Resources

Glossary

Definitions for document management, records, archives, compliance, governance, data residency, data sovereignty, and the technical concepts that underpin the FormKiQ platform.

Definitions for document management, records, archives, compliance, governance, data residency, data sovereignty, and the technical concepts that underpin the FormKiQ platform.

Core Concepts Document Concepts Records Management Archives & Collections Compliance & Governance Data & Infrastructure AI & IDP Regulatory & Privacy Integration & API

Core Document and Information Management Concepts

Document management
The controlled capture, storage, retrieval, and lifecycle management of documents and their associated metadata. Document management encompasses the full document lifecycle — from creation or ingestion through classification, access control, workflow processing, retention, and disposition.
Information management
The broader discipline of organizing information assets, workflows, governance, and access controls across an organization. Information management encompasses document management as a component alongside data governance, records management, knowledge management, and the policies and systems that govern how information is created, used, retained, and disposed of.
Electronic document management system (EDMS)
A software system designed to manage the creation, capture, storage, retrieval, and lifecycle of electronic documents. An EDMS provides the core functions of document management — storage, search, access control, version management, and workflow — as a dedicated platform.
Enterprise content management (ECM)
A broader category of platform that extends document management to encompass business process management, records management, workflow automation, and integration with enterprise systems. ECM platforms are designed to manage the full range of content types and processes across an organization, not just document storage and retrieval.
Document layer
A dedicated architectural tier in a software system responsible for document storage, metadata management, search, access control, and lifecycle management — distinct from the application layer and data layer. FormKiQ is designed to serve as the document layer in multi-tier application architectures.
Content management system (CMS)
A system designed to manage the creation, editing, and publication of digital content — typically web content. Distinguished from document management by its focus on content authoring and publication rather than document governance, retention, and compliance.
Digital asset management (DAM)
The management of rich media assets — images, video, audio, and other binary assets — with metadata, rights management, and distribution controls. DAM overlaps with document management for organizations that manage large collections of media assets alongside traditional document types.

Document Concepts

Document
A combination of content — binary data such as a PDF, Word file, or image, or plain text data — and metadata that describes the document's properties, attributes, and context. In FormKiQ, every document consists of its content stored in Amazon S3 and its metadata stored in Amazon DynamoDB.
Metadata
Information about a document — its properties, attributes, and context — stored separately from the document content and used for classification, search, workflow routing, access control, and governance. Metadata may include system-generated attributes (content type, filename, upload timestamp) and custom attributes defined by the organization (document type, counterparty, jurisdiction, status, and others).
Document attribute
A specific metadata field associated with a document — a key-value pair that records a property of the document. FormKiQ supports an unlimited number of custom attributes per document, with no schema constraints on the attributes that can be defined.
Document classification
The process of categorizing a document according to a defined taxonomy or schema — assigning it to a document type, sensitivity level, retention category, or other classification that determines how it is handled, stored, accessed, and retained.
Classification schema
A defined structure that specifies the metadata attributes — required, optional, and default — that documents of a given type must carry, along with validation rules and composite key structures that support efficient search. FormKiQ's classification schemas are configurable per document type and enforced at the point of ingestion.
Composite key
A metadata search mechanism that combines multiple attribute values into a single indexed key — enabling efficient multi-attribute queries against large document collections without full collection scans. Composite keys are defined within FormKiQ's classification schemas and are optimized for the specific attribute combinations an application queries most frequently.
Document version
A specific instance of a document's content at a point in time. FormKiQ maintains a complete version history for every document using Amazon S3 Versioning — every update creates a new version, and any previous version can be retrieved or restored.
Document artifact
A designated version of a document that has been intentionally promoted to a specific lifecycle stage — Draft, Review, Published, Archived, or a custom stage defined for a specific document type. Artifacts represent meaningful milestones in a document's development and approval lifecycle, distinct from the automatic version history maintained by linear versioning.
Artifact lifecycle
The defined sequence of stages that a document artifact passes through from creation to retirement. FormKiQ's artifact lifecycle is configurable per document classification schema — different document types can follow different lifecycle models with different stages, transition rules, and approval requirements.
Document action
A configurable workflow step in FormKiQ that can be attached to a document and triggered by document events, workflow state transitions, or other lifecycle milestones — executing a defined operation such as OCR processing, AI classification, metadata extraction, notification delivery, or export to an external system.
Document event
A real-time notification published by FormKiQ when a document lifecycle change occurs — creation, update, deletion, classification change, workflow state transition, or artifact stage promotion. Document events are delivered through Amazon SNS and can trigger downstream actions in AWS services, external systems, and workflow automation platforms.
Document deeplink
A persistent, structured reference to a FormKiQ document that can be embedded in external systems — allowing documents to be accessed and interacted with from other applications without duplicating the document or moving it outside FormKiQ's governed environment.
Document gateway
A structured connection layer between an external document source and FormKiQ's intake pipeline — providing ready-made configuration for ingesting documents from specific source systems such as Microsoft SharePoint, Google Drive, email, SFTP, document scanners, and cloud storage environments.

Records Management Concepts

Record
A document that has been designated as evidence of a business activity, decision, or obligation — and that is subject to formal retention, access, and disposition requirements. Not all documents are records; records are a specific category of document with defined governance obligations.
Records management
Policy-driven control of records through retention, legal hold, and disposition lifecycles. Records management encompasses the classification of documents as records, the application of retention schedules, the management of legal holds, and the execution of defensible disposition.
Retention
The period and rules controlling how long records must be kept. Retention requirements are typically defined by regulatory frameworks, legal obligations, or organizational policy, and vary by record type, jurisdiction, and business context. FormKiQ supports configurable retention schedules by document type, classification, and business unit.
Retention schedule
A defined policy that specifies the retention period and disposition action for each category of record — how long it must be kept, what triggers the start of the retention period, and what happens to the record at the end of the retention period.
Retention period
The defined duration for which a record must be retained before it is eligible for disposition. Retention periods may be measured from the date of creation, the date of a triggering event, the end of a business relationship, or other defined reference points.
Disposition
The action taken when a record reaches the end of its retention period — typically destruction, transfer to an archive, or permanent preservation. Disposition must be defensible — documented, authorized, and consistent with the applicable retention schedule.
Defensible disposition
A disposition process that can be demonstrated to have been lawful, authorized, and consistent with applicable retention requirements — supported by an audit trail that records what was disposed of, when, why, and by whom.
Legal hold
A temporary suspension of normal disposition processes to preserve records that may be relevant to anticipated or active litigation, regulatory investigation, or other legal proceeding. Records under legal hold must not be altered, deleted, or disposed of regardless of their normal retention schedule. FormKiQ supports legal hold application and tracking with audit evidence of hold status throughout the hold lifecycle.
Litigation hold
A specific form of legal hold applied in response to anticipated or active litigation — preserving all records potentially relevant to the matter until the hold is released by legal counsel.
Records series
A group of related records that share a common retention schedule — all records within a series are subject to the same retention period and disposition action.
Vital records
Records that are essential to the continued operation of an organization and that require special protection — typically including records needed to resume operations after a disaster, establish legal rights and obligations, and protect the interests of the organization and its stakeholders.

Archives and Collections Concepts

Archives
Long-term preservation and access management for materials with enduring institutional, historical, or legal value. Archives differ from active records management in their focus on preservation and access over long time horizons rather than operational use and disposition.
Archival collection
An organized group of materials — documents, records, objects, or other assets — assembled and preserved together because of their shared provenance, subject matter, or institutional significance.
Collections management
The organized management of archival or library collections — including acquisition, description, cataloguing, preservation, and access management. FormKiQ supports collections management programs with rich metadata schemas, controlled access, and full-text search across large historical collections.
Provenance
The origin and custody history of a document or archival item — recording where it came from, who created it, and how it has been transferred and maintained over time. Provenance is a core principle of archival management.
Finding aid
A structured description of an archival collection that helps researchers understand its content, organization, and context — and navigate to specific materials within the collection.
Preservation
The active management of archival materials to ensure their long-term accessibility — including format migration, storage management, and integrity verification.
Digital preservation
The management of digital materials to ensure their long-term accessibility and integrity — including file format management, storage redundancy, checksum verification, and migration to current formats as older formats become obsolete.

Compliance and Governance Concepts

Compliance
Adherence to the legal, regulatory, contractual, and policy obligations applicable to an organization's operations. In document management, compliance encompasses how documents are captured, classified, retained, accessed, and disposed of in accordance with applicable requirements.
Governance
The framework of policies, processes, roles, and controls through which an organization manages its information assets — ensuring that documents and records are handled consistently, accountably, and in accordance with applicable obligations.
Audit trail
A chronological record of every action taken on a document — creation, access, modification, classification, workflow transitions, retention actions, and disposition — with timestamp, user context, and action detail. Audit trails support compliance verification, regulatory examination, legal discovery, and internal accountability.
Audit readiness
The state of having complete, accurate, and accessible documentation of document management activities — such that an organization can demonstrate compliance with applicable requirements to auditors, regulators, or legal counsel without significant preparation effort.
Access control
The policies and mechanisms that determine who can access which documents, under what conditions, and with what permissions. FormKiQ supports role-based access control (RBAC) and attribute-based access control (ABAC).
Role-based access control (RBAC)
An access control model that assigns permissions based on a user's role within the organization — all users with a given role receive the same access permissions. RBAC is appropriate for access control requirements that align with organizational structure and job function.
Attribute-based access control (ABAC)
An access control model that evaluates access decisions based on attributes of the user, the document, and the environment — enabling fine-grained access policies that reflect the specific characteristics of each document and each user. ABAC is appropriate for complex access requirements such as geographic restrictions, classification-level controls, and multi-tenant isolation.
Least privilege
The principle that users and systems should have access only to the documents and functions they need to perform their specific role or task — no more. Least privilege access control is a foundational security principle in regulated document management environments.
Segregation of duties
The practice of dividing document management responsibilities across multiple roles or individuals — ensuring that no single person has unchecked authority over the full lifecycle of a sensitive document or process.
Chain of custody
A documented record of who has had possession of or access to a document from its creation through to its current state — supporting the authenticity and integrity of the document as evidence in legal, regulatory, or investigative proceedings.
Privacy impact assessment (PIA)
A structured evaluation of the privacy risks associated with a new or changed information system or process — required under frameworks such as GDPR, Quebec Law 25, and HIPAA for systems that collect, process, or store personal information. Also referred to as a Data Protection Impact Assessment (DPIA) under GDPR.

Data and Infrastructure Concepts

Data residency
Control over where data is stored and processed by geographic region. Data residency requirements specify that certain categories of data must be stored and processed within defined geographic boundaries — typically defined by regulatory frameworks, contractual obligations, or organizational policy. FormKiQ supports data residency requirements through regional deployment into specific AWS regions.
Data sovereignty
Jurisdictional control over data and the operating boundaries within which it is managed — determining which country's laws govern the data and who has legal authority over it. Data sovereignty goes beyond residency to address the legal and operational control of data, not just its physical location.
Data localization
A specific form of data residency requirement that mandates data be stored within the borders of a specific country or jurisdiction — common in frameworks such as the KSA PDPL, Russia's Federal Law 242-FZ, and China's Cybersecurity Law.
Customer-managed deployment
A deployment model in which FormKiQ is deployed and operated entirely within the customer's own AWS account — giving the customer full control over infrastructure, encryption keys, IAM policies, and access boundaries, with no vendor access to production unless explicitly granted.
Vendor-managed deployment
A deployment model in which FormKiQ is deployed and operated in a dedicated, segregated AWS account managed by the FormKiQ team — providing a fully managed service without shared infrastructure with other customers.
Hybrid deployment
A deployment model in which non-production environments are accessible to FormKiQ engineers for support and onboarding, while production runs in a customer-controlled account with strict access boundaries.
Multi-tenant architecture
An architecture in which a single deployment of a platform serves multiple distinct tenants — organizations, departments, or customer accounts — with complete isolation between tenants' data, access controls, and governance configurations. FormKiQ's Site ID model provides multi-tenant isolation within a single deployment.
Site ID
FormKiQ's mechanism for multi-tenant and multi-team isolation — a discrete, isolated document environment within a single FormKiQ deployment, with its own document collection, metadata store, access policies, classification schemas, workflows, and audit trails.
Serverless architecture
A cloud computing model in which the infrastructure is managed by the cloud provider and scales automatically with demand — without the need to provision, manage, or maintain servers. FormKiQ is built on AWS serverless services including Lambda, S3, DynamoDB, and API Gateway.
Infrastructure as code (IaC)
The practice of managing and provisioning infrastructure through machine-readable configuration files rather than manual processes. FormKiQ deploys using AWS CloudFormation — an infrastructure as code service that provisions AWS resources from templates, enabling consistent, repeatable, and version-controlled deployments.
Encryption at rest
The encryption of data stored on disk — ensuring that stored data cannot be read without the appropriate encryption key, even if the underlying storage media is accessed directly. FormKiQ encrypts all documents and metadata at rest using AWS KMS.
Encryption in transit
The encryption of data as it moves between systems — ensuring that data cannot be intercepted and read during transmission. FormKiQ enforces TLS encryption for all data in transit through Amazon CloudFront and API Gateway.
Customer-managed KMS key
An AWS Key Management Service key that is created, owned, and controlled by the customer — rather than an AWS-managed key. Customer-managed KMS keys give organizations direct ownership of encryption key lifecycle, rotation policy, and usage audit through AWS CloudTrail.
AWS CloudHSM
AWS's dedicated hardware security module service — providing FIPS 140-2 Level 3 validated encryption using tamper-resistant hardware dedicated to the customer's account. CloudHSM is appropriate for organizations where regulatory or policy requirements mandate hardware-based key storage.
FIPS 140-2
A US federal standard for cryptographic modules that specifies security requirements for hardware and software used to protect sensitive information. Level 3 is the standard required for the most sensitive government and regulated industry applications — met by AWS CloudHSM.

AI and Intelligent Document Processing Concepts

Optical character recognition (OCR)
The automated extraction of text from scanned documents, images, and image-based PDFs — converting visual text content into machine-readable text that can be indexed, searched, and processed. FormKiQ supports OCR using Tesseract across all editions and AWS Textract from Essentials onward.
Intelligent document processing (IDP)
An advanced form of document processing that combines OCR with machine learning to extract structured data from documents — identifying not just text but the meaning, structure, and relationships of content elements such as form fields, tables, and key-value pairs. FormKiQ supports IDP using AWS Textract with custom extraction mappings.
Large language model (LLM)
A machine learning model trained on large volumes of text data that can generate, classify, summarize, and analyze text — the foundational technology behind FormKiQ's AI Processing and Analysis module and KnowledgeBase capabilities. FormKiQ uses LLMs available through Amazon Bedrock, including Anthropic Claude and Amazon Nova.
Amazon Bedrock
AWS's managed service for accessing large language models and foundation models from leading AI providers — including Anthropic, Amazon, Mistral, and others — through a single API, with data processed within the customer's AWS account rather than sent to external AI services.
Retrieval-augmented generation (RAG)
An AI architecture that combines information retrieval — finding relevant documents from a collection — with language model generation — synthesizing a response from the retrieved content. FormKiQ's KnowledgeBase module uses RAG to answer natural language questions about document collections, with source attribution linking generated answers to the underlying documents.
Inference region
The AWS region in which a model inference request is processed — determining where document content is sent for AI processing. FormKiQ's inference region controls allow organizations to specify which regions are used for AI processing, supporting data residency and sovereignty requirements.
Document summarization
The automated generation of a concise summary of a document's content — capturing key points, decisions, obligations, and context without requiring a full read of the document. FormKiQ's AI Processing and Analysis module supports configurable summarization per document type.
Metadata extraction
The automated identification and extraction of structured data elements from document content — populating metadata attributes from information present in the document without manual data entry.
Content sensitivity classification
The automated identification and classification of sensitive content categories — personally identifiable information (PII), protected health information (PHI), financial data, legally privileged content, and others — within document content, enabling appropriate access controls and handling requirements to be applied at the point of ingestion.
Vision processing
The application of AI models capable of understanding visual content — images, diagrams, photographs, handwritten content, and mixed-content documents — to extract meaning, classify content, and generate structured outputs from document types that text-based OCR cannot fully address.
Multi-modal processing
Document processing that combines text and visual understanding — analyzing both the textual and visual content of a document to produce a complete understanding of its content and structure.

Regulatory and Privacy Framework Concepts

GDPR (General Data Protection Regulation)
The European Union's comprehensive data protection framework — governing the collection, processing, storage, and transfer of personal data of EU residents. GDPR requires organizations to implement appropriate technical and organizational measures for data protection, maintain records of processing activities, and respect data subject rights including access, erasure, and portability.
UK GDPR
The United Kingdom's post-Brexit data protection framework — substantially similar to the EU GDPR but diverging in certain areas including data transfer mechanisms and AI governance. Organizations operating across both the EU and UK must plan for two distinct, though related, regulatory frameworks.
HIPAA (Health Insurance Portability and Accountability Act)
The US federal framework governing the protection of protected health information (PHI) — imposing requirements on healthcare organizations and their business associates for the security, privacy, and breach notification of health data. HIPAA's Security Rule specifies technical safeguards including encryption, access control, audit controls, and integrity controls.
PIPEDA (Personal Information Protection and Electronic Documents Act)
Canada's federal privacy framework governing the collection, use, and disclosure of personal information by private sector organizations. PIPEDA applies across Canada except in provinces with substantially equivalent legislation — currently Quebec, Alberta, and British Columbia.
Quebec Law 25
Quebec's modernized privacy framework — the Act to modernize legislative provisions as regards the protection of personal information — fully in force as of September 2024. Law 25 is broadly comparable to GDPR in its scope and ambition, requiring mandatory privacy impact assessments, explicit consent for sensitive data, breach notification to the Commission d'accès à l'information (CAI), data portability on request, and appointment of a named privacy officer. Penalties reach C$25 million or 4% of global revenue for serious violations.
Alberta PIPA
Alberta's Personal Information Protection Act — a provincial privacy framework recognized as substantially equivalent to PIPEDA. Applies to private sector organizations operating in Alberta.
CCPA/CPRA (California Consumer Privacy Act / California Privacy Rights Act)
California's consumer privacy framework — giving California residents rights over their personal data and imposing obligations on organizations that collect, process, or sell it. Enforced by the California Privacy Protection Agency (CPPA).
KSA PDPL (Saudi Arabia Personal Data Protection Law)
Saudi Arabia's comprehensive data protection framework — fully enforceable from September 2024. The PDPL requires data localization, cross-border transfer approval, and imposes strict obligations on data controllers and processors operating in or serving Saudi Arabia.
UAE PDPL
The United Arab Emirates' federal data protection framework — in force since 2022, with financial free zones (DIFC and ADGM) operating their own independent GDPR-aligned regimes with active enforcement.
POPIA (Protection of Personal Information Act)
South Africa's comprehensive data protection framework — governing the processing of personal information by public and private bodies, with requirements for lawful processing, data subject rights, security safeguards, and breach notification.
LGPD (Lei Geral de Proteção de Dados)
Brazil's comprehensive data protection framework — modeled on GDPR and governing the processing of personal data of individuals in Brazil, with requirements for lawful basis, data subject rights, and security measures.
APPI (Act on the Protection of Personal Information)
Japan's data protection framework — strengthened in 2022 with enhanced cross-border transfer controls, breach notification requirements, and individual rights.
SOC 2
A framework developed by the American Institute of Certified Public Accountants (AICPA) for evaluating the security, availability, processing integrity, confidentiality, and privacy controls of service organizations. SOC 2 Type II reports provide evidence of control effectiveness over a defined period.
ISO 27001
An international standard for information security management systems — specifying requirements for establishing, implementing, maintaining, and continually improving an information security management system. ISO 27001 certification provides evidence of a structured approach to information security governance.
FedRAMP
The US federal government's framework for cloud service authorization — specifying security requirements for cloud services used by federal agencies. FedRAMP authorization demonstrates that a cloud service meets defined security controls appropriate for federal government use.
FINRA
The Financial Industry Regulatory Authority — the US self-regulatory organization for broker-dealers, with requirements for records retention, supervision, and documentation that impose specific document management obligations on regulated financial services firms.
Sarbanes-Oxley (SOX)
US federal legislation governing financial reporting and internal controls for public companies — with specific records retention requirements for financial and audit documentation.

Integration and API Concepts

API (Application Programming Interface)
A defined set of methods and protocols through which applications communicate with each other. FormKiQ's Document API is a RESTful API that provides a complete interface for document management, metadata, search, workflow, access control, and governance operations.
RESTful API
An API that follows the Representational State Transfer (REST) architectural style — using standard HTTP methods (GET, POST, PUT, DELETE) and resource-based URLs to provide a consistent, stateless interface for application integration.
GraphQL
A query language and API specification that allows clients to request exactly the data they need — providing more flexible data fetching than REST for applications with complex or variable data requirements. FormKiQ supports GraphQL integration through AWS AppSync.
Webhook
An HTTP callback mechanism that allows one system to notify another of events in real time — delivering a structured payload to a configured URL when a defined event occurs. FormKiQ supports both inbound webhooks (external systems submitting documents to FormKiQ) and outbound webhooks (FormKiQ notifying external systems of document events).
Event-driven architecture
An architectural pattern in which system components communicate through events — each component publishes events it produces and subscribes to events it needs to respond to, without tight coupling between producers and consumers. FormKiQ's Document Events system supports event-driven integration through Amazon SNS and Amazon EventBridge.
Amazon SNS (Simple Notification Service)
AWS's managed pub/sub messaging service — used by FormKiQ to publish document events for delivery to subscribers including Lambda functions, SQS queues, HTTP endpoints, and other AWS services.
Amazon EventBridge
AWS's managed event bus service — enabling event-driven integration between AWS services, custom applications, and SaaS partners. FormKiQ integrates with EventBridge to connect document activity to the broader AWS event-driven architecture.
Amazon SQS (Simple Queue Service)
AWS's managed message queuing service — providing reliable, scalable buffering of messages between producers and consumers. SQS can be used to buffer FormKiQ document events for reliable downstream processing.
Integration framework
A structured set of configuration, metadata mapping, and lifecycle synchronization patterns that standardize how an external system connects to FormKiQ — providing a repeatable, maintainable integration model rather than a one-off point-to-point connection.
OEM (Original Equipment Manufacturer) licensing
A licensing model in which a platform component is incorporated into another organization's product and distributed under that organization's brand. FormKiQ's OEM licensing model allows partners to build and distribute products that include FormKiQ as the document management layer.
White-label
A product or component that is produced by one organization and rebranded by another for distribution under their own identity. FormKiQ supports white-label configurations for partners building branded vertical solutions on top of the FormKiQ platform.
Multi-instance licensing
A licensing structure that covers operation of FormKiQ across multiple independent deployment instances — applicable for partners and enterprises operating FormKiQ in multiple customer environments or organizational units.
Multi-region licensing
A licensing structure that covers operation of FormKiQ across multiple AWS regions — applicable for organizations with data residency or sovereignty requirements that mandate separate deployments per jurisdiction.

Talk to FormKiQ

Book a Consultation Call

Platform · Solutions