One of the key elements of an effective ECM system is strict security controls. When faced with a document discovery order during litigation, or with a government-imposed audit, an organization must be able to prove that key records have not been tampered with or deleted.
The ECM application should control which users can create, read, revise, and delete specific classes of documents. It should track revisions, prevent conflicting simultaneous edits, and disallow direct access to document stores that bypass business logic and workflow. It should produce audit logs that track both user and machine activity.
While IT may be instrumental in implementing these controls, the policies themselves must be set at the executive level—through close cooperation between Human Resources and Legal—to meet regulatory compliance and litigation requirements.
The principle of least privilege—giving users only the access necessary to accomplish their primary job function and no more—is often contrary to the full trust model to which organizations become accustomed. It may also be contrary to the way IT is used to working, having free reign over systems for administrative convenience. This is particularly true when the ECM application was developed by in-house IT staff or is perceived as being an IT system, rather than a business system.
In this regard, drawing upon the services of an external ECM consultancy will provide two immediate benefits. First, they'll provide objective advice on writing and implementing security policies, and on educating employees on the benefits of these policies. Second, they'll deliver an application designed from the start with strong security in mind.
Select an ECM consultancy that provides clear security guidance along with an application with strong security and audit controls built-in.
"The preservation of electronic evidence is NOT part of the IT person's day job and, without a combination of detailed instructions, legal overview, supervision and research, problems arise down the road." — Martin Felsky Ph.D., J.D., E- Discovery in Canada
You can also follow us on Twitter www.twitter.com/MESHDS
Posts
