Top

SharePoint Records Management and Compliance

Records Management

“[the] field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use and disposition of records, including the processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records”

ISO 15489-1:2001

Out-of-the-Box SharePoint offers records management functionality

But for a full solution supporting  case-driven archiving, digital preservation, authenticity, you need more:

  • Capture: to ingest documents and files from outside the system  (scans, files, e-mail, attachments) into SharePoint
  • Workflow: to automatically trigger, convert, authenticate and move documents
  • Conversion: to transform documents and data to a standard format, such as PDF/A and XML, for digital preservation
  • Authentication: to guarantee and provide proof that documents and files are authentic and unchanged

Capture

Sphereon offers advanced functionality to capture and ingest external documents, email and data. Sphereon supports standard Enterprise Integration Patterns (EIP).

  • Documents are captured using scanning or imported using our EIP functions and then checked-in through the standard SharePoint web services.
  • Email are imported using the standard IMAP/POP3 interfaces. The complete email message is ingested as well as all individual parts (headers, components, mime-types) for further processing.

 

Workflow

All Sphereon functions can easily be used from MS SharePoint workflows. Sphereon offers standard integration that use our SDKs.
This integration can also be used in combination with Nintex or K2 workflows.

Digital Preservation through PDF/A and XML

A major step in preservation of information is converting documents to the ISO standard document formats of PDF/A and XML. This prevents loss of information caused by changes in data formats due to software changes or software becoming obsolete at all.

Using a standard ISO format ensures that documents and data can be read in the future as well.

PDF/A (portable document format/archiving)

PDF/Ahas been developed for longtime storage of electronic documents. It is an international ISO standard (19005) ‘Document Management – Electronic document file format for long-term preservation’.

The Sphereon PDF/A service offers the capabilities to convert a wide range of document formats to a ISO-standard PDF/A format:

  • Microsoft Office documents (.docx, .xlsx, pptx, en .doc, xls, ppt)
  • PDF documents (.pdf)
  • Email messages (.msg, .pst, .mbox, .eml, .emlx)
  • AutoCAD drawings (.dwg)
  • Text files (.txt, .rtf, .csv, .html, .xml)
  • Images files (.tiff, .jpg, .png)

Guaranteeing Authenticity

Hacking and Fake News are major concerns of Governments and Businesses alike. Everyday we read or hear about it on Twitter, the news or trade journals.

It is a fact that it actually is quiet easy to manipulate and tamper with digital documents. And most of the time the reader cannot spot these changes! The consequences are severe: Loss of Trust and decisions based on false information.

Fortunately there are several ways to ensure and guarantee the Authenticity of digital documents.

Digital Signature

One option is to “sign” a document using a so-called Digital Signature. This technology is based on a Private Key/Public Key combination that uses digital certificates. The Digital Signature software creates a digital fingerprint (a ‘hash’) that is stored in a PDF document. When the PDF is opened in Adobe Acrobat, Acrobat will display a message or a warning wether or not the document has been tampered with.

This prevision method is good, but has several drawbacks.

  • It is limited to PDF
  • A good solution needs a special Hardware Signing Module (HSM), which makes it expensive
  • The Certificate Authorities are complex to secure and manage, and, although not common, there are several cases where Certificate Authorities were hacked and abused

In short, they are expensive and not as safe as people think.

Blockchain: Proof of Authenticity

Blockchain, a relative new technology, has proven to be tamper-proof and a great solution to certify all kinds of documents safely and to guarantee Authenticity. And at a very reasonable price.

It works by creating a unique electronic fingerprint (a hash) of any digital object, so not only PDF, but any electronic file. This electronic fingerprint is stored on a public Blockchain. (Don’t worry, not the document is stored, just the fingerprint, which cannot lead back to any useful information)

To verify the document (or object), just repeat the same steps: create the electronic fingerprint and send it to the Blockchain. If the electronic fingerprint is the same, the object is unchanged and is Authenticated. You will then also receive the original date and time the object was first stored on the Blockchain.

Blockchain will provide you with Proof of Authenticity and Proof of Existence in a certain point in time. Guaranteed tamper-proof.