Is Your XML actually a “Document of Record”?

Share this post:

XML is just another markup language like HTML, SGML, etc. – right? That might have been true in the past, but it is no longer true. XML is rapidly becoming the de-facto standard for a wave of new documents of record, required to be archived and protected with proof of inalterability.

New Regulations Requiring XML Documents of Record:

Biometrics – All banks in Mexico must maintain an XML document of record for all customers and share that information with the Mexican government.

ISO20022 – Is a standard for electronic data interchange between financial institutions. It describes a metadata repository containing descriptions of messages and business processes, and a maintenance process for the repository content. The standard covers financial information transferred between financial institutions that includes payment transactions, securities trading and settlement information, credit and debit card transactions and other financial information. Most locations in the world require all electronic payment messages to be archived and protected in an XML format. Different parts of the world have different names for this requirement. In Europe, it is known as Single Euro Payment Area (SEPA), in Australia it is known as the New Payment Platform and in Southern Africa it has been established by the Southern Africa Development Community.

Blockchain – This infrastructure that was the basis for bitcoin is now being widely accepted to share and secure things like a shared general ledger. It also appears to be rapidly adopted for other shared information such as medical records. These use cases will have official XML documents of record that will need to be archived and protected.

Call Detail Records – Most telecommunications companies in the world are required to store call detail records (CDRs) in an XML format as documents of record.

GDPR – This European regulation takes full effect May 25 2018. The basics of GDPR is the fact that it requires businesses to know, manage and maintain all Personal Data used in the business, against expanded data privacy and security rights and obligations to data-subjects, including the Right to Erasure. This regulation is viewed as extra-territorial and applies wherever in the world EU data subjects (usually EU residents) data is hosted or processed. The penalty for violating GDPR can be up to 20m Euro or 4% of the total annual worldwide turnover, whichever is greater. With penalties this steep, organizations must make sure that this personal data is secure with privacy and protection by design and by default. The traditional approach for organizations is to operate a multi-silo-archiving infrastructure to maintain different archives for separate parts of the business or types of communications, co-mingling data. This technique using older archive technology that hasn’t been improved in over a decade is not expected to  work going forward to the granular level of controls and duties GDPR demands. Learn more at for details.

Advantages of XML Format for Documents of Record:

The advantage to the XML format for documents of record is that the XML can be produced with the XML data separated from the presentation layer. This can be seen as a way of futureproofing your documents. There are already tools in the market that can produce high volume customer communications in multiple formats as needed. For example, it is a common practice to produce AFP for printing and producing PDF and/or XML for official archiving. One of these tools is Inspire by GMC. The archive also has to easily handle the ingestion of the high volume of these various formats. IBM’s Enterprise Archiving solution, CM OnDemand, has been designed from the beginning to archive all of these critical formats.

To learn more about ISO20022  and implementing a proven IBM CM OnDemand solution, read the infographic.

Notice:  Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations.  The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.


Worldwide Sales Leader and Senior Certified Consultant, CM OnDemand Solutions, IBM

More stories

Highlights from IBM Think 2018: Wednesday

Today was another exciting day of  announcements, talks and demos at IBM Think. For those who didn’t get a chance to hear the news on the ground, here’s a recap of some of the most exciting stories of the day. Leaders from IBM and VMware teamed up with top clients to share insights about the […]

Continue reading

Highlights from IBM Think 2018: Tuesday

Today was an action-packed day at Think 2018. The biggest news was the address from IBM Chairman and CEO Ginni Rometty, but there were also exciting announcements on everything from new products to crucial partnerships. For those who didn’t get the chance to hear the news on the ground, here is a quick recap of the […]

Continue reading

Your documents + AI equal world domination

I’m a movie buff and any movie that deals with machines, technology and artificial intelligence eventually taking over the world has got me hooked. While world domination by machines that can learn is not a matter of immediate concern, it still gets some folks nervous. On the other hand, what gets me excited about it […]

Continue reading