Business-Suitable Document Authentication System? 130
ram.loss writes "The company I work for has decided to go paperless for all memos and internal correspondence. In addition to the central administration, the company has three more or less autonomous, physically separated divisions; that means we do not have a common IT infrastructure across all of them. Since I am the only resemblance we have to an IT department at my division, I have been commissioned with evaluating the available technology to manage and authenticate all correspondence, although it is not my area of expertise (I have a CompSci degree, but for many years have specialized in transportation modeling software). My initial thought was to use a document management system like Plone (this is the system I'm familiar with); from what I have read, that would take care of the management part, but what about authentication? We need each document to be signed, and a fully auditable system that keeps track of who signed what document, who received it and when. It also must take into account the handling of external correspondence in the future, where a recipient outside the company must have the means to return an authenticated document as a response. I'm aware that I'm leaving out a lot of details, like how the documents will be signed, the legal implications, etc., but for the time being I'm only interested in the experiences of the Slashdot crowd with such systems, and hopefully finding out enough information to hand over the matter to (or hiring) somebody more qualified, once I know what to look for. Has anybody out there used a similar system? Am I in way over my head?"
PGP + really any collaboration software (Score:4, Interesting)
Give every a copy of PGP or gnupg and use your favorite collaboration program to store and version the documents. I would consider just signing the docs and not encrypting them when they are not sensitive, encryption just adds risk that you could lose data more easily. Its really important to know that it really was the comptroller who authorized the PO for that new delivery van but its not a secret the company purchased a new truck.
This should also give you some flexibility going forward. If you don't like the work flow solution you don't have to change the authentication solution or the other way around.
Re:All Good Suggestions For the Most Part... (Score:3, Interesting)
> No common IT infrastructure? I'd tell them to attack that before implementing anything
> new company wide. Without a common IT infrastructure you'd have to get a poll for
> exactly what each division has (does each division have a common infrastructure, I
> hope so) and pray that each division has standardized on something whether it
> be *Nix, Windows, Mac or whatever. Once you have that, getting an electronic document
> handling system will be much easier as you'll have only to worry about file
> formats from one office suite (and possibly PDFs).
Well, that's one school of thought. And one which has been on the ascendancy for the last ten years, in part because there are philosophical arguments for it and in part because it fits very well with the business/sales model of the large consulting/outsourcing firms. And of course if "standardized" means "standardized on Microsoft" then MS is in favor too ;-)
However, there are other theories of business organization, and I have worked for quite large organizations which reject the concept of company-wide standardization. In their view, such efforts lead directly to lack of flexibility, growth of "preventer of IT services" bureaucracies (or any other service, not just IT), and rapidly inflating costs. So don't assume that the OP's executives _want_ a nice tidy "architecture" for their firm.
sPh
Ask the other divisions? (Score:4, Interesting)
I realize your company may not make it easy to do so, or the other departments may not help but ...
Have you considered, since you're the only one in your portion that asking them for help may useful?
I'm making a lot of assumptions about an ideal situation that may not apply to you, I realize that, so it may not be possible for you.
If it were though, you might find that you can save yourself a lot of time just by working with the other groups.
You could also very well create a new position for yourself, pull all 3 divisions together and save some money in IT and you might end up in charge of all of them. (if you want to do that, personally I still prefer to be in the trenches).
Either way, you may find that they've already done this research and found something that didn't work for them, but might work for you, OR might work for everyone if you all got together to do it, versus not being cost effective for one group to do it.
A company I worked for was bought out a long time ago, we basically continued to operate as 2 companies under one name for a long time. Then our IT department started pushing to integrate, taking the best parts of both companies and merging into a better structure overall. We ended up saving a lot of money.
Interestingly enough, our IT was killed off and released shortly after we suggested that moving the web servers that had a window view of wall street to somewhere that we could run them for 10 years for the same cost as single day in their current data center ... So you may want to be careful what you suggest.
Another interesting twist was that shortly after we got 'released', the company was bought once again, by a company near Atlanta, which promptly closed all the offices on Manhattan, including the one that was chosen over us. Senior management from our original company passed along the word that the new buyers made it clear that stupid choices like killing our data center and keeping one in Manhattan is exactly why they were now going to be looking for new jobs themselves.
We were vindicated, but some of us were still unemployed unfortunately. Either way, it may still be worth your while to try.
Re:alfresco (Score:2, Interesting)
I would second the idea of looking into alfresco. I have not used it.
However, what it will do for you is that it will make sure that you can be using a common file system with revision control. So what would happen is that you would allow your users to network mount the alfresco filesystem across the firm. Users would read and save files to this filesystem. Anytime, it is saved, versions are created.
Alfresco Documents [alfresco.com]
Also, it does handle signatures with the plugin from http://www.viafirma.org/ [viafirma.org] (note, that is in spanish but works fine with google translate) http://viafirma.googlecode.com/svn/ [googlecode.com]
Those saying stop working on this and hire people are thinking that you have a large firm. That is not really a great option.
What I would recommend is that you do setup single signon if you can.
The first start is to have an LDAP server.
ActiveDirectory does provide that. If you want to provide kerberos/active directory and ldap there are open source solutions.