Why Canadian Government Agencies Should Consider an Automated ATIP Solution

Why Canadian Government Agencies Should Consider an Automated ATIP Solution


ArkCase ATIP Solution Dashboard Screenshot

The Access to Information and Privacy Act (ATIP) of Canada came into effect in 1983. With this act, under the control of a federal government institution, Canadian citizens, permanent residents, or other individuals or corporations in Canada have the right of access to information. This act defines the procedures for processing ATIP requests including deadlines for response and the circumstances under which government agencies can withhold information.

The Information Commissioner was created to investigate complaints about non-compliance with the act’s requirements.

The government recognizes ATIP as an essential element of democracy, transparency, and openness. Even so, according to the Information Commissioner, federal agencies are struggling to keep up with that transparency.

Old Age: The Root Cause of ATIP Complaints

According to the Information Commissioner Caroline Maynard, ATIP is very outdated:

“I was surprised by how complex the Access to Information Act was. It’s a very complicated part of the law … and very outdated, unfortunately.”

Bill C-58 should provide a long-overdue update of the ATIP framework that hasn’t seen any changes since its inception. The outdated framework and the growing number of ATIP requests (up 225% in the past 5 years) is placing a heavy burden on government agencies.

The old legal framework accompanied by old software and a growing number of ATIP requests results in a growing number of complaints.

“(We) are struggling to respond to the demand for access. (Institutions) don’t have the resources and we don’t have the technology to respond to that kind of increase,” said Maynard.

It is obvious from Maynard’s statements that Canadian agencies lack a modern technology that could help them respond to all the received requests in a timely manner.

Expedience isn’t the only problem Canadian agencies are facing.

Top Challenges of Canadian ATIP Agencies

Top Challenges of Canadian ATIP Agencies

Let’s start from the very beginning – the submission of requests. Citizens can file for the disclosure of information through an online portal. But online requests can be subjected to security issues, especially when requesting a document from a public space.

Requesting a document from a public spaceImage Source:https://atip-aiprp.tbs-sct.gc.ca/

The whole process of submitting a request is very complex, and depending on the type of request, the citizens can easily be overwhelmed with the required documents.

The complex process of submitting a requestImage Source: https://www.canada.ca/en/treasury-board-secretariat/services/access-information-privacy/access-information/request-information.html

Submitting a request to the wrong department is a common mistake, and in that case, most requests cannot be transferred across the institutions.

What happens if i submit my request to the wrong departmentSource: https://atip-aiprp.apps.gc.ca/atip/welcome.do

Security, complexity, and collaboration between departments are some of the key challenges Canadian government agencies are facing today. Since government agencies are working with personal information, data security is the first thing they should think of.

Staffing issues are another problem Canadian agencies are facing on a daily basis. Many federal agencies have reported the lack of staff and expertise needed to process requests effectively. This is one of the major causes of delays. To retain and attract personnel, employees are promoted before they possess the required skills. This lack of knowledge hinders efficiency.

Job classifications vary between departments, reducing flexibility. The skills required to perform in multiple functions is not well-defined.

Budget constraints are another challenge for reducing backlog of requests and resulting complaints. According to the Information Commissioner, the government’s “stopgap approach” to funding is jeopardizing the efforts to clear the backlog of complaints from dissatisfied requesters.

In her latest annual plan, Maynard said, it is difficult to set goals and maintain momentum because of the financial instability her office is facing.

Deadline extensions and search volume are also problematic. The ability for agencies to manage information successfully is key to a sustainable access regime. The speed with which ATIP records are created has outpaced the traditional record-keeping practices. This has a direct impact on the ability for agencies to search and locate records needed to fulfill a request.

As a result, government agencies are increasing deadline extensions, so they can effectively search for the needed information and process massive volumes of documents.

Email communications themselves have added to the number of records processed without adding to their quality.

Government agencies also struggle with the review and redaction of records. Although some agencies use software for this purpose, other agencies are still struggling to manually review and redact requests. Government agencies do know that automated tools help reduce the processing time, but by focusing on up-front cost alone, decision-makers deem these solutions as too costly.

Obviously, there are many challenges government agencies are struggling with. The ATIP process has numerous issues, not surprisingly since the system is over three decades old and administered by a law that has never had a complete overhaul.

What can the agencies do to reduce the time spent on processing requests and still stay in budget?

Invest in a modern yet cost-effective ATIP solution.

ArkCase ATIP Solution: A Modern, Cost-Effective Solution for Canadian Agencies

ArkCase ATIP Solution: A Modern, Cost-Effective Solution for Canadian Agencies

ArkCase provides an adaptive, dynamic open-source case Management platform to support your ATIP needs. ArkCase for ATIP reduces the time spent on request processing and improves the effectiveness of the entire process, increasing efficiency throughout the entire public request lifecycle: from submission to final response and delivery of the requested documents.

The ArkCase ATIP solution is created to meet all the requirements to provide necessary security.

Here are some of the key features and their benefits of the ArkCase ATIP software solution:

1. Automation of the Entire ATIP Process

Processing a vast number of requests is one of the biggest problems government agencies face. To assist in reducing backlogs, the ArkCase ATIP solution is fully automated and easy-to-use.

From online public request submission to delivery, this solution accelerates and automates processing. No more piles of paper. No more backlogs. No more complaints.

2. One Interface for Communication

The ArkCase ATIP solution uses one interface for internal and external communications. This allows fast and easy communication between departments and agencies as well as citizens.

3. Pre-Configured Workflows

When a request is submitted, the ArkCase ATIP solution stores it and creates a pre-configured secure workflow. The standard format of the workflow makes the whole process easier for staff.With ArkCase’s ‘multi-track and automatic status update feature, ATIP staff will always know when and what they are supposed to do. This makes public request processing much simpler, easier, and faster.

4. Online Submission of ATIP Requests

The ArkCase solution allows online submission of requests. Citizens anywhere can easily request government information.

5. Data Storage & Access to Records

As cloud-based software, our solution stores and maintains all the records and correspondences on a secure AWS cloud infrastructure that meets Canadian security requirements.
This allows employees to have secure access to data from anywhere in the world on any device with an Internet connection.

These are just a handful of features that make the ArkCase ATIP Software Solution a reliable, scalable, secure, and cost-effective solution.

With the ArkCase ATIP solution, government agencies can significantly simplify request submission and fulfillment. From the online submission of public requests to digital delivery, the ArkCase ATIP software solution improves the process from beginning to end.

This way, government agencies can get more done, in less time, with less manual work, and with fewer complaints to the Information Commissioner office.

Let’s Wrap-Up

The purpose of ATIP is to provide Canadian citizens a right of access to records under the control of government agencies. Agencies are facing many challenges that contribute to large backlogs and a huge number of complaints.

The biggest challenge is that most of the agencies still lack the technology needed to effectively accept and process requests in a timely manner.

Luckily, there is a modern, cost-effective solution to their challenges – the ArkCase ATIP solution. With ArkCase, Canadian agencies can reduce backlogs and get more done, in less time.

I hope that this blog post will be helpful for you as an ATIP department manager or staff member, to see what challenges government agencies to struggle with, and how a solution like ArkCase can help overcome those challenges.

If you want to discover more about the ArkCase ATIP solution, or you have any questions or comments, don’t hesitate to contact us.

And don’t forget to share this blog post with your friends on social media networks so they can also see how the biggest challenges of government agencies can easily be solved with one modern solution.

Changing Old Ways with a Modern Public Records Software Solution

Changing Old Ways with a Modern Public Records Software Solution

The Freedom of Information Act (FOIA) codifies government transparency and ensures citizens access to public records of interest.  Despite these admirable intentions, often the volume and speed of public records request fulfillment results in frustrated citizens and overwhelmed government employees.

Activists, academics, reporters, and citizens share countless stories regarding delays and even denials of their requests for public records.

People wonder how, in an age of ever-growing data, agencies that deal with public records can still struggle to respond in a timely fashion. Unfortunately, government agencies still rely on outdated public records solutions.


Public Records in the Digital Age

The 24/7 television news cycle, the boom of social media, and a plethora of online news outlets are considerably increasing the public’s interest in government affairs. In 2018 alone, members of the press and citizens submitted 863,729 public records requests to federal agencies. The number of requests is growing every year.

FOIA Requests Recieved FY 2028

Image Source: Summary of Annual FOIA Reports for Fiscal Year 2018

The increasing number of public records requests is a good sign that people have a keen interest in our democracy. That’s why FOIA exists.

But let’s see how many of these requests were answered on time by receiving agencies.

Total FOIA Requests Processed FY2018

Image Source: Summary of Annual FOIA Reports for Fiscal Year 2018

As you can see from the chart above, out of 863,729 public records requests submitted, 830,060 got a response to their request. Even though the percentage of the processed requests is high, 93.8% released in full or in part, we’re still looking at 33,000 newly backlogged requests in 2018 alone.

Additionally, at the end of FY 2018 the total number of backlogged requests was 130,718, which is a 17.4% increase over FY 2017. Numbers speak for themselves: FOIA agencies struggle to keep up, and they’re losing the battle with the backlogged requests.

Increasing demands of transparency in the digital age combined with an ineffective review, search, and redaction process are constantly increasing the number of backlogged requests.


More Data = More Complexity

Every day, employees and agency officials generate massive amounts of new data. Our communications-heavy society is generating 18.1 million text messages and 188 million emails every minute.

Government officials and employees are no exception, creating internal and external crisscrossing trails of electronic communications. In addition to emails, PDF files, and Word documents, critical information is available from many different sources such as the Internet of Things (IoT), body cams, social media, audio and video recordings, smartphones, photos, and other devices.

Without an advanced technology to meet these digital age challenges, agencies are simply not able to manage and access the data necessary to complete adequate public records searches.

Agencies that use a modern public records solution can easily centralize and standardize all types of data and electronically stored information (ESI) and use advanced search features to find relevant information within. But agencies that still rely on basic search abilities, or those that develop proprietary search techniques, miss important information that the public has a right to know.


 Ineffective Searches

For public records requests to be completed as expected, FOIA employees should be able to search all the needed records. This means they should have centralized access to all the agency’s ESI and an effective way to search multiple file types to reliably identify all relevant information.

To see if agencies are effective in their FOIA searches, the National Security Archive and the Project on Government Oversight conducted an online survey of both FOIA employees and requesters. Here are some of the conclusions from the survey:

  • Most agencies don’t have centralized public records search capabilities, meaning they cannot search large portions of the records.
  • The employees often perform slow, imprecise, or incomplete searches for requested public records.
  • Some agencies have access to eDiscovery tools to search for the requested records, while other agencies don’t search for records electronically at all, instead relying on a manual process.


Inefficient Review & Redaction

If full disclosure of the information is not allowed due to security concerns, federal agencies still are required to disclose some information. The sheer number of exemptions and exclusions makes reviewing protected information a very time-consuming process. Redacting hundreds of pages using outdated software is a painfully slow process prone to errors. There’s a much better solution than redacting with duct tape!

Legal document redacted with duct tape

Image Source (The image was masked to hide personally identifiable information)

I think we can all agree that resolving these digital age challenges is important; especially in an era where modern public records solutions are more accessible than ever.

The delays in public records’ responses are a serious issue. In some states, requesters have a right for compensatory damages and attorney’s fees under FOIA. Also, disciplinary damages can be awarded under some public records laws if there is an unlawful refusal for disclosure or an arbitrary delay.

Unsatisfied requesters without administrative appeal options can file a lawsuit in Federal court. In FY 2018 there were 860 lawsuits filed against the government agencies. The backlogs of FOIA suits still waiting to be decided increased to 1,204 cases, an all-time high.

Adopting a modern public records solution will help agencies reduce the number of lawsuits, as well as the number of requests in the backlog.


The Importance of Adopting A Modern Public Records Solution

With a modern solution, FOIA agencies can use eDiscovery compliant, advanced search capabilities that can help them easily find specific keywords and phrases in audio and video files. Also, such a solution will help with organization and collaboration, review, redaction, and production challenges.

These modern FOIA solutions are designed to:

  • Combine data from various locations and standardize different file types.
  • Identify potentially related information faster by providing an early assessment.
  • Automate certain activities as identification, classification and redaction of exempted, private, and excluded data.
  • Allow employees easy access for date reviewing.
  • Provide advanced, customizable reporting features to meet all FOIA reporting requirements.

By using a modern public records solution, federal agencies can make significant changes and implement cost-effective solutions for challenges that are responsible for incomplete responses, denials, and backlogs. Furthermore, agencies will be able to reduce the number of lawsuits and appeals while providing accurate responses.


How the ArkCase Public Records Solution Can Help FOIA Agencies

ArkCase FOIA Dashboard Modern Sftware Solution

The ArkCase public records solution meets  FOIA requirements with a modern, automated software solution. ArkCase has partnered with Alfresco, Snowbound, AWS (Amazon Web Services), and Ephesoft to create a highly configurable, intuitive, scalable, and compliant FOIA solution:

Using these platforms, ArkCase offers a modern, workflow-driven, web-based public records solution specifically designed to help FOIA agencies automate, manage, and quickly and easily handle Public Records requests.

The key benefits that agencies gain by adopting the ArkCase public records solution include:

  • Centralized processing from various request channels (web, paper, fax)
  • Simplified upload of documents, photos, and videos
  • Compliance with security and records retention
  • Cloud-based and mobile-friendly modules
  • Electronic delivery of requested information
  • Automated business intelligence
  • Reduced risk of information loss
  • Faster information assembling
  • Quick access to information
  • Improved workflow capacity
  • Increased user productivity
  • Faster response rate.

The ArkCase public records solution digitizes everything in the FOIA request processing for easy searching. Communicating with other offices and departments and managing documents is seamless, speeding up the response time. By using ArkCase’s modern public records request solution, agencies can now easily overcome the challenges they’re facing on a daily basis and keep citizens informed.


Let’s Sum Up

In FY 2018, all the agencies dealing with FOIA requests processing received 863,729 FOIA requests, an all-time record high. That is an increase of almost 6% from the FOIA requests received in FY 2017 (818,271 requests).

The number of processed requests in FY 2018 is 0.83% higher than the number of processed requests in FY 2017. According to the Annual Report, the agencies continued to maintain a release rate of over 90% for a tenth year in a row. Still, there is work to be done to make further improvements and reduce the backlogs in FY 2019.

With a modern public records solution like ArkCase, agencies can easily overcome their challenges in meeting their FOIA goals.

The ArkCase public records solution is a modern, open-source, secure, flexible, scalable, reliable, and cost-effective solution that will enable your agency process more requests, with less effort, without compromising work integrity. And it can help you achieve all of this from one place, at an affordable price.

To make the ArkCase public records solution meet all your requirements, please check out this webinar. If you have any additional questions, please, don’t hesitate to contact us.

Legal Case Management Landscape Industry Disruptors

Legal Case Management Landscape Industry Disruptors

legal case management industry disruptors

The Legal Sector is a workflow-dependent, document-heavy sector that relies on Legal Case Management software to function properly. These software solutions will have some level of Workflow Management and Document Management. And since the daily work of legal workers is directly tied to the software, how effective is the legal department will depend on how good their Legal Case Management software is.

For that reason, I’ve decided to write about a few must-haves any Legal Case Management software should have.

But, before we get in the software selection details, let’s do a quick test.

Does Your Organization Need A New Legal Case Management System?

Most of the times, organizations fear change because, usually, change is painful and expensive. But the flip side is, how much are you losing by NOT changing systems?

What are all the avoided problems, and what are all the added benefits of using a modern, workflow-oriented Legal Case Management system?

Here’s a short and quick self-test to see if your organization is at a point where you need to start looking for a new Legal Case Management platform:

  • Does your Legal Case Management system allow you to work form any other place and/or device than the computer in your office?
  • Do you still have to organize your files, meetings, and deadlines manually?
  • Do you need to maintain an on-site server so you can run your software?
  • Is the Legal workflow spread across different systems and technologies?
  • Do you contact your clients only by (not always reliable) email?
  • Does your system provide automatic updates of features?

If you answered YES on at least two of these questions, then you may need to start shopping for a new Legal Case Management solution.

Who Would You Call: Established, Disruptors or Startup Case Management Vendors?

Established Legal Case Management systems usually force organizations to adjust their workflows to what the software can provide. This directly affects how legal workers do their daily work, and it’s usually by slowing down people to do their work.

Such externally imposed limitations lead to missed appointments and deadlines, wasted time and effort, etc. And the scary part is, you are aware of it, but you feel caged by the current case management system.

Unlike these established software solutions, innovative solutions in the Legal Sector are more attentive to the needs of end-users, and try to solve workflow problems. This is why these innovative changes are labeled as ‘disruptors.’

Industry disruptors know the pain points of decision makers, so they make sure to match their offer to your situation in such a way that it’s a no-brainer to take their offer.

Disruptors are young enough to really, genuinely care about their clients. On the other hand, they’re mature enough as a business to be able to provide actual, tested, proven value-for-money solution.

Startups that really get things right are too rare. Only 1 out of 100 startups actually live long enough to be a serious contender. They may have an amazing offer. But even they are not sure if they’ll be around to support their own product, 5-10 years down the road. This makes Startups a bad idea for Legal Case Management alternatives.

If you have the time and resources to dig deep and interview tons of these startups, you may actually find a gem of an offer. But… that’s a big IF. And you won’t want to be responsible for a software purchase decision that ends up having no company to support it.

Here are a few tips on how to conduct your search. It’s mostly aimed at Industry Disruptors companies. I wouldn’t dare giving tips on choosing Startup offers. It’s far too volatile of a market. I’m offering the safe route to a good choice, without depleting your company’s bank account with an established (read: overpriced) offer.

Must-Haves Of Your New Modern Legal Case Management Software

must haves of your new modern legal case management software

An obvious disclaimer, before we get started on this topic: This is not an exhaustive checklist. I’m not attempting to offer an exhaustive, works-everywhere checklist that you can print out and follow through.

There are far too many variables and each company will need to do their own homework. What I’m offering here is just basic direction of thinking. And more importantly, identifying where not to look for a solution.

An acid test of which offer is a good match.

Let’s get started.

1. Workflow Automation

The first thing to do when choosing a Legal Case Management system is to make sure it guarantees Automation of the entire process.

You won’t want to have to resort to group emails to let everybody know what’s the next step in any Legal Case. You’ll want the system to do this automatically. And you’ll want to be able to easily automate what happens on each stage, and who gets notified when.

Automation of the Legal Case Management will contribute to the reduction of time and effort your staff invests in each Legal Case. It also clears out peoples Inboxes, but more on this topic lower in this text.

2. Point and Click Workflow Customization

Another very important feature you should look for in a Legal Case Management System is the ability to customize workflows with minimal effort and minimal technical knowledge.

This feature will help you determine priorities, outline stages and roles in the process, and build all that into the system without a need of writing any software code.
This dramatically simplifies the process and saves time and effort. No need to call a software developer, no need to be tied to a retainer contract with any company. And most importantly, all it takes for workflow customization is basic computer literacy.

3. Automatic Status Updates

A feature you definitely want to have as a part of your new Legal Case Management software is the ‘Automatic Status Update’ for each step of the process.

This feature will help you to easily track what role is assigned to which employee and what’s the status of the given task. Also, your employees will always know their role in the process and your clients will be timely updated about their case status.

This feature significantly simplifies your company organization and improves your end users’ experience.

4. Calendaring and Deadline Organization

One of the most important things in any Legal department is efficiently handling deadlines associated with Legal Cases. Missing deadlines and meetings with clients are mistakes that successful legal organizations can’t afford.

For that reason, when choosing a Legal Case Management system, make sure it includes this feature. It will help you to add deadlines and meetings related to each case in your calendar and automatically add them to your employee’s calendar.

This feature will help you stay organized, save time, and improve your customer experience.

5. Centralized Database

Having all of your clients’ information in one place is a must-have for every Legal Department. That’s why it’s important to find a Legal Case Management System which stores all client information (including case description, contact information, notes of the case, etc.) in one centralized database.

This Centralized Database approach will improve the organization and management of client information. It will allow for easier and faster access to data, from any device that has an internet connection, from anywhere in the world.

6. Reliable Communication and Collaboration System

Working with so many clients and on tons of Legal Cases requires a lot of communication and collaboration.

This can get very messy if you don’t have a reliable system for communication and collaboration between people, departments and organizations. This is a very good reason to look for a modern Legal Case Management software that has this collaboration capability out-of-the-box.

This feature will help you to stay organized and respond to your clients on time while saving your employees tons of time and frustrations.

As I said above, this is not an exhaustive checklist for choosing a modern Legal Case Management software. But, if you don’t know where to start from, these must-haves are a good starting point.

While still here, to spare you some research and time, you can take a look at this article and see how using an ArkCase Case Management solution can help your organization improve efficiency and client service.

Let’s Wrap Up

representation of established vendors, startups and industry disruptors

Keeping up with the ever-growing Legal Cases means that you need a Legal Case Management software that can follow your pace and effectively answer to all of your requirements.

Established vendors are choosing to keep their Status Quo, and Startups can’t promise they can survive in this competitive industry. So, the best thing you can do when shopping for a modern Legal Case Management software is to rely on Industry Disruptors.

I know that choosing the right innovation can be challenging, but not accepting beneficial industry changes means ignoring the needs of your staff – a mistake no organization can afford.

I hope that my checklist will be a good starting point when researching for a modern Legal Case Management software. But, if you still don’t know where to start from, take a look at our Blog, and see if our modern Legal Case Management Software Solution for ArkCase will be a good fit for your organization.

Or simply contact us. We’re enthusiastic about helping organizations improve their workflows using reliable, cost-effective case management solutions.

FedRAMP Compliance: Tips And Cues 2015 vs. 2017, What Changed?

FedRAMP Compliance: Tips And Cues 2015 vs. 2017, What Changed?

tips and cues for FedRAMP compliant FOIA software

In order to increase the security among Federal agencies, several agencies created the Federal Risk and Authorization Management Program (FedRAMP). These agencies are:

  • The National Institute of Standards and Technology (NIST)
  • The Department of Homeland Security (DHS)
  • The General Services Administration (GSA)
  • The Department of Defense (DOD)

FedRAMP is a government-wide program which provides a standardized approach to security assessment, authorization, and continuous monitoring for Cloud Service Providers (CSPs).

The intent behind the program is to facilitate the adoption of CSPs among Federal agencies and eliminate duplication of effort. In the same time, FedRAMP reduces the risk management time and the costs that agencies would otherwise spend on individual assessing of CSPs. Or, as it can be found on FedRAMP official site:

“FedRAMP facilitates the shift from insecure, tethered, tedious IT to secure, mobile, nimble, and quick IT.”

FedRAMP Security Assessment Framework 2015 Vs. 2017

To advance the security among Federal Agencies, in 2015, FedRAMP.gov issued the general Security Assessment Framework. And, 2 years later, they’ve upgraded this structure to Security Assessment Framework version 2.4.

In both versions of the Security Assessment Framework, FedRAMP puts a special emphasis on the importance of CSPs meeting the FedRAMP requirements.

In order to become FedRAMP compliant, each CSP needs to carefully follow and go through 4 process areas:

  1. Document,
  2. Assess,
  3. Authorize, and
  4. Monitor.

FedRAMP risk management framework

Source: FedRAMP Security Assessment Framework, 2017

However, the ways in which CSPs could achieve FedRAMP compliance have slightly changed in the 2017 Security Assessment Framework revision.

In their version of 2015, FedRAMP allowed 3 ways of CSPs becoming FedRAMP compliant. But, in their latest version from 2017, FedRAMP gives CSPs only 2 possible alternatives to achieve compliance.

In 2015, CSPs could achieve FedRAMP compliance trough:

  • Joint Authorization Board Provisional Authorization (JAB P-ATO)
  • FedRAMP Agency Authority to Operate (ATO)
  • CSP Supplied Package

Let’s explain these 3 in more detail.

1. Joint Authorization Board Provisional Authorization (JAB P-ATO)


Source: fedramp.gov

JAB P-ATO is a type of request for FedRAMP compliance that can be submitted either by the CSP or by the Federal agency. It basically means submitting an application known as ‘Initiate Request form’ on www.fedramp.gov to ensure processing of the CSP for a JAB P-ATO. Here, the CSP provides all data to the JAB and it makes a risk review of all the data provided.

When the JAB grants the P-ATO, the JAB provides all Federal agencies a recommendation on whether a CSP has a recommended acceptable risk posture for Federal use.

For FedRAMP JAB P-ATOs, the CSP must collaborate with an accredited Third Party Assessment Organization (3PAO) to independently verify and validate the security implementations.

The picture above shows the entire process of JAB P-ATO, form submission to authorization. As you can see, it consists of 4 separate stages, each containing several phases on their own.

The first stage is called Readiness Assessment & FedRAMP Connect. This stage, as the name itself implies, is the first stage where all the information needed is provided by the CSP so that the process of assessment may start. The length of the first stage depends on the readiness of the CSP to provide all this information.
The next stage is known as Full Security Assessment and lasts for about 1 month. At this stage, the CSP is examined against all of the demands of the assessment framework. And if passed, the CSP gains the right to be FedRAMP Authorized, which is the actual next stage of JAB P-ATO

The Authorization Process is the longest stage. It can take 3 to 4 months and sometimes even longer. The reason for the length of this stage is the several reviews that the CSP must go through. Once this stage is over and the CSP is FedRAMP authorized follows the final stage – Continuous Monitoring.

Continuous Monitoring is an ongoing process in which the CSP is monitored whether it still responds to all of the FedRAMP demands and how the CSP uses the FedRAMP authorization.

Getting JAB P-ATO is a long and complex process which not every CSP can go through. On the other hand, the ones authorized as such are undoubtedly secure to be used.

2. FedRAMP Agency Authority to Operate (ATO)

FedRAMP agency authority to operate

Source: fedramp.gov

ATO allows CSPs to work directly with a Federal agency to achieve FedRAMP compliance. Here, the CSP works together with the Federal Agency security office to provide all data necessary for the ATO. After that, the Federal agency makes a risk review of the data.

Federal Agencies have to choose a FedRAMP accredited 3PAO or a non-accredited Independent Assessor (IA) to perform the assessment.

In cases where non-accredited assessor is used, the Federal agency needs to provide evidence of the assessor’s independence and a letter of attestation of the assessor’s independence with the security authorization package. However, the FedRAMP Program Management Office (PMO) highly recommends the use of an assessor from the FedRAMP 3PAO accreditation program.

Once the Federal agency authorizes the package, they need to notify the FedRAMP PMO. The PMO then instructs the CSP how to submit the package for PMO review.

After reviewing the package and ensuring it meets all of the FedRAMP requirements, the FedRAMP PMO publishes the package in the Secure Repository for other Agencies to leverage.

As you can see from the picture above ATO is similar, but at the same time very different from JAB P-ATO. Namely, ATO also includes 4 stages from which only the first one is different. Instead of Readiness Assessment & FedRAMP Connect, here CSP’s work on establishing a partnership with the federal agency. This is the first stage and is known as Relationship Establishment.

The other 3 stages are seemingly similar, but in their core are very different. The thing is in the phases that each of the following processes goes. If you take a more detailed look at the picture above you will understand what I am talking about. Especially when it comes to the Authorization process because with ATO the review process is done by both the agency and PMO.

3. CSP Supplied Package

The 2015 FedRAMP Security Assessment Framework provides an opportunity for CSPs to supply a security package to the FedRAMP Secure Repository for prospective Agency use. Here, the CSP chooses to work independently rather than through the JAB or a Federal Agency.Unlike the other two ways of achieving FedRAMP compliance, here, after the completion of FedRAMP Security Assessment Framework (SAF), the FedRAMP compliant package instead for authorization it’s available for leveraging. Namely, instead of gaining FedRAMP authorization the CSP must go under one final test. And that is 3PAO.

The CSP must collaborate with an accredited 3PAO to independently verify and validate the security implementations and the security assessment package.

Once the authorization is completed, the CSP notifies the FedRAMP PMO and the PMO instructs the CSP on how to submit the package for PMO Review.

After the review, the FedRAMP PMO publishes the package in the Secure Repository for other Federal agencies to leverage.

In cases where the Federal agency decided to issue an ATO to a CSP-supplied package, the status of the package changes in the ‘Secure Repository’ to indicate that it has evolved into a FedRAMP Agency ATO Package.

What Changed In 2017?

FedRAMP is a program which is focused on constant improvements. For that reason, they put a huge effort in trying to improve the standardized approach they offer and present it as the best possible solution for securing Governmental data among agencies who use CSPs.

With that thought, they have decided to exclude the CSP Supplied Compliance form the Security Assessment Framework form 2017 and focus on the other two, JAB and Agency Authorization.

FedRAMP explains this decision as a result of the fact that CSP-Supplied compliance has been the least utilized out of the three options. And unfortunately, a great part of the CSP-Supplied packages submitted to the PMO failed in passing the compliance review.

They explain on their official site:

“After numerous interviews with CSPs, agencies, and 3PAOs, we concluded that CSP-Supplied had the lowest demand and was too risky, costly, and resource intensive for both industry and the FedRAMP PMO.”

As an alternative, they offer the option to pursue the redesigned FedRAMP Ready process.

”While CSP-Supplied is going away, we believe the redesigned FedRAMP Ready will better prepare CSP’s for a JAB provisional authorization or help identify an agency sponsor for authorization, with it happening faster, cheaper, and with more certainty.”

Final Thoughts

FedRAMP compliant FOIA software

Image Source: https://www.fedramp.gov

With an intent to unburden FOIA agencies in adopting CSPs, the National Institute of Standards and Technology initiated the development of FedRAMP.

As a government-wide program which provides a standardized approach to security assessment, authorization, and continuous monitoring for CSPs, FedRAMP is in constant evolution.

Since its creation, the framework has significantly evolved. And one such proof is the 2017 Security Assessment Framework.

This framework is a huge help for FOIA agencies that are in search for a CSP which, believe it or not, is not an easy job. It carries lots of risks and costs.
Thanks to FedRAMP, FOIA agencies can now rely on the assessment framework and spend their time responding to more FOIA requests and reducing backlogs.

If you have any comments or questions about the FedRAMP compliance, feel free to ask. We will be glad to help you.

And if you want to know more about our FedRAMP Compliant solutions, don’t hesitate to contact us.

Armedia Leverages ArkCase, Alfresco and AWS AI Services to drive business efficiencies  

Armedia Leverages ArkCase, Alfresco and AWS AI Services to drive business efficiencies  

Armedia integrates AWS transcription services

Did you know that the industry standard for manually transcribing 1 hour of clear audio is 4 hours?  That is a 4 to 1 ratio. Poor audio could take as much as 9 hours to transcribe 1 hour (9 to 1 ratio), which means a lot of manual hours are needed to transcribe audio and video files. Think about how much Society relies on audio and video files these days. Recently, we were asked to help solve this challenge by a law enforcement agency.  This agency was spending about 8 hours for every 1 hour (8 to 1) of body camera or interview audio or video.  Our solution – ArkCase, Alfresco, and AWS – originally proposed for their IT Modernization project addressed this challenge. Intrigued, they asked for a demo. With a clear understanding of the opportunity to further demonstrate value, we asked for a few weeks to prepare the demo.

Before We Get to the How, Let’s Describe the What

What are the platforms being used in this solution?

  • For starters, ArkCase is a low-code IT modernization or case management platform. ArkCase aims to be the premier open source low-code case management platform.
  • Alfresco is the leading open source enterprise content management platform providing core document management, business process management and records management services.
  • AWS is the leading cloud-based platform as a service (PaaS) supporting our ability to comply with FedRAMP, CJIS, HIPAA, HiTECH, SOC2 and other security controls.

ArkCase provides an intuitive, accessible and responsive user interface to view, stream, and transcribe rich media files. ArkCase integrates with AWS Transcribe service to provide high volume, high quality and cost-effective transcription of audio and video files. The transcription functionality in ArkCase allows users to upload audio and video files within ArkCase and configure whether files are automatically transcribed or manually sent to be transcribed allowing organizations to control their costs. ArkCase then uses an Alfresco Activiti workflow to process the files using AWS automatic speech recognition (ASR) service, which will produce the transcription files. The outcome of the process is a highly visual transcription with close caption and that can be searched and edited for enrichment. In addition, the transcription can be compiled into a Microsoft Word document from sharing. The user interface allows for streaming the rich media file while viewing the transcription text. This is extremely helpful when manually QAing the transcription text.

What Does ArkCase Transcription Functionality Provide?

The ArkCase user can perform many different actions on the transcribed file:

  • Viewing of the File Details
    • Language
    • Total Word Count
    • Confidence Rating of the Transcribed File
    • Transcription Status (In Process, Complete)
  • Listen or View to File in a Streaming Viewer with Close Caption
  • Searching for text within audio or video files
    • Jumping to that section of the audio or video
  • Tagging the file based on the transcription
  • Viewing Individual Sections of the Transcription Text
    • Each Transcription Text Section Shows:
      • Start Time of that Section of Text
      • Confidence Rating of that Section of Text
    • Editing Individual Sections of Transcription Text during QA
    • Automatically Compile the Transcription Text into a Single Document File

ArkCase transcription functionalities

Can ArkCase Transcription Functionality be Configured?

ArkCase transcription functionality also provides administration configurations for certain transcribe options within the ArkCase application:

  • Enable Transcription to turn on transcription
  • Automatic or Manual Transcription to decide if you want all rich media files processed or to manually select the files you want to be processed
  • Word Count per transcribed section for chunking and readability
  • Confidence Threshold for highlighting sections that may need human reviewing

ArkCase transcription configuration

An Administrator can control the transcription functionality for all users in the ArkCase application, by enabling or disabling the functionality.  If the functionality is enabled, the rich media files can be sent to AWS for transcription manually or automatically. If the Admin selects to enable automatic transcription, then each rich media file that is uploaded into ArkCase will be automatically sent to the Amazon Transcribe service. The Admin can also control the word count and confidence threshold for each section of transcription text. ArkCase will flag any sections of transcription text that do not meet the configured confidence threshold.

ArkCase transcription can support many different use cases, no matter your specific business.  If you want to gain efficiencies and get more value from your audio and video content, let’s talk.


In recent years, multimedia content is more used than ever. This means that the world data trapped in multimedia formats becomes larger and more difficult to use. To help you solve this problem and use multimedia content to your advantage we made this integration of ArkCase, Alfresco, and AWS.

ArkCase, Alfresco, and AWS created a platform that can help enterprises derive value from the ever-increasing multimedia content. Thanks to this integration, enterprises of all sizes can now use Armedia Legal Module and Amazon Transcribe as part of it.

Armedia Legal Module turns any audio or video file into a text format which can later be used as any other textual document. No more external transcription services. No more waiting. No more time wasted.

Want to view a recorded demo of ArkCase Transcription?

Are you interested in a live demo of ArkCase Transcription?