Adobe Experience Manager (AEM) as a cloud service comes with a few native tools for short-term back-ups and version control. But if you’re looking to create a legally-admissible, compliant archive of your AEM website content, Adobe itself warns that these features are, “not intended as an audit log or for legal purposes.”
On their own, AEM’s cloud backups don’t meet legal evidence or regulatory recordkeeping requirements because they can’t guarantee:
- The records will match the original exactly
- All sections and pages will be retrievable
- The records will not be altered by later changes to the base code
So what are managers of sites built with AEM to do when legal and compliance teams come knocking looking for secure, legally-admissible, historical records to submit to courts or regulatory bodies?
Reading this article is a great start.
Here we’re going to cover why it’s so important to make sure you have the appropriate archiving solution for your AEM website content, review some litigation readiness and regulatory recordkeeping requirements you need to be aware of, and finally, we’ll cover best practices for comprehensive, compliant website archiving.
Table of Contents
1. Does AEM Have Website Content Archiving Features?
2. The Challenges of Using AEM’s Timewarp for Archiving Website Content
3. The Challenges of Archiving Dynamic and Complex AEM Website Content
4. Website Archiving Requirements for Compliance
5. Why Archiving Your AEM Website Matters for Litigation Readiness
6. The Best Solution for Archiving Adobe Experience Manager Website Content
7. Additional Helpful Resources
Does AEM Have Website Content Archiving Features?
While AEM as a cloud service provides “versions”, “snapshots”, workflow trails, and options for purging content, these functionalities are only really designed for content management, version control, and deletion of outdated assets, not long-term archival or compliance-specific archiving.
Fortunately, the AEM system is flexible and allows organizations to develop custom solutions or integrate external tools to tailor backup, archiving, and record-keeping processes according to your specific business requirements.
It's important to note that while AEM offers the ability to integrate with external archival solutions, the extent to which they meet specific compliance requirements from regulatory bodies like SEC and FINRA, depends on the tool and its configuration.
You may be thinking: “But wait, why bother looking for an external archiving solution when I have access to Adobe’s Timewarp? Isn’t that enough?”
Alas, though Timewarp is a pretty nifty feature, unfortunately, it’s not going to keep your AEM website compliant and litigation-ready.
Let’s explore why.
The Challenges of Using AEM’s Timewarp for Archiving Website Content
Though AEM’s Timewarp feature is great for tracking content changes and comparing web page versions over time, there are some specific reasons why you’ll likely need an additional archiving solution:
- Timewarp will only show changes to page content. That means assets that are altered at some point, like updates to the CSS, code or images, will also alter previous versions. For regulatory compliance or litigation, this would be a huge problem because the website record would not represent its original form, as it appeared on that specific day to a user.
- Timewarp is not able to navigate or recall pages that have been deleted, moved, or removed from the repository. So there is a chance that the version shown when you try to recall a page from a specific date may reflect an earlier iteration of the page because the version you are attempting to recall was actually deleted. Needless to say, this would not hold up in court or an audit.
- Timewarp is built for content management, not archiving. Because of the complexities of having many contributors and frequent changes, getting an accurate reproduction of a page at a selected point in time is not always going to be possible with Timewarp.
These issues pose a huge challenge and expose potential risks in trying to maintain accurate historical records. As you can see, Timewarp certainly would not be much help if your organization were being audited or required to produce legally admissible records.
The Challenges of Archiving Dynamic and Complex AEM Website Content
If you’ve decided to procure an external solution to archive your AEM website content, you may encounter a few other issues in executing a truly compliant archive. That’s because archiving dynamic and complex website content is always tricky. Because AEM is such a sophisticated system, allowing for incredible interactivity and complexity, it poses unique challenges for regulatory and litigation-ready recordkeeping:
- Dynamic Content: AEM allows for the creation of dynamic content that adjusts based on user interactions and other variables. Archiving dynamic content in a way that preserves its original context, interactivity, and functionality is very challenging. Static archiving may not capture the interactive elements and personalized experiences accurately.
- Rich Media: Archiving videos, animations, and interactive graphics is not straightforward, especially when these dynamic media elements rely on external APIs or services.
- Automation and Frequent Changes: Capturing versions of dynamic content, especially when changes are as frequent as daily, requires an automated process or a potentially huge time and resources investment in a manual process. Archiving different versions of dynamic pages and ensuring they align with the correct point in time without automation can be especially difficult.
- Metadata Preservation: Metadata such as creation dates, author information, and version history are crucial for context and compliance. Preserving accurate metadata during the archiving process, especially for dynamic content, is quite complex.
- Integration with External Systems: AEM websites often integrate with external systems, databases, APIs, and third-party services. Archiving content that relies on data from these external sources poses more challenges, as changes in those sources can affect the archived content's functionality and accuracy.
- Responsive Design and Multichannel Content: AEM allows content authors to create responsive designs for various devices and channels. Archiving content that is responsive and optimized for different screen sizes and devices requires careful consideration to maintain the user experience during retrieval.
- Scalability and Performance Considerations: Archiving large and complex AEM websites while maintaining performance can be a huge issue. Depending on the process in place, archiving could disrupt the live site's performance, especially for websites with heavy traffic and extensive dynamic content.
- Regulatory Compliance: Meeting regulatory compliance requirements for archived content, such as SEC and FINRA guidelines, also adds complexity. Ensuring that dynamic content is archived with accurate metadata, digital signatures, with the necessary export options is absolutely crucial for financial services firms.
As you can see, due to AEM’s flexibility and sophisticated capabilities, keeping evidence-quality records of website content that also meet regulatory requirements can be a bit of a nightmare, if you don’t have the right tools.
Why Archiving Your AEM Website Matters for Compliance
Many industries, including finance and healthcare, are subject to strict regulations requiring the retention of digital records, including website content. Most regulatory bodies are not particularly forgiving when it comes to compliance, so it’s important to know their archiving requirements and make sure you adhere to them at all times.
Website Archiving Requirements - Practice Example From the SEC and FINRA
Recordkeeping regulations exist the world over. And we encourage you to find out what recordkeeping requirements apply in your country or industry, if you’re not already familiar. For the purposes of this article, we’re not going to cover every possible recordkeeping regulation you may run into, but we do think it’s worth examining a real world example.
So let’s unpack some recordkeeping requirements in the financial services industry of the US.
Both the SEC (Securities and Exchange Commission) and FINRA (Financial Industry Regulatory Authority) have specific compliance requirements regarding website archiving and record-keeping for businesses in the financial industry.
Specifically, both SEC Rule 17a-4 and FINRA Rule 4511 require financial service providers to preserve all electronic communications, including website content, for at least three years.
The SEC requires these records be easily accessible for the first two years and that they must be kept in a non-rewritable, non-erasable format (Write-Once-Read-Many or WORM format) to prevent alteration or deletion.
FINRA’s Rule 3110 requires member firms to have systems in place to capture, archive, and supervise all electronic communications, including website content.
And Rule 2210 from FINRA says that "communications must be based on principles of fair dealing and good faith, must be fair and balanced." “Communications” here includes all of your website content as well. So if your organization is being accused of violating this rule, it would be essential to have an authentic historical record of your online content.
Do AEM Backups or TimeWarp Satisfy SEC and FINRA Record-Keeping Requirements?
If your company provides financial services regulated under the SEC and FINRA, Adobe’s backup, Timewarp, and disaster recovery on AEM will not be enough to satisfy regulatory record keeping requirements.
- Retention Periods: SEC and FINRA regulations require financial institutions to retain certain records for at least three years. AEM’s native archiving features and backups do not offer this kind of long-term retention. AEM as a cloud service’s offsite backups are only available for recovery for three months and they are not readily accessible to users.
- Tamper-Proofing: SEC and FINRA regulations require records to be stored in a tamper-proof format to prevent unauthorized alterations. While AEM’s Timewarp can show version history over time, they don’t guarantee the integrity of archived records over an extended period. These records cannot be stored or exported in WORM/WARC format nor do they contain digital signatures or hash keys.
- Metadata Preservation: Proper metadata, including creation dates and authorship information, is crucial for demonstrating the authenticity and context of records. AEM’s native archiving features might not capture and preserve all relevant metadata required for compliance.
- Search and Retrieval: Regulatory authorities may require firms to quickly search, retrieve, and produce specific records upon request. Native AEM features don’t provide efficient and streamlined search capabilities, making it challenging to locate and retrieve archived content promptly.
For these reasons, many organizations using AEM opt for third-party archiving solutions (like Pagefreezer). These solutions offer advanced compliance and archiving features, including long-term retention, tamper-proof storage, comprehensive metadata preservation, efficient search and retrieval, and automation.
Why Archiving Your AEM Website Matters for Litigation Readiness
So maybe you don’t need to archive your AEM content for compliance reasons. But that doesn’t mean you’re off the hook. If you work for a large brand, a highly litigated or litigious company, or otherwise, don’t be surprised when your legal team comes knocking looking for legally admissible records.
Besides staying on your legal team’s good side, archiving website content is crucial for litigation readiness for several reasons:
- Preservation of Digital Evidence: Your website contains critical information like product details, terms of service, transaction records, and customer interactions. Archiving ensures that this digital evidence is preserved in its original form, providing a reliable and authenticated source of information in legal proceedings.
- Supporting Legal Arguments: Archived website content can serve as crucial evidence in legal disputes. It can support or refute claims made by either party, providing a factual basis for legal arguments and helping build a strong case.
- Data Integrity and Authenticity: The best archiving solutions include mechanisms to ensure the integrity and authenticity of archived data. Timestamps, digital signatures, and encryption methods are used to safeguard archived content, demonstrating that the information has not been tampered with or altered.
- E-Discovery and Legal Research: In the process of e-discovery, where electronic information is sought as evidence in legal cases, relevant website content may need to be identified, collected, persevered and reviewed. Properly archived content streamlines the e-discovery process, saving time and resources during legal research.
- Mitigating Legal Risks: By always keeping a comprehensive archive of your AEM website content, your organization can easily demonstrate that they have taken proactive measures to preserve relevant information. This proactive approach can mitigate legal risks and reputational damage associated with incomplete or lost data.
- Preserving Historical Context: Website content changes over time, reflecting the evolution of a business. Archived content preserves historical context, allowing legal teams to understand the state of the website at specific points in time. This historical perspective is valuable for legal analysis and arguments.
- Ensuring Availability and Accessibility: Quick access to archived data ensures that legal teams can respond promptly to requests for information, subpoenas, or court orders.
Now that we’ve covered all the reasons you absolutely need an external archiving solution for your AEM website content, let’s talk about best practices.
Specifically, we’ll cover how Pagefreezer can help you save countless hours of manual archiving and allow your compliance and legal teams to rest easy knowing everything is in accordance with best practices and properly archived in the event of litigation or an audit.
Best Practices: Why Pagefreezer is the Best Solution for Archiving Adobe Experience Manager Website Content
Completely Automated Daily Website Archiving
Pagefreezer uses automated crawling technology to take snapshots of your website daily, without ever having to install any software. Hundreds or thousands of pages to crawl across multiple domains? No problem. The entire process is automated, so you can just set it and forget it.
With dynamic monitoring, new webpages and changes to existing pages are always captured, so you never have to worry if your website archive is up to date. And better yet, all records are retained and stored such that they cannot be altered.
Live Website Browsing and Search
With Pagefreezer, you can see exactly what your website looked like on a specific date, as if it was still live. You can even view changes, additions and deletions between different versions of a single webpage, allowing you to track exactly what changed on your site from one version to another.
Archiving Dynamic Content and User Flows
Unlike many other web archiving tools, Pagefreezer can capture complex and dynamic websites like those built on AEM while also collecting multiple steps in web form flows and content that is displayed after user events.
Advanced Website Archive Search
Looking for a specific word or sentence in your website archive? Pagefreezer has a powerful search function that allows you to find specific content across all archived websites and webpages. Even if you have thousands of archived pages, you can easily narrow your search and identify the particular page you need to view.
Export in WARC for Defensible Legal Evidence
Website archives are worthless for compliance audits and litigation unless authenticity of the records can be proved. Pagefreezer’s web capture software offers trusted, non-refutable evidence, complete with metadata. All records are time stamped with a SHA-256 digital signature and are stored and available for export in WARC format.
Retention Scheduling and Legal Hold
Pagefreezer makes it easy to dispose of data once it no longer needs to be retained. Simply set how long data should be kept for, and information will automatically be removed from your archives once the retention period expires. And to ensure that a piece of relevant data isn’t lost due to regular retention scheduling, you can also place data on legal hold, overriding the normal retention schedule to protect that data and preserve it for litigation.
Want to learn more? 👇