"But I'm scanning to PDF now..." Auditing & Records Management

By in , ,

Records management challenges

Continuing on with our series of 7 reasons why scanning to PDF alone isn’t enough, let’s continue on with reason #4 and #5, auditing and records management.

#4. Auditing

Today, more than ever, it’s important to be able to not just secure your data but also provide insight on what’s occurring with it.

In the “paper world” documents can be left on someone’s desk, eventually read by someone else, removed, lost, damaged, etc. Many people think that their records are more secure here vs. in an electronic format but that’s not the case. We discussed Security earlier, and with a PDF it’s rather hard to track or audit the activity of your staff or colleagues.

Let’s say we have an HR folder on the network where we store all of our PDF files and items we scanned into the computer. So long as staff have access to this folder, they can access these documents, print them, make changes or delete them (given the right), as well as other activities. Say someone did delete a document in here, it’s hard to later go back and track that activity. It’s difficult to run a report showing who accessed the document, what they did with it, and what their final action with it was.

With a document management solution though, all true/false events can essentially be audited or tracked. For example, we could see not only that Jane Doe logged into the system at 2:57 p.m. on April 23, 2012, but also that once inside she attempted to access the John Smith file, and then tried to save it locally. Or she accessed the file, made changes to a particular field. Or she simply selected the file and deleted it. All of these activities can be tracked so that after the fact, there’s an “e-paper trail” a manager could follow. The organization now has insight into the activity surrounding their digital assets, and a report can even be generated highlighting all of this activity.

As a side note, many document management solutions have Recycle Bins (similar to Windows) where if an item is deleted, it’ll end up here. So while Jane Doe may delete a file in the example above, it won’t be permanently deleted and a manager may have access to the Recycle Bin to restore it or see what has been deleted by staff.

#5. Records Management

Another large reason why scanning to PDF today is not enough is records management (RM). Today records management is a phrase spoken and heard by many, and organizations of different sizes are becoming more and more aware of the need for a proper RM strategy to be in place.

Our rule of thumb is that you want to hang onto records long enough to where they are still seen as an asset, but not too long to where they are a liability.

For example, in California after an employee is let go, the employer is responsible to hang on to their respective application and related files for 7 years. Once this retention period is up and the document has met the end of its life cycle, it could technically be purged or destroyed.

In the physical realm, this is generally managed by boxes labeled by year and stored away in your warehouse or perhaps filing room. Unless an organization has a dedicated records manager, they simply follow a process of moving the records offsite for destruction at the beginning of the calendar year when those documents are now eligible for disposition. This is an ideal scenario, while many organizations keep records for much longer than they need to. Some take the approach of storing them forever or in perpetuity while this might not be required.

With PDFs, there really is no good way to handle this outside of doing something similar electronically. In other words, you could create a folder structure in Windows based on year or retention type, although staff won’t see this as helpful and it’ll be tough to access specific records. Those in HR don’t necessarily care about record types and retention, and would prefer to navigate to an employee’s folder and see all of their records in one location, more of an employee-centric view.

With a document/records management software solution, this is now much easier to manage. As records are brought into the solution, their retention schedules can automatically be assigned with staff spending very little time on this step. So the employee files may have a 7 year retention schedule assigned as an example. After that period of time, the solution won’t ever automatically purge or delete them as this would be a risk, and it wouldn’t be helpful. Instead, a records manager or staff member can run a report or search in this system and return all the records that ARE eligible for disposition. Say this report or search brings back 2,000 results, it’s very likely then that these results have reached the end of their life cycle and can be destroyed properly.

As a side note, the highest level of records management certification a software solution today can receive is DoD 5015.2. DoD 5015.2 is the de-facto software standard which provides implementation and procedural guidance on the management of records in the DoD. It establishes requirements for managing classified records, and includes requirements to support the Freedom of Information Act, Privacy Act, and interoperability.

So not only can we track or audit more activity with a document/records management solution compared to just scanning to PDF alone, but we also have more control over how our records are dealt with and can remain in compliance easier.

Read other posts in this series
Reasons #1 and #2 – File Names Don’t Matter & Security
Reason #3 – Network & Web Access
Reason #4 and #5 – Auditing & Records Management
Reason #6 and #7 – Advanced Searching & Automated Capture

Fill out our “Request Information” form to learn more about how we can help your organization today. We work with organizations across the Central Valley of California with offices in Fresno, Sacramento, Santa Ana, and Bakersfield.

Leave a reply