Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-27379

Record management - Store the document main content in a secured storage media

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: In Progress
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: BlobManager, Retention

      Description

      Context

      SEC-17a-4 (17 CFR § 240.17a-4 - Records to be preserved by certain exchange members, brokers and dealers.) is a US regulatory related to the records preservation.

      The main areas are related to secured storage, retention management, change and deletion prevention, legal hold, and audit trail.

       

      Prerequisite

      For the record documents storage, we will use Amazon S3 capabilities with a bucket with the following parameters:

      • Versioning turned on
      • Compliance mode turned on
      • No default retention in the bucket (or default retention as 0)

      cf. https://github.com/awsdocs/amazon-s3-developer-guide/blob/master/doc_source/object-lock-overview.md

      cf. https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html

       

      User stories

      • As a broker dealer, I want my documents to be stored in a secured storage, so that I can guarantee that my documents won’t be changed or deleted once they are under retention and/or on legal hold.

       

      Description

      The goal is to store the document main file content in a secured storage media, here Amazon S3 which is compliant with SEC 17a-4 regulatory when the compliance mode is turned on.

      This involves some changes on Nuxeo side on the way we store the document and mostly the data to provide to S3 at storage level.

      Improvements:

      • Provide mandatory metadata to Amazon S3 compliance mode
      • Manage S3 version ID
      • Add an attribute to the document to tag it as a record

       

      Acceptance criteria

      On a Nuxeo server configured to store a document in Amazon S3 with compliance mode turned on:

      • I can store a document with a retention period (expiration date provided to S3)
      • I can store a document with NO retention period (no expiration date provided to S3)
      • When I store a document with a retention period, I can NOT delete it before the end of the retention period
      • When I store a document with no retention period, I can delete the document anytime

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jaubenque Julien Aubenque
                Reporter:
                jaubenque Julien Aubenque
                Participants:
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:

                  PagerDuty

                  Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.