Are your organization’s #document #management #security inefficiencies leaving you open to legal and economic repercussions? Compliance with mandates such as the Privacy Act, Freedom of Information Act, #HIPAA and the #Sedona #Principals for e-discovery and disclosure are causing ongoing concern within government agencies and corporations…and increased need for solid document security. But how can you keep these electronic files secure during the entire chain of custody? Here are 18 security suggestions.
3. Compliance
Compliance with mandates such
as the Privacy Act, Freedom of
Information Act, HIPAA and the
Sedona Principals for e-discovery
and disclosure are causing
ongoing concern within
government agencies and
corporations…and increased
need for solid document security.
4. 6 Facts About U.S. Business Documents
Over 30 billion original documents are used each year in the
United States.
The cost of documents to corporations is estimated to be as
much as 15 percent of annual revenue.
85 percent of documents are never retrieved.
50 percent of documents are duplicates.
more >>
5. 6 Facts About U.S. Business Documents
60 percent of documents are obsolete.
For every dollar that an organization spends to create a final
document, 10 dollars are spent to manage the document
creation process.
SOURCE: Microsoft Corporation
6. Electronic Document Management Systems
Electronic repositories designed to
provide organized, readily retrievable,
collections of information for the life
cycle of the documents.
7. Challenge
How can you keep these
electronic files secure
during the entire chain
of custody?
8. From Blue Mountain Data Systems
18 Security Suggestions
For Your Electronic Documents
9. Suggestion #1
Paper documents may be
secured by locking them in a
file cabinet or safe. Before
they are digitized, however, a
security hierarchy must be
carefully planned, to avoid
inadvertent disclosure.
10. Suggestion #2
It is important to preserve the
original files in an unalterable
state in order to add
legitimacy to the system.
When scanned, PDF is a
standard storage format.
Searchable PDF is even better.
11. Suggestion #3
You need to develop a
consistent, scalable security
hierarchy that’s easy to
administer and update as
staff and roles change.
12. Suggestion #4
This makes your security
management tasks easier to
manage. It’s a waste of time
to manually adjust permission
settings on a multitude of
documents.
13. Suggestion #5
Enable rights to the EDMS
application through Active
Directory. This enables
assignment of individual and
group rights, as necessary, as
well as making it easier to
change or update security as
your organization and
document security needs
change.
14. Suggestion #6
While rights to the application may
be established via Active Directory,
establishment of security roles
within the application facilitates a
more granular approach to
controlling who can see various
collections of documents, as well
as who can administer the
application.
15. Suggestion #7
If your employees access the
document repository via
mobile phones or tablets, you
should disable automatic
login so that the secure
information is not
compromised should a device
be lost or stolen.
16. Suggestion #8
The majority of security issues with
documents are due to internal
mismanagement or manipulation. The
biggest threat may already be inside your
firewall. It is important to protect
documents from insiders – employees who
may want to steal information such as
customer bank account numbers or
electronic medical records. Innocent
threats include inadvertent deletion of
documents. This may be controlled through
the use of read-only permission assignment
to document storage areas.
17. Suggestion #9
One of the most dangerous and
easily preventable ways of ensuring
document security is to only allow
employees or contractors access to
sensitive files when they have a
need for such access, and only for as
long as they need access to them.
This prevents inappropriate access
of those documents at a later date
and will prevent your company from
potential litigation.
18. Suggestion #10
Ensure that there are provisions in
place to prevent non-malicious
events such as accidental deletion
or modification of documents from
occurring by users. Remember
that your employees are your most
valuable assets but they are also
the most likely to make mistakes.
These unintentional mistakes can
hurt your company’s reputation.
19. Suggestion #11
Be sure each piece of information
you gather is necessary for any of
the current functions or activities
of your organization or agency. If
you don’t need it, don’t collect it in
the first place. Also…don’t collect
personal information just because
you think that you will use that
information at a later date. Don’t
store what you don’t need.
20. Suggestion #12
Be sure all personal
information has been
removed from electronic
devices before you assign
them to a different user, or
send them to be recycled.
22. Suggestion #14
Are your records and
documents protected from
fire, flood, and natural
disasters? Have a backup plan
that saves files in an
alternative location should a
disaster occur.
23. Suggestion #15
It is just as important to delete files
as well as keep them. Review
records retention guidelines. If you
don’t have a records retention
schedule, create one. Schedule the
destruction of electronic records
you do not need to archive once
they reach the end of their useful
life.
24. Suggestion #16
Email is a vital tool for all
organizations. Yet it can expose
your agency to significant risks due
to the unintentional disclosure of
confidential information, as well as
data loss or destruction due to
viruses or the unintentional
downloading of other malware
programs. Secure your employee
email accounts and archives, and
control via policy the types of
attachments that may be emailed.
25. Suggestion #17
When your employees create files using
word processing or other applications,
information about them and the edits
they make are stored as hidden
information within the document file. This
information is called metadata. This
hidden metadata can become visible
accidentally – when a file is improperly
converted, or when a corrupted file is
opened. Reduce or eliminate the
metadata in your documents before you
store them electronically.
26. Suggestion #18
When you destroy electronic
records from your EDMS, be sure
they are gone for good. Many
people don’t realize that files that
have been deleted can be
recovered using forensic recovery
software. Ensure that hard drives
are “scrubbed” so that the data is
not recoverable.
27. ABOUT US
Blue Mountain Data Systems Inc.
Blue Mountain Data Systems Inc. is dedicated to application
and systems development, document management and the
automation of workflow processes.
Read more about our experience here:
>> http://bluemt.com/experience
28. MANAGEMENT
Paul T. Vesely
Founder, President, CEO and Principal Architect
Mr. Vesely is a recognized thought leader in systems
architecture and delivery, having designed and
delivered many enterprise wide information and
document management solutions. Mr. Vesely’s history
includes 33 years experience in the information
systems industry, with Unisys, Grumman, PRC and a
host of clients in both government and private sectors.
29. CONTACT US
Contact Us Today to Discuss Your Next IT Project
HEADQUARTERS
366 Victory Drive
Herndon, VA 20170
PHONE 703-502-3416
FAX 703-745-9110
EMAIL
paul@bluemt.com
WEB
http://bluemt.com