• Correspondence with other healthcare providers
• Documented (signed) patient briefing and informed patient consent with date and content of the briefing discussion (duty to provide information in accordance with Art. 10 FMH Code of Professional Conduct, BGE 133 III 121)

Medical records may be kept electronically if it can be established at any time who made which entries and when, and unauthorized persons do not have access. Unauthorized persons are all persons such as medical practice assistants (MPA), office staff etc. who are not involved in the treatment.

Backup copies of medical records must be made continuously or at least regularly and stored in a different location protected from unauthorized access - known as offsite backups (here). The FMH generally recommends ensuring all patient data and all persons accessing medical records be located in Switzerland.

It is widely accepted that incorrect or missing entries in medical records have a negative impact on litigation and make it easier for patients to build a case.

Swiss Electronic Patient Record (EPR)

The electronic patient record (EPR) is a Swiss sharing platform for data and documents relating to physical health, to which patients can grant their doctors access (here). In its essence, the Swiss patient record is nothing other than an audit-proof archive in the cloud that can be accessed from anywhere and to which both doctors and data subjects can upload files. That said, the electronic patient file does not release doctors from their duty to keep their own medical histories.

The electronic patient dossier is ideal for storing the dated and signed living will (here) for quick access in medical emergency situations without having to go through the insurance card (Art. 370 - 373 CC).

The Swiss Ordinance on the Electronic Patient Record (here) stipulates the following retention obligations for the EPR:

• The medical data collected by healthcare professionals in the electronic patient record must be destroyed after 20 years (Art. 10 para. 1 EPRO)
• The data repositories must be located in Switzerland and be subject to Swiss law (Art. 12 para. 5 EPRO)
• Logging of access: All accesses must be logged and the data in the access log must be accessible for 10 years without being able to be deleted

Swiss retention periods for medical records

Since 2023, the statutory minimum retention period for patient files (treatment records and medical histories) has been 20 years in many Swiss cantons. This is because the new Swiss tort law provides for a prescription period of 20 years for claims arising from medical malpractice:

"Claims for damages or satisfaction arising from personal injury or death of a person in breach of contract shall prescribe after 3 years from the day on which the injured party became aware of the damage, but in any case after 20 years from the day on which the harmful conduct occurred or ceased" (Art. 60 para. 1bis, Art. 128a CO).

In practical terms, this means that under civil law, medical practitioners can now be held liable for 20 years for gross misconduct. If the patient history is no longer available or is incomplete, there is no possibility of defense or exoneration in the event of liability claims.

Simultaneously, it is required under Swiss data protection law in the area of patient data (here) that patient files no longer needed for medical or evidentiary purposes be regularly deleted (pruned).

4. HR records

Definition and typology

Swiss personnel files or human resources records are a compilation of all records relating to an employee from the time they join the organization until they leave, and usually include the following entries:

• Contact details and address
• Application documents: ID, resume, references, professional trainings, certificates, diplomas, etc.
• Results of tests taken as part of the recruitment process
• Employment contract and its annexes
• Bank details and insurance information
• Pay slips and salary statements
• Information on working hours, sick leave (medical certificates), absences, and vacation
• Ongoing training and career planning
• Performance reviews
• Information on disciplinary measures: warnings, file notes on incidents, sanctions
• Correspondence between employer and employee
• Registry extracts: criminal record extract, extract from the debt collection register, etc.

Regular review of the Swiss personnel file

Personal data in Switzerland may only be processed in accordance with the principle of proportionality and good faith (Art. 6 para. 2 FADP). Swiss human resources departments may therefore only add records to the personnel file if they (i) "concern the employee’s suitability for his job" or (ii) "are necessary for the performance of the employment contract" (Art. 328b CO).

For this reason, Swiss human resources records must be regularly reviewed and cleaned up (pruned) to ensure that they are (i) accurate (ii) up to date and (iii) necessary. Inaccurate or incomplete personal data must be corrected, and documents that are "no longer required for the purpose of processing" must be "destroyed or anonymized" (Art. 6 para. 4 and 5 FADP).

Right of information to the Swiss personnel file

Under Swiss data protection law, all employees in Switzerland have the right to inspect the contents of their personnel files, and a corresponding request for information must generally be answered free of charge within 30 days (Art. 25 FADP).

The right to know what is contained in one's employee file includes the right to gain clarity on:

• the processed personal data
• the purpose of processing
• the retention period for the personal data or, if this is not possible, the criteria for determining this period
• the available information about the source of the personal data, if it has not been collected from the employee directly
• if applicable, whether an automated individual decision has been taken and the logic behind the decision
• if applicable, the recipients or the categories of recipients to which such personal data is disclosed, including if applicable any foreign states or international bodies

Swiss retention periods for human resources records

The employer's interest in retaining employee files (usually for evidentiary purposes or to fulfil a legal obligation such as issuing a work certificate) must be balanced against the legal obligation to retain employee data only to the extent necessary and to treat it with the utmost care.

For this reason, Swiss HR files must generally be destroyed once the employment relationship has ended. And although Swiss law does not specify any explicit recordkeeping periods for personnel files, the following retention periods can be observed in Swiss human resources practice:

• HR records of rejected candidates: destroy immediately after completion of the recruitment process
• HR records related to salary claims: retain for 5 years from the claim becoming due (Art. 128a in conjunction with Art. 130 para. 1 CO)
• HR records related to the work certificate: retain for 10 years from the date of departure (Art. 330a CO)
• HR records related to accounting: retain for 10 years from the end of the financial year in which the last entry was made

The term salary claim must be interpreted very broadly and includes all claims relating to the work performed. This includes gratuities and similar payments such as bonuses or profit sharing, compensation for overtime, night work, work on Sundays (basic wage and supplements), holiday pay, holiday entitlement, and wages in the event of absence from work for reasons beyond the employee's control (continued payment of salary under Art. 324a CO).

The indefinite storage of employee data is not permitted in Switzerland.

5. Education records

Definition and typology

Swiss educational institutions are governed by cantonal legislation and hence cantonal recordkeeping provisions apply.

Education records are documents and information that are directly related to a student and that are maintained by or on behalf of an educational institution:

• Grades
• Transcripts
• Class lists
• Student course schedules
• Health records
• Student financial information
• Student discipline files

Swiss retention periods for educational records

In the following, we provide the recordkeeping requirements in the canton of Zurich (here) for primary and secondary schools ("Volksschule") and the retention policy in the canton of Berne (here) for vocational schools("Berufsfachschule"):

• Student records: retain for 10 years from completion date of school
• Copies of diplomas: retain for 15 - 20 years from completion date of curriculum
• Class lists: retain for 50 years from graduation date
• Grades and absences lists: retain for 50 years from completion date of school

6. University records

Swiss universities are governed by cantonal legislation and hence cantonal document retention laws apply. In the following, we provide the recordkeeping requirements of the University of Berne (here):

• Records used for the evaluation of examinations: retain for 18 months from exam date
• Graduate theses such as bachelor's and master's theses and other diploma papers: retain for 10 years from submission date
• Diplomas and diploma supplements: retain for 20 years from the legally binding completion date of the bachelor's or master's program, after which they must be archived in the university or cantonal archives

As a rule, examination papers of Swiss educations institutions such as written papers and records of oral examinations must be kept until all available legal remedies have been exhausted, as described, for example, in the file plan and disposal schedules of the University of Freiburg (here).

Retention triggers

In Switzerland, legal retention periods typically beginat the end of an observation period (the financial year) or the last legal transaction (for example, after liquidation of a company, termination of a mandate contract, account closure date, end of the medical treatment contract).

What is an authoritative record

According to Swiss contract law, accounting records must be retained "on paper, electronically or in a comparable manner, provided that correspondence with the underlying business transactions and circumstances is guaranteed and they can be made readable again at any time" (Art. 958f para. 3 CO).

The Swiss Business Records Ordinance is the implementing provision of Swiss contract law in the field of recordkeeping. It stipulates the principles according to which documents must be archived in Switzerland in accordance with the law:

• Integrity (authenticity and inalterability): "The accounting records must be recorded and stored in such a way that they cannot be changed without this being detectable" (Art. 3 GeBüV).
• Documentation: "Depending on the type and scope of the business, the organization, responsibilities, processes and procedures and the infrastructure (machines and programs) used to keep and store the business records must be documented in work instructions in such a way that the business records and accounting documents can be understood. Work instructions must be updated and stored in accordance with the same principles and for the same length of time as the business records themselves" (Art. 4 GeBüV).
• Availability: "Accounting records must be stored in such a way that they can be inspected and examined by an authorized person within a reasonable period of time until the end of the retention period" (Art. 6 GeBüV).
• Archival: "The information must be systematically catalogued and protected against unauthorized access. All access must be recorded. These records are subject to the same retention obligation as the data carriers themselves" (Art. 8 GeBüV).

What is the meaning of PDF/A

PDF/A means Portable Document Format (A stands for archival). In contrast to the Tag Image File Format (TIFF), PDF/A enjoys a high level of acceptance across industries. It is practically the prescribed file format for archiving - in the EU and overseas. For example, the US Supreme Court requires documents submitted electronically must be in the PDF/A format.

To quote ISO 19005 - Document management - Electronic document file format for long-term preservation (PDF/A), "PDF/A [...] provides a mechanism for representing electronic documents in a manner that preserves their visual appearance over time, independent of the tools and systems used for creating, storing or rendering the files" (here).

In essence, the PDF/A format differs from its PDF original in that it prohibits functions that are unsuitable for long-term archiving (such as audio and video content, executable files, password protection, encryption, links to external content, etc.). Ultimately, the files in an audit-proof Swiss cloud archive must be self-sufficient with all key document features such as content, fonts and color embedded.

360core uses high-throughput PDF to PDF/A-2b conformance converters in its archiving engine to convert PDF to PDF/A-2b. We perform regular PDF/A validation tests throughout the lifecycle of our archive assets.

When do emails need to be archived?

In some cases, it is necessary to archive emails with business relevance outside of Outlook (MS Exchange), for example to preserve messages from former employees, to organize (structure) correspondence on a specific subject, or to secure evidence in the context of a disposal hold or legal hold. Archiving emails prevents business correspondence from being accidentally deleted, manipulated, or modified at a later date, and ensures that it remains readily available and admissible as evidence in the event of a lawsuit.

Email archiving software simplifies legal discovery and compliance with Swiss freedom of information laws (here) or GDPR requests and eliminates the need to search multiple networks and local drives.

Archiving of websites

In 2017 the Financial Industry Regulatory Authority (FINRA) released a notice (here) stating all businesses engaged in digital communications are required to keep a record. This includes website data, social media posts, and messages.

Supported file extensions

360 Documents supports over 100 file types including familiar MS Office and Apple file extensions:

• Word & text processing: .602, .abw, .cwk, .doc, .docm, .docx, .dot, .dotm, .dotx, .fb2, .fodt, .hwp, .lrf, .mw, .odm, .odt, .oth, .otp, .otm, .ott, .pages, .pdb, .rtf, .stw, .sxg, .sxw, .txt, .wpd, .wps, .wri
• Excel & spreadsheet: .122, .csv, .dbf, .dif, .fods, .gnumeric, .numbers, .ods, .ots, .qpw, .slk, .sxc, .tsv, .wb1, .wk1, .wks, .wq1, .wq2, .xla, .xlr, .xls, .xlsb, .xlsm, .xlsx, .xltm, .xltx
• Powerpoint & presentation: .c, .cgm, .fodp, .odp, .otp, .pot, .potm, .potx, .ppsx, .ppt, .pptm, .pptx, .sti, .sxi
• Images & graphics .bmp, .cdr, .dxf, .emf, .fh, .fodg, .gif, .jpeg, .jpg, .odg, .otg, .p65, .pdf, .png, .pub, .std, .svg, .sxd, .tiff, .vsd, .vsdx, .vss, .wmf, .wpg

360 Documents automatically groups over 2,000 file extensions into 19 easy-to-remember categories: PDF, Image files, Text files, Excel & spreadsheets, Presentations, Outlook items & PIM, Video files, Audio files, CAD, ECAD, Bioinformatics, Medical imaging, Medical signals, Geodata, Coding, Databases, Websites, Security, Others

Software integrations

Software integrations allow organizations to connect 360 Documents to other applications:

• Connector to MS Outlook (here) to archive emails directly from your favourite inbox
• Connector to 360 Multibanking (here) to pay invoices directly out of the DMS and access more than 50 Swiss banks through a single login and dashboard
• Connector to 360 Signatures (here) to sign electronically with all types of Swiss digital signatures under ZertES and eIDAS
• Connector to 360 Scanning (here) to digitize large paper archives

360 Documents: Pricing

The cost model 360 Documents depends on the number of users (also called seats) and the expected file storage space:

SME

• Up to 10 seats and a total of 100 GB: CHF 300 per month
• Up to 20 seats and a total of 500 GB: CHF 600 per month
• Up to 30 seats and a total of 1 TB: CHF 1,200 per month

Corporates and public authorities

• Over 30 seats: CHF 700 annually per seat
• Over 1,000 seats: CHF 600 annually per seat
• Over 10,000 seats: CHF 500 annually per seat
• Over 25,000 seats: CHF 400 annually per seat

360 Documents is operated, maintained and continually improved by 360core and made available via the Internet through a SaaS license.