Secure Long-Term Digital Archive
Digital archiving has become a critical component of an effective information management. We have therefore created a secure digital archive,
which ensures long-term archiving of all types of electronic documentary and archival content, as well as the content, that have been digitized through the scanning process.
PRIVATE DIGITAL ARCHIVE AS AN ALTERNATIVE TO THE EXTERNAL ARCHIVE
The documentary and archival content often contain confidential business information, information about business partners and employees, personal information and other information that is subject to professional secrecy. There is a certain risk of information disclosure or of an unauthorised transfer of information to third parties.
By using a secure digital archive, by ensuring appropriate security policy of the company and by following the rules of the long-term archiving of content, the risks can be significantly limited.
The documentary and archival content often contain confidential business information, information about business partners and employees, personal information and other information that is subject to professional secrecy. There is a certain risk of information disclosure or of an unauthorised transfer of information to third parties.
By using a secure digital archive, by ensuring appropriate security policy of the company and by following the rules of the long-term archiving of content, the risks can be significantly limited.
ACCESS RIGHTS TO CLASSES, FOLDERS, DOCUMENTS AND METADATA
Access rights and management of entities (classes, folders, documents) and metadata are essential for ensuring integrity, confidentiality and availability of the archived content.
When accessing the electronic content, the security class of the entity, the user security class level and user rights for accessing the entities and metadata (ACL) are verified by the IMiS/ARChive Server.
The user with appropriate rights can set explicit permissions and prohibitions for each entity or metadata. They are valid for an individual user or user group and can also be
time-limited. Along with inherited rights they define effective access rights of the user to a certain operation.
Access rights and management of entities (classes, folders, documents) and metadata are essential for ensuring integrity, confidentiality and availability of the archived content.
When accessing the electronic content, the security class of the entity, the user security class level and user rights for accessing the entities and metadata (ACL) are verified by the IMiS/ARChive Server.
The user with appropriate rights can set explicit permissions and prohibitions for each entity or metadata. They are valid for an individual user or user group and can also be
time-limited. Along with inherited rights they define effective access rights of the user to a certain operation.
AUDIT TRAIL FOR EVENT TRACEABILITY
Audit trail is an integral part of the digital archive and does not depend on any external software solutions. It tracks information about accesses, events and changes on the IMiS/ARChive Server digital archive. Only users with appropriate rights can access the audit trail.
It is immutable and protected against unauthorised access. It increases control of the information accesses and ensures clear insight into the life cycle of events over the archived content.
Audit trail is an integral part of the digital archive and does not depend on any external software solutions. It tracks information about accesses, events and changes on the IMiS/ARChive Server digital archive. Only users with appropriate rights can access the audit trail.
It is immutable and protected against unauthorised access. It increases control of the information accesses and ensures clear insight into the life cycle of events over the archived content.
LONG-TERM AUTHENTICITY OF THE CONTENT
One of the key concepts of a secure digital archive is maintaining authenticity and integrity of the archived content for the entire duration of their storage. Each folder or document, that is immutable and contains at least one metadata or content for creating an archival information package (AIP), is subject to the authenticity proof procedure. Authenticity of the AIP and therefore authenticity of the folders or documents is secured by the applicable evidence record syntax (ERS). It regulates, how the proofs (hash, electronic signature with digital certificate, timestamp) are created and renewed, and how the proofs are structured in order to clearly indicate authenticity of archived content. ERS is performed in XML format according to the RFC 6283 specification.
One of the key concepts of a secure digital archive is maintaining authenticity and integrity of the archived content for the entire duration of their storage. Each folder or document, that is immutable and contains at least one metadata or content for creating an archival information package (AIP), is subject to the authenticity proof procedure. Authenticity of the AIP and therefore authenticity of the folders or documents is secured by the applicable evidence record syntax (ERS). It regulates, how the proofs (hash, electronic signature with digital certificate, timestamp) are created and renewed, and how the proofs are structured in order to clearly indicate authenticity of archived content. ERS is performed in XML format according to the RFC 6283 specification.
CLASSIFICATION OF THE CONTENT
In order to ensure better transparency of documentary and archival content in the digital archive, a classification scheme has to be established.
The class hierarchy according to the content, rights, activities and business position in the company, is established by the user with appropriate rights. Each entity (class, folder, document) is marked with a unique classification code.
The user can add, delete or change entities. It is easy to move entities within the classification scheme (re-classification). Due to the organisational changes in the company, mergers and acquisitions, it is possible that the part or the whole classification scheme has to be exported and transferred or imported into a another archive system.
In order to ensure better transparency of documentary and archival content in the digital archive, a classification scheme has to be established.
The class hierarchy according to the content, rights, activities and business position in the company, is established by the user with appropriate rights. Each entity (class, folder, document) is marked with a unique classification code.
The user can add, delete or change entities. It is easy to move entities within the classification scheme (re-classification). Due to the organisational changes in the company, mergers and acquisitions, it is possible that the part or the whole classification scheme has to be exported and transferred or imported into a another archive system.
CAPTURE AND CONVERSION OF CONTENT
The capture process is closely related to adding the content and metadata in the classification scheme.
Especially when it comes to migrations from another archive systems, integrations of the applications with the digital archive or digitization of the paper archive, a large quantity of content and metadata has to be imported into the digital archive. It can be placed to the designated locations in the classification scheme using the appropriate tools. The user can add content into the classification scheme from the file system or scanner.
A separate IMiS/Scan application is used for scanning.
When capturing the content in the IMiS/ARChive Server, the validity of electronic signatures is verified for each electronically signed PDF/A, TIFF, XML or EML file. The user can simply archive important emails into the digital archive using Drag and Drop. When transferring emails from the email client on the designated location in the classification scheme, a new document with the original form, metadata and attachments is created.
To ensure a faster search of the content in the paper archives, the user can enter the information about the location of the physical documents.
The IMiS/Client enables conversion of the content to a PDF/A file, which is appropriate for long-term archiving.
The capture process is closely related to adding the content and metadata in the classification scheme.
Especially when it comes to migrations from another archive systems, integrations of the applications with the digital archive or digitization of the paper archive, a large quantity of content and metadata has to be imported into the digital archive. It can be placed to the designated locations in the classification scheme using the appropriate tools. The user can add content into the classification scheme from the file system or scanner.
A separate IMiS/Scan application is used for scanning.
When capturing the content in the IMiS/ARChive Server, the validity of electronic signatures is verified for each electronically signed PDF/A, TIFF, XML or EML file. The user can simply archive important emails into the digital archive using Drag and Drop. When transferring emails from the email client on the designated location in the classification scheme, a new document with the original form, metadata and attachments is created.
To ensure a faster search of the content in the paper archives, the user can enter the information about the location of the physical documents.
The IMiS/Client enables conversion of the content to a PDF/A file, which is appropriate for long-term archiving.
SEARCH BY THE ENTITY METADATA AND FULL TEXT OF THE CONTENT
One of the key features of the digital archive is the possibility to search the entities (classes, folders, documents) by metadata or search the content by full text. Search is carried out within the whole archive or under the selected entity.
Search is compatible with special characters of the alphabets and is case insensitive.
It allows searching by initial string or an arbitrary substring of the searched value.
Search results provide all entities, which the users can access according to entity security class, user security class level and access rights to the entities (ACL).
The user can view, change or delete only the metadata that he can access according to his user rights.
One of the key features of the digital archive is the possibility to search the entities (classes, folders, documents) by metadata or search the content by full text. Search is carried out within the whole archive or under the selected entity.
Search is compatible with special characters of the alphabets and is case insensitive.
It allows searching by initial string or an arbitrary substring of the searched value.
Search results provide all entities, which the users can access according to entity security class, user security class level and access rights to the entities (ACL).
The user can view, change or delete only the metadata that he can access according to his user rights.
REPORTS AND PRINTING
The entity action reports (of imports, exports, transfers) include information about their execution and potential errors. Reports of search results by audit trail and deleted classes, folders and documents as well as various statistics are also available. Only users with appropriate user rights can view the reports.
Records can be printed using the default application for different types of content.
The classification scheme for the whole archive or only for the included classes or folders can be printed as well. Additionally, printing of metadata, security settings of entities and features is available for the selected class, folder or document.
The entity action reports (of imports, exports, transfers) include information about their execution and potential errors. Reports of search results by audit trail and deleted classes, folders and documents as well as various statistics are also available. Only users with appropriate user rights can view the reports.
Records can be printed using the default application for different types of content.
The classification scheme for the whole archive or only for the included classes or folders can be printed as well. Additionally, printing of metadata, security settings of entities and features is available for the selected class, folder or document.
REVIEWING THE CONTENT BY CLIENT
The IMiS/wClient web client and IMiS/Client desktop client enables reviewing the content and performing actions within the classification scheme according to access rights. They are integrated with the IMiS/wScan or IMiS/Scan in order to scan the content and place into the classification scheme accordingly. The content can be viewed directly in the browser’s viewer; if that is not possible, the contents are downloaded and opened with an external viewer.
The IMiS/wClient web client and IMiS/Client desktop client enables reviewing the content and performing actions within the classification scheme according to access rights. They are integrated with the IMiS/wScan or IMiS/Scan in order to scan the content and place into the classification scheme accordingly. The content can be viewed directly in the browser’s viewer; if that is not possible, the contents are downloaded and opened with an external viewer.