What challenges are involved when implementing a document security system, and could a digital document management system be the solution?
Documents face threats of many kinds. Customer lists, sales-strategy reports, and detailed revenue statistics might fall into the hands of competitors. Confidential personal data given by customers and employees could be compromised leading to lawsuits. Identification details like bank-account login information or credit-card details might be stolen by thieves. Because of these possibilities in today’s world, the issue of document security should be a top concern.
Manual and Digital Document Security Measures
First, security measures under a document management system seek to protect business data and business interests, comply with legal requirements, such as protection of privacy, and prevent financial losses through ID theft and fraud. This is the most important aspect of document security to take into account.
Document security is generally ensured by restricting access to the documents. In a paper-based system, highly sensitive documents can be kept under lock and key for viewing by only top managers, for example. However it’s practically impossible to ensure adequate security for documents under a paper-based system because keeping all documents under lock and key can affect business results. For example, decision makers might find that documents that provide decision-support information cannot be traced quickly enough.
Therefore, an adequate document management system can improve things in a major way, because access to particular folders and documents can be selectively restricted using electronic means. For example, employees can be categorized into different levels, and each level can have different access rights and permissions. Access rights typically include viewing and editing privileges, i.e. some might be allowed to view a particular document but not modify it. Others might have full rights, including editing privileges. Users might also have to provide passwords to access the documents. This can theoretically prevent unauthorized persons from accessing documents at an employee’s workstation.
As will be evident, permissions alone cannot provide full safeguards. An employee might not log out after accessing a document, and if that person leaves the workstation, someone else might then be able to view it. Training employees to follow best practices for security is a key element of overall document security. It has been reported that most security lapses are due to employees, either through carelessness or dishonesty. It’s very important to provide access rights strictly on a need-to-have basis, with each employee (including senior employees) being able to access only those documents that they require to complete their specific tasks.
Online Threats
And then there is the World Wide Web. The existence of the Internet allows threats to come from external sources. Specific dangers from viruses and other malicious software, from hackers who can wipe out valuable business data, and from identity thieves have become far more serious today. These external threats are guarded against through the installation of security software such as anti-virus and anti-spyware programs, implementation of firewalls and secure-access mechanisms, such as SSL, and regular updates to operating systems and applications. Software developers typically issue patches to plug any possible security loopholes.
Authentication and Audit Trails
Authentication of documents is another key security precaution to be taken into account, enforced by Law. Developments like electronic signatures can not only help senders sign outgoing documents, but also enable recipients to ensure that the documents they receive are indeed from who they claim to be, and that no alterations have occurred since it was authenticated.
For security reasons and in order to comply with recent European legal regulations, any document management system must maintain audit trails that keep track of who accessed which document and when, and what changes were made during each access. The trail must then be monitored by a responsible person for any unusual activities. Advanced document management systems generally include a trace feature that stores all the operations made on a document.
Data Security
Above all, regular reviews must be carried out to identify any security vulnerabilities, including practices like creating backups and implementing document retention and destruction policies. Documents that have exceeded their lifetimes must be shredded rather than left around.
As document security has become a vital concern, several helpful organizations have issued guidelines to help companies deal with these security issues. One such example is ISO 27002, a standard implemented by the International Standards Organization dealing specifically with information security.
The ISO 27002 standard was originally published as a rename of the existing ISO 17799 standard, a code of practice for information security. It basically outlines hundreds of potential controls and control mechanisms, which may be implemented, in theory, subject to the guidance provided within ISO 27001.
Implementing these policies and practices, mainly through an adequate document management system, can help your organization improve the security of your documents and information and greatly enhance your company´s corporate image with respect to the quality of your services and products.
André Klein
Freelance Consultant for DocPath