The University of New South Wales (UNSW) enterprise Electronic Document and Records Management-as-a-Service solution is based on Micro Focus Content Manager (CM) software and in 2021 has been delivered in a Software-as-a-Service (SaaS) cloud for four years. Internally within UNSW the solution is known as the Records and Archives Management System as-a-Service solution (the RAMS Solution).

The service was created in 2017 through a ‘lift, shift, upgrade and configure’ approach using the previous UNSW on-premises TRIM Records Management system. Delivered across the internet using an NTT Platform-as-a-Service (PaaS), the solution was a ‘like-for-like’ upgrade of the existing 1205 user system, and incrementally expanded to over 2000 users. After four successful years of continuously exceeding Service Level Agreements (SLAs), the NTT PaaS is due for retirement, and the service is being transitioned to iCognition’s ISO27001 Information Security Management certified EDRMSaaS.Cloud, which utilises Government IRAP Security certified Azure Central.

Internally within UNSW the solution is known as the Records and Archives Management System as-a-Service solution (the RAMS Solution). The service was created in 2017 through a ‘lift, shift, upgrade and configure’ approach using the previous UNSW on-premises TRIM Records Management system. Delivered across the internet using an NTT Platform-as-a-Service (PaaS), the solution was a ‘like-for-like’ upgrade of the existing 1205 user system, and incrementally expanded to over 2000 users. After four successful years of continuously exceeding Service Level Agreements (SLAs), the NTT PaaS is due for retirement, and the service is being transitioned to iCognition’s ISO27001 Information Security Management certified EDRMSaaS.Cloud, which utilises Government IRAP Security certified Azure Central.

Transitioning to the Cloud

Initial joint analysis of the solution included a review of the iCognition solution in light of the stringent UNSW Data Handling Guidelines and IT Security Standards. This security policy referenced industry best practice standards such as security standard ISO27001, Cloud Security Alliance and Governance, Risk Management and Compliance Stack. These UNSW IT Security Standards define data classification, data handling, security incident management reporting, business continuity and disaster recovery, and other risk management requirements.

The University and iCognition jointly agreed that appropriate adoption of these standards required some time to analyse the implications on the overall EDRMSaaS design. It was further agreed that the parties invest time and effort to ensure an agreed comprehensive design that met the UNSW cybersecurity and risk management policies and standards. UNSW RAMS SaaS Case Study Page 5 of 6 Examples were architecting for ‘encryption everywhere’, both in transit and at rest, and even between servers in the cloud, as well as the deployment of automated security vulnerability
rules for ongoing risk management.

Once the design was agreed and the solution built, a transition plan was developed to create the full RAMS service model using a ‘lift, shift, upgrade and configure’ of the existing UNSW TRIM EDRMS into the cloud. The resulting solution was a ‘like-for-like’ upgraded system for the existing 1205 users to the new Content Manager 9, including access to Web Services for a variety of integrations, and a web interface for zero footprint remote access. The existing UNSW 2.4 Tb TRIM dataset was copied to the new EDRMSaaS solution via an encrypted AWS S3 bucket (the dataset has now grown to 4.5Tb). Once the dataset was safely housed within the NTT cloud iCognition instigated the upgrade process and presented the upgraded solution in a secure ‘pre-production’ environment that allowed UNSW to conduct testing. The testing regime included system testing, penetration testing, DR and backup testing, integration testing and finally User Acceptance Testing.

As a result of the strong cybersecurity work undertaken by the joint iCognition/UNSW team, the independent penetration test report concluded:

‘The overall security posture of the RAMS application was found to be of a high standard. UNSW has demonstrated a high level of knowledge and ability to conduct business in a secure manner by deploying the TRIM application securely.’

On successful completion of testing this ‘pre-production’ environment was updated with the changes to the existing dataset and promoted to become the final production RAMS EDRMSaaS system.

UNSW’s successful transition to record keeping using SaaS comes against a backdrop of increased momentum to transition public sector organisations to the cloud. The solution demonstrates it is possible to transition a key specialist application workload like EDRMS to the cloud achieving increased efficiency, user productivity, system scalability and availability and at the same time managing risk effectively. The only issue during the contract was the University’s ability to resource regular upgrades, which is being addressed in the transition to EDRMaaS, and ongoing by stronger use of the web client to reduce desktop rollout requirements.