Protects Native Business Information

Clients for major business applications      - E-mail      - Microsoft Office      - Adobe      - HTML      - RIM Blackberry      - Lotus Notes Works within native application Allows secure sharing of sensitive documents with internal and external users

1. Documents protected with IRM are still viewed using their native application. No third party viewer is needed to view the protected documents, instead the IRM “clients” are plug-ins that work with the native applications. IRM has clients for major business applications such as Microsoft Office, Outlook and Lotus Notes and Adobe Acrobat.

Rights Enforcement by Policy

A document policy defines: - Who can view - What pages can be viewed (PDF only) - When it can be viewed - If copy or edit is allowed - If printing is allowed - If guest access is allowed - If offline viewing is allowe - Automatic expiration - Dynamic watermarks Mandatory and discretionary policy enforcement options           - Choose rights enforcement using administratively-defined templates or ad-hoc policies           - Flexibility supports organizational rollout           - Allows for workgroup and enterprise-wide applications

1. Rights are enforced by policy. The document policy defines who – what – when, whether a document can be copied, printed, or taken off line, and other things such as watermarking, rights expiration, and whether guest access is allowed.
2. Companies can either set mandatory rights, or allow users to set ad-hoc policies.

Dynamic Watermarking

Dynamic watermarking can provide visible indication of who printed a copy and when they printed it Can be used for compliance and auditing Provide watermarks while viewing and/or when printing Watermarks are customizable Watermarks supports Unicode Watermarks can use LDAP attributes

IRM features dynamic watermarking capabilities:

1. Dynamic watermarking can provide a visible indication of who printed a copy and when they printed it
2. It can be used for compliance and auditing
3. It provides watermarks while viewing and/or when printing
4. Watermarks are customizable
5. Watermarks supports Unicode
6. Watermarks can use LDAP attributes

Dynamic Policy Control

Dynamic policy control allows recipient entitlements to be changed on-the-fly when individual roles or business needs change, regardless of where the content resides.

A big difference between the way we do rights management compared to a company like Microsoft or Apple, is Dynamic Policy Control. Dynamic Policy Control allows recipient entitlements to be changed on-the-fly when individual roles or business needs change, regardless of where the content resides. Products that embed rights in the content file have no way to change those rights once the document is out of their control. Here is an example.

          1. Suppose a salesperson downloads a current price list with IRM.

              Example (step 1): In April a price list with IRM is downloaded by a sales person

          2. The salesperson e-mails the list to a customer, who has rights to view the document.

              Example (step 2): The sales person e-mails the price list to a customer

           3. Some time later, the prices change and a new price list is issued.

              Example (step 3): On May 17, prices change and new prices are issued

            4. At that time, rights on the old price list are revoked, affecting all copies, regardless of location.

            5. Everyone will no longer be able to view the old prices.

              Example (step 4): At that time, rights on the old price list are revoked, affecting all copies, regardless of location

Automatic Expiration Control

• Enforce version control and document retention policies
• Access can be revoked no matter where files reside
• Example: A monthly price list can be set to automatically revoke all rights at the end of the month

1. Rights can also be set to automatically expire.

          For example, if your price lists are updated at the beginning of every month, you could set the policy to automatically revoke all rights on each version at the end of the month.

Continuous Audit Trail

All events in IRM are auditable

• IRM provides granular audit trail of what recipients did with the documents, page by page
• See who did what, when
• Delivers on-going assurance of policy compliance
• Auditing is continuous, whether online or offline
• Leverage XML logging standards for reporting on audit trail

1. Like other Documentum products, all events in IRM are auditable.
2. IRM Provides granular audit trail of what recipients did with the documents, page by page.
3. Auditing is continuous, even when the user is off-line. (Audit events are downloaded when user comes back on line.)

Leverages Existing Authentication Infrastructure

• IRM participates in Documentum’s open authentication framework, allowing for integration with

     - Minimizes impact to administration of E-DRM policies
     - Speeds deployment

• Leverages an organizations exiting authentication security infrastructure

               - LDAP directories
               - Multifactor authentication
               - Single Sign-on
               - Biometrics
               - X509.3 certificates
               - Smart cards

1. IRM leverages an organizations exiting authentication security infrastructure to speed deployment and minimize impact to admin.
2. When using IRM services for Documentum, IRM participates in Documentum’s open authentication framework, allowing for integration with other security devices.