--- title: "Audit-Proof Archiving: What That Really Means" description: "Audit-proof is not a legal term but a bundle of requirements: unalterable, complete, traceable. What it really involves." type: "wissen" product: "documents" slug: "audit-proof-archiving" source_language: "de" target_languages: ["de", "en", "es", "pl", "tr"] published: "2026-06-10" status: "publish" faq_json: [{"q":"What does audit-proof archiving mean?","a":"Documents are kept in such a way that they remain available in an unalterable, complete, orderly and traceable manner for an audit (revision) throughout the entire retention period."}, {"q":"Is audit-proof a legally defined term?","a":"No. The term comes from practice and bundles requirements that arise primarily from the GoBD, the German Fiscal Code and the German Commercial Code."}, {"q":"What is the difference between a backup and an audit-proof archive?","a":"A backup protects against data loss and is overwritten. An archive protects against change: once filed, documents remain unchanged and findable throughout the retention period."}, {"q":"How is unalterability implemented technically?","a":"For example, through write protection mechanisms such as Object Lock in storage: documents cannot be overwritten or deleted until the set period expires."}, {"q":"Can software alone establish audit-proofness?","a":"No. The technology provides unalterability and logging – complete capture and a documented process (procedural documentation) remain the responsibility of the organization."}] language: "en" source_id: "wissen/revisionssichere-archivierung" source_hash: "0c916c32cfcf676057f8c115cf086e0f585dc542ec3408e6d367fbb685497e79" --- Audit-proof archiving means that documents are stored in an unalterable, complete, orderly and traceable way throughout the entire retention period – so that an audit (revision) can at any time verify that the records are authentic and complete. "Audit-proof" is not a legally defined term, but a bundle of requirements from practice, drawing primarily on the GoBD, the German Fiscal Code and the German Commercial Code. ## The Criteria Behind the Term In professional practice, certain characteristics have become established against which audit-proof archiving can be measured: - **Unalterability:** Archived documents cannot be changed or deleted unnoticed. - **Completeness:** The records have no gaps; whatever is subject to retention is also included. - **Orderliness:** The filing follows a traceable system. - **Findability:** Every document can be retrieved and made readable within a reasonable time. - **Logging:** Accesses and processing steps are traceable. - **Timely retention:** Documents are kept at least until the end of the statutory period. ## A Backup Is Not an Archive The most common misconception: "But we have a backup." Backup and archive solve different problems. A backup protects against data loss – it is regularly overwritten and reflects the current state at any given time. An archive protects against change: it preserves the state of a document at the time of filing. If someone manipulates an invoice in the file system, the manipulated version dutifully moves into the next backup – the archive, on the other hand, holds onto the original. ## How Unalterability Works Technically Modern archives rely on write protection at the storage level. [webRichtung documents](https://www.webrichtung.de/module/documents/) uses a GoBD archive with **Object Lock** for this: when archiving, a lock period of 6, 8 or 10 years is set – matching the respective retention period – and until it expires, the object in storage can neither be overwritten nor deleted. This is a technical principle, not merely a permission concept: even an administrator cannot simply override the lock. Then there is the everyday benefit: since every document is read and classified during processing, the archived records remain searchable – by content, type, date and amount. After all, findability is half of audit-proofness. ## What the Organization Must Contribute Software provides unalterability, logging and search – but the overall system only becomes audit-proof with your process: 1. **Complete capture:** All document channels (mail, scanner, e-mail) lead into the archive, not into private folders. 2. **Prompt filing:** Documents are captured upon arrival, not collected quarterly. 3. **Procedural documentation:** You describe how documents are created, processed and protected. You can read about the specific requirements that arise from the GoBD in the article [GoBD-compliant archiving](/en/wissen/gobd-konforme-archivierung.html). ## Quick Check: Is Your Archive Set Up to Be Audit-Proof? - Can filed documents be technically overwritten or deleted? (They should not be.) - Is the retention period anchored to the document – or only in someone's head? - Can you find a five-year-old document in under a minute? - Is there a short description of your filing process? - Do all document channels lead into the archive – including e-mail attachments and paper mail? The more of these questions you can answer with yes, the more relaxed the next audit will be. This article provides general information and does not replace legal or tax advice.