Business-Suitable Document Authentication System?

ram.loss writes "The company I work for has decided to go paperless for all memos and internal correspondence. In addition to the central administration, the company has three more or less autonomous, physically separated divisions; that means we do not have a common IT infrastructure across all of them. Since I am the only resemblance we have to an IT department at my division, I have been commissioned with evaluating the available technology to manage and authenticate all correspondence, although it is not my area of expertise (I have a CompSci degree, but for many years have specialized in transportation modeling software). My initial thought was to use a document management system like Plone (this is the system I'm familiar with); from what I have read, that would take care of the management part, but what about authentication? We need each document to be signed, and a fully auditable system that keeps track of who signed what document, who received it and when. It also must take into account the handling of external correspondence in the future, where a recipient outside the company must have the means to return an authenticated document as a response. I'm aware that I'm leaving out a lot of details, like how the documents will be signed, the legal implications, etc., but for the time being I'm only interested in the experiences of the Slashdot crowd with such systems, and hopefully finding out enough information to hand over the matter to (or hiring) somebody more qualified, once I know what to look for. Has anybody out there used a similar system? Am I in way over my head?"

PGP + really any collaboration software

[DarkOx]

Give every a copy of PGP or gnupg and use your favorite collaboration program to store and version the documents. I would consider just signing the docs and not encrypting them when they are not sensitive, encryption just adds risk that you could lose data more easily. Its really important to know that it really was the comptroller who authorized the PO for that new delivery van but its not a secret the company purchased a new truck.

This should also give you some flexibility going forward. If you don't like the work flow solution you don't have to change the authentication solution or the other way around.

Ask the other divisions?

[BitZtream]

I realize your company may not make it easy to do so, or the other departments may not help but ...

Have you considered, since you're the only one in your portion that asking them for help may useful?

I'm making a lot of assumptions about an ideal situation that may not apply to you, I realize that, so it may not be possible for you.

If it were though, you might find that you can save yourself a lot of time just by working with the other groups.

You could also very well create a new position for yourself, pull all 3 divisions together and save some money in IT and you might end up in charge of all of them. (if you want to do that, personally I still prefer to be in the trenches).

Either way, you may find that they've already done this research and found something that didn't work for them, but might work for you, OR might work for everyone if you all got together to do it, versus not being cost effective for one group to do it.

A company I worked for was bought out a long time ago, we basically continued to operate as 2 companies under one name for a long time. Then our IT department started pushing to integrate, taking the best parts of both companies and merging into a better structure overall. We ended up saving a lot of money.

Interestingly enough, our IT was killed off and released shortly after we suggested that moving the web servers that had a window view of wall street to somewhere that we could run them for 10 years for the same cost as single day in their current data center ... So you may want to be careful what you suggest.

Another interesting twist was that shortly after we got 'released', the company was bought once again, by a company near Atlanta, which promptly closed all the offices on Manhattan, including the one that was chosen over us. Senior management from our original company passed along the word that the new buyers made it clear that stupid choices like killing our data center and keeping one in Manhattan is exactly why they were now going to be looking for new jobs themselves.

We were vindicated, but some of us were still unemployed unfortunately. Either way, it may still be worth your while to try.