Alfresco Governance Services – What it is and why it’s important to you
By Steve Stott – Principal Architect, Content Management Solutions
You know Alfresco Content Services (ACS) – That’s content management, right? You know Alfresco Process Services – That’s workflow, correct? You’ve heard of Alfresco Governance Services – That’s … governance…? Don’t worry, if you’re struggling for an easy way to define AGS, or don’t know if it’s a product, a module, an extension or a standalone application, you’re not alone.
In this article I’ll explain just how AGS fits as part of the Alfresco Digital Business Platform, describe its primary features, and explain why it might just be vital to your business. Let’s start with the basics.
AGS – An extension module
The Alfresco Digital Business Platform consists of three main products: Alfresco Content Services, Alfresco Process Services and Alfresco Governance Services. AGS is a licensed module that is deployed as an extension of ACS. It utilizes the ACS platform and services, providing governance-specific specializations and unique functionality.
It is not a standalone application or server instance and requires ACS to be running in order to function.
As with ACS, there is a Community version of AGS available which is less feature-rich than the licensed Enterprise option.
Governance Services – what does that mean?
“GOVERNANCE (noun) - gov·er·nance
The act or process of governing or overseeing the control and direction of something (such as a country or an organization) “ - source: Merriam-Webster
Lack of control in an organization inevitably leads to errors and, potentially, significant risk to continued operation. Effective governance means that controls are in place that minimize risk and, if not directly reducing errors, provide the means for identifying and mitigating them.
Consider the problem of locating an important contract in an inefficient filing system, and the potential legal jeopardy if it can’t be found, or has lapsed. Similarly, there’s great commercial risk should confidential material, say notes on an acquisition, be accessed inappropriately.
‘Overseeing the control and direction of something’ – That’s not something that systems in themselves are responsible for, but they can provide the framework, tools and functions to allow for proper governance. That’s where AGS comes in. AGS is a set of functions and services that allow for effective governance of an organization’s (or, yes, even a country’s) content and processes.
What’s in AGS
The major capabilities of AGS fall into three functional areas:
AUDIT AND REPORTING
CLASSIFICATIONS AND SECURITY MARKS
If pushed to describe AGS, many familiar with Alfresco’s history might say that it’s all about records management, and they’d be partially correct. What’s currently known as Alfresco Governance Services started life as the Records Management (RM) module for ACS. At that point the functionality, though impressive, was pretty much related to the logical organization of ACS content.
Since that time this functionality has been extensively enhanced to handle the complete content lifecycle, encompassing capture, transformation, classification, filing, completion, review, access, retention, disposition and archive. The system is designed to be an integral part of an organization’s compliance structure – with options that support internationally recognized management standards and codes of operation. For example, AGS fully supports DoD 5015.2, the accepted standard for the US Department of Defense and many state, county, and local governments.
Many large organizations have dedicated Records Managers, often as part of compliance or business operations functions. In AGS they will recognize processes and terminology they are familiar with. They’ll be the ones to implement File Plans (essentially virtual file cabinets), determine the classification of content and establish review and retention schedules, handle legal holds, etc. The setting up of these in the system is straightforward. Content can be directly imported as a record, any existing content held within the ACS repository can be declared as a record and maintained in place, and the system has the ability to declare what are referred to as ‘non-electronic records’. Quite simply this refers to records such as paper or microfilm.
All this can occur manually or be automated; AGS manages the security, timely review, notification and any lifecycle actions.
When content reaches the end of its retention schedule AGS takes care of triggering final review and notification, and archiving or disposal. Powerful search functionality allows for fast retrieval of records, export of metadata, reports on current state and upcoming events such as content reaching end of retention and bulk actions like placing holds on records returned by the search.
The lifecycle of a record is shown below. With ACS and AGS this can all be automated.
Audit and Reporting
Vital to effective content governance is the ability to determine not only that records are being correctly managed, but also what actions are being performed on them and by whom. AGS provides enhancements to the audit capabilities of ACS which allows for detailed collection of data on content updates, metadata changes, reads, downloads, system actions, etc.
The system can be configured to save any actions as a report. This report can itself be declared as a record and managed accordingly. Full audits of the complete records management site can be run at any time. So, you can be confident in knowing the accurate history of any or all your organization’s records at any point in time.
Security Marks and Classifications
The permissions model and security functionality provided by ACS is first rate. AGS further extends this by providing Security Marks and Classification. This feature allows for significantly greater granularity and detail in access control to records.
Consider the situation where content access needs to be controlled on a need-to-know basis. This may vary within a particular set of content. For example, a folder may contain product development related content. Portions of that content may be generally available to a team working on a product – meeting minutes, project plans, team member profiles. Other information may be more sensitive – for instance, blueprints, product formulations, sensitive supplier contract details. Another situation may be where a financial organization’s customer loan documentation records are being managed or where an organization needs to automatically classify internal employee records so as to only grant access to the appropriate team, or management is yet another common compliance requirement.
The ability to set up security in such a way that only those with ‘clearance’ can access the more sensitive information is vital to good governance and, often, regulatory compliance. AGS has a set of built in security classifications and allows for an unlimited number of custom security groups to be configured, containing an unlimited number of security marks, to fit an organization’s needs.
In the example below only individuals with Top Secret classification can access all three records. For anyone with a lower level of clearance the Top Secret record will simply not appear in the folder.
Why you need AGS
In this article I’ve given an over view of the capabilities of Alfresco Governance Services. The benefits of a robust, full featured governance solution can be summarized:
Manage the lifecycle of your organization’s records so that you have confidence that your mission critical assets are being comprehensively processed, stored, reviewed and retained effectively.
Ensure your compliance obligations are being met with proper controls and security.
Have confidence in your audit capabilities.
Avoid disruption to your operations caused by incomplete record keeping.
Minimize legal jeopardy.
A Tech Talk provided by Alfresco/Hyland discussing the latest features of AGS is available here. We encourage you to take a look at the latest release of AGS and then contact us to help you fully realize the benefits and assist you in getting this powerful tool implemented in your organization.
Steve Stott is a Principal Architect at ClearCadence, with a primary focus on designing and delivering effective content-based solutions for Fortune 1000 clients.
ClearCadence has a long track record of assisting customers with analyzing, planning, designing, and implementing solutions. Visit the link below for more information about our organization.