Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-27410

Record management - Handle Fixed time retention with delay

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: BlobManager, Retention

      Description

      Context

      SEC-17a-4 (17 CFR § 240.17a-4 - Records to be preserved by certain exchange members, brokers and dealers.) is a US regulatory related to the records preservation.

      The main areas are related to secured storage, retention management, change and deletion prevention, legal hold, and audit trail.

       

      Prerequisite

      For the record documents storage, we will use Amazon S3 capabilities with a bucket with the following parameters:

      • Versioning turned on
      • Compliance mode turned on
      • No default retention in the bucket (or default retention as 0)

      cf. https://github.com/awsdocs/amazon-s3-developer-guide/blob/master/doc_source/object-lock-overview.md

      cf. https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html

       

      User stories

      • As a record manager, I want to define a retention to be started after a predefined delay.
      • As a broker dealer, I want to make sure that a record can’t be deleted until the retention starts, meaning the record is indefinitely locked until the retention starts

       

      Description

      By using the retention module, I can define a delay in my retention policy, meaning that the retention will start once the predefined delay has expired.

      But:

      • There is no lock of the record waiting for the retention to start
      • There is no lock and retention period applied at Amazon S3 level

      Improvements:

      • When the document becomes a record:
      • Nuxeo stores the record on S3 bucket with compliance mode with no expiration date,
      • Then, Nuxeo automatically applies a legal hold,
      • When the delay expires and we want to trigger the retention beginning:
      • Nuxeo removes the legal hold on S3,
      • Nuxeo updates the record by adding the expiration date,

       

      Warning

      There is a use case to take care: if a legal hold is triggered and then removed before the retention to start, we must be careful to not removed the legal hold at S3 level.

       

      Acceptance criteria

      • When I apply a fixed time retention policy with delay to a document, it is put in hold at Amazon S3 level,
      • When the predefined delay has expired, the expiration date is set at S3 level,
      • When the predefined delay has expired, the legal hold is removed,
      • I can apply a legal hold to a record on a retention with delay when the retention has not started,
      • When I removed a legal hold on a record waiting for the retention to start, it does NOT remove the legal hold at S3 level,
      • When I apply a legal hold and then remove it on a record with the retention period started, it does remove the legal hold at S3 level,
      • The event "Retention period started" with the relevant expiration date (=delay expiration date+retention period) is displayed on the history of the document / Audit once the event occurs
      • The event "Retention period expired" is displayed on the history of the document / Audit once the expiration date is reached

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jaubenque Julien Aubenque
                Reporter:
                jaubenque Julien Aubenque
                Participants:
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:

                  PagerDuty

                  Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.