For many industries, there is substantial pressure to retain information for compliance and legal reasons. But how can enterprises achieve information governance success in today’s complex business environment?
Organizations across many industries are mandated by law – and many others by company policy – to retain confidential client, employee, and company information for extended periods. In the United States, government regulations for financial services institutions mandate that they retain important and often confidential client information and financial records for several years.
Also, various government agencies across the world have similar requirements for retaining important documents, including personnel records, communication, and contracts for various periods. Other industries have similar government imperatives and many businesses enforce document retention as a best practice, even if regulations do not require it.
With the exponential growth of electronic information today, the pressure to effectively retain required documents, secure legal holds, and defensibly dispose of information is increasing. But the problem is two-fold: while retaining information is often mandated, holding onto sensitive information for too long might put an organization at risk of breaching privacy regulations.
Introducing Retention Management for the Nuxeo Platform
We are excited to introduce our Nuxeo Retention Management add-on. Retention Management administers records, retention rules, automatic deletion post-retention, and legal holds based on metadata or specific, triggering events.
With its powerful retention management features, Nuxeo Platform can automatically control a document’s lifecycle through rules and policies. Documents can be held or deleted, depending upon sets of rules which may include specified metadata, triggering events, or specific time periods.
To create retention rules in Nuxeo Platform, administrators must specify a few options:
- Retention rules: Nuxeo Platform supports automatic retention to standardize application and ensure broad compliance across an enterprise’s information, as well as manual retention to apply policies to specific documents for legal or audit purposes.
- Document type: Nuxeo Platform can apply retention rules to specific document types. For example, financial records must be retained for bank customers or contracts must be retained for government agencies.
- Time frames: Nuxeo allows administrators to specify when it applies retention policies to a document – such as upon creation or when specific conditions exist – and for how long retention is enforced.
- Post-retention: Finally, Nuxeo Platform allows administrators to designate what happens when the retention period ends. In some cases, organizations may want to continue to manage the document indefinitely, but when maintaining sensitive, personal information, documents may be automatically deleted.
But What About Government Regulations?
It is critical to have effective governance policies to ensure compliance with relevant government regulations. For financial services organizations in the United States, the Securities and Exchange Commission (SEC) enforces Rule 17a-4. This regulation includes requirements for retention, legal hold, and accessibility of records relating to the trade or brokering of stocks, bonds, futures, and other financial securities.
Together with Amazon S3 storage in Compliance mode, Nuxeo Retention Management has been designed to fully comply with this rule. Once the Nuxeo Platform is configured to use Amazon S3 Compliance Buckets to store records, the combination of Nuxeo Retention Management and Amazon S3 storage establishes a powerful foundation for meeting this important compliance rule.
Using Artificial Intelligence to Automate Retention
Even with these great tools, maintaining compliance with retention rules remains difficult. Organizations must have well-defined rules that capture all documents as they are imported or declared, or they must have hard and fast rules for users to properly declare the records to be retained. But even with the strictest rules and policies, proper compliance is out of reach for many.
This is where artificial intelligence (AI) in content management can be a game-changer. Nuxeo Insight provides powerful predictions that can classify content based on the details that inform an organization’s retention policy. By training the system on business-specific content, Insight can help automate retention policies for a wide range of documents, easing the burden on end-users while consistently retaining important information.
As you can see, Nuxeo Retention Management add-on is an important new tool for information managers, especially those with records management requirements. We look forward to learning about how Nuxeo customers are leveraging these new capabilities to ensure compliance and streamline their records management processes.