Modern businesses process a lot of information but often don’t have true visibility of how it is produced, stored and accessed, leading to potential security flaws. Here we look at the six stages of Document Security you need to consider when you’re developing a Document Security Policy to protect your paper and electronic documents.
Organisations process thousands of documents on a daily basis, in all types of formats, and every day they are in danger of being lost, stolen or compromised. Regardless of the size of your business, protection is a de facto requirement for the security of your company.
Industry analysts Statista predict that worldwide data creation will grow to an enormous 180 zettabytes (ZB) by 2025, nearly three times the 64.2 ZB created in 2020 and the installed base of data storage capacity is forecast to rise at a compound annual growth rate of 19.2 percent between 2020 and 2025.
The Covid crisis has led to a rapid change in the way people work and how users access data from outside the office environment creating additional document security issues.
The volume, complexity and diversity of information a business creates and consumes leads to challenges in management and control. In order to overcome this challenge a business must understand and map document types - how they are used, how they interact with business processes, how they are stored, managed, distributed and preserved.
The definition of Document Security (or lack of) is very wide and should be considered from the perspective of the document lifecycle, especially in relation to: data breaches, unstructured data, unsecured files, human failure and unauthorised access to storage.
Sharp defines Document Security as security related to information captured from paper documents through the scanning process or digital documents stored in business repositories, for example, Microsoft Office files, Teams and Google Workspace. We believe there are six main stages to a document’s life, comprising:
Stage 1: Capture
Capture is the process stage that describes the ‘on-boarding’ of information whether that is scanning of hard-copy documents, monitoring a ‘watched’ email ‘box’ or creating and saving documents from an application.
Scanning is the most common way of transferring hard copy content to electronic formats. But while convenient, unless controls are in place, the process is not traceable, which can lead to security and legal admissibility challenges.
Routing is the process used to send captured documents to the correct storage location. Without document routing it is possible that documents can be inadvertently stored in incorrect or even insecure locations.
Stage 2: Store
Secure storage can be paper-based or an electronic file system, but many companies overlook the storage type, location and security required. Paper-based storage systems are still very common, but often lack the required security controls. In addition, it is very difficult to show any audit information related to paper documents.
Electronic based storage is often implemented with the expectation that it is a better way, but without appropriate design and management, this creates challenges, for example, how such systems should be protected in the business network, how to setup access rights, and how to monitor or restrict usage.
Stage 3: Manage
Management concerns the permissions, the user roles, version control and Audit trails. Permissions are used to manage users access rights to documents so are key in maintaining a secure document environment.
While permissions are often easy to understand, without the right systems they can be difficult to introduce and manage. To implement permissions effectively the business must first understand how users’ activity relates to the information they must access and the processes they are involved in.
The audit trail stores records of every activity and transaction applied to a document, for example who created, modified, viewed or re-versioned. Audit trails provide the ability to prove activity relating to all documents stored and are key to managing security particularly in the event of a data breach.
Stage 4: Preserve
Preserving documents and information – document retention – is another key aspect of ensuring a secure document environment, however documents stored in traditional or electronic repositories require constant maintenance as the available space is limited.
Some documents should be kept (by law) for a certain number of years. The challenges in doing so include: maintaining a record to ensure only documents beyond the retention period are removed; ensuring that all versions of the documents under the retention policy are accounted for and deciding whether users should manage their own libraries or whether the process should be managed centrally.
As part of preservation businesses need to set policies to securely dispose of all paper information, electronic files and electronic libraries once they are out of date or the retention period has expired, utilising both physical and electronic shredding.
Stage 5: Deliver
The Deliver stage defines the ways that an electronic document can be shared with other users or business partners.
Document sharing is frequently done by using shared folders or drives but if not managed correctly this can lead to the files being found, accessed and used by unauthorised users or user groups. When sharing files with people outside of the business some files can be too large to email and users can resort to employing distribution methods that are not controlled or authorised by the business causing additional document security issues.
Increasingly accessing documents through mobile devices can also be part of the deliver stage which brings much more complex issues to securing the access.
Stage 6: Integrate
Integration is the process used to exchange information with other line of business applications, for example an accounting or ERP system. For integration to be successful, all the preceding stages are critical to provide consistent and accurate data.
The Solution
Document Security is one of the most important aspects of security in every business. Unfortunately, building a Document Security Policy can be a time consuming and complex process. But Sharp can help.
Using our proven approach to Document Security we help businesses build unique and bespoke systems and processes for each of the document lifecycle steps and in doing so partner with them to enhance their Document Security procedures and help ensure compliance with regulations such as GDPR.
To find out how we can help, download our free Document Security White Paper.