Record management - Store the document main content in a secured storage media

Context

SEC-17a-4 (17 CFR § 240.17a-4 - Records to be preserved by certain exchange members, brokers and dealers.) is a US regulatory related to the records preservation.

The main areas are related to secured storage, retention management, change and deletion prevention, legal hold, and audit trail.

Prerequisite

For the record documents storage, we will use Amazon S3 capabilities with a bucket with the following parameters:

• Versioning turned on
• Compliance mode turned on
• No default retention in the bucket (or default retention as 0)

cf. https://github.com/awsdocs/amazon-s3-developer-guide/blob/master/doc_source/object-lock-overview.md

cf. https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html

User stories

• As a broker dealer, I want my documents to be stored in a secured storage, so that I can guarantee that my documents won’t be changed or deleted once they are under retention and/or on legal hold.

Description

The goal is to store the document main file content in a secured storage media, here Amazon S3 which is compliant with SEC 17a-4 regulatory when the compliance mode is turned on.

This involves some changes on Nuxeo side on the way we store the document and mostly the data to provide to S3 at storage level.

Improvements:

• Provide mandatory metadata to Amazon S3 compliance mode
• Manage S3 version ID
• Add an attribute to the document to tag it as a record

Acceptance criteria

On a Nuxeo server configured to store a document in Amazon S3 with compliance mode turned on:

• I can store a document with a retention period (expiration date provided to S3)
• I can store a document with NO retention period (no expiration date provided to S3)
• When I store a document with a retention period, I can NOT delete it before the end of the retention period
• When I store a document with no retention period, I can delete the document anytime