Documents face threats of many kinds. Customer lists, sales-strategy reports, and detailed revenue statistics might fall into the hands of competitors. Confidential personal data given by customers and employees could be compromised leading to lawsuits. Identification details like bank-account login information or credit-card details might be stolen by thieves. Because of these possibilities in today’s world, the issue of document security should be a top concern.
- Security measures under a document management system seek to protect business data and business interests, comply with legal requirements, such as protection of privacy, and prevent financial losses through ID theft and fraud.
- Document security is generally ensured by restricting access to the documents. In a paper-based system, highly sensitive documents can be kept under lock and key for viewing by only top managers, for example.
- It’s practically impossible to ensure adequate security for documents under a paper-based system because keeping all documents under lock and key can affect business results. For example, decision makers might find that documents that provide decision-support information cannot be assembled quickly enough.
- Electronic document management systems can improve things in a major way because access to particular folders and documents can be selectively restricted using electronic means. For example, employees can be categorized into different levels, and each level can have different access rights and permissions.
- Access rights typically include viewing and editing privileges, i.e. some might be allowed to view a particular document but not modify it. Others might have full rights, including editing privileges. Users might also have to provide passwords to access the documents. This can theoretically prevent unauthorized persons from accessing documents at an employee’s workstation.
- As will be evident, permissions alone cannot provide full safeguards. An employee might not log out after accessing a document, and if that person leaves the workstation, someone else might then be able to view it. Training employees to follow best practices for security is a key element of overall document security.
- It has been reported that most security lapses are due to employees, either through carelessness or dishonesty. It’s very important to provide access rights strictly on a need-to-have basis, with each employee (including senior employees) being able to access only those documents that they require to complete their specific tasks.
- Any document management system must maintain audit trails that keep track of who accessed which document and when, and what changes were made during each access. The trail must then be monitored by a responsible person for any unusual activities.
- The existence of the Internet allows threats to come from external sources. Specific dangers from viruses and other malicious software, from hackers who can wipe out valuable business data, and from identity thieves have become far more serious today.
- These external threats are guarded against through the installation of security software such as anti-virus and anti-spyware programs, implementation of firewalls and secure-access mechanisms, such as SSL, and regular updates to operating systems and applications. Software developers typically issue patches to plug any possible security loopholes.
- Authentication of documents is another key security precaution. Developments like electronic signatures can not only help senders sign outgoing documents, but also enable recipients to ensure that the documents they receive are indeed from who they claim to be, and that no alterations have occurred since it was authenticated.
- Above all, regular reviews must be carried out to identify any security vulnerabilities, including practices like creating backups and implementing document retention and destruction policies. Documents that have exceeded their lifetimes must be shredded rather than left around.
As document security has become a vital concern, several helpful organizations have issued guidelines to help companies deal with these security issues. One such example is ISO 27002, a standard implemented by the International Standards Organization dealing specifically with information security. Implementing these policies and practices can help your organization improve the security of your documents and information.