Image by: tumsasedgars, ©2018 Getty Images
Now more than ever, businesses are affected by state and federal regulations for compliance, particularly in regard to information security, sharing, and retention. Failing to meet these requirements may lead to breach of contracts, sanctions, and much more. While it’s a serious issue for any business, regulatory compliance impacts large enterprises especially—since the bigger the company is, the more regulations it has to adhere to. Over the years, enterprises have looked to document management systems to ease this compliance burden.
To help narrow your own search for such tools, we look at some of the most wide-reaching compliance regulations and the document management solutions that can help to meet these compliance requirements.
The Gramm-Leach-Bliley Act (GLBA)
According to the GLBA, customer data must be protected from any threats that could result in unauthorized disclosure, misuse, modification, or deletion under any circumstances. This federal law is applicable to financial institutions, such as commercial banks, security firms, insurance companies, and more. In regard to document management, GLBA requirements include access control, data backup, audit trail, tracking all modifications to files, and automated alerts.A SharePoint-based document management system supports a wide range of user permission levels, maintains 50,000 major versions and 511 minor versions for each document, and keeps track of all changes made to a document, including time and the initiator. It also provides a complete audit trail of all document-driven collaboration, generates automated notifications when sharing sensitive information, as well as document retention.
The Sarbanes-Oxley Act (SOX)
SOX serves to provide transparency and accountability within an organization's financial reporting. It affects publicly traded companies, public accounting firms, auditors, brokers, and securities analysts. The Act requires financial reports and statements to be accessible, accurate, and without any omissions. It also stipulates retention periods for various financial documents (e.g., retention of five years for invoices).To meet SOX requirements, SavvyDox, a document collaboration solution, enables version control and allows users to compare any two published versions of a document. It also tracks document approvals and changes made since a user last looked at it.
Conformio, a web-based compliance and document management solution, supports reviewing, automated workflows, versioning, and tracking changes in documents. It ensures data confidentiality by using private folders and permission levels. Conformio also provides retention and disposition scheduling.
In LuitBiz DMS, all documents and records are easily accessible for the duration of their existence in the system unless document deletion periods are specified by the admin. All documents can be retrieved and downloaded by authorized users. LuitBiz DMS has a built-in version control capability, which allows users to store and retrieve different versions of documents. Also, LuitBiz DMS maintains an undeletable and unalterable audit trail of any activities related to a document.
SecureDrawer, a document management system application by eFileCabinet, ensures security of cardholder data. It provides automatic SSL/TLS encryption of all uploaded or downloaded data. SecureDrawer supports user groups to prevent unauthorized access to sensitive data. It also provides a tamper-proof audit log that tracks all user activity relevant to documents and transactions.
International Organization for Standardization (ISO) 9001
ISO 9001 is applicable to all companies providing products or services to customers and its main requirements for document management are: reviewing and approvals before distribution, detecting and tracking changes, ensuring confidentiality, and support of different formats (e.g., PDF, text, spreadsheets, etc.).Conformio, a web-based compliance and document management solution, supports reviewing, automated workflows, versioning, and tracking changes in documents. It ensures data confidentiality by using private folders and permission levels. Conformio also provides retention and disposition scheduling.
The Securities and Exchange Commission (SEC)
SEC regulations are applicable to financial services, such as brokers, dealers, and exchange members, as well as other public companies. SEC rules cover such documents as asset and liability ledgers, income ledgers, customer account ledgers, securities records, trial balance sheets, etc. The SEC has the following requirements: data encryption, automated retention of documents, document versioning, user permission levels, undeletable and unalterable audit trails, and data backup.In LuitBiz DMS, all documents and records are easily accessible for the duration of their existence in the system unless document deletion periods are specified by the admin. All documents can be retrieved and downloaded by authorized users. LuitBiz DMS has a built-in version control capability, which allows users to store and retrieve different versions of documents. Also, LuitBiz DMS maintains an undeletable and unalterable audit trail of any activities related to a document.
The Payment Card Industry Data Security Standard (PCI DSS)
PCI DSS was developed to protect businesses and their customers against payment card theft and fraud. PCI DSS is applicable to all companies that accept, store, and transmit payment card information. PCI DSS requirements include protecting cardholder data, encrypting transmission of cardholder data across public networks, restricting access to cardholder data, tracking and monitoring all access to network resources and cardholder data, developing and maintaining secure systems and applications, etc.SecureDrawer, a document management system application by eFileCabinet, ensures security of cardholder data. It provides automatic SSL/TLS encryption of all uploaded or downloaded data. SecureDrawer supports user groups to prevent unauthorized access to sensitive data. It also provides a tamper-proof audit log that tracks all user activity relevant to documents and transactions.
The Health Insurance Portability and Accountability Act (HIPAA)
HIPAA was established to protect the privacy of individuals receiving healthcare and guides almost all information circulating in the healthcare industry. The Act is applicable to employers and all healthcare providers that transmit employee/patient information electronically for claims, benefit eligibility, referral authorizations, etc. The main HIPAA requirements for document management are: access control, protection against unauthorized modification/deletion of documents, audit trail tracking, version control, etc.
To ensure HIPAA compliance, Docsvault, a document management solution, supports permission levels for individuals or user groups, thus, restricting access to sensitive information. It gives an instant email notification when someone tries to access, modify, or delete any documents. Docsvault also provides versioning and audit trail tracking, which helps to determine who accesses or modifies healthcare information.
FileHold's document management software provides access to files only to authorized users, depending on an assigned permission level. FileHold stores all versions of all files and records, and documents are easily retrievable due to assigned metadata. It also supports an audit trail that is secure and can’t be modified. The audit trail includes user ID, date and time stamp, action taken, document name, type, etc. FileHold also helps to manage electronic signatures that are linked to a specific version of a document and cannot be deleted, copied, or transferred to falsify an electronic record.
As you can see, there are multiple compliance regulations with their own specific requirements that enterprises must meet, and adhering to all of them is a sore point for many large businesses. These solutions offer a comprehensive approach to transparent document control and management, which ensures early detection of document-related problems (e.g., misfiling) and streamlines audit controls, making them smooth, easy, and fast.
To ensure HIPAA compliance, Docsvault, a document management solution, supports permission levels for individuals or user groups, thus, restricting access to sensitive information. It gives an instant email notification when someone tries to access, modify, or delete any documents. Docsvault also provides versioning and audit trail tracking, which helps to determine who accesses or modifies healthcare information.
The Food and Drug Administration (FDA)
FDA compliance affects food and drug manufacturers, traders, and wholesalers. In terms of document management, FDA requirements include guidelines and regulations regarding copying, access control, permissions, records protection, audit logs and tracking, version control, and electronic signatures.FileHold's document management software provides access to files only to authorized users, depending on an assigned permission level. FileHold stores all versions of all files and records, and documents are easily retrievable due to assigned metadata. It also supports an audit trail that is secure and can’t be modified. The audit trail includes user ID, date and time stamp, action taken, document name, type, etc. FileHold also helps to manage electronic signatures that are linked to a specific version of a document and cannot be deleted, copied, or transferred to falsify an electronic record.
As you can see, there are multiple compliance regulations with their own specific requirements that enterprises must meet, and adhering to all of them is a sore point for many large businesses. These solutions offer a comprehensive approach to transparent document control and management, which ensures early detection of document-related problems (e.g., misfiling) and streamlines audit controls, making them smooth, easy, and fast.
Sergey Golubenko is a Team Lead and Solution Architect with 13-plus years in software development, including 7 years of working with Microsoft SharePoint. Follow him on Twitter @SergGolubenko or visit www.scnsoft.com.