Record management - Handle Fixed time retention with delay

Context

SEC-17a-4 (17 CFR § 240.17a-4 - Records to be preserved by certain exchange members, brokers and dealers.) is a US regulatory related to the records preservation.

The main areas are related to secured storage, retention management, change and deletion prevention, legal hold, and audit trail.

Prerequisite

For the record documents storage, we will use Amazon S3 capabilities with a bucket with the following parameters:

• Versioning turned on
• Compliance mode turned on
• No default retention in the bucket (or default retention as 0)

cf. https://github.com/awsdocs/amazon-s3-developer-guide/blob/master/doc_source/object-lock-overview.md

cf. https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html

User stories

• As a record manager, I want to define a retention to be started after a predefined delay.
• As a broker dealer, I want to make sure that a record can’t be deleted until the retention starts, meaning the record is indefinitely locked until the retention starts

Description

By using the retention module, I can define a delay in my retention policy, meaning that the retention will start once the predefined delay has expired.

But:

• There is no lock of the record waiting for the retention to start
• There is no lock and retention period applied at Amazon S3 level

Improvements:

• When the document becomes a record:
• Nuxeo stores the record on S3 bucket with compliance mode with no expiration date,
• Then, Nuxeo automatically applies a legal hold,

• When the delay expires and we want to trigger the retention beginning:
• Nuxeo removes the legal hold on S3,
• Nuxeo updates the record by adding the expiration date,

Warning

There is a use case to take care: if a legal hold is triggered and then removed before the retention to start, we must be careful to not removed the legal hold at S3 level.

Acceptance criteria

• When I apply a fixed time retention policy with delay to a document, it is put in hold at Amazon S3 level,
• When the predefined delay has expired, the expiration date is set at S3 level,
• When the predefined delay has expired, the legal hold is removed,
• I can apply a legal hold to a record on a retention with delay when the retention has not started,
• When I removed a legal hold on a record waiting for the retention to start, it does NOT remove the legal hold at S3 level,
• When I apply a legal hold and then remove it on a record with the retention period started, it does remove the legal hold at S3 level,
• The event "Retention period started" with the relevant expiration date (=delay expiration date+retention period) is displayed on the history of the document / Audit once the event occurs
• The event "Retention period expired" is displayed on the history of the document / Audit once the expiration date is reached