Alfresco Software, a leading provider of enterprise content management (ECM) and business process management (BPM) software, is giving government and enterprise organizations unparalleled ability to customize access to content by creating their own security access system. The new Alfresco Records Management (RM) 2.5 – the only open-source DoD 5015.02 certified solution – that allows content administrators, records managers or security personnel to secure content by easily assigning highly granular security classifications and marks.
Alfresco will be demonstrating the new Records Management 2.5 at this week’s ARMA LIVE! International Conference & Expo in Booth #625 in San Antonio, Texas.
Analyst firms such as Forrester confirm that records are increasingly generated digitally and public sector RM decision-makers are nearly equally challenged as private sector RM professionals by the volume of unmanaged digital documents that sit outside of records and information management programs. This is being exacerbated by the introduction of new compliance requirements such as the Managing Government Records Directive (M-12-18) for the US Government, which has resulted in the creation of the Capstone Approach by NARA. Mature records and information management programs are now looking more strategically at data and documents across their entire life cycles. Developed originally to meet thesecurity requirements of the U.S. Navy, other government agencies worldwide and commercial enterprises, Alfresco Records Management 2.5 offers a simple, user-centric interface that encourages faster, appropriate content classification.
“Increasing regulatory compliance obligations and modern ways of collaborating require a new way of managing the complete lifecycle of information. Managing sensitive data is a key part of this, but users struggle to deal with the ever-greater complexity of the classification process,” said John Iball, Alfresco’s Senior Product Manager. “If the classification process is too difficult or time consuming, users will often over-classify files, preventing some people who need to use the files from accessing them. Alfresco Records Management 2.5 allows for more simplified and granular control of content.”
Securing the Information
Many content management solutions deploy Access Control Lists (ACLs) — lists of users and groups able to access particular files – in order to manage access control. Alfresco also provides this ACL option, but recognized the need for a more manageable and scalable way of controlling the management of information and ensuring privacy with the following updates:
Built-in Security Classification allows authorized users to define the security clearance level needed to access a file, document or record. The first level of the Security Controls provides the ability to apply a classification level (Top Secret, Secret, Confidential, Unclassified or other custom levels to content. Users are assigned a clearance level that allows them to access content – not just records – based on their clearance level.
Custom Security Marks support a range of security scenarios and applied to files to restrict access of certain content to the appropriate users or groups of users. Alfresco Records Management 2.5 is also the only system of its kind to enable a combination of security marks. The security marks configuration includes options for selecting that the user meets all security marks applied to the content; one or more marks applied to the content; or the same or greater clearance than that of the content. In contrast, other records management systems require users to possess all of the content marks or the same or greater clearance than that of the content.
For example, a particular project, say “Project X” may have restricted user access. By applying a “Project X” mark to content, only users possessing the “Project X” mark can access the content. Alternatively, creating a group of marks allows access to users with one or more of the marks applied to the content. For example, if access needs to be restricted to particular nationalities, the content can include a list of permitted nationality marks, e.g. US, UK and CAN. Users of any of those nationalities can then access the content. Similarly, in the commercial world it allows easy access control based on roles in the organization. For example, by marking files from an “Executive” mark group with CIO, CFO, CIO marks, only users in these positions can access the files.
By combining the different types of marks, complete and highly granular access control is provided.
Built on Open Source and Open Standards for Global Flexibility
Unlike legacy, proprietary systems that were not designed to manage today’s explosion of digital content, Alfresco’s open platform offers the most flexible way to configure and deploy content, business process and records management. Support for open standards enables Alfresco Records Management 2.5 to be easily integrated into existing IT environments and to adapt as new business needs and technologies emerge.
Supports an Extensive List of World Wide and Regulatory Standards
In addition to meeting U.S. Navy requirements, Alfresco Records Management 2.5 has been validated for use by other government agencies, including JITC as well as HMGCC in the UK to ensure wide application to public sector organizations. It also meets regulatory compliance standards such as UK government’s National Archives Electronic Records Management Systems certification, 2002 requirements, Australian Victorian Electronic Records Strategy, VERS (specs 1-5), ISO 15489 and MoReq2010.