360 Documents is a Swiss electronic records management system and audit-proof eArchiving solution for organizations with high accountability standards

What is 360 Documents

360 Documents is a highly available Swiss document management system (DMS) and an audit-proof e-Archiving solution embedded in an office suite with sophisticated records retention and document lifecycle management functionalities for organizations with high accountability standards.

360 Documents complies with ISO 15489 ("Records Management") and the Swiss Business Records Ordinance ("GeBüV"), as it registers all interactions with documents and prevents them from being deleted without leaving a trace. Part of the reason for using 360 Documents is therefore to enhance the evidential value of an organization’s records because to the way in which they can be shown to have been managed.

In terms of usability, 360 Documents enables companies and public authorities in Switzerland to extract and index extensive metadata during document capture, including through user-defined identifiers, and apply retention schedules based on business classifications.

The archiving periods for the main Swiss document types subject to legal retention are already preset in 360 Documents:

• Accounting records - 10 years
• AML records - 10 years
• AML transactions - 10 years
• HR records - 5 years
• Medical records - 20 years
• University records - 20 years

The multilingual software in the Swiss public cloud provides its users with a variety of advanced search mechanisms, from literal to synonyms search to the targeted prompting of LLMs in German, English, French and Italian.

What does digital archiving mean

With a digital archiving software in the cloud, a Swiss company can store its most important documents electronically without having to keep the originals. We believe that a high-performance records document management system is the prerequisite for any digital transformation project in Switzerland.

Yet because most of the staff in today's Swiss companies deal with documents, a good DMS or enterprise content management (ECM) must meet the needs of a variety of stakeholders:

• For Management, it is important to maintain an overview of the archived documents and to distribute access rights in an intuitive manner
• For Legal, it is important that the PDFs comply with legal retention obligations and are admissible as evidence in court proceedings
• For Accounting, on the other hand, it is critical to logically link the documents in the archive with the accounting tool
• For Audit, it is convenient if the records can be verified directly in the originating system without having to create a special data room first
• For Operations, it is important to be able to immediately reintegrate the archived documents into day-to-day business processes and access them in milliseconds
• For IT, it is crucial to pass the data to peripheral systems via APIs, to ensure that the documents are protected against cyberattacks, and to be able to easily migrate to another data center if necessary

What are the advantages of an indexed and audit-proof archive in the Swiss cloud

• Comply with Swiss recordkeeping law: Observe recordkeeping and document retention legislation in Switzerland (here) and make sure the archive is audit proof
• Digitize the accounting, controlling and audit process in one go: electronic bookkeeping (here) retrieves daily business records at the touch of a button and the dreaded VAT audit (here) can take place remotely
• Benefit from faster retrieval times (milliseconds) compared to archives on tape drives (here) or other on-premises storage devices and relieve your staff from the associated IT overhead
• Harvest supposedly "dark data": dark data is invisible data (here) that your company processes as part of its regular business activities but fails to see or understand
• Operationalize business data across your organization with a single source of truth (SSoT): engage customers, automate business processes, and foster collaboration by eliminating information silos
• Define and monitor precise access controls: grant access to individual documents, data rooms or entire markets and give permission to external stakeholders such as accountants, auditors, supervisory bodies, regulators, shareholders or investors
• Use OCR and intelligent document processing (here) to turn raw data into business insights and marvel at unexpected correlations

Find a wide spectrum of enterprise search tools at your fingertips, from verbatim to synonyms search up to the targeted prompting of large language models (here) to summarize long PDFs or get the confidential answer to a sensitive question from several documents

Swiss recordkeeping duties by industry

1. ACCOUNTING RECORDS

Every company registered in Switzerland or with a Swiss VAT number must retain the following business-relevant documents in a secure archive for a period of 10 years in an unalterable form in compliance with the CO (here) and the Swiss Ordinance on Business Records (here):

• All accounting records, accounting cards, annual reports and audit reports (Art. 958f para. 1 CO)
• The share register and the register of beneficial owners as well as all documents on which an entry therein is based (Art. 686 para. 5 CO)
• All business records expected to have evidentiary value in, or influence on, potential legal proceedings (Art. 8 CC)

According to Art. 957a para. 3 CO, Swiss accounting records are "all written documents on paper or in electronic or comparable form necessary to understand and reconstruct a business transaction or facts on which an accounting entry is based".

The following accounting records must be archived in Switzerland:

• Contracts
• Invoices
• Shipping documents such as waybills and bills of lading
• Payroll accounting (salary payments, social insurance, pension agreements)
• Business correspondence (only if relevant for accounting purposes)

In 2013, Switzerland abolished the general legal obligation to retain business correspondence.

Also, it is not required to retain in an audit-proof manner public deeds and entries in public registers such as extracts from the Swiss commercial registry and inscriptions in the land registry (Art. 9 CC).

2. AML RECORDS

Swiss Banks and financial institutions must retain for 10 years the following records as per Art. 74 para. 1 AMLO-FINMA (here):

• All documents used to identify the contracting partner, controlling person, BO, as well as Forms A or K
• A written note on the results of the application of the criteria for identifying business relationships with increased risks (customer risk scoring)
• A written note or the documents containing the findings of the additional investigations into business relationships or transactions with increased risks
• The documents underlying the executed transactions
• A copy of suspicious activity reports (SAR) filed to the Money Laundering Reporting Office Switzerland (MROS)
• A list of all business relationships subject to the Anti-Money Laundering Act

While ordinary Swiss companies can theoretically retain their accounting documents (with the exception of share registers and its equivalents) exclusively in foreign data centres, FINMA-regulated financial institutions must store the above records and file notes "in a secure location in Switzerland that is accessible at all times" (Art. 74 para. 3 AMLO-FINMA). It should be noted that "if the server used is not located in Switzerland, the financial intermediary must have up-to-date physical or electronic copies of the relevant documents in Switzerland" (Art. 74 para. 4 AMLO-FINMA).

3. MEDICAL RECORDS

The Swiss Medical Association FMH (here) stipulates in its Code of Professional Conduct, which is binding for all members, under Art. 12 entitled "Duty to take and keep records" (here) that "doctors must keep adequate records about the observations made and any measures taken in the exercise of their profession. They must be kept for at least 20 years following the last entry".

In addition, in Switzerland the relationship between doctor and patient is subject to the provisions of the simple mandate according to the FMH Guidelines: Legal Principles in Everyday Medical Practice (here): "As a service provider, the doctor is accountable to the patient at all times (Art. 400 para. 1 CO). He must keep a proper medical history. The obligation to keep records or documentation also ensues from the FMH Code of Professional Conduct and from cantonal healthcare laws" (p. 31 ibid.).

In Switzerland, the medical recordkeeping duty in the form of a patient record includes in particular:

• Documentation of the medical data and facts that are relevant to the medical treatment (BGE 141 III 363)
• Preparation of medical reports to ensure proper treatment, in particular in the case of treatment by several doctors or a transfer to another doctor
• Records to secure documentary evidence in the event of claims alleging medical malpractice made by patients
• Documents about the treatment: Diagnosis, X-rays, laboratory results, medical imagery, (electronic) prescriptions, eMediplans (here), nursing reports, surgery reports, surgery videos, outpatient hospital reports, etc.
• Correspondence with other healthcare providers
• Documented (signed) patient briefing and informed patient consent with date and content of the briefing discussion (duty to provide information in accordance with Art. 10 FMH Code of Professional Conduct, BGE 133 III 121)

Medical records may be kept electronically if it can be established at any time who made which entries and when, and unauthorized persons do not have access. Unauthorized persons are all persons such as medical practice assistants (MPA), office staff etc. who are not involved in the treatment.

Backup copies of medical records must be made continuously or at least regularly and stored in a different location protected from unauthorized access (so-called offsite backups). The FMH generally recommends ensuring all data and all persons accessing it are located in Switzerland.

It is a well established fact that incorrect or missing entries in medical records have a negative impact on legal proceedings and facilitate the patient's burden of proof.

4. HR RECORDS

Employee, HR, or personnel files are a compilation of all records relating to an staff member from hire to termination date.

In general, employment records in Switzerland contain the starting date of the employment contract, a description of the work to be performed, the length of the working week, and remuneration. However, Swiss employers are allowed to handle employee data only insofar as it (i) relates to the employee’s job suitability or (ii) is necessary for the performance of the employment contract (Art. 328b CO).

Here are the retention periods for employment records in Switzerland:

• 10 years: Accounting information such as employment contract, pay slips etc.
• 10 years: Information relating to the work certificate
• 5 years: Information related to salary claims
• 3 months: Information related to rejected applications

5. UNIVERSITY RECORDS

Swiss universities are governed by cantonal legislation and hence cantonal document retention laws apply. In the following, we provide the recordkeeping requirements of the University of Berne (here):

• Faculties must keep all records used for the evaluation of examinations for at least 18 months from the date of the exam
• Faculties must archive graduate theses such as Bachelor's theses, Master's theses and other diploma papers for at least 10 years
• Diplomas and diploma supplements must be kept for at least 20 years from the legally binding date of completion of the Bachelor's or Master's degree program. After that, they are archived in the university or state archives

What is the Swiss Electronic Patient Record (EPR)

The electronic patient record (EPR) is a Swiss sharing platform for data and documents relating to physical health, to which data subjects can grant their doctors access (here). The Swiss patient record is basically nothing other than an audit-proof archive in the cloud that can be accessed from anywhere and to which both doctors and patients can upload files. That said, the electronic patient record does not release doctors from their duty to keep their own medical histories.

The electronic patient dossier is ideal for storing the dated and signed living will (here) for quick access in medical emergency situations without having to go through the insurance card (Art. 370-373 ZGB).

The Swiss Ordinance on the Electronic Patient Record (here) stipulates the following retention obligations for the EPR:

• The medical data collected by healthcare professionals in the electronic patient record must be destroyed after 20 years (Art. 10 para. 1)
• The data repositories must be located in Switzerland and be subject to Swiss law (Art. 12 para. 5)
• Logging of access: All accesses must be logged and the data in the access log must be accessible for 10 years without being able to be deleted

What is the default legal retention period in Switzerland

Swiss accounting records must be retained for 10 years in an audit-proof format (Art. 958f OR para. 1). After expiry of the statutory archiving period of ten years, Swiss companies - including banks - can permanently delete the respective documents and all claims expire (Art. 127 CO).

An interesting case dealing with the retention period for bank account statements heard by the Swiss Banking Ombudsman can be found under this link (here).

How long must patient records be kept in Switzerland

Since 2023, the statutory minimum retention period for patient files (treatment records and medical histories) has been 20 years in many Swiss cantons. This is because the new Swiss tort law provides for a prescription period of 20 years for claims arising from medical malpractice:

"Claims for damages or satisfaction arising from personal injury or death of a person in breach of contract shall prescribe after 3 years from the day on which the injured party became aware of the damage, but in any case after 20 years from the day on which the harmful conduct occurred or ceased" (Art. 128a CO as amended).

In practical terms, this means that under civil law, medical practitioners can now be held liable for 20 years for gross misconduct. If the patient history is no longer available or is incomplete, there is no possibility of defense or exoneration in the event of liability claims.

Simultaneously, it is required under Swiss data protection law (here), that documents no longer needed for evidentiary purposes be deleted.

Retention triggers

In Switzerland, retention periods typically begins at the end of an observation period (the financial year) or the last legal transaction (for example, after liquidation of a company, termination of a mandate contract, account closure date, end of the medical treatment contract).

Below is a list of the retention triggers for the most common Swiss records subject to archiving:

• Accounting records, annual report, audit report: the retention period begins at the expiry of the financial year (Art. 958f para. 1 CO)
• Documents underlying an entry in the share register (AG), register of capital contributions (GmbH) or register of members (cooperative): the retention period is 10 years following the deletion of the owner or usufructuary (AG), company member (GmbH) or cooperative member (Art. 686 para. 5 CO, Art. 697l para. 3 CO, Art. 790 para. 1 CO, Art. 837 para. 2 CO)
• Ledgers and other documents of a dissolved partnership: the retention period of 10 years starts on the date of the partnership’s deletion from the commercial register (Art. 590 para. 1 CO)
• Share register, accounting records, register of beneficial owners and all underlying documents: the retention period is 10 years following the deletion of the company (Art. 747 para. 1 CO)
• AML Records: the retention period begins with the termination of the business relationship or the completion of the transaction (Art. 7 para. 3 AMLA)
• Medical records: the retention period begins with the last entry in the patient file (e.g., Art. 26 para. 2 Health Act of the Canton of Berne)
• University records: the retention period begins with the date of the exam or the legally binding date of completion of the Bachelor's or Master's curriculum

What is an authoritative record

According to Swiss contract law, accounting records must be retained "on paper, electronically or in a comparable manner, provided that correspondence with the underlying business transactions and circumstances is guaranteed and they can be made readable again at any time" (Art. 958f para. 3 CO).

The Swiss Business Records Ordinance is the implementing provision of Swiss contract law in the field of recordkeeping. It stipulates the principles according to which documents must be archived in Switzerland in accordance with the law:

• Integrity (authenticity and unalterability): "The accounting records must be recorded and stored in such a way that they cannot be changed without this being detectable" (Art. 3 GeBüV)
• Documentation: "Depending on the type and scope of the business, the organization, responsibilities, processes and procedures and the infrastructure (machines and programs) used to keep and store the business records must be documented in work instructions in such a way that the business records and accounting documents can be understood. Work instructions must be updated and stored in accordance with the same principles and for the same length of time as the business records themselves" (Art. 4 GeBüV)
• Availability: "Accounting records must be stored in such a way that they can be inspected and examined by an authorized person within a reasonable period of time until the end of the retention period" (Art. 6 GeBüV)
• Archival: "The information must be systematically catalogued and protected against unauthorized access. All access must be recorded. These records are subject to the same retention obligation as the data carriers themselves" (Art. 8 GeBüV).

What is the meaning of PDF/A

PDF/A means Portable Document Format (A stands for archival). In contrast to the Tag Image File Format (TIFF), PDF/A enjoys a high level of acceptance across industries. It is practically the prescribed file format for archiving - in the EU and overseas. For example, the US Supreme Court requires documents submitted electronically must be in the PDF/A format.

To quote ISO 19005 - Document management - Electronic document file format for long-term preservation (PDF/A), "PDF/A [...] provides a mechanism for representing electronic documents in a manner that preserves their visual appearance over time, independent of the tools and systems used for creating, storing or rendering the files" (here).

In essence, the PDF/A format differs from its PDF original in that it prohibits functions that are unsuitable for long-term archiving (such as audio and video content, executable files, password protection, encryption, links to external content, etc.). Ultimately, the files in an audit-proof Swiss cloud archive must be self-sufficient with all key document features such as content, fonts and color embedded.

360core uses high-throughput PDF to PDF/A-2b conformance convertors in its archiving engine to convert PDF to PDF/A-2b. We perform regular PDF/A validation tests (here) throughout the lifecycle of our archive assets.

Archiving of Emails

Email archiving is defined as the systematic retention of emails and attachments in a single repository in line with an organization's records management program, for example to create a subset of messages associated with a particular topic, preserve messages of former employees, enable audit trails, full-text indexing, enhanced retrieval capabilities or the application of legal holds.

Email archiving software simplifies legal discovery and compliance with Swiss freedom of information laws (here) or GDPR requests and eliminates the need to search multiple networks and local drives.

Archiving of websites

In 2017 the Financial Industry Regulatory Authority (FINRA) released a notice (here) stating all businesses engaged in digital communications are required to keep a record. This includes website data, social media posts, and messages.

360 Documents: Supported file extensions

• 360 Documents supports over 100 file types including familiar MS Office and Apple file extensions. Word & text processing (.602, .abw, .cwk, .doc, .docm, .docx, .dot, .dotm, .dotx, .fb2, .fodt, .hwp, .lrf, .mw, .odm, .odt, .oth, .otp, .otm, .ott, .pages, .pdb, .rtf, .stw, .sxg, .sxw, .txt, .wpd, .wps, .wri). Excel & spreadsheet (.122, .csv, .dbf, .dif, .fods, .gnumeric, .numbers, .ods, .ots, .qpw, .slk, .sxc, .tsv, .wb1, .wk1, .wks, .wq1, .wq2, .xla, .xlr, .xls, .xlsb, .xlsm, .xlsx, .xltm, .xltx). Powerpoint & presentation (.c, .cgm, .fodp, .odp, .otp, .pot, .potm, .potx, .ppsx, .ppt, .pptm, .pptx, .sti, .sxi). Images & graphics (.bmp, .cdr, .dxf, .emf, .fh, .fodg, .gif, .jpeg, .jpg, .odg, .otg, .p65, .pdf, .png, .pub, .std, .svg, .sxd, .tiff, .vsd, .vsdx, .vss, .wmf, .wpg)
• 360 Documents automatically groups over 2,000 file extensions into 18 easy-to-remember categories: PDF, Image files, Text files, Excel & spreadsheets, Presentations, Outlook items, Video files, Audio files, CAD, ECAD, Bioinformatics, Medical imaging, Medical signals, Geodata, Coding, Databases, Websites, Security

360 Documents: Software integrations

Software integrations allow organizations to connect 360 Documents to other applications:

1. Connector to MS Outlooks (here) to archive emails directly from your favourite inbox
2. Connector to 360 Multibanking (here) to pay invoices directly from 360 Documents and access more than 50 Swiss banks through a single login and dashboard
3. Connector to 360 Signatures (here) to sign electronically with all types of Swiss digital signatures under ZertES and eIDAS
4. Connector to 360 Scanning (here) to digitize large paper archives

360 Documents: Pricing

The cost model 360 Documents depends on the number of users (also called seats) and the expected file storage space:

SMEs

• Up to 10 seats and a total of 100 GB: CHF 300 per month
• Up to 20 seats and a total of 500 GB: CHF 600 per month
• Up to 30 seats and a total 1 TB: CHF 1,200 per month

CORPORATES AND PUBLIC AUTHORITIES

• Over 30 seats: CHF 700 annually per seat
• Over 1,000 seats: CHF 600 annually per seat
• Over 10,000 seats: CHF 500 annually per seat
• Over 25,000 seats: CHF 400 annually per seat

360 Documents is operated, maintained and continually improved by 360core Ltd and made available via the Internet through a SaaS license.