Document Security

A brief overview of relevant document security issues and technologies, as well as an introduce to document security solutions and summarizes implementations for document control and digital signatures.

As organization large and small, throughout the world move more and more business processes online the issues of protecting the confidentiality and privacy of information used throughout these processes, as well as striving to provide authenticity and integrity, of their data becomes essential. As so many automated processes are dependent on electronic documents that include sensitive information, organizations must take all appropriate steps to properly protect these documents.

A lot of information security solutions try to protect electronic documents at their storage location or during the transmission process only. Unfortunately, these solutions don’t provide the required protection for the entire lifecycle of electronic documents. When the document is dispatched, by the time is reaches the recipient, its protection is lost, and the document can be intentionally or unintentionally forwarded to and viewed by unauthorized individuals.

A far more effective solution is to protect the document by assigning security parameters that will travel with it.

There are six criteria that must be met in order to offer enhanced level of protection for electronic documents throughout their lifecycle are:

1. Confidentiality

2. Authorization

3. Accountability

4. Integrity

5. Authenticity

6. Non-repudiation

The two main security techniques used to establish these six document security criteria are:

  • document control
  • and

  • digital signatures.
  • As more business processes move online, protecting the confidentiality and privacy of the information used is critical to any organisation integrity and reliability. Organisations must make and be seen to make, significant investments to properly protect these documents as so many automated processes rely on electronic documents that contain mission-critical, personal, and sensitive information.

    There are three main reasons why organizations need to address the security of their electronically shared documents:

    Regulatory requirements

    Many companies are directly or indirectly affected by government mandates and regulations for providing consumer privacy. (Search locally for your country of residence's mandates and regulations.)

    These include:

  • Health Insurance Portability and Accountability Act (HIPAA)—Protection for health-related data
  • Gramm-Leach-Bliley Act—Financial privacy
  • European Union Directive on Privacy and Electronic Communications
  • Privacy Acts of Japan and Australia
  • California SB 1368—Privacy notification
  • California AB 1950—Protection of customer data
  • Return on investment (ROI)

    Organizations can realize considerable ROI if they migrate to electronic business processes.

    Automated workflows allow customers, suppliers, partners and prospects to participate, allowing the organization to reap substantial cost savings whilst, at the same time, improving customer satisfaction and loyalty. However, bear in mind that there will be some workflows that cannot be automated until sufficient protections are put in place on the electronically shared information, for example, how do you know that the bank statement you received from your bank is truly authentic, that it has not been distorted in transit that its integrity is intact, and that it has not been seen by someone other than the intended recipient, thereby breaching confidentiality?

    Click to see more information on Document Management Systems