What do you think of when you think of Document Compliance Management (DCM)? Do you think of it at all? Maybe you feel like your internal network is “locked tight”: nothing in, nothing out.
Well, before you throw away the idea of DCM, consider these questions:
- What is considered a “document”?
- With what, or whom, would you be complying?
- Is there a legal necessity for document control?
What Is DCM?
Document Compliance Management is a highly specialized area of data security and management. Providers cannot, and do not, offer “cookie cutter” management solutions. Why ever not, you ask? There are two main reasons:
- Technology – Thanks to technology, a wide variety of items can be considered documents; they’re no longer just a printed piece of paper. PDFs, Word docs, Excel sheets, images, patient codes, database information and emails are just a few of today’s documents.
- Government regulations – These documents must be managed, handled and secured in a way that complies with government regulations – which may not be the same for each industry. As well, there are regulations at both federal and state level, and both levels must be satisfied.
Because of the growing definition of document, as well as the seemingly endless supply of rules, regulations, standards and statutes, DCM providers must create a solution that:
- Tracks document creation
- Tracks who has access to a document (and who actually accessed it)
- Tracks security measures (such as encryption)
- Develops corporate policies for sharing/collaborating (how to, when to, who to)
- Creates a tamper-proof audit trail
This solution must fit the specific company, based on which rules apply to them. Why so much control? Isn’t that a little, well, obsessive?
Document Control – Rules, Regulations, Requirements
Almost every year, if not every year, new government statutes, laws and regulations are passed. The larger a company becomes, the more likely the chance that these rules will apply. As you learn the various regulations that apply to your company, the dreaded word “paperwork” comes to mind – and lots of it.
For example, the Securities and Exchange Commission (SEC) adopted 17a-4 under the Exchange Act of 1934, which affects brokers, dealers and other financial services. To summarize, 17a-4 says companies offering financial services have to store electronic records – including communications for business transactions – , for a specific period of time, and in a specific format. This could add up to quite a bit of documentation and data.
Another example, and one well known by anyone who’s seen a doctor, is the HIPAA policy. The HIPAA policy is rather specific as far as what information can be considered “individually identifiable health information. As of 2005, however, an additional security rule was put into place, which outlines the security requirements that must be met in order to protect that privacy.
The Legal Necessity
The legalities are clear. You don’t have to read between the lines or read any fine print. YOU are responsible for the security of your client’s data if it resides on your corporate intranet. YOU are responsible for any personally identifiable information, under several laws – not just HIPAA.
Without management policies, keeping track of important documents is nigh to impossible. The higher the amount of important documents and data, the more need there is for managing, tracking and controlling these “bits of the enterprise”.
Finally, the less control there is, the higher the possibility becomes of security leaks. It is here, at this point, where document management becomes legally necessary to protect your company.
DCM may not be necessary for everybody. Small businesses with less than 10 employees come to mind as an example. However, as your business grows, it will also acquire a larger amount of regulations. It’s one of those “fact of life” things. Having a plan to implement Document Compliance Management will help stave off some of the growing pangs as you move from small, to medium, to corporate business.
Author Bio:- Stacy Gianakura writes for Brainloop, a document sharing and collaboration software company providing security and data protection to businesses through the use of certified, high-security data room facilities.