WE use many different methods to protect the things in our lives that are important to us. We use banks to protect our money, insurance plans to protect our physical assets and various systems to protect ourselves. Your company’s documents are a critical component to accomplishing your mission and achieving your business goals, how well do organisations protect them?
What are the challenges of securing paper documents?
Paper documents are inherently difficult to manage and particularly hard to secure. Other than locking file rooms or storage devices there simply aren’t a lot of options when it comes to securing paper documents. Some Document Management systems provide some level of document security by requiring that paper files be checked out by reading a file ID barcode and identifying the user requesting the file. These systems are diligently used to prevent unauthorized user from gaining access to files they shouldn’t have. The problem is these files and documents are still at risk for unauthorized use, they can be lost, and there is no good way of tracking who had access to which documents.
Advantages of document management systems
Implementing a Document Management Solution provides inherent security and control of your critical documents and information: With a Document Management Solution all of your disparate documents are stored electronically in a single system. Within the system files and documents are organized according to application types (such as Invoices, Human Resources, Medical Records, Contracts, etc.) Within the applications they are organized into logical files and file sections. Each of the levels can have access rights applied to them; this ensures that the only authorized users have access to these documents. These Document Management systems also allow you to organize users into groups and to provide different functionality rights to these groups.
Electronic Document Security
Going by current trends, a good number of organizations are moving their business processes online, and as a result of this, it is essential to protect the privacy and confidentiality of document and information used during these processes while providing integrity and authenticity. Since many automated processes rely on electronic documents that contain sensitive information, there is need for organizations to properly protect these documents. Many information security solutions attempt to protect electronic documents only at their storage location or during transmission. However, these solutions do not provide protection for the entire lifecycle of an electronic document. When the document reaches the recipient, the protection is lost, and the document can be intentionally or unintentionally forwarded to and viewed by unauthorized recipients.
A significantly more effective solution is to protect a document by assigning security parameters that travel with it. For more effective protection of an electronic document, through its lifecycle, the following conditions must be met:
Confidentiality – How do you determine who should have access to the document?
Integrity – How do you determine if the document has been altered?
Authenticity – How do you determine where the document emanated from?
Authorization – How do you determine what level of permissions the users have for working with the documents?
Accountability – How do you determine what user has done with the document?
Non-repudiation – How possible is it for the signatory to deny signing the document?
The two major security techniques that can be used to establish these document security principles are digital signatures and document control. Organizations should integrate document security into their current business processes and enterprise infrastructure so as to support a wide range of simple and complex processes, protecting electronic documents inside and outside the network, online and offline to provide persistent, end-to-end protection throughout the document’s lifecycle (physical or electronic).
Dr. Oyedokun Ayodeji Oyewole is the Chairman – BOD, Institute of Information Management (IIM) -Africa and President of Records and Information Management Awareness Foundation (RIMA Foundation), a Not-for-profit NGO.