US DoD rules and behaviour

To apply the US DoD 5015.2 Chapter 4 standard to Content Manager records, navigate to Administration - System Options - Features page and select the feature Classified Security.

It applies rules associated with the specification of the security level of a record.

For any Security Classification other than Unclassified, documentation must be provided about who classified the record and why it was classified in this way.

Additionally, extra fields are provided to schedule downgrades and declassification of these records.

If this option is selected, the new Manage - Security menu command Security Guide Entries and additional options in the dialogue to edit the security level of a record become available.

Also, the Security and Audit Administrator permission becomes available from the Modify Record Security dialogue box and the Declassify and Downgrade functionality is activated.

This option makes the following changes to the Content Manager business rules:

• Ability to upgrade, downgrade and declassify records
• Ability to create Security Guide Entries (multiple entries supported)
• Ability to modify the Security Guide Entry
• Ability to change or set up the system parameter for the default Declassify on date (usually 10 years) or specified time frame.
• No Security Level, which is used to indicate the lowest or non-existing level of Security Classification, is changed to Unclassified. This is a label change and has no effect on functionality.
• The only users who can change a record's security level are those that have the permission Security and Audit Administrator. Users cannot enter security levels higher than their own into any field. To the user, it appears as if they do not exist. This also applies to:
  • Drop-down lists
  • Any security levels lists
  • Security caveats that the user does not have

Users must have the permission Security Guide Entries to be able to modify the field Default declassification period (years) in Administration - System Options - Security page.

If the option Implement US DoD 5015.2 compliance in Administration - System Options - Compliance page is selected, but the feature Classified Security in Administration - System Options - Features page is not selected, the following will occur:

• If the Security field is on the New Record form, then no security information appears
• When KwikSelect is selected, only the caveats appear and the Security field and labels are hidden
• When a caveat is selected and the user clicks OK, the New Record form will only display the caveats
• If the Security field is on the New Record form and the record Properties is selected, then only caveats appear
• When a user attempts to change the security by right-clicking the record and on the Security and Audit menu, clicking Security/Access, then Content Manager hides the field Security
• The command Manage- Security Levels will be hidden

When the value of an Additional Field on a record Classification is changed, Content Manager changes all records belonging to that Classification by copying the new Additional Field value to these records - provided these records use the same Additional Field.

This means that if DoD 5015.2 compliant, the Additional Field values of a Classification can never be different than the corresponding Additional Fields of any record within that Classification.

In addition, Content Manager also applies the copied Additional Fields from containers down to contents, meaning that they cannot be different.

Putting a document in a container that has been closed - if DoD 5015.2 compliant, the document will not be placed in the container if the user does not have Record Administration permission.

A warning message will appear.

If the option Implement US DoD 5012.2 compliance is selected, the scheduled tasks on a record's Properties page are all unavailable.

If an Additional Field called Date Superseded has been defined, it can only be modified by someone with Record Administration (Restricted) permission.

This Additional Field is completed automatically when a superseded relationship is defined.

The standard Date Received field can only be modified by someone with Record Administration (Restricted) permission.

This field is completed automatically when an email message is checked in.

If the feature Classified Security and the option Implement US DoD 5012.2 compliance are selected, the security level must be defined for each attachment when checking in sent item attachments using the Check i Attachments Only button.

Litigation Holds can only be placed on top level containers. They cannot be placed on a document that is within a folder; for example, if DoD 5015.2 compliant, the Hold would have to be placed on the entire folder.

When Implement US DoD 5012.2 compliance is selected, Content Manager will copy Retention Schedules to all subordinate levels.

This only takes effect if the changes are applied at the Classification level.

They are applied to the folders and the contained documents.

This includes

• copying Retention Schedules from Classifications to folders
• copying Retention Schedules to folders and documents.

If a Retention Schedule is changed on a Classification it will recursively change it on folders and documents as well.

Before any archival transfer - for example, Local, Interim or Permanent - Content Manager will check that the Additional Field Declassification Review date is set.

If the options Classified Security and Implement US DoD 5012.2 compliance are selected and the record is classified - for example, has a security level greater than 0 - then, if a user tries to change the disposition of the record, Content Manager will check whether a declassification review was carried out.

If not, Content Manager will prevent the disposition change and the message Record cannot be transferred unless it has had a declassification review appears.

To determine whether a declassification review has been done, Content Manager checks for a non-blank value in the Declassification Review date Additional Field.

If a date is set in the Declassification Review date Additional Field, the user will be able to modify the disposition of the record.

Classified documents have a relationship with a classified document receipt.

The cut-off date of the classified document receipt will be updated when a Declassify, Destroy, Downgrade or Transfer occurs on the classified document.

Classified documents and classified document receipt are related using the custom relationship types with labels modified to:

• Is Receipt For
• Has Receipt Of

When Classified Security is selected and there is a requirement to determine if cut-off dates need setting, then the following Additional Field and Retention Schedule trigger need to be created first:

1. Create an Additional date Field called Auto Cut-off Date (exact wording)
2. For each relevant Retention Schedule, create a Retention trigger using Make Inactive and apply the Additional Field Auto Cut-off Date
3. Once the above items are set, Content Manager will check whether the record's security level is lower or the record's disposition has changed to a Transfer or Destroy disposition.

   If this test succeeds, then it will check all records that are Related to the record being updated to find out whether there are any that have the Has Receipt Of relationship.

   If there are, Content Manager will use the Make Inactive trigger and will set the date of the Auto Cut-off Date Additional Field.

   The date will depend on the period of the trigger and any rounding that may be applied.