Content Manager OnDemand

Is Your XML actually a “Document of Record”?

Share this post:

XML is just another markup language like HTML, SGML, etc. – right? That might have been true in the past, but it is no longer true. XML is rapidly becoming the de-facto standard for a wave of new documents of record, required to be archived and protected with proof of inalterability.

New Regulations Requiring XML Documents of Record:

Biometrics – All banks in Mexico must maintain an XML document of record for all customers and share that information with the Mexican government.

ISO20022 – Is a standard for electronic data interchange between financial institutions. It describes a metadata repository containing descriptions of messages and business processes, and a maintenance process for the repository content. The standard covers financial information transferred between financial institutions that includes payment transactions, securities trading and settlement information, credit and debit card transactions and other financial information. Most locations in the world require all electronic payment messages to be archived and protected in an XML format. Different parts of the world have different names for this requirement. In Europe, it is known as Single Euro Payment Area (SEPA), in Australia it is known as the New Payment Platform and in Southern Africa it has been established by the Southern Africa Development Community.

Blockchain – This infrastructure that was the basis for bitcoin is now being widely accepted to share and secure things like a shared general ledger. It also appears to be rapidly adopted for other shared information such as medical records. These use cases will have official XML documents of record that will need to be archived and protected.

Call Detail Records – Most telecommunications companies in the world are required to store call detail records (CDRs) in an XML format as documents of record.

GDPR – This European regulation takes full effect May 25 2018. The basics of GDPR is the fact that it requires businesses to know, manage and maintain all Personal Data used in the business, against expanded data privacy and security rights and obligations to data-subjects, including the Right to Erasure. This regulation is viewed as extra-territorial and applies wherever in the world EU data subjects (usually EU residents) data is hosted or processed. The penalty for violating GDPR can be up to 20m Euro or 4% of the total annual worldwide turnover, whichever is greater. With penalties this steep, organizations must make sure that this personal data is secure with privacy and protection by design and by default. The traditional approach for organizations is to operate a multi-silo-archiving infrastructure to maintain different archives for separate parts of the business or types of communications, co-mingling data. This technique using older archive technology that hasn’t been improved in over a decade is not expected to  work going forward to the granular level of controls and duties GDPR demands. Learn more at for details.

Advantages of XML Format for Documents of Record:

The advantage to the XML format for documents of record is that the XML can be produced with the XML data separated from the presentation layer. This can be seen as a way of futureproofing your documents. There are already tools in the market that can produce high volume customer communications in multiple formats as needed. For example, it is a common practice to produce AFP for printing and producing PDF and/or XML for official archiving. One of these tools is Inspire by GMC. The archive also has to easily handle the ingestion of the high volume of these various formats. IBM’s Enterprise Archiving solution, CM OnDemand, has been designed from the beginning to archive all of these critical formats.

To learn more about ISO20022  and implementing a proven IBM CM OnDemand solution, read the infographic.

Notice:  Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations.  The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.


Worldwide Sales Leader and Senior Certified Consultant, CM OnDemand Solutions, IBM

More Content Manager OnDemand stories

Automation is exploding. Are you ready for your boom?

Explosion. Disruption. Automation. What do they have in common? Any of these things might conjure up intimidating sci-fi scenarios in your mind, like robots taking over for humans as the world explodes, disrupting life as we know it. But, as an IBM automation technology evangelist, Mike Gilfix explains how these three forces, when intertwined, are […]

Continue reading

Your documents + AI equal world domination

I’m a movie buff and any movie that deals with machines, technology and artificial intelligence eventually taking over the world has got me hooked. While world domination by machines that can learn is not a matter of immediate concern, it still gets some folks nervous. On the other hand, what gets me excited about it […]

Continue reading

The Digital Insurer Connects Content, Process and People

I have a friend who had a minor car accident on a Saturday night. She’s fine, but the car rolled over and looked pretty bad. When she got home, she went online and started the claim process. On Sunday, the insurance company sent a tow truck to pick up her car and take it to […]

Continue reading