Organisations process thousands of documents on a daily basis, in all types of formats, and every day they are in danger of being lost, stolen or compromised. Regardless of the size of your business, protection is a de facto requirement for the security of your company.
Industry analyst IDC predicts that worldwide data creation will grow to an enormous 163 zettabytes (ZB) by 2025. That’s ten times the amount of data produced in 2017.
The volume, complexity and diversity of information a business creates and consumes leads to challenges in management and control. In order to overcome this challenge a business must understand and map document types – how they are used, how they interact with business processes, how they are stored, managed, distributed and preserved.
The definition of Document Security (or lack of) is very wide and should be considered from the perspective of the document life-cycle, especially in relation to: data breaches, unstructured data, unsecured files, human failure and unauthorised access to storage.
Sharp defines Document Security as security related to information captured from paper documents through the scanning process or digital documents stored in business repositories, for example, Microsoft Office files or emails.
We believe there are six main stages to a document’s life, comprising:
Capture is the process stage that describes the ‘on-boarding’ of information whether that is scanning of hard-copy documents, monitoring a ‘watched’ email ‘box’ or creating and saving documents from an application.
Scanning is the most common way of transferring hard copy content to electronic formats. But while convenient, unless controls are in place, the process is not traceable, which can lead to security and legal admissibility challenges.
Routing is the process used to send captured documents to the correct storage location. Without document routing it is possible that documents can be inadvertently stored in incorrect or even insecure locations.
Secure storage can be paper-based or an electronic file system, but many companies overlook the storage type, location and security required.
Paper-based storage systems are still very common, but often lack the required security controls. In addition, it is very difficult to show any audit information related to paper documents.
Electronic based storage is often implemented with the expectation that it is a better way, but without appropriate design and management, this creates challenges, for example, how such systems should be protected in the business network, how to setup access rights, and how to monitor or restrict usage.
Management concerns the permissions, the user roles, version control and Audit trails. Permissions are used to manage users access rights to documents so are key in maintaining a secure document environment.
While permissions are often easy to understand, without the right systems they can be difficult to introduce and manage. To implement permissions effectively the business must first understand how users’ activity relates to the information they must access and the processes they are involved in.
Audit trail stores records of every activity and transaction applied to a document, for example who created, modified, viewed or re-versioned. Audit trails provide the ability to prove activity relating to all documents stored and are key to maintaining security particularly in the event of a data breach.
Preserving documents and information – document retention – is another key aspect of ensuring a secure document environment, however documents stored in traditional or electronic repositories require constant maintenance as the available space is limited.
Some documents should be kept (by law) for a certain number of years. The challenges in doing so include: maintaining a record to ensure only documents beyond the retention period are removed; ensuring that all versions of the documents under the retention policy are accounted for and deciding whether users should manage their own libraries or whether the process should be managed centrally.
Next, businesses need to set policies to securely dispose of all paper information, electronic files and electronic libraries once they are out of date or the retention period has expired, via physical and electronic shredding.
The Deliver stage defines the ways that an electronic document can be shared with other users or business partners.
Document sharing is frequently done by using shared folders or drives but if not managed correctly this can lead to the files being found, accessed and used by unauthorised users or user groups.
Accessing documents through mobile devices can also be part of the deliver stage which brings much more complex issues to securing the access.
Integration is the process used to exchange information with other line of business applications, for example an accounting or ERP system. For integration to be successful, all the preceding stages are critical to provide consistent and accurate data.
Document Security is one of the most important aspects of security in every business. Unfortunately, building a Document Security Policy can be a time consuming and complex process. But Sharp can help.
Using our proven approach to Document Security we help businesses build unique and bespoke systems and processes for each of the document life-cycle steps and in doing so help those organisations comply with the latest security regulations like the EU’s General Data Protection Regulations.