Practical Guide

TR-RESISCAN Process Documentation: Template, Required Content & Practical Checklist

What belongs in a Verfahrensdokumentation (VDU) under BSI TR-03138 — and how to produce one in less than a day.

Docuflair Marketing Team 9 min read

The process documentation (in German: Verfahrensdokumentation, or VDU) is the centrepiece of any legally defensible TR-RESISCAN scanning process. No VDU — no defensible self-declaration, no BSI certification, and in a dispute, no evidential value in court. This guide explains what the BSI TR-03138 actually requires, which seven sections must appear in every VDU, and how a clear master outline lets you finish the job in less than a day.

What is a TR-RESISCAN process documentation?

Definition, purpose and distinction from the GoBD VDU

A process documentation for substitute scanning describes all organisational, technical and procedural workflows through which an organisation digitises paper originals and subsequently destroys them. It is the documented answer to four questions: What is scanned? Who is responsible? How does the process run? How is it controlled?

The legal basis is set out in Annex V of BSI TR-03138, which provides a sample procedure instruction. Additional frameworks apply depending on document type: GoBD for tax-relevant records, § 371b ZPO for evidential value, § 7 EGovG for German federal agencies.

Distinction from the GoBD VDU: The GoBD process documentation covers the entire digital bookkeeping chain — from invoice intake through archiving to deletion. The TR-RESISCAN VDU has a narrower scope and focuses on the scanning process itself. In practice many organisations combine the two in a single master document with a dedicated chapter per framework.

When is a process documentation required?

Three conformity paths — one VDU in all three cases

TR-RESISCAN offers three paths to conformity, and a VDU is indispensable for all of them:

  • Self-declaration: The organisation declares compliance on its own responsibility. The VDU is the only piece of evidence — without it, the declaration is worthless.
  • TR-RESISCAN ready (VOI-CERT): External certification through the German information-systems association (VOI). Accredited test bodies assess the VDU as part of the process.
  • BSI certification: The highest level, with a full conformity assessment per Annex P. The VDU is again a central object of review.

Tax authorities (GoBD), regulators (BaFin, KRITIS) and courts (§ 371b ZPO) all demand a traceable documentation the moment paper originals are destroyed. Short rule: anyone who performs substitute scanning needs a VDU — whether certified or not.

The 7 required sections of a VDU under Annex V

A master outline that stands up to any audit

1. Scope and applicability

The first section defines which documents fall under the VDU. Typical entries: incoming invoices, contracts, HR files, construction files, case records. Clearly carve out special cases — notarial deeds, wills and hand-signed documents with special record quality, which are excluded from destruction.

2. Roles and responsibilities

TR-RESISCAN prescribes at least three roles: the scan operator (performs the scan), the reviewer (executes the visual inspection) and the administrator (manages scanner, software and permissions). These roles must be personally separated — a four-eyes principle for elevated protection needs. Document names (or function titles), deputy arrangements and training records.

3. Protection-needs analysis

For each document category you rate the protection need against the three goals integrity, confidentiality and availability — on a Normal / High / Very High scale. The classification decides whether the TR-RESISCAN base module is sufficient or whether the Integrity and Confidentiality extension modules must be applied. Justify each rating with concrete damage scenarios.

4. Technical specification

List every device and software component in use: scanner model with serial number, firmware version, scan profiles (resolution, colour depth, PDF/A variant), software version, interfaces to DMS or archive. Add the scanner qualification: test scans against defined reference documents proving the device delivers the required image quality.

5. End-to-end process description

Describe the workflow from paper intake to destruction — ideally as a flow diagram with responsibilities per step: intake, classification, preparation, scan, visual inspection, transfer note creation, integrity protection (hash/signature), PDF/A archiving, release for destruction, destruction with log.

6. Quality assurance and visual inspection

Define how visual inspection is performed (sample or 100 %, at the device or on-screen), which criteria are checked (completeness, legibility, colour reproduction, orientation, artefacts) and how the result is recorded. The transfer note is the key piece of evidence — with scan date, operator, scan parameters, inspection result, hash value and scanner identification.

7. Error and contingency procedures

The section most often missing in practice — and the one that costs the most audit points. Document: what happens for a faulty scan (rescan procedure)? What if the scanner fails? How are documents recovered when an archive storage is defective? Who is notified in an incident, and how is the response logged?

Master outline for your VDU

A copy-ready structure field-tested in audits

The following outline follows Annex V of TR-RESISCAN and has proven itself in real audits:

  1. Introduction, purpose, scope
  2. Terminology and references (TR-RESISCAN, GoBD, § 371b ZPO, § 7 EGovG)
  3. Roles, responsibilities, deputy arrangements
  4. Protection-needs analysis (matrix per document type)
  5. Technical infrastructure (scanner, software, interfaces)
  6. Process description with flow diagram
  7. Quality assurance and visual inspection
  8. Transfer note: required fields and format
  9. Integrity protection (hash, signature, timestamp)
  10. Archiving and retention periods
  11. Destruction procedure
  12. Error and contingency procedures
  13. Training and awareness
  14. Change history
  15. Annexes: sample logs, test-scan results, scanner qualification

Tip: Don't start from a blank page. Our free practical guide contains the complete outline including protection-needs matrix, transfer-note template, case example and audit protocol — ready to drop into your VDU.

How Docuflair TR-RESISCAN supports your VDU

The technical and procedural building blocks, delivered automatically

A VDU is a text document, but its defensibility rests on the evidence from live operation. That is exactly where Docuflair TR-RESISCAN comes in: the software generates the evidence referenced by the VDU, fully automated.

  • Transfer note: required fields (scan date, operator, scan parameters, hash, device identification) are recorded for every scan without manual intervention.
  • Audit trail: every step of the process is logged end-to-end — login, scan, visual inspection, release, signature.
  • Role separation: scan operator, reviewer and administrator are technically separated; four-eyes principle configurable for high protection needs.
  • Scanner qualification: test-scan results are stored and flagged for repeat after firmware changes.
  • Annex-V-compliant: exportable logs that plug straight into the VDU annex.

Five common VDU mistakes — and how to avoid them

What auditors regularly flag

  1. Too generic: "Documents are checked regularly" is not a process description. Auditors want concrete frequencies, responsibilities and criteria.
  2. Outdated: The VDU still describes a scanner that was replaced two years ago. Maintain the VDU with every infrastructure change — or at least annually.
  3. No role assignment: The process is described but no one is named. State at least functional titles with deputy arrangements.
  4. No contingency plan: What happens with a faulty scan, a failed scanner, an archive outage? Without answers, the VDU is only fair-weather documentation.
  5. Disconnected from GoBD: The TR-RESISCAN VDU often stops at the scan. For tax-relevant records the chain must continue through archiving and deletion — that requires a link to the GoBD VDU.

Your VDU in less than a day — with guide and software

Combine our free practical guide with Docuflair TR-RESISCAN: the software delivers the evidence, the guide delivers the outline. Book a 15-minute demo.

Download the guide Explore Docuflair TR-RESISCAN

Frequently Asked Questions

Answers to the most important questions about process documentation

Is process documentation mandatory for a TR-RESISCAN self-declaration?

Yes. The self-declaration is not a shortcut around the VDU — it is its very purpose. Without a documented process, the declaration is not defensible. Even without BSI certification, you must demonstrate to auditors, courts and tax authorities how your scanning process runs and who is responsible.

How often must the process documentation be updated?

At least annually and upon every material change: new scanner, software update with functional changes, new document types, reassigned responsibilities or a new TR-RESISCAN version. The BSI guideline was most recently updated to version 1.5 in December 2024 — a typical trigger for a VDU revision.

What is the difference between a GoBD process documentation and a TR-RESISCAN one?

The GoBD process documentation describes proper accounting and the handling of tax-relevant data. The TR-RESISCAN VDU has a narrower scope and specifically describes the scanning process for substitute scanning: protection needs, scanner qualification, transfer note, visual inspection, destruction. Many organisations maintain both as separate documents; they can also be combined in a single VDU with dedicated chapters per framework.

Does the VDU need to be audited externally?

For BSI certification and TR-RESISCAN ready (VOI-CERT), external assessment of the VDU by accredited bodies is part of the procedure. For self-declaration there is no mandatory external audit — responsibility lies entirely with the organisation. In practice we recommend an internal or external audit even for self-declarations to ensure defensibility in disputes.

What happens during a tax audit if the VDU is missing?

Without a VDU, tax authorities can challenge the proper conduct of bookkeeping (§ 146 AO, GoBD). In civil proceedings, the evidential value of substitute-scanned documents can be contested (§ 371b ZPO requires a traceable process). In practice this leads to tax estimations, rejection as evidence, or the obligation to reconstruct originals that have already been destroyed — the most expensive scenario.

Further Reading

Deepen your knowledge on TR-RESISCAN

What is TR-RESISCAN?

Compliant substitute scanning explained.

Read more

TR-RESISCAN Checklist

10 requirements for compliant scanning.

Read more

TR-RESISCAN vs. GoBD

The differences in detail.

Read more

Destroy Originals

When can paper originals be destroyed?

Read more

Guide + demo

Free & no obligation
Download