Forgot your password?
typodupeerror
Businesses Communications Software

Business-Suitable Document Authentication System? 130

Posted by timothy
from the sign-each-pigeon-as-it-flies-by dept.
ram.loss writes "The company I work for has decided to go paperless for all memos and internal correspondence. In addition to the central administration, the company has three more or less autonomous, physically separated divisions; that means we do not have a common IT infrastructure across all of them. Since I am the only resemblance we have to an IT department at my division, I have been commissioned with evaluating the available technology to manage and authenticate all correspondence, although it is not my area of expertise (I have a CompSci degree, but for many years have specialized in transportation modeling software). My initial thought was to use a document management system like Plone (this is the system I'm familiar with); from what I have read, that would take care of the management part, but what about authentication? We need each document to be signed, and a fully auditable system that keeps track of who signed what document, who received it and when. It also must take into account the handling of external correspondence in the future, where a recipient outside the company must have the means to return an authenticated document as a response. I'm aware that I'm leaving out a lot of details, like how the documents will be signed, the legal implications, etc., but for the time being I'm only interested in the experiences of the Slashdot crowd with such systems, and hopefully finding out enough information to hand over the matter to (or hiring) somebody more qualified, once I know what to look for. Has anybody out there used a similar system? Am I in way over my head?"
This discussion has been archived. No new comments can be posted.

Business-Suitable Document Authentication System?

Comments Filter:
  • SharePoint (Score:3, Informative)

    by Anonymous Coward on Saturday March 20, 2010 @08:48AM (#31548826)

    Microsoft SharePoint can handle most of what you need out of box, and you can configure and customize what you need for the rest, I believe.

    • Re: (Score:3, Insightful)

      Only if you're standardised on MS Office. They do not have a common IT infrastructure.

      • by Anpheus (908711)

        Sharepoint doesn't require Microsoft Office, it only requires Windows Server.

        If you have a relatively unused server running Windows 2008/2008 R2, install Sharepoint Foundation 2010 Beta [microsoft.com] and give it a try. It's OK, and it doesn't require IE to access the site.

      • lets face it, you have to have a pretty uncommon infrastructure to not be standardized on MS Office.

        About the only major large-corp departure from office would be lotus notes...but you can still use sharepoint (and IBM has lots of lotus notes based stuff that can do similar things). Odds are even if the IT infrastructure is different, they share an email paradigm because otherwise stuff is a big pain (the company I work for switched to our parent company's exchange system from our own lotus notes even th

    • Re:SharePoint (Score:5, Insightful)

      by klubar (591384) on Saturday March 20, 2010 @09:16AM (#31548982) Homepage
      SharePoint is underrated-- it really has gotten pretty goood. Although you say that the firm doesn't have a common infrastructure, it's likely that you've standardized on Microsoft Office. If you're using (or can upgrade to) Office 2007 (or 2010), sharepoint plays extremely well with Office. SharePoint will handle all your office documents. If you need a comprehensive solution for scanned paper or integration with other applications, I'd look at some of the commercial document management solutioms (Documentum).

      Don't cheap out and try to put together some homebrew solution. Remember as Click and Clack the Tappit Brothers [cartalk.com] say, it's the cheap man/women who spends the most.
      • Re:SharePoint (Score:5, Informative)

        by YrWrstNtmr (564987) on Saturday March 20, 2010 @09:29AM (#31549044)
        One of the main issues with SharePoint (aside from the whole MS ecosystem) is that it is a large complex beast. Once you move beyond the base SharePoint Services and into SharePoint Server, the maintenance will drown you. Especially if you are only one deep.
        And I say this as a SharePoint admin/developer for a large US govt organization.

        But yes, the base SharePoint Services 3.0 and upcoming SP Foundation(2010) will do pretty much everything he's asking for. And it's free (beer), if you are already running Server2003 or Server2008.

        Also, FAR more requirements gathering is needed. What do the bosses really want?
        • by gbjbaanb (229885)

          . It also must take into account the handling of external correspondence in the future, where a recipient outside the company must have the means to return an authenticated document as a response

          this sounds like the hardest part - 3rd party person will not be in the AD, so cannot be authenticated or managed with a certificate associated with the userid. Obviously if the 3rd party doesn't modify the document you can prove its not modified (but that's easy). If they do.. how do they expect whatever they send

          • by TheLink (130905)
            Problem is subversion (and the other oss version control stuff I'm aware of) isn't "business document" aware for many of the popular business document formats (including openoffice).

            So you can't really see the diffs. All you know is something is changed, which often isn't very useful.

            And often all that has changed is someone printed the document (which can also cause fields to be updated), or say in the case of Excel there are often changes to the file even if they aren't really visible/material to the user
            • by gbjbaanb (229885)

              it varies on the version of the Word format - 97, 2003, docx etc, but when I view diffs of a Word doc in Tortoise, it fires up a side-by-side viewer that shows things crossed out, added in colours. Somewhat like the 'track revision' feature in Word.

              You can change the difference tool for different types of document, so you can do PDFs too.

              Obviously some do a better job than others, and none are as good as diffs of a text document, even Word's track revisions feature can be a pain to read.

              • by TheLink (130905)
                Oh cool, looks like my info on subversion is out of date.

                I might switch to subversion for that then...
                • by gbjbaanb (229885)

                  glad to be helpful... See this blog [blogspot.com] for a quick guide w' screenshots, and use VisualSVN Server to create the repo - its 'teh win' for Windows server based subversion repos.

      • Re: (Score:2, Informative)

        by owlstead (636356)

        SharePoint is underrated???? Oh, my god. It's vastly overrated. It's Microsofts proprietary, not well thought of solution on how to do distributed, eh, things with Office document. I've had horrible problems even when doing any kind of version control on documents. I mean, isn't that the whole point of SharePoint? I can delete a document, upload a new one with the same name and it will *revert back* to the old version! Oh, yeah, you can do it online, if you use IE *and* know how to do it.

        Recently I've been

        • What would you recommend then ?

          • by owlstead (636356)

            Sorry, I've got no recommendations. But I don't doubt that there are many good ones that get modded up, I've already mailed a few of them to my work mail address to see if we can put an OS solution instead of the thing that is SharePoint. I have to work with SharePoint since my company does not let me use anything else and it has left some deep scars. Unfortunately I'm not the one making the choices (or fortunately, evaluating this kind of software aint my thing).

    • by dyerto (1750266)
      SharePoint is not the most elegant or user-friendly system ever made. I have used it now at work for a few years, and it is used a lot, and does a lot, but nothing is fast or simple to use. New and current users require a lot of training. It doesn't seem to do anything very well, simply because it tries to do too much. It will integrate with Microsoft Office and you can embed InfoPath forms etc, but it never seems quite as integrated as the documentation suggests.
      • by drjzzz (150299)

        Well-under-stated, dyerto, I agree from my perspective as a user and Sharepoint site organizer (low-privilege admin). Either there is no unifying approach or else it is extremely obscure. By chance I sat next to an IT guy on a plane and complained about Sharepoint; he was returning from a week-long course on Sharepoint and he pulls out a huge tome.... that is so wrong. All I wanted was a wiki and to share some docs. Also, editing practically requires Windows, which is a problem with academic scientists,

    • by jonwil (467024)

      The #1 problem with SharePoint is idiots who try and use SharePoint for things it was NOT designed to be used for.

      • Seconded. The requests we get weekly for someone wanting to do X, or 'can we make the OK button do something else?' is just insane.
      • by pasamio (737659)

        Like document management, lists, wiki's and information sharing...wait

  • How about iButton crypto cufflinks?

  • Try Knowledgetree (Score:5, Informative)

    by PdbAqB (1534237) <michael&ipo,com,au> on Saturday March 20, 2010 @08:51AM (#31548842) Homepage
    Try Knowledgetree - It's open source, has workflow and it is fully audited: http://www.knowledgetree.com/solutions/industry-solutions [knowledgetree.com] We use it in our law firm (I manage it - we are relatively small http://1p.com.au/ [1p.com.au] and it runs without any specific expertise. I have previously tried other solutions without success. We also really appreciate knowledgetree's ability to interact seamlessly with MSOffice etc. Good luck
    • by rmm4pi8 (680224)

      Just wanted to concur with this. Bought KnowledgeTree at my last job and thought it was just fantastic. Beware that if you go with the purely open source version, Windows users will have to upload documents individually through a web interface, which is not usually a big hit. But great security, auditing, workflow, delegation...and yet actually simple to admin unlike your average Microsoft product. Integrates well with Active Directory.

      Some concerns I would have if I were you (and these are mostly not s

  • Am I crazy for suggesting email? It's trivial to lock it down to a LAN if needed, and if some documents need signed and passing out to the real world, that sounds like PDF to me. You know, because PDF is portable.
     
    Yes, I know you need a "history." And there are so many email archiving systems out there, that one of them must be good for actually going through that data.

    • Re: (Score:3, Insightful)

      by julesh (229690)

      Am I crazy for suggesting email?

      Yes. Email is great for certain document-management applications, particularly where you need everything time ordered, but it has a few key drawbacks:

      * very poorly searchable (particularly if stuff is in PDF or images, as it's likely to be if it's correspondence coming from outside), which is a huge issue for some applications.
      * no support for automatic workflow management.

      Plone and the other suggestions here are all much better at these two than any system built on e-mail.

      • Plone and the other suggestions here are all much better at these two than any system built on e-mail.

        The requirements are uselessly fuzzy. Neither searchability nor workflow are specifically mentioned, though searchability is implied in "management".

        It sounds to me like even MS Exchange with public folders (and therefore just about any IMAP server) could handle the requirements as
        specified. Signing, authentication, tracking, indexed searching are all bog standard features of any modern email system.

        You typically won't get it all in one box with OSS (but could assemble your own) but Microsoft (exchange), IB

    • by AlXtreme (223728)

      Or use email in combination with company-wide smartcards/PGP. That should take care of the signing part.

    • by rmm4pi8 (680224)

      No, you're not crazy, though there are tradeoffs:

      The bad: with email instead of dedicated knowledge management, you'll pay a lot more in licensing, hardware, and maintenance for each bit of bolt-on functionality that you need/want, and even then you won't end up with as much functionality embedded in as slick an interface.

      The good: email is a huge industry, so you really can find some provider to add functionality for each line-item requirement (traceability, search, archiving, even workflow), and if you

  • by Manip (656104) on Saturday March 20, 2010 @08:56AM (#31548862)

    Sounds like you have serious requirement overload. You need to go back and ask them what they ACTUALLY want.

    For example, what is a "document?" Who is signing it? How long should the audit trail be? How many millions are you investing in this needlessly complex internal system?

    What you're after simply doesn't exist and likely never will. Even if it did implementing it would be hugely expensive and time consuming.

    What I don't understand is how this can replacing a paper system? Paper systems lack almost all of the features you requested... So clearly do do not NEED this stuff and thus we came around full circle to requirement overload.
     

    • by twisteddk (201366) on Saturday March 20, 2010 @09:09AM (#31548938)

      I couldn't agree more. As a comp.sci. major, you should be able to ask the questions of: What, why, where and who (and today probably also, how much).

      You need to get a decent requirement spec going, and from then on choose the system you want. There's no need to spend more money and time on features or systems that wont be used. Buying a fully fledged EDHS would be nuts if you can make due with a common fileserver and an intranet bulletin board system. Also, you might want to look at the business you're supporting, maybe there's an industry standard that might be handy to keep up with if you suddenly need to cooperate with, buy or be bought by someone else in the industry.

      Also, you'd want to mimic the current working processes as closely as possible. There's nothing more deadly to a project than employees unwilling to adapt to new systems. So make the system cater to their needs instead of making them having to do things differently. Include key personel in the implementation or descision process, so that they feel that their needs are being heard and met, so they will welcome the new system. Social engineering isn't just a skill for politicians, it's one for developers too ;)

      • It does indeed sound like a law firm, or at least something similar to it, with the idea of several autonomous practicing groups. If he's looking for industry standards, most of the firms use Interwoven's Worksite [interwoven.com] for a DMS. It would do most of what he's looking for, except for the external document signing portion, I believe (although I can't say for sure on the latest version, or if such a feature is built in or not--the firms I've worked at had no interest in external signing). And honestly, I don't k
    • Paper systems lack almost all of the features you requested... So clearly do do not NEED this stuff and thus we came around full circle to requirement overload.

      It's entirely possible that most of the features requested will never be used and is someone's idea of an ideal scenario. What's being described sounds, at least to me, like the functioning of a court or parts of a large law firm. The legal field has traditionally relied on paper (lots of it, along with multiple copies for everyone), but I'm sure e

    • by ram.loss (151102) on Saturday March 20, 2010 @01:53PM (#31550594)

      Hi, original poster here.

      Yes, I am aware there are too many details left hanging, that's why I need to hear from someone that has worked with a similar system to at least have an idea what kind of project are we dealing with. From listening to the managers, we need some serious talking to do before a formal proposal is made.

      For starters, there's not much money available for the hypothetical system, so that will probably be a showstopper. When i say "documents" I mean anything that when printed on paper has to have a signature (as in "written with a pen") that identifies who wrote it/approved it, most likely a PDF file when talking about an electronic document.

      I share your bafflement about the purpose of all this, presumably they want to eliminate all the time needed to move paper around four different locations, and it can't be done by e-mail due to the signature requirements (internal rules, legal implications among other things, lets not delve too much into that just now). But I think they really have not thought through all the added costs.

      • by obarthelemy (160321) on Saturday March 20, 2010 @03:09PM (#31551222)

        This is a trap.

        What your bosses want to do (go fully paperless, including all correspondence, contracts, worksheets...) is a very big project, that requires much thought, planning, management support, time, and money.

        By asking you to do it on the cheap, your bosses show that they really don't understand what this is about, and when the whole thing blows, it will of course be your fault.

        The one vital thing you must do is findexamples of companies of a comparable size / business that did it, with a broad idea of what it took it terms of money, time, manpower, glitches... Don't even touch the technical side, products... until you have those case studies. Pass them on to your bosses, and see if they want to go ahead.

        As for getting a hold of such examples, try classmates, business partners, ask the bosses where they got the idea from, ask slashdot that question (instead of the technical one), ask potential providers for references (if you're an MS shop, MS may help)...

      • by titten (792394)

        I don't know what Plone can do. But you know it, that could help you save a lot of additional work.
        As for digital documents, you don't only want them to be signed. You want to know that nobody tampered with it too.

        I would go for PGP/GPG. Even if it has to be manually applied before you stuff it into Plone. Plone may have PGP functionality, a quick Google search seems to indicate it.

        In short, with PGP, you distribute your public key to as many as you can while keeping your private key secret.
        Somebody encrypt

  • by Anonymous Coward

    If this is a large company, don't cheap out there. Budget the right amount of money and buy what's available and implement it properly. That means baking it in seamlessly with the business process

    It's okay to do that y'know. Sometimes saving money costs the company too much money.

  • For the internal case, a bulletin board style web-based system's PM facility will provide you with delivery and confirmation of receipt. Or you could go the whole hog and install PDM software like Agile... but I doubt you want to do that ;) For the external case, I suggest using fillable PDF documents, with a secure signature generated by the addressee (this is instant and free in Adobe Reader).
  • Altec's Doclink (Score:2, Informative)

    by bensode (203634)

    It's not free but it is a nice system with strong permission controls and customizable workflows.

    http://www.altec-inc.com/products/doc-link/index.html [altec-inc.com]

  • Lotus NotesDomino (Score:5, Informative)

    by kirthn (64001) on Saturday March 20, 2010 @08:59AM (#31548886)

    Lotus Notes/Domino by IBM takes care of all that...including external branches, ditigital signatures, track of who has been reading it, who where the previous readers etc etc... etc...we have been using it extensively and provides everything you just described.....

    • Re: (Score:3, Insightful)

      by pasamio (737659)

      Yes, notes immediately popped into mind because you can track when and where a document was as well as who did what to it. The problem with notes is that the domino management is yet another thing to learn and if you're not using it for email its another chunky client on the desktop.

    • Re: (Score:3, Insightful)

      by ajm (9538)

      I think the famous last words ought to be "but then he'd be using Lotus Notes". Having to use Lotus Notes is not a pleasant experience for anyone and I don't think you should increase the amount of misery in the world, which is what you'd be doing if they switched to notes.

      • by kirthn (64001)

        I do agree it's not the best experience when using as an e-mail client....not as best as for example using "Mail" or Eudora

        as a document, approval,tracking and knowledge system it's unmatched...

        and available for multiple platforms additionally....server runs on Linux as well by the way....clients for Mac/Windows (linux i believe?) and webbased clients....

        clustering, replication and security together, it's unmatched....

    • by kirthn (64001)

      additionally it's a 15 year or more proven technology, with a lot of programming and developping possibilities...from C to Java to LotusScript with already from long time a ago a range of protocols from X500 to LDAP to XML (already from year 2000 included)....

      No other product has that track record ;) (and no, I don't work in a IT-related job/environmet/sales or business related) ;)

  • by DarkOx (621550) on Saturday March 20, 2010 @09:02AM (#31548906) Journal

    Give every a copy of PGP or gnupg and use your favorite collaboration program to store and version the documents. I would consider just signing the docs and not encrypting them when they are not sensitive, encryption just adds risk that you could lose data more easily. Its really important to know that it really was the comptroller who authorized the PO for that new delivery van but its not a secret the company purchased a new truck.

    This should also give you some flexibility going forward. If you don't like the work flow solution you don't have to change the authentication solution or the other way around.

    • by kgo (1741558)

      PGP signing could work, but I don't know if it's exactly business-friendly. I don't think PGP encryption would work in this case. There's no way to encrypt to a 'group', you need to encrypt to individual users. That means re-encrypting a bunch of documents every time you have a new hire or someone changes responsibilities.

      • Re: (Score:3, Informative)

        by DarkOx (621550)

        Actually it is business friendly in that chances are others you may work with are already using it. Its as close to standard as you can really get. The DOD uses it, and we have to use it to sign everything we send back to them. Lots of Orgs to work with the DOD given its a hard requirement for communication with them in many cases its pretty common out in the wild.

    • by JAlexoi (1085785)
      Signature is not encryption. Maybe there are legal requirements for paperless office. I know I would have to comply to a law in my country.
    • Bu that would be too easy. And how can he do a cost/benefit analysis when the cost is $0?
    • by eionmac (949755)

      'machine generated digital signature' PGP or gnupg or OpenGPG or digital signature does not prove 'a specific human' signed or authorised a document as it is the controller of the machine that did it. (Pass words are often shared to avoid 'a busy' person problems e.g secretaries sign. As in old days where a person not the King was 'keeper of privy seal' and sealed with a 'spare King's seal' on behalf of King.
      Biometric sealing by digital signature tied to fingerprint works (unless fingers chopped off or pla

  • EPM (Score:3, Informative)

    by hkabbaj (468528) on Saturday March 20, 2010 @09:07AM (#31548926)
    Look at https://www.uspsepm.com/ [uspsepm.com] document integrity and authentication. https://my.inscrybe.com/ [inscrybe.com] supports workflow and multiple signings and incorporates the epm.
  • But couldn't something like Postini do the trick for you?

  • by Anonymous Coward

    OpenOffice.org directly supports digital signatures:
    Digital Signing of documents [openoffice.org]

  • by Saint Aardvark (159009) on Saturday March 20, 2010 @09:17AM (#31548986) Homepage Journal

    Try posting this on the LOPSA [lopsa.org] mailing list. It's an excellent resource, with lots of sysadmins in different environments hanging out. If you're not a member [lopsa.org], email me (aardvark atsign saintaardvarkthecarpeted dot com) if you'd like me to post to the list on your behalf. You might also want to try the IRC channel #lopsa on Freenode.

    Membership [lopsa.org] is only $50/year, and access to the mailing list alone is worth every penny. I'm a member, and it's saved my butt on occasion. Even if you're not a sysadmin, this is definitely a sysadmin-type question, and I think you'd benefit from being able to ask questions on the list.

    • by ram.loss (151102)

      Thank you for your kind offer. I think I will hold it until I have a more specific request to make, or at least until I know exactly what kind of system will adopt.

  • by bogaboga (793279) on Saturday March 20, 2010 @09:19AM (#31548992)

    Since I am the only resemblance we have to an IT department at my division, I have been commissioned with evaluating the available technology to manage and authenticate all correspondence, although it is not my area of expertise (I have a CompSci degree, but for many years have specialized in transportation modeling software).

    From what you say, I can conclude that your company's staffing is anaemic in the IT department. Because of this, I suggest that you abandon this project for the time being as you build up man power and expertise in IT. Hire more folks so that they can get to know the business logic and flow of information at your company then kick start this project.

    Take a clue from Munich with its Linux migration efforts.

    Bottom line: A drastic change in the way you work will create lots of headache for you given that as you say, "...Since I am the only resemblance we have to an IT department at my division...".

    I worried for you, but wish you the best at the same time.

    • by ram.loss (151102)

      Yeah, worry was my initial reaction. But still I need to describe the size and implications of such an undertaking if I am to convince the managers that it is not practical to implement this system at this time. Or who knows, maybe talking things through with all the divisions we can reach more specific requirements and bring the project down to a practical size.

  • by thebiss (164488) on Saturday March 20, 2010 @09:25AM (#31549016)

    You'll need to elaborate on two things to get good answers:
      - What is a document? Rich text, or scanned paper, physical paper, or something else?
      - What is authentication? Tracking electronic versions from creation, through revisions, to finalization, or something different like confirming that physical document "A" is the same as physical document "B"?

    I know of solutions for the case where documents are soft copy rich text with images and and attached scanned documents. A Lotus Notes database can be easily created to track such documents, prevent over-writes, track revision histories, etc. I work for a pretty big consulting firm, and we use Domino-based systems for things like this all the time.

    Some caveats -
    - Domino's is easily setup, but requires product knowledge to perform well and scale. How big is your firm?
    - Users will need to have Notes IDs to work with the system, as ID (certificate) + password based PKI is the foundation of Domino's authentication mechanism.

    Some benefits -
    - Depending upon the setup, users will be able to work with documents via your corporate intranet.
    - Depending upon the setup, replication (think synchronization) can enable users to keep local copies of this data, for access while they are outside of the intranet.

    Access for outsiders is more complex.
    - If the outsiders are trusted (e.g. auditors,) the solution may be to give them Notes IDs and grant them access to the intranet and this system.
    - If the outsiders are end-users (e.g. E&Y clients submitting their 2010 US tax forms,) then you may be into custom application space. I'll skip the plug for my company.

    • by ram.loss (151102)

      I want to thank all the answers so far, in spite of the blurry account of the problem I have. I now have better understanding of what kind of project I'm facing.

      As I have mentioned in a previous post; currently, a "document" is a printed paper that has a signature written with a pen on it. Oversimplifying, the proposal boils down to converting these to (probably) pdf files with an equivalent method of "signing" them and confirming to auditors that the stored files have not been tampered with after signing.

  • I have been looking at http://www.alfresco.com./ [www.alfresco.com] Looks like it will be included in Ubuntu soon.
    • Re: (Score:2, Interesting)

      by profdeadmeat (1771780)

      I would second the idea of looking into alfresco. I have not used it.
      However, what it will do for you is that it will make sure that you can be using a common file system with revision control. So what would happen is that you would allow your users to network mount the alfresco filesystem across the firm. Users would read and save files to this filesystem. Anytime, it is saved, versions are created.

      Alfresco Documents [alfresco.com]

      Also, it does handle signatures with the plugin from http://www.viafirma.org/ [viafirma.org] (

      • by oatworm (969674)
        Samba 4? I know Samba's version of alpha is a bit more robust than most people's versions of alpha (i.e. theirs works), but when the developers of the software are openly saying, "Don't use this in a production environment," I'm generally willing to take them at their word. Besides, if it's a smaller company, Samba 3's NT domain-style support will work just fine. All Alfresco needs for SSO support is something that speaks LDAP to query user accounts from, and, if you're securing communications, something
  • by Anonymous Coward

    I second the "Alfresco" suggestion. It has Records Management capabilities that satisfy the Government Records keeping requirements (5015.2). SharePoint is another option that has similar record keeping functionality that can be added.

  • ...but everyone is ignoring the pink elephant in the room.

    No common IT infrastructure? I'd tell them to attack that before implementing anything new company wide. Without a common IT infrastructure you'd have to get a poll for exactly what each division has (does each division have a common infrastructure, I hope so) and pray that each division has standardized on something whether it be *Nix, Windows, Mac or whatever. Once you have that, getting an electronic document handling system will be much easier as you'll have only to worry about file formats from one office suite (and possibly PDFs).

    As for signing of documents, PDF is the only format that handles that internally, though I guess you could get people to get their own PGP keys, though I think the hassle would not be welcome.

    To summarize:
    1. Get company to implement standard IT infrastructure company wide
    2. Get IT department to implement EDHS
    3. ???
    4. Profit! --- very important to companies, apparently less so to /.ers :p

    • Agreed. No common IT infrastructure means months of headaches in implementation, especially if one of the divisions has a much higher security than the others.

      HQ and the three "autonomous" divisions need to pool their IT resources together first and make sure that whatever solution(s) they come up with is really usable across every organization. There needs to be a commonality across what is supported both internally and externally before even thinking about what the best solution is. Then you've got securi

    • Re: (Score:3, Interesting)

      by sphealey (2855)

      > No common IT infrastructure? I'd tell them to attack that before implementing anything
      > new company wide. Without a common IT infrastructure you'd have to get a poll for
      > exactly what each division has (does each division have a common infrastructure, I
      > hope so) and pray that each division has standardized on something whether it
      > be *Nix, Windows, Mac or whatever. Once you have that, getting an electronic document
      > handling system will be much easier as you'll have only to worry about

      • Those are good theories as to why there aren't a standardized infrastructure, but I feel they are very weak when considering the OP has just been told they want a company-wide standard on electronic document handling system.

        If they are wanting to standardize on one product here, there is a good chance they will be wanting to (though I don't know why they haven't already) standardized the rest of their IT infrastructure.

        You can standardize on certain aspects of your infrastructure without running into the pr

  • I recently got some data from a health agency, and they sent it using Voltage SecureMail.

    Not sure of the exact specifics, but it seems that when they send an email with a secure attachment the file is stripped, stuffed on a repository, then I get a link. I have to register and sign in, then I can download the attachment. Personally I'd rather all attachments worked this way rather than people sending individual multi-megabyte files over SMTP to multiple recipients, most of which wont bother reading them...

    • by peragrin (659227)

      I don't. we mail multi page PDF's and excell sheets back and forth where I work. Having to log into a separate website and download pdf's 10-50 times a day would be more annoying.

      What is needed is for email to move into the 21st century. redesigned to handle all the things that it is asked to do.

  • Sense/net, SharePoint, OpenText, Interwoven ordered by cost. My personal favorite is Interwoven TeamSite as it hooks directly into Office.
    Documentum is awesome but so is the price...

  • But no real authentication systems that accomplish the goals you lay out. Even PGP (if you can convince people to use it and educate people on how it works) only accomplishes signing. It will not track these documents in the manner you describe.

    And PGP has significant problems. People understand what passwords are. They do not have a clue what a 'private key' is, or what it means to use one. This requires significant education effort. And unfortunately the user interfaces surrounding products that use

    • by jgrahn (181062)

      But no real authentication systems that accomplish the goals you lay out. Even PGP (if you can convince people to use it and educate people on how it works) only accomplishes signing. It will not track these documents in the manner you describe. And PGP has significant problems. People understand what passwords are. They do not have a clue what a 'private key' is, or what it means to use one. This requires significant education effort.

      But the OP's people want the thing they get from a piece of paper with

      • I agree that the problems aren't insurmountable, but they are not trivial either. And the web-of-trust stuff is confusing, yes. But so are all the options about what kind of key, bit-length, user ids and all that stuff.

        I think it's slowly getting better, but even the GUIs I've seen do little to hide the confusion.

  • ...but I assume in your case you should probably have a look at something backed by a commercial company which will take the hassle to certify the system and your workflows. Have a look at Alfresco (alfresco.com) which already has some certifications (e.g. http://www.alfresco.com/media/releases/2009/10/records-management/ [alfresco.com]).

  • The question I have is what you mean by 'signing' a document.

    If you mean that a piece of paper has been physically signed by someone and then scanned and an image retained, then you need a document imaging system.

    If you mean to go paperless and can get people to fill out online forms, you can make the case that they are doing the electronic equivalent of signing when they log into the system with their own username and password AND they click on a given button (eg. "Submit" or "Apply Signature") and per

  • by BitZtream (692029) on Saturday March 20, 2010 @10:39AM (#31549438)

    I realize your company may not make it easy to do so, or the other departments may not help but ...

    Have you considered, since you're the only one in your portion that asking them for help may useful?

    I'm making a lot of assumptions about an ideal situation that may not apply to you, I realize that, so it may not be possible for you.

    If it were though, you might find that you can save yourself a lot of time just by working with the other groups.

    You could also very well create a new position for yourself, pull all 3 divisions together and save some money in IT and you might end up in charge of all of them. (if you want to do that, personally I still prefer to be in the trenches).

    Either way, you may find that they've already done this research and found something that didn't work for them, but might work for you, OR might work for everyone if you all got together to do it, versus not being cost effective for one group to do it.

    A company I worked for was bought out a long time ago, we basically continued to operate as 2 companies under one name for a long time. Then our IT department started pushing to integrate, taking the best parts of both companies and merging into a better structure overall. We ended up saving a lot of money.

    Interestingly enough, our IT was killed off and released shortly after we suggested that moving the web servers that had a window view of wall street to somewhere that we could run them for 10 years for the same cost as single day in their current data center ... So you may want to be careful what you suggest.

    Another interesting twist was that shortly after we got 'released', the company was bought once again, by a company near Atlanta, which promptly closed all the offices on Manhattan, including the one that was chosen over us. Senior management from our original company passed along the word that the new buyers made it clear that stupid choices like killing our data center and keeping one in Manhattan is exactly why they were now going to be looking for new jobs themselves.

    We were vindicated, but some of us were still unemployed unfortunately. Either way, it may still be worth your while to try.

    • by ram.loss (151102)

      Yes, there will be talks with representatives of all divisions. We're just in the process of gathering the necessary information to at least have something concrete to talk about.
      Another factor to consider is the fact that the IT department at the central offices is not as undermanned, although they have their hands full. So I need to cooperate with them if a solution is eventually adopted.

  • PharmaReady [pharmaready.com] has a DMS system that should be able to do what you ask provided you have the webserver available outside your intranet. Instead of passing documents via email, authorized users would upload them themselves and then pass a link. The system is designed with FDA regulations in mind and keeps an audit trail of all activities and has well defined users and user permissions.

  • Open Text FirstClass & Social Media are easy to manage secure messaging, document management, and online communication and collaboration solutions that can do what you need without large IT infrastructure.
  • What you are looking for is similar to what is used in GLP/GMP validation. You are in over your head. There is software that does what you need, but in order to get it set up so that it is legally binding requires a specialized knowledge set.
    It is not that it would be impossible, or even ridiculously difficult, for you to set this up. However, if your company wants to do this in any sort of reasonable time frame (less than a year), you will need to work on this as your primary task. You will, also, need t
  • by ArhcAngel (247594)

    Perhaps I am misunderstanding the inquiry but it sound like you are asking about enterprise content management [google.com].

  • https://www.sendside.com

    Secure document management, electronic signatures, and many other features, using a SaaS model like Salesforce

  • Take a look at NetDocuments [netdocuments.com]. It's SaaS, so you don't have to maintain servers, and sharing documents between multiple offices is trivial. It includes digital signature functionality.
  • We found that Sharepoint didn't offer the level of document authentication that we needed for the FDA-inspected laboratory in our organization. NextDocs is a 'bolt-on' to Sharepoint that offers an electronic signature feature. We're rolling that out now and it seems pretty useful. So if you go the Sharepoint route and it isn't enough, this is worth checking out. Also, you get to say 'bolt-on' in conversation, with maybe an accidental 'strap-on' now and then.
  • what's this "You failed to confirm you are a human. Please start from the beginning and try again. If you are a human, we apologize for the inconvenience" thing ?

    • Adobe Acrobat will do some of this, if not all. It does not require a central document repository and works across platforms - at least, as I recall, documents can be signed and verified on Linux though must at present be created in Distiller on Windows. As PDF is a somewhat open standard there is at least the possibility of other tools supporting the digital signatures.
      A document may have multiple signatures placed in the document body in a natural way - i.e. where you might have an ink signature box. You

  • English is not my native language but I’ll do my best. I agree with the people here that told you to find out more about what the company really needs, and maybe your company should think about getting a common IT infrastructure first. In general it would be a good idea to try to document your processes (what is supposed to happen when we receive this and that type of document? and what will you need to do with these documents? Just store them? or are the documents meant to be edited by multiple sub
  • Lotus Forms (not to be confused with Lotus Notes or LotusLive Forms Turbo) is a XForms implementation that has an XML extension for pixel perfect form rendering (there's an add-on that even allows you to scan your empty paper forms for conversion. It can run off a forms server or even without a connection using a forms client. It allows for overlapping digital signatures (you sign your stuff, I cross sign, so you can't change your mind) including signing of attachments. Two aspects are remarkable: Since the
  • You can try to make a solution for your problem by using Runa-WFE http://wf.runa.ru/About [wf.runa.ru]
    It's free software, and, as far as I know, can handle your tasks.
    Also you can try to look to http://www.nuxeo.org/xwiki/bin/view/Main/ [nuxeo.org]
    Both products are based on Jboss

  • I must admit I'm not terribly familiar with the problem, but consider XAdES [w3.org] (XML Advanced Electronic Signatures) wikipedia [wikipedia.org]) as requirement of signing your documents, because it seems a reasonably well backed standard if ETSI standardized it since 2002 and the EU encourages it [telecomforum.eu] for intergovernmental correspondence. It also seems future-proof if it has the signing algorithm as a parameter instead of predefined.
    Also, the upcoming ODF 1.2 supports it (see ODF spec part 3 chapter 4).
  • If you're talking about an eSignature implementation that would work inside and outside your intranet then you are attempting something too ambitious. If you need eSignature type functionality I would suggest something like DocuSign.com. You definitely want to use an SaaS solution if you need external users in a future release. DocuSign now has a feature that allows document attachments btw. If you're just looking for a way to post documents and track viewing then I would suggest something like Acrobat
  • You're not really looking for full-blown document management. You're looking for electronic approvals (usually called eSignatures).
    The simplest way to do it is embed the eSignature (approval) in the word document or in a pdf.

    Look at silanis for embedding in word documents
    http://www.silanis.com/solutions/e-signatures-desktop.html [silanis.com]
    Look toward adobe for embedding in pdf.
    http://www.adobe.com/products/livecycle/digitalsignatures/ [adobe.com]

    I would only use these for the important approvals that

"In matters of principle, stand like a rock; in matters of taste, swim with the current." -- Thomas Jefferson

Working...