"I'll ask who creates the records, whether records are created in the ordinary course of business, how they're stored, policies & procedure to preclude tampering, and whether the produced records are true and accurate copies.
Do you want to do a dry run & practice? The questions will be straight forward.Thanks for your time and assistance"My Risk Management and I would like how we should answer these questions? Would the IT supervisor also be subpoenaed?
Not telling the DA their job but he/she may need a little coaching. What you've shared are the standard questions put forth for admitting records into evidence under the Business Records Exception rule. If he/she phrases the questions in such way that you can provide straight Yes/ No answers then you should be well-equipped to serve as the Records Custodian witness for your organization.
Rather than asking you "WHO creates…" he/she should ask "Were these records created by individuals with personal knowledge of the acts and events recorded in this record" to which you reply "Yes"
Rather than asking you "HOW are the records stored and protected from tampering" he/she should ask "Are these records stored and handled in such a manner as to preclude tampering" to which you reply "Yes"
Phrasing the questions the way he/she is doing it could/would require testimony from others such as your IT staff unless you are well-versed in the technology in your organization. If opposing counsel is amenable to having the records admitted into evidence your Yes/No testimony is a mere LEGAL formality and you'll be done. However if DA anticipates objection from the other side, then you may want/need to bring IT along. Just don't get drawn into answering questions outside of your scope of knowledge and practice. Eg. being asked "what does the doctor mean by this note?" Answer: "I don't know, you will have to ask the doctor." You can certainly read an entry in a chart but anything beyond that (eg.interpretation of meaning) requires the testimony of the author of the entry. Same goes for technical security practices – answer what you have personal knowledge of, then for anything beyond that it is best to reply, "I don't know, you will need to ask our Director of IT". Hope this helps. All the best…