Aptly titled the “information age”, information is the lifeblood of modern organizations. Reports, records, memos, contracts, agreements, graphs, data files, policy documents, images – you name it, and we spend a majority of our professional lives dealing with information in these and its innumerable other faces. And with greater market sophistication, compliance & legal requirements, the amount of information companies have to deal with is only increasing.
Paper is passé, and most of this information is in a non-tangible, digital form. The benefits of digital storage and processing of documents are widely accepted. Companies use paper only when absolutely essential and these documents too are soon scanned and put on the digital network.
What is Document Management?
In its modern business context, a “document” or “file” means an organizationally relevant, discrete unit of information. Some common forms are MS Word, jpeg/gif/bmp for images, MS Excel for spreadsheets, MS PowerPoint for presentations and also emails.
A “Document Manager” or "Document Management System" is one that allows you to store, organize, retrieve, back up, share, and a recent inclusion, collaborate on documents. It seeks to streamline the flow of information through an organization. The people who need certain information should have ready access to it when they need it and teams should have the ability to work together on information.
Essential Features of a Document Management System
A company’s document management system is the framework within which the company’s information flow is managed. Therefore, selecting the right system is critical to knowledge and information management within the company. Systems vary in terms of functionality, flexibility & cost. A complex high cost system suitable for a mega corporation will not be suitable for a 50 person business.
The following list includes all those features & criterion to be considered from a small to mid sized business point of view. Such companies require a balance of flexibility, simplicity, functionality and rapid scalability.
Storage – There needs to be a centralized repository where all the company documents can be easily moved and stored together. This storage space needs to be truly central, and organization-wide, no matter what state or country company offices may be scattered. This guards against duplication of documents and makes for greater efficiency. The storage space the system provides is an important factor. It always makes sense to have liberal space, and the system should also provide the possibility of scaling up storage as the company grows.
Document storage is not just a luxury, but a legal necessity as well. Laws like the Sarbanes Oxley Act require that business records be made available for a certain period of time, and that they are made available for audits, or government request from time to time.
|Laws That Affect Document Management |
Sarbanes-Oxley - Enacted in 2002 in response to corporate financial scandals, Sarbanes-Oxley Act (SOA, Sox) applies to all publicly held companies in the United States with more than $75 million market capitalization and report to the SEC.
Sarbanes Oxley Section 1102 makes tampering with documents illegal. Compliant document management systems must provide permanent, non-modifiable documents to ensure authenticity. Documents protected by these methods are non-reputable and are considered as legally valid as the original.
HIPAA - The Health Information Portability and Accountability Act improves health care by putting medical records online, while also protecting patient privacy. HIPAA does not provide many specifics on implementation, but it sets guidelines for IT departments and document management systems.
HIPAA prescribes certain practices involving the electronic storage and transfer of “personally identifiable health information.” Organizations must ensure that people access information on a need-to-know basis only. These regulations set expectations for document retention policies, disclosure, electronic security, as well as physical site security. HIPAA also demands encryption, password policies and backups.
Organization & Sorting – If storage were simply a matter of throwing together all company documents in a central bin, it would sure be a chaotic mess. A company’s repository, which usually consists of thousands upon thousands of documents, should be easy to organize by innumerable criteria like date, office, department, project, client, organizational level, purpose, etc. This makes for easy access and retrieval of documents when they are needed.
The ability to organize documents as folders & sub-folders usually makes sense and the document management system should allow for this. There should be further ability to sort files within single folder by name, date, size, and so on.
Remote Access – In a modern business context, organizations seldom comprise of a group of people sitting at a single office location. Companies have offices scattered all over, traveling employees, employees working from homes, and greater need for communication with external parties like clients & vendors.
Hence, it is important that the system should be accessible even from these remote locations. Also, there should be no special networking or VPN requirements & access should be enabled over the internet. More importantly, there should be no loss of security or functionality for someone remotely accessing the system.
File types Supported – From a majority of companies’ point of view, the document management system should be file type agnostic. Restriction to a limited number of file types is a crippling drawback. Some popular systems are very efficient, but support only limited design file types, for which they deserve a tag of a specialist system rather than a document management system.
Common Business File Types
Search – Sometimes with millions of documents in scores of layers and sub-layers of documents, it is inefficient to manually mine down to the specific document one needs. Therefore, it makes sense to have a document search facility within the system that allows a person to directly access or trace a document based on keyword search.
Users should be able to add meta-data to the file, like descriptions, tags, name, etc., on the basis of which files can be indexed and searched.
Access Control – Access control is perhaps one of the most important features of a document management system. This ensures that only the right people have access to the right information. For example, sensitive data or company records should be accessible only to the people at the higher echelons of the organization. Documents related to the finance department should not be available to the purchase department. Documents related to HR should not be available to sales executives, etc. This is of special importance because at times people from outside the organization (partners or clients) have to be allowed access to the company repository.
Levels of Access – Folder, Sub-folder, Document
This access control can be of different levels, i.e., at the folder level, sub-folder level or down to the document level. Folder level access would allow access to all sub-folders and documents contained to whoever has permissions to access that folder. Sub-folder access would require permissions again whenever someone tries to access a sub-folder in a folder, but all documents would be available to someone who has access to a sub-folder. Document level access would again require permissions at the document level.
Types of Access – Read/Write/Delete
Types of access determine what a person can do with a document. These are read, write and delete. People with read permissions can only view a document, but not make editions. People with read/write permission can view a document and also make changes. People with additional delete rights can even delete documents in addition to viewing and edition rights. The segregation into read, write, delete rights makes sense considering sensitivity of documents, and the need for people at different levels of hierarchy to access it.
How Access is Controlled – Login Requirements & Profiling
Access control is usually done with the help of login requirements. An attempt to access a document or folder prompts a login window. Only people with the right ID & password are allowed.
Another level of access control is profiling. People are not out rightly blocked from accessing certain information, but they cannot see it at all. For example if executive profiling allows an employee access to only his own billing file in a finance folder, they will not see the billing files of other employees.
Administration of Access Permissions
In spite of this complexity, the system should allow the administrator to easily set up different kinds and levels of access. This is because people are constantly leaving and joining, or moving horizontally or vertically within the organization. In many cases, temporary access also needs to be provided (i.e., production department may need access to some finance documents). The administrator should be able to centrally monitor access and provide or withdraw different types of access with a few clicks.
The system should allow for “inheritance” of rights. i.e., rather than a company wide administrator managing all access, he/she should be able to assign administrator rights to people at lower levels. For example an HR folder administrator would have full administrator privileges for the HR folder and below.
Versioning – Versioning is especially important when the system allows multiple people to collaborate and work together on the same document. Business documents generally go through many cycles of revision and review by different people before a final polished form is arrived at. Versioning helps affix responsibility for changes made to the document, and track & capture the document’s evolution through different phases of revisions. Sometimes situations may arise that the team has to revert back to earlier versions. A versioning system allows this reversal with a simple click.
Audit Trails – This is a feature related to versioning. This helps affix responsibility for revisions and review of the document by different people at different times. Not only does it allow for tracking responsibility over a document’s evolution, but is a as well. This is especially important for legal and accounting firms.
Document Locking – This feature ensures there is no clash or confusion of two people working on the same document at the same instant. Locking automatically locks the document for editions by other users, while one user is working on it.
Commenting – This feature allows users to add comments to documents that can be viewed without opening the document itself. The comments could relate to summarization of changes made to the document, or other related issues. This makes for more efficient management of documents, where reviewers or other users can often times get updated without having to open and go into the details of the document itself, or even use commenting as a layer of discussion related to the document.
Change Notifications – Change notifications allow all users of a document to be instantly notified whenever someone makes editions to the document. This makes sense because at any particular time, each person works on many different documents. Manually keeping track & checking each document regularly for updates is inefficient and error prone. Notifications automatically tell a person whenever a document he/she is concerned with has been updated.
Good systems allow for a variety of modes of notification as desktop pop-ups, email or even as an SMS when you’re traveling.
Integratability – Since a document management system is so at heart of a company’s processes, it is inadvertent that it has to communicate and coexist with other applications. These will be the operating system (mostly windows, sometimes Mac), email software, collaboration software, word processing software, specialized software like accounting packages etc.
Email Integration – This deserves special mention, because although there is a trend towards document collaboration, most company information still flows through email. The document management system should automatically store and archive emails for future retrieval. Moreover, the system should be able to seamlessly integrate with Outlook, which is in use in a majority of companies.
Backup – Document loss is a risk that organizations just cannot afford to take. Data loss can be a tremendous blow which is often make or break. Good document systems automatically backup the data at regular intervals. Frequency of backups is an issue because the risk of data loss always remains in intermittent periods.
Security – Documents contain industrial & trade secrets, planning & strategy documents, and financial data. If this data falls in wrong hands, it can seriously jeopardize a company. Therefore, like document loss, another non negotiable is security against unauthorized access by outsiders, and the threat of being crippled by viruses. Security needs to be especially strong because documents are often shared over the internet, and the threat of hackers and viruses is constant.
Data encryption is one mode companies use to secure data. 128-bit encryption is widely accepted as a highly secure standard. Many other factors like physical security, disaster management, etc., also come into play when it comes to the security of the server where your data resides.