Each program adopted to comply with this part shall include provisions for auditing the effectiveness of the several provisions of that program, including the validity of bridge inspection reports and bridge inventory data, and the correct application of movement restrictions to railroad equipment of exceptional weight or configuration.

(a) Each bridge management program shall incorporate provisions for an internal audit to determine whether the inspection provisions of the program are being followed, and whether the program itself is effectively providing for the continued safety of the subject bridges.

(b) The inspection audit shall include an evaluation of a representative sampling of bridge inspection reports at the bridges noted on the reports to determine whether the reports accurately describe the condition of the bridge.

Each track owner required to implement a bridge management program and keep records under this part shall make those program documents and records available for inspection and reproduction by the Federal Railroad Administration.

(a) Electronic recordkeeping; general. For purposes of compliance with the recordkeeping requirements of this part, a track owner may create and maintain any of the records required by this part through electronic transmission, storage, and retrieval provided that all of the following conditions are met:

(1) The system used to generate the electronic record meets all requirements of this subpart;

(2) The electronically generated record contains the information required by this part;

(3) The track owner monitors its electronic records database through sufficient number of monitoring indicators to ensure a high degree of accuracy of these records;

(4) The track owner shall train its employees who use the system on the proper use of the electronic recordkeeping system; and

(5) The track owner maintains an information technology security program adequate to ensure the integrity of the system, including the prevention of unauthorized access to the program logic or individual records.

(b) System security. The integrity of the bridge inspection records must be protected by a security system that incorporates a user identity and password, or a comparable method, to establish appropriate levels of program and record data access meeting all of the following standards:

(1) No two individuals have the same electronic identity;

(2) A record cannot be deleted or altered by any individual after the record is certified by the employee who created the record;

(3) Any amendment to a record is either—

(i) Electronically stored apart from the record that it amends; or

(ii) Electronically attached to the record as information without changing the original record;

(4) Each amendment to a record uniquely identifies the person making the amendment; and

(5) The electronic system provides for the maintenance of inspection records as originally submitted without corruption or loss of data.