Alfresco Records Management (RM) 2.5 now allows content administrators, records managers or security personnel to secure content by easily assigning highly granular security classifications and marks.

 “Increasing regulatory compliance obligations and modern ways of collaborating require a new way of managing the complete lifecycle of information. Managing sensitive data is a key part of this, but users struggle to deal with the ever-greater complexity of the classification process,” said John Iball, Alfresco’s Senior Product Manager.

“If the classification process is too difficult or time consuming, users will often over-classify files, preventing some people who need to use the files from accessing them. Alfresco Records Management 2.5 allows for more simplified and granular control of content.”

Many content management solutions deploy Access Control Lists (ACLs) – lists of users and groups able to access particular files – in order to manage access control. Alfresco also provides this ACL option, but recognised the need for a more manageable and scalable way of controlling the management of information and ensuring privacy with the following updates:

Built-in Security Classification allows authorised users to define the security clearance level needed to access a file, document or record. The first level of the Security Controls provides the ability to apply a classification level (Top Secret, Secret, Confidential, Unclassified or other custom levels) to content. Users are assigned a clearance level that allows them to access content – not just records – based on their clearance level.

Custom Security Marks support a range of security scenarios and applied to files to restrict access of certain content to the appropriate users or groups of users. Alfresco Records Management 2.5 is claimed to be the only system of its kind to enable a combination of security marks. The security marks configuration includes options for selecting that the user meets all security marks applied to the content; one or more marks applied to the content; or the same or greater clearance than that of the content. In contrast, other records management systems require users to possess all of the content marks or the same or greater clearance than that of the content.

For example, a particular project, say “Project X” may have restricted user access. By applying a “Project X” mark to content, only users possessing the “Project X” mark can access the content. Alternatively, creating a group of marks allows access to users with one or more of the marks applied to the content.

For example, if access needs to be restricted to particular nationalities, the content can include a list of permitted nationality marks, e.g. US, UK and CAN. Users of any of those nationalities can then access the content. Similarly, in the commercial world it allows easy access control based on roles in the organization. For example, by marking files from an “Executive” mark group with CIO, CFO, CIO marks, only users in these positions can access the files.

By combining the different types of marks, complete and highly granular access control is provided.