Korto Logo
Features
Records Management
Records Management
KORTO is your friendly anchor and aid during the entire records lifecycle.
Security
Security
KORTO is fully compliant both with EU (elDAS) and US (ESIGN, UETA) regulations.
Compliance
Compliance
KORTO helps you to achieve compliance in a seamless, unintrusive, and enjoyable way.
Intelligence
Intelligence
KORTO is the synergy of the manual work of records classification with Al-powered context understanding.
Resources
Blog
Blog
Explore essential compliance insights and more!
News
News
Stay tuned for KORTO's upcoming events and updates!
Company
ABOUT US
ABOUT US
Learn more
CERTIFICATIONS
CERTIFICATIONS
Learn more
PRIVACY POLICY
PRIVACY POLICY
Learn more
CONTACT US
CONTACT US
And let's work together!
Contact Us
Security
KORTO is fully compliant both with EU (elDAS) and US (ESIGN, UETA) regulations.
 
understand
Security, audits, and burden of proof
Ilustation Shield

It’s not so unusual: you are undergoing an external audit, and the auditors want access to a precisely defined subset of your records. For example, they want to see all the contracts signed at your Zurich office, between your company and one of your partners, in the past three years. The old method would be to hunt for those documents, copy them to a USB stick or some other medium (creating yet another copy, and yet another risk to your records), and deliver it to the auditors.

Permissions in KORTO are defined through group memberships: your users can create, access, and modify metadata only of those records with classifications and labels that are available to the groups of which they are members. For example, we can easily enable all or some employees at our Zurich office to access only those records in KORTO which are classified “Zurich”.

Let’s think again about that audit described above. In KORTO it is easy to create a temporary group (e.g., “External Auditors”), and to assign it read-only rights to all the documents tagged with “Zurich” and “Contracts”, and for which the “Created at” date is within the past three years. That way, your records do not leave KORTO. Rather, you let the auditors inside to look at the precisely defined subset of records they asked for, which will be provided to them for a precisely defined time period. This is easy to do in KORTO, and far more secure than copying the data from a Records Management system.

Ilustation Shield
understand
Security, audits, and burden of proof

It’s not so unusual: you are undergoing an external audit, and the auditors want access to a precisely defined subset of your records. For example, they want to see all the contracts signed at your Zurich office, between your company and one of your partners, in the past three years. The old method would be to hunt for those documents, copy them to a USB stick or some other medium (creating yet another copy, and yet another risk to your records), and deliver it to the auditors.

Permissions in KORTO are defined through group memberships: your users can create, access, and modify metadata only of those records with classifications and labels that are available to the groups of which they are members. For example, we can easily enable all or some employees at our Zurich office to access only those records in KORTO which are classified “Zurich”.

Let’s think again about that audit described above. In KORTO it is easy to create a temporary group (e.g., “External Auditors”), and to assign it read-only rights to all the documents tagged with “Zurich” and “Contracts”, and for which the “Created at” date is within the past three years. That way, your records do not leave KORTO. Rather, you let the auditors inside to look at the precisely defined subset of records they asked for, which will be provided to them for a precisely defined time period. This is easy to do in KORTO, and far more secure than copying the data from a Records Management system.
Check
KORTO is fully compliant both with EU (eIDAS) and US (ESIGN, UETA) regulations
Advanced Audit Logs

Each operation that your users or any external system performs in KORTO is logged, and those logs can be searched as well. If you want to know who changed the tags or classifications for certain records, it is easy to find out. If you want to know to which records a particular tag or classification has been applied, that is easy as well. KORTO considers audit logs to be as sacred as the records themselves. Those logs are the proof of the lifecycle of every one of your records.

Illustration 2
Protected by the blockchain

The immutability of KORTO storage, and tracking the records lifecycle through the extensive and searchable audit log, proves that your records have not been tampered with. But what about the audit log itself? How do you prove that it has not been changed, and that there have been no covered changes of records actions?

KORTO offers integration with the blockchain, which can absolutely prove and ensure the immutability of those audit logs, and the integrity of your records lifecycle and Records Management process as a whole.

Record Management Illustration
Join the community, where we discuss all relevant records management and compliance topics