Since business documents and their content drive the decisions and record the transactions that take place in every business, it’s critical for managers and their workers to ensure they’re secure. In an age where digital file management is increasingly necessary for a business to operate efficiently and remain competitive, it’s understandable the topic is receiving renewed attention, especially with several high-profile security breaches that should never have happened. Rest assured electronic document management (EDM) is far more secure than managing paper-based documents – but only when you have a flexible, rules-based system that provides the levels of security you need. Robust options and flexibility must be matched by administrative simplicity, so that your systems administrators can use it confidently.
Managing an EDM solution bears similarities to driving a car. When you climb into the driver’s seat, your dashboard displays the choices you need to make and the information you need to drive. You can choose multiple speeds and directions; change the air temperature using a few levers or buttons; or manipulate controls to play your favorite music. If the gear shift didn’t display reverse, the air only blew cold, or the music only off erred a loud bass sound, driving would be frustrating. If you had to fiddle with the labyrinth of wires under the hood every time to get the desired results, you would drive only when necessary, and might abandon your car altogether. Fortunately, although the mechanics are complex, driving is made easy through a system of clear and appropriate choices. So it must be with your EDM system’s security.
Establish the right levels of document security
Security comes in all shapes and sizes. You need to make sure your system is robust and flexible enough to adapt to your unique and changing business needs. Make sure your EDM system will let you:
___ Designate who has the authority (and, by inference, who does not) to set and change security rules in the EDM system to avoid tampering.
___ Establish groups of users by department, role, or job function (such as company directors, accounting or HR staff, or field agents).
___ Lock down access of particular files to specific users and groups.
If BPM/workflow is part of your EDM solution, make sure you can:
___ Limit user rights for workflow design so only authorized persons can create or amend design elements (such as naming or renaming a workflow process, establishing time frames for jobs to be completed, etc.).
___ Specify which feature rights user groups or individuals can have within the routine workflow processes they are authorized to access (such as starting a workflow, accessing or checking out specific jobs, or moving a job from a common work queue to a personal queue).
Decide which rights users need
Although many workers may need to generate business content, you need to ensure that content is properly managed after it’s been created. For example, let’s assume you want department faculty who have conducted student interviews to add comments to a student’s application, but don’t want them to be able to delete or change information on the application. Your system must be able to lock down information that should be unalterable, while allowing content to be added by appropriate persons.
EDM is all about establishing rules and enforcing consistency. As you analyze each document type, ask yourself:
___ Which groups of users should be authorized to view the content?
___ Which user groups should be allowed to edit the content?
___ Are there groups of employees that should be allowed to delete the documents?
___ Which groups need to be given the right to email designated document types as attachments?
After you have analyzed and understood the relationship between each of your user groups and your document types, make sure your solution can meet your business requirements.
Make sure system access is easy, yet secure
If you are planning to implement or upgrade your EDM system to take advantage of multiple components such as imaging, BPM/workflow, electronic forms, signatures, archiving, and more, consider how users will access the system for each of these functions. Ask your vendor:
___ Will users need a separate log on and password for each module or functionality within the system? Or can users move effortlessly from one feature to the next after they have logged into the software system?
___ Will users have to log off and back on each time they exit the EDM system to access other software, or can they remain logged in and work seamlessly between multiple applications?
Remember, you want to ensure only authorized persons can log on to your EDM system, but you also want to help them to work efficiently once they have access. Constantly logging in and out to access, exit, and re-access elements of EDM hinders the very productivity that EDM software is intended to enable.
Make sure your system will reveal tampering
Your documents should be safe from misuse if your EDM security is robust and configured properly. Yet even when your documents are 100% secure from inappropriate staff access or use, security breaches can come from a wayward systems managers or database administrator. Make sure your software can help you spot tampering easily if there is a security breach. Your EDM system’s audit logs should show clear evidence if someone breaks into the system, then makes changes that are unauthorized by the software and attempts to cover it up. Not every solution reveals dark secrets as they occur. Make sure your system can, and will.
Put yourself in the shoes of your system administrator
Even if you don’t consider yourself to be particularly IT savvy, it’s smart to put yourself in the shoes of your systems administrator as you evaluate EDM systems. After all, you want to provide a solution that is secure, yet easy to administer and support. Ask yourself:
___ Does our EDM software offer the levels of security and degree of flexibility required to address all of our business needs?
___ Can we make changes on the fly that will be immediately adapted and enforced by the software? (If the software’s limitations cause you to compromise the levels of security that industry regulations or your internal policies dictate, you should consider another solution.)
___ Is the EDM solution’s security configuration intuitive? Does the software have drop-down menus or drag-anddrop configuration choices to guide the administrator, as well as text tips and clearly written documentation when questions arise?
___ If a BPM/workflow solution is in place, what happens when rules are security rules are amended while a process is in motion? Is the system design flexible enough to adapt immediately?
Make sure your EDM solution will deliver the levels of security you need without being so complex that it’s unmanageable. Employees, staff positions, and policies change constantly. As administrators add users, groups, and rights to your content management system, your software configuration needs to offer multiple choices for locking down the system, its contents, and user rights. It also needs to be straightforward enough that IT systems administrators understand how to make requested changes, have confidence that their alterations were done correctly, and know the rules they put in place will deliver the desired results. Any solution that leaves its administrator uncertain whether the outcomes will reflect what s/he intended should be reconsidered in favor of something that’s easier to manage.
Drive with confidence
For your business to succeed, you need to know the information you collect is consistent and complete, quickly and appropriately available to those who need it, managed according to your business rules, secure from tampering, and easily auditable. Whether you choose a simple scanning and storage solution, integrate EDM with multiple business applications for centralized data access, or automate your business processes, anything less is unacceptable. Choose wisely.