Security, audits, and burden of proof

It’s not so unusual: you are undergoing an external audit, and the auditors want access to a precisely defined subset of your records. For example, they want to see all the contracts signed at your Zurich office, between your company and one of your partners, in the past three years. The old method would be to hunt for those documents, copy them to a USB stick or some other medium (creating yet another copy, and yet another risk to your records), and deliver it to the auditors.

Permissions in KORTO are defined through group memberships: your users can create, access, and modify metadata only of those records with classifications and labels that are available to the groups of which they are members. For example, we can easily enable all or some employees at our Zurich office to access only those records in KORTO which are classified “Zurich”.

 Let’s think again about that audit described above. In KORTO it is easy to create a temporary group (e.g., “External Auditors”), and to assign it read-only rights to all the documents tagged with “Zurich” and “Contracts”, and for which the “Created at” date is within the past three years. That way, your records do not leave KORTO. Rather, you let the auditors inside to look at the precisely defined subset of records they asked for, which will be provided to them for a precisely defined time period. This is easy to do in KORTO, and far more secure than copying the data from a Records Management system.

KORTO is fully compliant both with EU (eIDAS)
and US (ESIGN, UETA) regulations  

Advanced Audit Logs

Each operation that your users or any external system performs in KORTO is logged, and those logs can be searched as well. If you want to know who changed the tags or classifications for certain records, it is easy to find out. If you want to know to which records a particular tag or classification has been applied, that is easy as well. KORTO considers audit logs to be as sacred as the records themselves. Those logs are the proof of the lifecycle of every one of your records.

Protected by the blockchain

The immutability of KORTO storage, and tracking the records lifecycle through the extensive and searchable audit log, proves that your records have not been tampered with. But what about the audit log itself? How do you prove that it has not been changed, and that there have been no covered changes of records actions?

 KORTO offers integration with the blockchain, which can absolutely prove and ensure the immutability of those audit logs, and the integrity of your records lifecycle and Records Management process as a whole.