Ebook
Document archiving: security and safety standards
When securely archiving documents and email messages in the cloud, there are specific security and safety standards you should pay attention to. Below are four best practices for digital archiving.
The first key to digital archiving includes authentication, data traffic, access control and document encryption.
Managers and top-level execs should only be allowed to access certain documents by providing a unique username or password. This authentication gives users specific rights while providing an audit trail of who accessed a document, when they accessed it, and what action they took.
The HTTPS protocol should encrypt the information flow between web components. This protocol provides an added security layer (TLS/SSL) over the HTTP protocol.
It also prevents hackers from intercepting sensitive company information and documents such as passwords, user information, and financial data.
Document access requires multiple levels of control to protect information. Access should be possible for job roles, entire groups, and also individuals. Smart rules should also be set to control (restrict) this access and what employees can do with these documents.
For example, an HR manager may be able to access all employee documents like resumes and performance appraisals while being able to share these documents only with people who can access them, e.g., the reporting manager. Employees, in turn, can only access their performance reviews and other financial and insurance information at an individual level.
All documents should be encrypted with (AES) 256-bit SSL encryption. This encryption is one of the most secure and the current standard used by the U.S. government for classified documents.
Data storage redundancy and protection against viruses gives you peace of mind.
Whether you choose to manage and store documents on-premise or in the cloud, you should, at the very least, have two layers of data storage redundancy to maintain business continuity if one system fails. For extra protection against natural disasters, add a third.
It's not uncommon for hackers to create viruses that embed themselves in documents. Examples include crypto viruses (malware embedded in a document that asks the user for a decryption key in exchange for payment).
Any secure document archiving or document management software needs to have built-in mechanisms to protect the local user environment and the software.
Secure document archiving requires that data remain within the borders where customer information is legally protected and is separate from the cloud provider's system files.
Many companies prefer to keep the data within their sovereign borders, unless they do business in those other countries. For example, EU businesses typically do not want their data in South America. Similarly, many U.S. companies would prefer to keep their data in the U.S.
As such, document archiving systems need to keep data and backups within those borders where customer information is legally protected.
Data separation means that customer data is kept separate from the system files of the cloud provider that provides the document archiving solution.
A DMS such as DocuWare, for example, cannot see customer data at all, which ensures all customer information remains private.
Documents must have complete integrity every time they're accessed. Integrity means documents and email messages need to be unimpaired. Maintaining document integrity today can be challenging because it's easy to alter documents and even easier to conceal who changed it.
This is specifically important for email messages. Because emails are an inherently insecure medium, providing a secure digital archive for the email messages prevents them from tampering, modification and loss. Retaining email communication is a critical element to understand the communication and context of some business processes.
But, there are a few things you can do to maintain document integrity in your organization:
Electronic signatures or digital signatures are very much a part of doing business. These signatures are a kind of e-signature that meet strict legal regulations. They also provide the highest level of assurance that a signature is legitimate and that the document has not been tampered with.
Why? Because a verified Trust Service Provider has issued the digital certificate and authenticated the signer.
Secure document archiving and the ability to conduct complete and accurate audits requires the ability to access the entire document history.
Document archiving solutions should record every access, annotation, and workflow state and let you download and access data in any standard file format such as CSV.
An essential part of maintaining document integrity is the ability to identify what has changed between document versions and ensuring users are only ever editing the most current version. One way to ensure proper version management is to lock "checked out" documents.
The fifth and final element of secure document archiving is the legal process for dealing with the retention and destruction of information.
By law, organizations need to keep certain documents for a specific number of years. For example, in the U.S., invoices should be kept for seven years, while in Germany, it' s10.
Previously, many businesses would store these documents in cabinets and shelves and shred them using a monitored machine. But thanks to cloud-based document management solutions, documents can now be stored digitally, in the cloud.
These systems provide workflow tools to automate previously mundane tasks and digitize the paper office—all while following the rules and providing document protection or destruction at predetermined times to protect your business from litigation.
Not all document archiving solutions are the same. To actually realize any of these benefits, you need a system that ticks certain boxes. Our blog has a shorter version of the four key elements of secure document archiving for easy reference. That checklist should be at the forefront of any document management benefits conversation.