Question: How can I convert company documents to PDF/A when I’m also concerned about file security and encryption?
Answer: There is an inherent conflict between a document being open & accessible and also being secure. The focus of the PDF/A specs is accessibility, not security. Which works great at the library level, but not necessarily for an investment bank.
Sensitive company documents can always be kept unencrypted, in an open PDF format, with security enforced at the company database level. In other words, only users with the proper database security in the company could view, print, or edit a given document.
Of course, enforcing security for PDF files at the database level has its drawbacks. Sending a file across the Internet makes it vulnerable to being “sniffed” or read by a 3rd party. What if it’s necessary at certain times to web-host the document and make it viewable to people outside the company? What if you need to email the document reliably to a 3rd party?
One of the advantages to using PDF for conversion & archiving in the first place is the format’s view, print, and edit protection features. But these security features all require encryption and must be disabled for a document to satisfy the PDF/A requirements. So it seems that satisfying the PDF/A specs requires disabling some of PDF’s finest features, at least with respect to security. For many companies, this is not always a winning proposition and should be considered carefully before implementation.