How secure will my documents be?
That’s a good starting question when you begin to look at and evaluate a document management system.
Security breaches get a lot of attention and may sound commonplace, but you and your business should not accept them as a given. You can do a lot to prevent them – starting with how you secure and protect your documents, information, and data.
In this article, we’ll look at seven security features you should look for in a document management system. These security features play key roles in keeping your information secured – both from potential inside breaches (accidental or not) and from outside attack.
We will also share questions to ask when evaluating a system.
The security of your documents matters. Data loss and litigation are headaches no one wants, especially with the potential fines and loss of reputation that can frankly ruin a business.
To evaluate the current security of your documents and information, you can ask yourself these questions about how your organization handles documents:
You can dig deeper into how documents are handled by looking at how employees engage and work with documents. Here are a few questions to get you started:
Once you have the answers to these questions, and any others you identify and ask, you’ll know which document security features you most need.
These questions address security features of a document management system. If you are looking at cloud document management – where the provider hosts your system, you may want to ask specific questions about their data center security.
Read more about cloud document management in our article, "An introduction to cloud document management."
You can find questions to ask about a potential partner’s data center in our article, “Is your cloud vendor secure?”
A document management system’s security begins with how it encrypts data.
But it isn’t only the system itself that you should evaluate. You also want to understand data security between the different systems, including the PCs, tablets, and other devices which may connect to the system.
Look for 256-bit encryption (AES). This is military-grade encryption and the standard for U.S. government classified documents at the highest level. It may sound excessive, but it’s not. Most business systems use at least this standard.
Traffic between systems and devices should also feature HTTPS encryption. HTTPS has the added security layer of TLS/SSL. Standard HTTP communication lacks this security protocol and makes it easy for hackers to intercept critical data like passwords and financial information, especially when employees might be accessing the system from remote locations.
Some documents have specific lifecycle requirements. Legal mandates may require you to keep documents for a defined minimum of time. For example, in the United States, invoices must be kept for seven years.
Fortunately, digital documents are now an acceptable means of storage. While this saves on space (and storage costs), it does mean you need to have a well-defined plan for managing the document lifecycle.
You may also have compliance regulations to consider. Protecting the rights of people to control their data (GDPR and CCPA), providing fiscal transparency (Sarbanes-Oxley), and securing health information (HIPAA) are only a few of the compliance requirements you may have to address.
There are a lot of considerations when you want to get and implement a document management system for your organization. Here are questions you can ask when evaluating the system’s security.
You may have plenty more questions as you start looking. And one of the best ways to evaluate a system is to see it used, such as in a demo. We do this for our DocuWare customers whenever that is possible. When you provide your own documents, you get a better feel for the system.