Guide contents
Business Solution Guide
Freedom of Information & Public Access on AWS
Request intake, redaction, response, and deadline tracking on AWS infrastructure you control.
Freedom of information and public access requests are among the most legally consequential document processes in government and public sector organizations. Every FOI request triggers a statutory obligation to search for responsive records, review them for exemptions, apply redactions where required, assemble a response package, and deliver it within legally mandated timelines — yet in most organizations, FOI processing is managed through spreadsheets, shared drives, email, and manual workflows with no structured way to track request status, manage redaction decisions, enforce deadlines, or demonstrate compliance with statutory obligations.
FormKiQ's Freedom of Information and Public Access solution provides the document layer for the full FOI lifecycle — from request intake and acknowledgment through search, retrieval, review, redaction, approval, response assembly, dispatch, and retention — deployed directly into your AWS account. AI-powered document analysis using Amazon Bedrock assists with exemption review by identifying potentially exempt content and flagging it for reviewer decision. Workflow automation routes requests through multi-stage review and approval chains. And the entire FOI record — every request, every responsive document, every redaction decision, every response package — is stored, encrypted, and auditable within your own AWS environment.
The FOI Request Lifecycle
FormKiQ supports each stage of the FOI request lifecycle within a governed, auditable platform:
| Stage | What Happens | How FormKiQ Handles It |
|---|---|---|
| Request Intake | A request is received via web portal, email, mail, or in person | Multi-channel intake via API, email connector, or document upload — each request registered with receipt timestamp, requester information, and request scope |
| Acknowledgment | The request is acknowledged within the statutory timeframe | Workflow-triggered acknowledgment letter generated from governed templates with deadline calculation based on jurisdiction and request type |
| Search & Retrieval | Responsive records are identified and collected from across the organization | Full-text and metadata search across the document repository — responsive documents tagged and associated with the FOI case file |
| Review | Responsive records are reviewed for applicable exemptions | Multi-reviewer workflow with exemption classification per document or per passage — AI-assisted identification of potentially exempt content for reviewer decision |
| Redaction | Exempt content is redacted from responsive documents | Redaction tools applied to responsive documents with exemption reason codes, reviewer attribution, and version management (original and redacted versions retained) |
| Approval | The response package is reviewed and approved by the designated authority | Multi-step approval workflow with role-based authorization (FOI officer, legal, senior official, minister's office where applicable) |
| Response Assembly | The response package is compiled — cover letter, decision summary, and redacted documents | Document Generation produces the cover letter and decision summary from governed templates — compiled with redacted responsive documents into the response package |
| Dispatch | The response is delivered to the requester | Dispatch tracking with method (mail, email, portal), dispatch date, and delivery confirmation metadata |
| Appeal / Review | The requester appeals the decision or requests internal review | Appeal intake linked to the original FOI case file, with the full record — request, responsive documents, redaction decisions, and original response — accessible to the appeal reviewer |
| Retention & Archive | Completed FOI cases are retained according to policy | Configurable retention policies by request type and jurisdiction, with both original and redacted versions retained |
AI-Assisted Exemption Review with Amazon Bedrock
Exemption review is the most time-consuming and legally sensitive stage of FOI processing. Reviewers must read every responsive document — sometimes hundreds or thousands of pages — and identify content that falls within statutory exemptions. FormKiQ's AI Processing and Analysis module — powered by Amazon Bedrock — assists reviewers by identifying potentially exempt content and flagging it for human decision.
All AI processing runs within your AWS account through Amazon Bedrock, using supported large language models including Anthropic Claude, Amazon Nova, and other available models. Your FOI content never leaves your cloud environment. Inference region controls allow you to specify which AWS regions are used for model processing.
Important: AI does not make exemption decisions. Bedrock analysis identifies content that may fall within exemption categories and presents it to the reviewer with a confidence assessment. The reviewer makes the exemption decision, applies or overrides the AI suggestion, and documents the rationale. AI assistance reduces the time required for initial document review, but the legal determination remains with the FOI officer.
What Bedrock Identifies in Responsive Documents
| Identification Type | What It Flags | How It's Used |
|---|---|---|
| Personal Information | Names, addresses, contact information, identification numbers, health information, financial information of identifiable individuals | Flagged for privacy exemption review (FOIA Exemption 6/7(C) — US; s.40 FOIA 2000 — UK; s.19 ATIA — Canada) |
| Security-Sensitive Content | National security references, law enforcement operational details, critical infrastructure information, intelligence sources | Flagged for security exemption review (FOIA Exemption 1/7 — US; s.23–24 FOIA 2000 — UK; s.15 ATIA — Canada) |
| Legally Privileged Content | Legal advice, litigation strategy, solicitor-client communications, attorney work product | Flagged for legal privilege exemption review (FOIA Exemption 5 — US; s.42 FOIA 2000 — UK; s.23 ATIA — Canada) |
| Commercially Confidential | Trade secrets, proprietary business information, commercial-in-confidence markings, competitive data | Flagged for commercial exemption review (FOIA Exemption 4 — US; s.43 FOIA 2000 — UK; s.20 ATIA — Canada) |
| Deliberative Content | Policy deliberations, draft recommendations, inter-agency consultations, cabinet confidence | Flagged for deliberative process exemption review (FOIA Exemption 5 — US; s.35–36 FOIA 2000 — UK; s.21 ATIA — Canada) |
| Third-Party Content | Information provided by third parties with expectation of confidentiality | Flagged for third-party consultation before disclosure |
How AI-Assisted Exemption Review Works in FormKiQ
Responsive documents collected
Documents identified through search are associated with the FOI case file
AI analysis trigger
A workflow step triggers Amazon Bedrock analysis across the responsive document set
Content identification
Bedrock reviews each document and identifies passages that may fall within exemption categories, with confidence scores
Reviewer presentation
Identified passages are presented to the FOI reviewer with the suggested exemption category and confidence assessment
Human decision
The reviewer accepts, modifies, or overrides each suggestion — applying the exemption or clearing the passage for release
Redaction application
Accepted exemptions are applied as redactions with reason codes and reviewer attribution
Decision documentation
All exemption decisions — applied and overridden — are recorded in the audit trail with rationale. AI-assisted review can be applied selectively to specific document types, exemption categories, or request types.
Redaction Management
FormKiQ provides structured redaction capabilities for FOI response preparation:
| Capability | Description |
|---|---|
| Passage-level redaction | Redactions applied at the passage, paragraph, or page level — not limited to full-document withholding |
| Exemption reason codes | Each redaction tagged with the applicable exemption provision (e.g., "s.19(1) ATIA — Personal Information" or "Exemption 6 — Personal Privacy") |
| Reviewer attribution | Each redaction attributed to the reviewer who made the decision, with timestamp |
| Version management | Original (unredacted) and redacted versions both retained within the governed record — original accessible only to authorized FOI staff |
| Redaction review workflow | Redacted documents routed through approval chain before inclusion in the response package |
| Bulk redaction | AI-identified patterns (e.g., all instances of a specific individual's name across multiple documents) can be redacted in bulk with reviewer confirmation |
Deadline Tracking and Compliance
FOI statutes impose strict response deadlines — typically 20 to 30 business days depending on jurisdiction, with provisions for time extensions in defined circumstances. FormKiQ provides deadline management for FOI processing:
| Capability | Description |
|---|---|
| Automatic deadline calculation | Response deadline calculated from intake date based on jurisdiction, request type, and applicable statute |
| Extension management | Time extensions recorded with statutory basis, approval, and revised deadline — maintaining a complete timeline record |
| Status dashboard | FOI case status visible by deadline proximity — upcoming, approaching, due, overdue |
| Escalation alerts | Configurable alerts to FOI officers, managers, and senior officials at defined intervals before and after deadline |
| Compliance reporting | Aggregate reporting on response timeliness, extension frequency, and exemption usage — supporting annual reporting obligations |
FOI Metadata and Search
FormKiQ's metadata architecture provides structured classification for FOI records:
| Category | Example Fields |
|---|---|
| Request identity | FOI case number, request type (FOI, privacy access, proactive disclosure, informal request), statute reference |
| Requester | Requester name, requester organization (media, law firm, advocacy, individual, government), contact information |
| Scope | Request description, subject keywords, date range of responsive records, organizational units involved |
| Dates | Date received, acknowledgment date, statutory deadline, extension date (if applicable), response date, appeal deadline |
| Classification | Jurisdiction, applicable statute, complexity tier, fee status, consultation required |
| Status | Received, acknowledged, searching, in review, in redaction, in approval, dispatched, closed, in appeal |
| Outcome | Full release, partial release, full exemption, no responsive records, withdrawn, transferred |
All metadata fields are searchable — enabling queries such as:
- All FOI cases approaching deadline within the next 5 business days
- All cases requiring third-party consultation that have not been initiated
- All cases from media requesters in the current fiscal year
- All cases where a specific exemption provision was applied
- All cases currently under appeal or complaint to the Information Commissioner
Integration with Enterprise Systems
FormKiQ's Integration Framework Modules connect FOI management to the enterprise systems where records originate:
Records Management
Search across the organization's full records inventory to identify responsive documents — including records in other FormKiQ instances, shared drives, and enterprise content repositories
Case Management
FOI cases linked to broader case management systems for organizations that manage FOI alongside other case types (complaints, privacy breaches, regulatory inquiries)
Correspondence
FOI-related correspondence (acknowledgment letters, consultation letters, response packages, appeal correspondence) managed alongside the organization's broader correspondence program
FormKiQ Editions for FOI & Public Access
FOI & Public Access is available as a Solution Layer on FormKiQ Advanced and Enterprise. The modules that power FOI management — AI Processing and Analysis, Document Generation, Redaction, and Workflow Automation — are Capability Extension Modules available on Advanced and Enterprise editions.
| Capability | Core Foundation |
Essentials Operational |
Advanced AI + Automation |
Enterprise Full platform |
|---|---|---|---|---|
| Foundation | ||||
| Document Storage, API & Web Console | ||||
| Tagging, Search & Classification | ||||
| OCR (Tesseract) & Multi-Tenant Support | ||||
| Essentials and above | ||||
| SSO (SAML — Entra, Google, Auth0) | — | |||
| Workflows, Queues & Rulesets | — | |||
| Encryption (in-transit & at-rest) & Document Control | — | |||
| Advanced and Enterprise | ||||
| AI Processing & Analysis (Bedrock) | — | — | ||
| Document Generation | — | — | ||
| Redaction Management | — | — | ||
| Integration Frameworks (Records, Case, Correspondence) | — | — | ||
| Solution Layers (FOI & Public Access) | — | — | ||
| Multi-Instance & Multi-Region Licensing | — | — | ||
| Enterprise only | ||||
| Vendor-Managed & Hybrid Deployment | — | — | — | |
| Custom SLAs & Compliance Consulting | — | — | — | |
| Support | ||||
| Support tier | Community (Slack & GitHub) | Support Portal (2-biz-day SLA) | Private Slack + videoconference + 40 hrs onboarding | Rapid response (8-biz-hr SLA) + strategic architecture support |
Compliance and Regulatory Alignment for FOI
| Framework | FOI-Specific Requirements | FormKiQ Capabilities |
|---|---|---|
| FOIA (US Federal) | 20 business-day response deadline, nine exemption categories, annual reporting to DOJ | Deadline tracking · Exemption classification · Compliance reporting |
| US State Open Records | Varies by state — response timelines, exemption categories, fee schedules | Configurable deadline rules and exemption codes by jurisdiction |
| ATIA (Canada Federal) | 30 calendar-day response deadline, time extensions with statutory basis, mandatory and discretionary exemptions | Deadline tracking · Extension management · Exemption classification by ATIA section |
| Provincial FOIP (Canada) | Alberta FOIP, Ontario FIPPA, BC FIPPA, Quebec Access Act — varies by province | Configurable deadline rules and exemption codes by province |
| FOIA 2000 / FOISA 2002 (UK) | 20 working-day response deadline, absolute and qualified exemptions, public interest test | Deadline tracking · Exemption classification · Public interest test documentation |
| EIR 2004 (UK) / Aarhus | Environmental information requests with presumption of disclosure and specific exception categories | Separate request-type classification with EIR-specific exemption codes |
| GDPR / UK GDPR Subject Access | Data subject access requests with 30-day response deadline | SAR-specific workflow · Identity verification · Personal data search and compilation |
| Australian FOI Act 1982 | 30-day processing period, charges framework, IC review and AAT review pathways | Deadline tracking · Charges calculation metadata · Review/appeal tracking |
Whether a FormKiQ deployment satisfies any specific framework depends on configuration and must be validated by your legal and compliance teams.
Who Uses FOI & Public Access on AWS
Federal Government
Request types
FOIA / ATIA requests, privacy access requests, proactive disclosure, parliamentary/congressional inquiries
Key drivers
Statutory compliance, annual reporting, data residency, audit readiness
State / Provincial Government
Request types
Open records requests, environmental information requests, vital records requests
Key drivers
State/provincial legislation, response-time compliance, public accountability
Municipal / Local Government
Request types
Public records requests, council document requests, bylaw and permit information
Key drivers
Local open-records legislation, transparency obligations, resource efficiency
Police & Law Enforcement
Request types
FOI requests with law enforcement exemptions, body-camera disclosure, investigative record requests
Key drivers
Law enforcement exemptions, security classification, redaction requirements
Healthcare (Public)
Request types
FOI requests involving patient records, facility inspection reports, public health data
Key drivers
HIPAA (US), PHIPA (Ontario), health information privacy legislation, redaction of PHI
Higher Education & Crown Corporations
Request types
FOI requests for research data, administrative records, regulatory agency correspondence, ministerial consultation
Key drivers
FERPA intersections, research exemptions, agency-specific exemption provisions, institutional transparency
Deployment Models
Every deployment is a dedicated, isolated instance in an AWS account owned by or designated by the customer. FormKiQ does not operate a shared multi-tenant environment.
- Customer-Managed AWS — deploys directly into your AWS account via CloudFormation; full control of infrastructure, networking, encryption keys, and operations; available on all editions
- Vendor-Managed — FormKiQ manages the AWS infrastructure on your behalf; available on Enterprise
- Hybrid — you retain control of specific components while delegating operational management to FormKiQ; available on Enterprise
Getting Started
FormKiQ Core can be deployed to your AWS account in fifteen to twenty minutes using a one-click install via AWS CloudFormation. FOI & Public Access capabilities — including AI Processing and Analysis, Redaction Management, Document Generation, and Workflow Automation — are available on FormKiQ Advanced and Enterprise.
For organizations evaluating FOI management on AWS, FormKiQ offers a Proof-of-Value program — a three-month deployment in a FormKiQ-managed AWS environment that provides full platform access in a non-production setting.
Start with FormKiQ Core
The open-source foundation — API-first, deployable into your own AWS account, and free to use. Right for architecture validation and early implementation.
Get Started Free →Deploy Advanced or Enterprise
Production-ready editions with AI Processing, Redaction Management, and Integration Frameworks. Start with a Proof-of-Value deployment or go straight to production.
Explore Options →Plan an Enterprise Rollout
For governance-heavy environments with residency, sovereignty, assurance, and multi-jurisdiction requirements. Talk to us about the right deployment model.
Book a Call →Frequently Asked Questions
What is FOI management on AWS?
FOI management on AWS refers to managing the full freedom-of-information request lifecycle — intake, acknowledgment, search, review, redaction, approval, response, and retention — on a platform deployed within your own Amazon Web Services environment. This gives organizations full control over FOI records, encryption, access, and audit trails without depending on a vendor-hosted FOI platform.
How does FormKiQ use Amazon Bedrock for FOI processing?
FormKiQ's AI Processing and Analysis module uses Amazon Bedrock to assist with exemption review by identifying content that may fall within statutory exemption categories — personal information, security-sensitive content, legally privileged material, commercially confidential information, and deliberative content. AI does not make exemption decisions; it flags potentially exempt content for the FOI reviewer, who makes the legal determination. All AI processing runs within your AWS account, and content never leaves your cloud environment.
Can FormKiQ handle redaction for FOI responses?
Yes. FormKiQ provides passage-level redaction with exemption reason codes, reviewer attribution, and version management. Both original (unredacted) and redacted versions are retained within the governed record. AI-assisted identification can flag potentially exempt passages for reviewer decision, and bulk redaction can be applied across multiple documents with reviewer confirmation.
How does FormKiQ track FOI deadlines?
FormKiQ calculates response deadlines from the intake date based on the applicable statute, jurisdiction, and request type. Time extensions are recorded with statutory basis, approval, and revised deadline. Configurable escalation alerts notify FOI officers and managers at defined intervals before and after the deadline. Compliance reporting provides aggregate data on response timeliness for annual reporting obligations.
Can FormKiQ handle multiple FOI jurisdictions?
Yes. FormKiQ's metadata architecture supports jurisdiction-specific configuration — different statutes, different exemption codes, different deadline rules, and different response templates per jurisdiction. Multi-instance deployments allow organizations operating across jurisdictions to maintain separate FOI processing environments with jurisdiction-specific configuration while sharing governance standards.
How does FormKiQ support FOI annual reporting?
FormKiQ's metadata and search capabilities enable compliance reporting on request volumes, response timeliness, exemption usage, extension frequency, and outcome distribution — the data elements typically required for annual FOI reporting to oversight bodies (e.g., DOJ annual reporting for US federal agencies, TBS Info Source for Canadian federal institutions, ICO reporting for UK public authorities).
Talk to FormKiQ About FOI & Public Access
Platform · Solutions · Regulated Industries Guide · Deployment and Compliance