Written by Ana Canteli on 4 June 2021
Protecting the confidentiality and security of information is vital for all companies since it safeguards them from countless risks and contributes directly to ensure they can continue to provide their services. Furthermore, when the security of the business's documents is compromised, the possibility of disclosure of sensitive records, leaks, losses (malicious or not), even industrial espionage can cause the organization significant economic, legal, and reputational damage, to name a few.
In this sense, new technologies provide a multitude of advantages when it comes to facilitating communication, saving costs, and increasing productivity. But at the same time, it is no less true that the use of them carries certain risks, especially when the organization has not defined a security policy according to its needs.
That is why document management tools dedicate an especially important section to the implementation of the most convenient security measures for the company.
The OpenKM document management system incorporates multiple functionalities that allow organizations to meet the most demanding security requirements (ISO 9000, ISO 30000, ISO 27000 family) regulations and laws such as the European GDPR or the HIPPA the US health sector
All this without prejudice to the improvement of procedures at the operational and management level. In fact, the document management system offers features aimed at improving productivity while serving to guarantee regulatory compliance.
When proposing a solid security policy, it is necessary to reflect on what the record keepers think is better when protecting business documents. This question can be answered from multiple points of view, but one that should be at the top of the list is the type of storage.
Saving documentation on a PC should no longer be an option. Document management in the cloud? Document management system installed on the company's servers. Maybe a hybrid installation? Each one of these options has exciting benefits:
Document management in the cloud allows the use of the software without the need for installation (reduced initial costs), contributes to freeing up space on the organization's devices, and minimizes the presence of technical personnel in it. It is also scalable; the client can contract more space or extra services as he needs them.
On-premises document management: for organizations that do not feel comfortable with their information hosted outside their facilities, the server formula is the one for them. It is about the installation of the document management solution on servers they own, so they can autonomously define the security policy they want.
Hybrid document management: it is a mixed solution; cloud-server, in which a certain amount of information is hosted in the cloud and another - generally of a more sensitive nature - on the organization's servers. It is usually an interesting option for entities with intense document flows at certain times, thus balancing the use and consumption of resources in document management.
Once the company has decided on the type of document storage that interests it the most, it is time to define in detail the security policy that it wants to develop.
Authentication: to provide a controlled document management environment, the file system must be able to identify the users who try to access the system. In the case of OpenKM, by default, every user must have a username and password, apart from being the target of more security considerations. In addition, the authentication process can be sophisticated, as necessary. You can apply the double authentication factor, integrate with third-party applications, etc. The extensive documentation and detailed API of the system provide vast possibilities.
Access: When a person has a username and password, the platform administrator can assign roles and profiles that further define the user experience within the content management software. In OpenKM, roles are used to manage users at a group level, and profiles are used to adapt the file system to each user's needs and requirements, without the need to customize the system in other ways. We would already have defined the access tables
Granularity: When users have access credentials and the corresponding role and profile assignment, they will have access to the work areas and functionalities they need to carry out their work. And that includes the security policy at the granular level. To protect business documents, document managers can determine the security applicable to each node at a minimum level (folder, subfolder, registry, email, document). Who is allowed to read, edit, delete, edit security, launch a business process, compact history, manage metadata... Security management in OpenKM is extensible and adaptable to each use case.
Encryption: sometimes, security management at the reading level is not enough, so other functionalities protect documents from unwanted access. OpenKM contains a Stamp functionality; in principle conceived for the application of stamps or watermarks on documents. But this is a utility that can be used to censor parts of documents, allowing partial previews of files, while protecting confidential information. OpenKM offers an encryption module that encrypts the entire body of the file to be only accessible to people who know the keyword.
Regulatory compliance: for companies, document management software must be a tool for information governance. This means that the file system must serve as a platform for the application of protocols, regulations, and applicable laws since security is an aspect that is valued increasingly by the market in which customers, suppliers, and public administrations have remarkably high expectations in compliance with the regulatory and legal framework. In this sense, the OpenKM security functionalities can serve this purpose. The most powerful is the creation of automatisms, which allow adapting the behavior of the system to achieve a specific objective. A validation rule can be applied given an event, and specific actions are carried out without user intervention. And the implementation of business processes (workflows) within the document manager. The automation feature, along with electronic signature, reports creation increases the usefulness of OpenKM.
Traceability: OpenKM offers robust audit functionalities which have demonstrated their ability to protect the document security of organizations, even serving as proof of charge in case of improper access and theft of documents
Backup copies: it is one of the essential elements in terms of information security. It means copying the organization's information on other media, even storing it in a physical space away from the headquarters of the entity, to protect itself from unforeseen events, accidents, natural disasters, etc., so that the organization can overcome the setback continue your activity. At the documentary level, there are many options, from copies on DVD or USB to more current backup policies, such as backups offered by document management solutions in the cloud, or the possibilities offered by proprietary servers.
File plan: it is one of the most advanced document management instruments. It implies, apart from having access and security tables, types of files classification table, with retention schedules and final disposal protocols (controlled destruction of information or permanent conservation) which in turn will be coordinated with the security policy that is developed in the rest of the document management system. And it is that when a document advances in its life cycle, thanks to the archiving plan, the organization can be sure that the content will follow the planned itinerary, both in time and inform.
Training: it may seem trivial, but deep down it is not. Training and making staff aware of the importance of data management protection, ensuring that they understand the implications of what they do with the information they handle, is significant when applying the security policy defined by the company. In this sense, at the OpenKM Academy, we offer specialized training courses for profiles end users, Administrators, Consultants, Developers) that seek to provide the best experience in the document management project that the company wants to develop.
The OpenKM team of consultants has acquired extensive experience over time by successfully deploying our document management software in a multitude of sectors. Contact us for more information.