Content Manager OnDemand

Is Your XML actually a “Document of Record”?

Share this post:

XML is just another markup language like HTML, SGML, etc. – right? That might have been true in the past, but it is no longer true. XML is rapidly becoming the de-facto standard for a wave of new documents of record, required to be archived and protected with proof of inalterability.

New Regulations Requiring XML Documents of Record:

Biometrics – All banks in Mexico must maintain an XML document of record for all customers and share that information with the Mexican government.

ISO20022 – Is a standard for electronic data interchange between financial institutions. It describes a metadata repository containing descriptions of messages and business processes, and a maintenance process for the repository content. The standard covers financial information transferred between financial institutions that includes payment transactions, securities trading and settlement information, credit and debit card transactions and other financial information. Most locations in the world require all electronic payment messages to be archived and protected in an XML format. Different parts of the world have different names for this requirement. In Europe, it is known as Single Euro Payment Area (SEPA), in Australia it is known as the New Payment Platform and in Southern Africa it has been established by the Southern Africa Development Community.

Blockchain – This infrastructure that was the basis for bitcoin is now being widely accepted to share and secure things like a shared general ledger. It also appears to be rapidly adopted for other shared information such as medical records. These use cases will have official XML documents of record that will need to be archived and protected.

Call Detail Records – Most telecommunications companies in the world are required to store call detail records (CDRs) in an XML format as documents of record.

GDPR – This European regulation takes full effect May 25 2018. The basics of GDPR is the fact that it requires businesses to know, manage and maintain all Personal Data used in the business, against expanded data privacy and security rights and obligations to data-subjects, including the Right to Erasure. This regulation is viewed as extra-territorial and applies wherever in the world EU data subjects (usually EU residents) data is hosted or processed. The penalty for violating GDPR can be up to 20m Euro or 4% of the total annual worldwide turnover, whichever is greater. With penalties this steep, organizations must make sure that this personal data is secure with privacy and protection by design and by default. The traditional approach for organizations is to operate a multi-silo-archiving infrastructure to maintain different archives for separate parts of the business or types of communications, co-mingling data. This technique using older archive technology that hasn’t been improved in over a decade is not expected to  work going forward to the granular level of controls and duties GDPR demands. Learn more at for details.

Advantages of XML Format for Documents of Record:

The advantage to the XML format for documents of record is that the XML can be produced with the XML data separated from the presentation layer. This can be seen as a way of futureproofing your documents. There are already tools in the market that can produce high volume customer communications in multiple formats as needed. For example, it is a common practice to produce AFP for printing and producing PDF and/or XML for official archiving. One of these tools is Inspire by GMC. The archive also has to easily handle the ingestion of the high volume of these various formats. IBM’s Enterprise Archiving solution, CM OnDemand, has been designed from the beginning to archive all of these critical formats.

To learn more about ISO20022  and implementing a proven IBM CM OnDemand solution, read the infographic.

Notice:  Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations.  The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.


Add Comment
No Comments

Leave a Reply

Your email address will not be published.Required fields are marked *

More Content Manager OnDemand Stories

IBM® Content Manager OnDemand® helps improves Customer Experience

From their phones, watches, tablets, and PCs, your customers demand consistent communications. They demand that their personal information is both secure, yet always available to support their customer experiences. They demand simple experiences without redundant questions or data entry. They demand that you correct the fat finger data entry errors they didn’t notice. They demand […]

Continue reading