Document Management - White Paper (ID 5277).pdf Jul. 2014 | Page 37

Compliance Issues For organizations that must meet compliance requirements associated with regulations, laws, industry standards or certification, an additional set of overriding concerns will factor into the selection process. Overall, requirements for document management system in a regulatory environment frequently include: • • • Legal. Some organizations face significant exposure to civil or criminal liability associated with non-compliance. In these cases, a document management system helps ensure processes and procedures are strictly followed, in addition to capturing and maintaining a verifiable record of user actions and past versions. History logs provide evidence of compliance when and if an audit or compliance-related issue arises. • • • • The DMS can prove indispensible for enforcing proper procedures and greatly speed reporting and audits. However, bear in mind that technology solutions are only aids to compliance; no system alone can ensure complete compliance since it is the organization that must implement processes and follow them. Certification. Other organizations in the engineering, product development, and/or manufacturing sectors may voluntarily seek certification from a third party that oversees industry standards or international compatibility requirements. Elimination of paper records Increasingly, scanned document images are legally acceptable and organizations may not have to retain paper originals. A legal expert can provide the specifics for the industry or jurisdiction in question. There are, however, certain common requisites concerning moving from paper records to an electronic document management system: • • • As with legal records, ensuring that required procedures were followed and associated corroborating documentation was maintained becomes of critical importance. A document management system can assist with not only achieving certification, but do so in a much more efficient and cost-effective manner. Precisely mandated reporting formats and media Unalterable recording formats Transfer capability for a specific set of records to a third party Controls against data loss, tampering, or privacy breach Flexible cross-referencing with other indexed systems Proper instructional manuals describing software functionality and customizations On-demand and secure retrieval, including secure access and retrieval from remote location • • • Electronic versions of documents should reside in unalterable storage formats (e.g. DVD) Effective controls against data loss, deterioration, tampering, or deletion Audit measures to detect and identify the source of unauthorized file handling Ability to accurately and completely transfer and/or copy all documents and related metadata An indexed system for document retrieval Explanatory materials for others to use the document control system Time stamps and format. Compliance Considerations by Industry Regardless of the governing agency involved, two common requirements of compliance and standardization are particularly well suited for electronic document management tools: Financial services Any firm that handles the finances of others is subject to scrutiny both in terms of protecting client privacy and the consistency of funds handling. To ensure accountability, the Securities and Exchange Commission (SEC) requires firms to index all transaction documentation by date and user and store the records on unalterable media. First, information collected must be “time-stamped” with key milestones such as the date of creation or dates of review and approval. These records should also include the individuals who prepared, reviewed, and approved the associated documents. Second, each version remains preserved with key time-stamps and electronic signatures of the individuals involved in unalterable media format, for example, DVD-ROM. In the financial world, this “unalterable” clause often also includes an independent third party who maintains a library of duplicate records which auditors can cross-reference. In many cases of document management system implementation, compliance officers can speak directly with the vendor to get a thorough explanation of compliance requirements for auditing. - 37 - EASY DOCUMENT MANAGEMENT