The security and safety of your archived documents is key to protecting your business.  When digital archiving takes place correctly, not only is the data safe, but it can be quickly accessed by designated users.

There are three questions every leader should ask themselves about their document management system. The answers below comply with industry standards, and are what you should expect from your document management system.

1. Are we protected against security breaches from hacking threats?

Protection involves adding steps for correct user authentication, through username and password systems. It also means restricting access rights for groups and individuals based on their roles within the company.

Ensure that your software logs all document changes and can create a complete audit trail to manage versions of your documents.  The authenticity of your data is not protected if users cannot track the original version right through to the final one.

2. Can we defend ourselves against accusations of data mismanagement?

Three things about the security and safety of your documents matter here: access, authentication and encryption. With relevant access, strict authentication and top-level encryption, data remains safe and in the right hands:

Access to documents requires multiple levels of control.  Entire groups can be given access to certain types of documents, but this same group can ‘do’ different things with them, according to their job role.

Authentication of all documents should only be accessible through a unique username and password. This ensures a complete audit trail of how a document was accessed, by whom and what actions were taken.

Encryption of documents with a key no less than 256 bits long. AES (256 bits) is military-grade encryption and is the current standard of the U.S. government.

3. Do we have a process in place for maintaining retention periods for legally sensitive information?

Retention policies: Certain types of documents must be legally kept for a certain number of years.  Some invoices must be retained for six years before they can be deleted.

Previously this was done by shredding paper, but now digital document management removes the need, however the same rules apply. Does your document management system have the ability to protect or erase documents at predefined times?

Compliance: Protecting the rights of individuals and their data has been a hot topic in recent years.  Based on where and with whom you do business, your document management system must allow you to store/archive your documents according to some or all of these laws:

  • HIPAA: The U.S. Health Insurance Portability and Accountability Act protects consumers in the U.S. about the use of their health data.
  • Contractual clauses for the transfer of personal data: These are EU rules that are to be adhered to when transferring personal data to other countries.
  • GDPR: The General Data Protection Regulation is a set of European rules and standards designed to protect the personal data or personal identifiable information of individuals through data governance.
  • Sarbanes-Oxley: This prevents accounting errors and fraudulent reporting practices through accurate information disclosures.

The security and safety of your documents matters because documents are a core element that keep your business running. Data should always be protected, and a good document management system will help you to do that.