Dockria

Uncompromising Compliance

Dockria is built from the ground up to satisfy the technical requirements of the world's most stringent regulatory frameworks — with particular focus on Kenya and East African regulatory environments.

Covering 25+ compliance standards across data privacy, records management, information security, encryption, electronic signatures, legal discovery, and access governance.

Data Privacy & Protection

Kenya Data Protection Act (KDPA 2019)

Full support for Data Subject Access Requests (DSAR) with 30-day deadline tracking, breach logging with 72-hour notification countdown, consent management records, and data anonymization tools as mandated by the ODPC.

General Data Protection Regulation (GDPR)

Complete data subject rights management (access, erasure, rectification, portability, opt-out), breach notification tracking, right-to-erasure tools with comprehensive data anonymization, and data portability exports.

California Consumer Privacy Act (CCPA/CPRA)

Opt-out request tracking, consumer rights management, configurable 45-day response deadlines, and documented consent records for California residents.

HIPAA

Technical safeguards to protect Protected Health Information (PHI) with bank-grade encryption, sensitivity labels, class-level access controls, comprehensive audit trails, and periodic access reviews.

PCI DSS

Strict tracking and monitoring of all access to sensitive data (Requirement 10), unique user identification with strong authentication (Requirement 8), and need-to-know access controls (Requirement 7).

Consent Management (GDPR Art. 6-7 / KDPA Sec. 32)

Auditable consent records tracking individual decisions with purpose, status, timestamps, and basis for processing.

Records Management

ISO 15489 — Records Management

Hierarchical file plans, automated retention and disposition policies, disposition logs providing a defensible certificate of destruction, and WORM protection for declared records.

Kenya National Archives Guidelines (KNA)

Classification schemes aligned with KNA-recommended structures, approved retention schedules, controlled disposition, vital records identification, and WORM immutability.

DoD 5015.02 — Electronic Records Management

Full record lifecycle (Draft, Active Record, Semi-Active, Archived, Destroyed), WORM enforcement on declared records, vital records flagging, file plan hierarchy, and complete audit trails.

SEC Rule 17a-4 — Financial Records Retention

WORM storage for non-rewriteable, non-erasable records, configurable retention periods (3-6 years), permanent retention flags, searchable record indices, and full access audit trails.

Automated Retention & Lifecycle

Configurable retention policies with automated enforcement, legal hold override protection, full record lifecycle progression, permanent retention support, and immutable disposition logs.

Information Security

ISO/IEC 27001:2022

Security incident management lifecycle (detect, investigate, contain, resolve, close), comprehensive audit logging, role-based access control, periodic access reviews, bank-grade encryption, and automated security alerts.

SOC 2 Type II Readiness

Controls established for Security, Availability, and Confidentiality trust service principles. Comprehensive audit logging, access reviews, encryption at rest, and documented security policies.

NIST SP 800-53 — Security Controls

Access enforcement (AC), audit and accountability controls (AU), security assessment (CA), identification and authentication (IA), and system/communications protection (SC).

NIST SP 800-63B — Digital Identity

Strong password policies (minimum length, complexity, history), account lockout mechanisms, multi-factor authentication (TOTP), secure session management, and backup code recovery.

NIST SP 800-61 — Incident Handling

Structured security incident lifecycle from detection through resolution, incident categorization and severity tracking, evidence documentation, and root cause analysis.

Encryption & Cryptography

FIPS 140-2 — Cryptographic Standards

Encryption at rest meeting validated cryptographic module standards. Secure key management with lifecycle tracking and rotation support.

NIST Key Management Guidelines

Key lifecycle management covering generation, distribution, storage, rotation, and destruction with documented audit trails.

Data Encryption at Rest

All documents encrypted with bank-grade encryption before storage. Unique initialization vectors per file. Independently verifiable document integrity through cryptographic hashing.

Electronic Signatures

Kenya Information & Communications Act

Cryptographic signatures compliant with Kenyan legal requirements for advanced electronic signatures, with compliance stamps and verification.

eIDAS — EU Electronic Identification

Support for simple, advanced, and qualified electronic signatures meeting EU standards for cross-border recognition and legal validity.

ESIGN Act — US Electronic Signatures

Legally binding electronic signatures with comprehensive audit trails, signer identity verification, and timestamp documentation.

FDA 21 CFR Part 11

Electronic records and signatures for life sciences with identity verification at signing, complete signature audit trails, and tamper-evident controls.

Legal & eDiscovery

EDRM — Electronic Discovery Reference Model

Support for the full eDiscovery lifecycle: identification, preservation (legal holds), collection, processing, review, and production with defensible production sets.

Federal Rules of Civil Procedure (FRCP)

Legal hold capabilities preventing spoliation of evidence, custodian-based holds, matter management, and production set generation for litigation response.

Access Governance

SOX Section 404 — Internal Controls

Periodic access review campaigns, segregation of duties through role-based controls, comprehensive audit trails, and documented access decisions.

ISO 27001 A.9.2.5 — Access Rights Review

Scheduled access review campaigns with reviewer assignment, documented approve/revoke/modify decisions, and campaign completion tracking.

Role-Based Access Control (RBAC)

Granular permissions at document class and property levels, group-based inheritance, individual user overrides, and permission audit reporting.

See how compliance works in your industry

Legal Solutions →Healthcare Solutions →Finance Solutions →Government Solutions →All Features →

Need a detailed security whitepaper?

Request a demo to receive our comprehensive security and compliance documentation, including audit-ready reports for your specific regulatory requirements.

Request a Compliance Demo