Classification and Compliance Limits in ATLAS Firma Follow

Topics Covered
Understanding the Scope
Security and Critical Limitation

Target Users
All Users 

Required Permissions
n/a 

A common question among leadership and legal teams is whether ATLAS Firma is suitable for sensitive documents involving PII (Personally Identifiable Information), SBU (Sensitive But Unclassified), confidential legal materials, or documents subject to discovery requests. Understanding Firma's capabilities and limitations is essential for making informed decisions about document workflows.

Understanding the Scope

ATLAS Firma is a powerhouse for general administrative workflows and is suitable for a wide range of documents within the Department of State. The application is designed primarily for general documents that require electronic signatures, with workflow capabilities that route documents to the appropriate person for signoff.

ATLAS Firma's Comprehensive Audit Tracking

ATLAS Firma provides meticulous "lifecycle" tracking that logs every action throughout a document's journey. This robust audit trail includes:

• Draft creation and modifications with precise timestamps
• Document routing showing when documents are sent to recipients\
• Signatures and approvals with complete records of who signed and when
• Status tracking (Draft, Awaiting Signature, Rejected, Completed, etc..)
• IP addresses of all participants
• Okta IDs for authentication verification
• Complete participant logs covering senders, signers, approvers, and users added in the watch list

This comprehensive tracking makes Firma valuable for general administrative documents and provides a detailed record that can support routine accountability needs.

Security and Critical Limitations

Despite its strong audit capabilities, ATLAS Firma has several important security limitations that users must understand. However, it is not designed to handle:

• Personally Identifiable Information (PII)
• Protected Health Information (PHI/HIPAA)
• Confidential or Legal documents
• Secret or Top Secret documents

No Built-In Classification System

ATLAS Firma currently does not have a built-in automatic classification system that forces documents into security categories such as Confidential, Legal, SBU, or PII. Users cannot:

• Automatically tag documents with sensitivity levels
• Enforce handling requirements based on classification

• Integrate with Department of State Outlook email tracking for SBU, Confidential, or Unclassified designations

   

Limited Document Protection Features

While ATLAS Firma includes some security features, it lacks several controls that sensitive documents typically require:

• Password protection limitations: Firma "locks" final PDFs to prevent editing, but does not prevent unauthorized viewing if someone gains access to the file. The PDF can be opened and read without a password.
• No document expiration dates: Users cannot set time limits on document access or automatically revoke access after a specified period.
• No granular access controls: The system does not provide the level of access restriction typically required for confidential legal documents or materials subject to strict discovery protocols.

ATLAS Firma is an excellent tool for streamlining general document signature workflows within the Department of State, offering robust audit trails and improving administrative efficiency. However, it is not designed or suitable for classified, medical or legally confidential documents.

When in doubt, consult with your security, records management, and legal teams to ensure you're using the right tool for your specific document handling needs.

For additional help, please contact ISC at Post or ADG Support by selecting the ‘Submit a request’ button at the top of the page or by emailing adg-support@state.gov.
Visit the Global Application Portal (GAP) for the latest news and information on all the ADG's applications.