Information Governance

INFORMATION RIGHTS MANAGEMENT

Information Rights Management (IRM) is a term that applies to a technology which protects sensitive information from unauthorized access. It is sometimes referred to as (E-DRM) or Enterprise Digital Rights Management. This can cause confusion because Digital Rights Management (DRM) technologies are typically associated with business to consumer systems designed to protect rich media such as music and video. IRM is a technology which allows for information (mostly in the form of documents) to be ‘remote controlled’. This means that information and its control can now be separately created, viewed, edited & distributed. Some existing IRM systems have been ongoing development of DRM style systems, however a true IRM system will have some important differences and is typically used to protect information in a business to business model, such as financial data, intellectual property and executive communications. IRM currently applies mainly to documents and emails.

At Impact Innovations, we utilize both SharePoint IRM 2010/2013 and Documentum IRM 7(formally known as “Authentica”) to implement rights management solutions. The key difference between SharePoint IRM and Documentum IRM is how the certificate are managed and authenticated. SharePoint 2010/2013 embeds the issued certificate with documents and authenticates against the policies stored in the content. Unlike SharePoint, Documentum IRM embeds the issued certificates with documents, but authenticates against the policies stored in the IRM server. There are some advantages and disadvantages to both solutions.

For both IRM technologies allow for several levels of security. Functionality offered by IRM comprises of:For both IRM technologies allow for several levels of security. Functionality offered by IRM comprises of:

  • Industry standard encryption of the information.
  • Strong in use protection, such as controlling copy & paste, preventing screen shots and printing.
  • A rights model/policy which allows for easy mapping of business classifications to information.
  • Offline use allowing for users to create/access IRM sealed documents without needing network access for certain periods of time.
  • Full auditing of both access to documents as well as changes to the rights/policy by business users