Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-27384

Record management - Handle event-based retention

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: BlobManager, Retention

      Description

      Context

      SEC-17a-4 (17 CFR § 240.17a-4 - Records to be preserved by certain exchange members, brokers and dealers.) is a US regulatory related to the records preservation.

      The main areas are related to secured storage, retention management, change and deletion prevention, legal hold, and audit trail.

       

      Prerequisite

      For the record documents storage, we will use Amazon S3 capabilities with a bucket with the following parameters:

      • Versioning turned on
      • Compliance mode turned on
      • No default retention in the bucket (or default retention as 0)

      cf. https://github.com/awsdocs/amazon-s3-developer-guide/blob/master/doc_source/object-lock-overview.md

      cf. https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html

       

      Definition

      An event based retention allows to define a retention period to start after a defined event. Most of the time, the date of the event is unknown at time of retention application of the document.

      The events can be very different depending on the organization, document type, region...
      A list of real examples of event based retention are available here:
      https://docs.google.com/spreadsheets/d/1TSVOQBTbUF_pE83d7y9jcYVLiDN1VJn0ou0B1PM6AiY/edit?usp=sharing 

       

      Description

      By using the retention module, I can define an event based retention policy, meaning that the retention will start once the predefined event occurs.

      But:

      • There is no lock of the record waiting for the retention to start
      • There is no lock and retention period applied at Amazon S3 level
      • The event configuration requires to use expression language (EL) which is not user friendly for a non developer user (most of the record managers don't have developer skills).
      • In addition, it requires to use only internal events, which doesn't fit with all the use cases.

      Improvements:

      • When the document becomes a record:
        • Nuxeo stores the record on S3 bucket with compliance mode with no expiration date,
        • Then, Nuxeo automatically applies a legal hold,
      • When the event occurs and we want to trigger the retention beginning:
        • Nuxeo removes the legal hold on S3,
        • Nuxeo updates the record by adding the expiration date,
      • Add the capability define in a user friendly way the event in the retention rule 
      • Add the capability to manually or automatically create an event, based on core or external events.

       

      Warning

      There is a use case to take care: if a legal hold is triggered and then removed before the retention to start, we must be careful to not removed the legal hold at S3 level.

       

       

       

        Attachments

          Issue Links

          depends on

          New Feature - A new feature of the product, which has yet to be developed. NXP-27435 Record, Retention and Hold low-level implementation

          • Major - Major loss of function.
          • Resolved

          Task - A task that needs to be done. NXP-27692 Integrate Retention addon

          • Major - Major loss of function.
          • Resolved

          User story - Created by Jira Software - do not edit or delete. Issue type for a user story. NXP-27746 Record management - Configure the retention starting point with a delay

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          User story - Created by Jira Software - do not edit or delete. Issue type for a user story. NXP-27600 Record management - Configure the retention starting point in a retention policy

          • Major - Major loss of function.
          • Resolved

          User story - Created by Jira Software - do not edit or delete. Issue type for a user story. NXP-27910 Record management - Create retention event

          • Major - Major loss of function.
          • Resolved
          duplicates

          Task - A task that needs to be done. NXP-27692 Integrate Retention addon

          • Major - Major loss of function.
          • Resolved
          is related to

          New Feature - A new feature of the product, which has yet to be developed. NXP-27385 Record management - Handle Legal hold

          • Major - Major loss of function.
          • Resolved

          Task - A task that needs to be done. NXP-28939 Split the retention starting point properties

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. NXP-28901 Event input in event-based retention rule

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. NXP-28786 Record management - Expiration date displayed for undeterminate retention

          • Major - Major loss of function.
          • Resolved

            Activity

              People

              • Assignee:
                jaubenque Julien Aubenque
                Reporter:
                jaubenque Julien Aubenque
                Participants:
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: