Secure, Scalable, and Compliance-Ready Document Management — Deployed Natively on Amazon Web Services
Organizations managing sensitive, regulated, or high-volume document workflows increasingly require document management infrastructure that delivers enterprise-grade governance without the licensing constraints of legacy platforms. AWS provides the foundation — scalable storage, encryption, identity management, and regional availability — but a document management deployment on AWS requires a platform purpose-built to leverage that infrastructure for document lifecycle control, compliance evidence, and operational efficiency.
FormKiQ is an API-first document management platform that deploys directly into your AWS account using AWS CloudFormation. Unlike traditional SaaS document management systems that store your data in vendor-controlled infrastructure, FormKiQ runs entirely within your own AWS environment — giving you complete ownership of your documents, metadata, encryption keys, and audit logs while eliminating per-user licensing fees that constrain adoption at scale.
Why AWS for Document Management?
AWS is the most widely adopted cloud platform for organizations with governance, compliance, and data residency requirements. For document management specifically, AWS provides several foundational capabilities that FormKiQ leverages directly:
| AWS Capability | What It Provides | How FormKiQ Uses It |
|---|---|---|
| Amazon S3 | 99.999999999% (eleven nines) durability with configurable storage classes | Document storage across active, infrequently accessed, and archived tiers — without migrating documents off-platform |
| AWS KMS | Hardware-backed encryption key management | Every document encrypted with customer-managed keys rather than vendor-managed shared keys |
| Amazon Cognito & IAM | Identity, SSO, MFA, and fine-grained access policies | Document access control mapped to organizational roles, departments, and security clearance levels |
| AWS Regions | 30+ regions across six continents | FormKiQ supports 20 regions for data residency enforcement (see Supported Regions below) |
| CloudTrail & CloudWatch | Infrastructure-level audit logging and monitoring | Extended with document-level audit trails — every access, modification, classification, and disposition event recorded |
What FormKiQ Provides as a Document Management Platform on AWS
FormKiQ is not a generic file storage layer on top of S3. It is a structured document management and enterprise content management platform with purpose-built capabilities across four operational domains:
Document Collection and Ingestion
FormKiQ supports multiple ingestion methods:
- API-driven upload and web console
- Email ingestion via the Email Ingestion Gateway
- Bulk import and migration tools
- Webhooks and event-driven architecture for external system integration
- Document Gateway Modules for SharePoint, Google Drive, SFTP, and scanner capture
Documents are automatically classified, tagged, and routed based on configurable rules, metadata schemas, and document type definitions. Intelligent Document Processing — powered by Amazon Textract and integrated AI processing — extracts text, key-value pairs, tables, and structured data from scanned documents, PDFs, images, and multi-page forms at the point of ingestion.
Document Organization and Classification
FormKiQ provides a flexible metadata architecture that supports both structured and unstructured classification:
- Tag schemas and composite keys — consistent metadata application across document types
- Document type definitions — enforce required metadata fields at ingestion
- Full-text indexing and search — powered by Amazon OpenSearch for rapid discovery across large repositories
- Attribute-based access control (ABAC) — ties document visibility to metadata values, enabling dynamic access policies based on department, classification level, project, or any custom attribute
Documents can be organized using hierarchical folder structures, flat tag-based taxonomies, or composite metadata schemas that combine both approaches.
Document Processing and Workflow
- Workflow automation — configurable workflows for document review, approval, routing, and disposition, triggered by document events (upload, classification change, metadata update, retention expiry)
- Multi-step approval chains — role-based task assignment with routing logic
- Document versioning — full version history with check-in/check-out for concurrent access control
- Document generation — templated document creation from structured data
- eSignature integration — governed signature workflows within the platform
Document Governance, Retention, and Disposition
- Configurable retention policies — applied at the document, folder, or document-type level with automatic enforcement
- Legal hold — protects documents from modification or deletion regardless of retention schedule, with hold events recorded in the audit trail
- Defensible disposition — audit-logged disposition workflows with timestamps and actor identification
- Records management alignment — supports ISO 15489, DoD 5015.02, and industry-specific retention frameworks
FormKiQ Editions
FormKiQ is available in four editions. Each builds on the previous:
| Core | Essentials | Advanced | Enterprise | |
|---|---|---|---|---|
| License | MIT (open source) | Commercial | Commercial | Commercial |
| Document Storage & API | ✓ | ✓ | ✓ | ✓ |
| Tagging, Search & Classification | ✓ | ✓ | ✓ | ✓ |
| OCR (Tesseract) | ✓ | ✓ | ✓ | ✓ |
| Multi-Tenant Support | ✓ | ✓ | ✓ | ✓ |
| SSO (SAML — Entra, Google, Auth0) | ✓ | ✓ | ✓ | |
| Custom Domains | ✓ | ✓ | ✓ | |
| Workflows, Queues & Rulesets | ✓ | ✓ | ✓ | |
| Antivirus & Anti-Malware | ✓ | ✓ | ✓ | |
| Encryption (in-transit & at-rest) | ✓ | ✓ | ✓ | |
| Document Control & Versioning | ✓ | ✓ | ✓ | |
| OCR & IDP (AWS Textract) | ✓ | ✓ | ✓ | |
| Capability Extension Modules | ✓ | ✓ | ||
| Document Gateway Modules | ✓ | ✓ | ||
| Integration Framework Modules | ✓ | ✓ | ||
| Solution Layers | ✓ | ✓ | ||
| Multi-Instance & Multi-Region Licensing | ✓ | ✓ | ||
| Vendor-Managed & Hybrid Deployment | ✓ | |||
| Custom SLAs | ✓ | |||
| OEM & Partner Licensing | ✓ | |||
| Compliance Consulting | ✓ | |||
| Support | Community (Slack & GitHub) | Support Portal (2-business-day SLA) | Private Slack + videoconference + 40 hrs onboarding | Rapid response (8-business-hour SLA) + strategic architecture support |
Capability Extension Modules
Available on Advanced and Enterprise editions, these modules add capabilities as document management needs evolve:
| Module | What It Does |
|---|---|
| AI Processing and Analysis | Automated classification, entity extraction, summarization, and content analysis powered by AWS AI services |
| Document Generation | Templated document creation from structured data — contracts, reports, correspondence, compliance docs |
| eSignature Integration | Governed electronic signature workflows integrated into approval and execution processes |
| Enhanced Full-Text Search | Powered by Amazon OpenSearch — fuzzy matching, faceted search, relevance tuning, cross-repository discovery |
| KnowledgeBase | AI-powered natural-language queries against organizational document collections |
Document Gateway Modules
Available on Advanced and Enterprise editions, gateways provide structured ingestion pathways from external platforms and protocols:
| Gateway | What It Connects |
|---|---|
| Microsoft Office & SharePoint | Ingests from SharePoint libraries and document sets; captures documents from Word, Excel, and other Office applications |
| Google Drive & Workspace | Captures from shared drives and individual locations; converts native Google formats on ingestion |
| Email Ingestion | Captures email attachments with metadata extraction from headers and body; routes to workflows based on configurable rules |
| Secure File Transfer | Connects to SFTP and managed file transfer environments |
| Document Scanner & Capture | Integrates with scanning hardware for paper document ingestion with OCR and classification at capture |
| Cloud Storage | Connects to external cloud storage environments for ingestion, synchronization, and governed lifecycle management |
Integration Framework Modules
Available on Advanced and Enterprise editions, these frameworks standardize how enterprise systems bind business objects to governed document lifecycles:
| Framework | What It Manages |
|---|---|
| ERP | Purchase orders, invoices, contracts, work orders — mapped to document metadata with lifecycle synchronization and audit-safe cross-references |
| CRM | Customer records, opportunities, and account documentation — with metadata mapping and lifecycle synchronization |
| HRIS | Onboarding packets, policy acknowledgments, performance docs, benefits enrollment, offboarding records — with retention tied to employment status |
| Case Management | Case records, evidence documents, and correspondence — with lifecycle controls tied to case status and disposition |
| Custom | Build governed document integrations with any line-of-business system using FormKiQ's API, metadata schemas, and event-driven architecture |
Deployment Models
| Model | Description | Availability |
|---|---|---|
| Customer-Managed AWS | Deploys directly into the customer's own AWS account via CloudFormation. Full control of infrastructure, networking, encryption keys, and operational management. | All editions |
| Vendor-Managed | FormKiQ manages the AWS infrastructure on behalf of the customer — deployment, updates, and operational support. | Enterprise |
| Hybrid | Customer retains control of specific components (encryption keys, network configuration) while delegating operational management to FormKiQ. | Enterprise |
All three models deploy into AWS accounts owned by or designated by the customer. FormKiQ does not operate a shared multi-tenant environment — every deployment is a dedicated, isolated instance.
Supported AWS Regions
| AWS Region | Location | Key Regulatory Context |
|---|---|---|
| us-east-1 | N. Virginia | HIPAA, FedRAMP-adjacent workloads |
| us-east-2 | Ohio | HIPAA, general US workloads |
| us-west-2 | Oregon | General US workloads, GovCloud-adjacent |
| ca-central-1 | Canada (Central / Montreal) | PIPEDA, Quebec Law 25 |
| ca-west-1 | Canada (West / Calgary) | PIPEDA, Alberta PIPA |
| eu-central-1 | Frankfurt | GDPR, German BDSG |
| eu-west-1 | Ireland | GDPR |
| eu-west-2 | London | UK GDPR post-Brexit |
| eu-west-3 | Paris | GDPR, French CNIL requirements |
| eu-north-1 | Stockholm | GDPR, Nordic data protection |
| eu-south-1 | Milan | GDPR, Italian healthcare and financial services |
| ap-south-1 | Mumbai | India DPDP Act |
| ap-southeast-1 | Singapore | PDPA Singapore |
| ap-southeast-2 | Sydney | Australian Privacy Act |
| ap-northeast-1 | Tokyo | Japan APPI |
| ap-northeast-2 | Seoul | South Korea PIPA |
| af-south-1 | Cape Town | South Africa POPIA |
| sa-east-1 | São Paulo | Brazil LGPD |
| me-central-1 | Middle East (UAE) | UAE PDPL, DIFC/ADGM |
| me-south-1 | Bahrain | GCC data localization requirements |
FormKiQ Core also supports AWS GovCloud (US West) for federal workloads. For unlisted regions, SAM CLI installation is available. AWS China installations are not currently supported.
Compliance and Regulatory Alignment
FormKiQ's architecture on AWS supports alignment with a broad range of regulatory and compliance frameworks:
| Framework | FormKiQ Capabilities |
|---|---|
| HIPAA | Encryption, access controls, audit logging, BAA-eligible AWS services |
| GDPR / UK GDPR | Data residency enforcement, right-to-erasure workflows, consent documentation, processing audit trails |
| PIPEDA | Canadian data residency (Montreal, Calgary), consent management, retention controls |
| CCPA / CPRA / Australian Privacy Act / PIPEDA | Consumer data access and deletion request workflows with audit evidence; Australian Privacy Act (APP framework) and PIPEDA / Quebec Law 25 (Canada) impose similar data subject rights and retention obligations |
| SOC 2 | Audit logging, access controls, operational monitoring aligned with Trust Services Criteria |
| FedRAMP | Deployment on AWS GovCloud (US West) for FedRAMP-authorized infrastructure |
| SEC 17a-4 / FINRA (US) / FCA (UK) / APRA (Australia) | Immutable storage configurations, retention enforcement for financial records; UK FCA SYSC record-keeping rules and MiFID II require similar retention and auditability for financial firms |
| FDA 21 CFR Part 11 / EU MDR / IVDR | Electronic records and signatures with audit trail integrity; EU Medical Device Regulation (MDR) and In Vitro Diagnostic Regulation (IVDR) impose equivalent electronic records requirements |
| ISO 15489 | Records management lifecycle controls, classification, disposition |
| DoD 5015.02 / MoReq2010 / National Archives equivalents | Records management application design criteria for defense and government; international equivalents include MoReq2010 (EU), UK National Archives requirements, and Library and Archives Canada guidance |
Who Uses Document Management on AWS
| Industry | Common Use Cases | Key Compliance Drivers |
|---|---|---|
| Government & Public Sector | Constituent records, FOIA programs, policy documents, interagency correspondence | Data residency, retention mandates, FOIA, Access to Information Act (Canada), Freedom of Information Act (UK/Australia) |
| Financial Services & Insurance | Contracts, client documentation, regulatory filings, audit evidence | SOC 2, SEC, FINRA, GLBA |
| Healthcare & Life Sciences | Clinical documentation, patient records, regulatory submissions, quality system records | HIPAA, FDA 21 CFR Part 11 |
| Higher Education | Student records, research documentation, grant administration, institutional policy | FERPA (US), GDPR (EU/UK), provincial privacy legislation (Canada), research compliance |
| Legal & Professional Services | Matter files, client documents, correspondence, records retention | Professional regulatory obligations |
| Energy & Utilities | Environmental compliance, permit applications, safety records, regulatory filings | Sector-specific environmental and safety regulations |
Getting Started
FormKiQ Core can be deployed to your AWS account in fifteen to twenty minutes using a one-click install via AWS CloudFormation. FormKiQ Essentials, Advanced, and Enterprise instances typically complete onboarding in under an hour.
For organizations evaluating the platform, FormKiQ offers a Proof-of-Value program — a three-month deployment in a FormKiQ-managed AWS environment that provides full platform access in a non-production setting.
Frequently Asked Questions
What is document management on AWS?
Document management on AWS refers to deploying a document management system on Amazon Web Services infrastructure — leveraging AWS storage, encryption, identity, and regional availability to manage document lifecycle, access control, and compliance within a cloud environment the organization owns and controls.
How is FormKiQ different from other document management systems on AWS?
FormKiQ deploys directly into your AWS account rather than operating as a shared multi-tenant SaaS. This means your documents, metadata, encryption keys, and audit logs remain entirely within your control. FormKiQ also uses deployment-based licensing rather than per-user fees, allowing organizations to scale their user base without scaling their licensing costs.
Can FormKiQ replace our existing ECM platform?
Yes. FormKiQ provides enterprise content management capabilities — document lifecycle management, workflow automation, records management, compliance controls, and enterprise system integration — within an API-first architecture that deploys on AWS. Organizations migrating from legacy ECM platforms gain modern infrastructure, eliminate per-user licensing, and retain governance depth.
What AWS services does FormKiQ use?
FormKiQ is built on core AWS services including Amazon S3 (document storage), Amazon DynamoDB (metadata), Amazon Cognito (identity and authentication), AWS Lambda (serverless compute), Amazon OpenSearch (full-text search), AWS KMS (encryption key management), and AWS CloudTrail (infrastructure audit logging).
Does FormKiQ support multi-region deployment?
FormKiQ supports deployment across 20 AWS regions spanning North America, Europe, Asia-Pacific, the Middle East, Africa, and South America — plus AWS GovCloud (US West) for FormKiQ Core. Advanced and Enterprise editions include flexible multi-instance and multi-region licensing for organizations with data residency requirements across multiple jurisdictions or disaster recovery requirements that mandate geographic redundancy. For unlisted regions, SAM CLI installation is available. AWS China installations are not currently supported.
How does FormKiQ handle document retention and legal hold?
FormKiQ provides configurable retention policies at the document, folder, and document-type level. Legal holds can be applied to individual documents or document sets, preventing modification or deletion regardless of retention schedule. All retention and hold events are recorded in the audit trail with timestamps and actor identification.