February 28, 2012
By Greg Milliken President, M-Files Inc.
Article

Document Management: Protecting Information Assets

Organizations with an overarching system in place to manage all their information operate at a vastly superior level of efficiency compared to those without such a system in place. However, as the volume of documentation a company must manage proliferates, the risks associated with the loss or misuse of confidential or sensitive company information also increases.

Privacy of Company Information

Companies implement server firewalls and anti-virus solutions to protect against potential security threats from the outside. Yet research shows the biggest source of data tampering (as well as the most financially damaging) comes from the inside.

According to research firm Gartner, Inc., company employees are usually the culprits of unauthorized access—70% of the time. Perhaps more troubling, employee cases comprise 95% of the breaches that result in significant financial losses. Managing files and records within an electronic document management system is the most effective approach for gaining control over internal data and establishing effective security controls.

"Unstructured" data—the files scattered among hard drives, laptops and servers in standard Windows folders—constitute the low-hanging fruit for data violators. Often times, these unstructured files are not stored in any type of document management system to control their access or track their usage. It's possible to view, copy or delete important content without anyone knowing.

By contrast, a document management system will structure company documents into a single, secure system that logs the history of user actions. A document management system also enables password protection on important documents. An administrator can make certain documents available only for certain managers (such as the head of HR for personnel files) or for a whole department of users (i.e., engineers for CAD design files), as well as exclude others from viewing or editing operational documents. The administrator can also define access permission rules for recurring documents to ensure protection is consistently and automatically applied to potentially sensitive material.

When managers have the ability to audit a trail of document usage and incorporate permission rules into employees' daily workflow, a document management system becomes an inherent deterrent to inappropriate employee behavior. A real possibility of getting caught now counters the temptation to steal or sabotage company data.

Recovery from Data Loss

Most professionals have had a firsthand experience with data loss. A common scenario often involves losing changes to a single work-in-progress, which leads to additional hours of work or a delay in a project timeline. Less common, but far more devastating, is the catastrophic loss caused by hardware failure, accidental deletion or natural disaster. Even a lost laptop can have long-term repercussions on the course of business.

The easiest and most economical way to protect against data loss on any scale is the routine backup of company data via a document management solution. An electronic document management system places important files into a central repository and periodically and automatically creates backups that can be stored at a secure off-site location. It's also increasingly common for backups to be stored on cloud-based servers, which simplifies administration and maintenance.

Backups eliminate many of the worst-case scenarios of data loss, but other file management tools also guard against the less serious, but more common, instances of lost document edits. Check-in/check-out procedures, for example, prevent multiple users from overwriting changes made by others. Effective document management systems also preserve all prior versions of files, allowing users to back-step to a previous version when needed.

Given the high costs associated with data loss, these basic safeguards are now becoming mandatory elements of an organization's IT infrastructure.

Compliance, Accountability and Risk Management

Many companies must comply with regulatory mandates and industry standards for recordkeeping and document management, such as ISO 9001 related to quality management in manufacturing organizations and FDA 21 CFR Part 11 related to electronic records and signatures for pharmaceutical and life sciences companies. Others choose to voluntarily comply with internal standards or streamline documentation processes for periodic audits. In either case, compliance mandates require a massive documentation effort, in addition to the paperwork generated in the normal course of business.

The scale and importance of these efforts often makes deploying a document management solution somewhat of a requirement in itself. With some straightforward configuration, such a system can often manage the additional work associated with compliance efforts, making associated audits and submissions easy, fast and consistent.

An electronic document management system that supports compliance with regulations or standards typically must provide:

Secure access permissions;
Support for digital and electronic signatures;
Automated workflow features;
Templates that conform to specific submission rules;
A history log and audit trail of user file action; and
Automated back-up and archiving procedures.

Even companies not regulated by a government agency or industry association are still subject to a higher authority from time to time. The concept of "risk management" involves implementing recordkeeping and audit strategies that can defend a company in case of a legal dispute with vendors, customers or workers.

Sometimes, rather than a regulating body or other third party, the authority that needs satisfying is the organization itself. The same goals of risk management also happen to be the essential elements of good business, where important documents are properly maintained and employees and departments are held accountable for their decisions.

With the proper document management controls in place, organizations can significantly reduce the risks associated with information loss or misuse-while also streamlining business processes, improving quality and reducing costs.

M-Files Inc., is the developer of M-Files easy document management software and the cloud-based document management service M-Files Cloud Vault. More than 16,000 customers in more than 90 countries worldwide use M-Files to manage their documents. M-Files is available in 24 languages and is in use at customers such as AstraZeneca, BSA LifeStructures, EADS, FinnComm Airlines and Parker Hannifin. For more information, visit www.m-files.com.

Free

for qualified subscribers

Subscribe Now Current Issue Past Issues

KMWorld 2024 Is Nov. 18-21 in Washington, DC. Register now for Super Early Bird Savings!

Document Management: Protecting Information Assets

Privacy of Company Information

Recovery from Data Loss

Compliance, Accountability and Risk Management

Elevating Customer Experience With Automation and AI

How Knowledge Graphs Make Generative AI Consumable in Enterprise Environments

Building a KM Foundation for Enterprise AI

More

Intelligent Content Management: Game-Changing Technologies and Strategies

Optimizing LLMs with RAG: Key Technologies and Best Practices

What's Ahead in Search: AI, NLP, Knowledge Graphs, and More

Rethinking KM for Agility, Efficiency, and Innovation

More Webinars