4 Questions You Need to Ask for a Compliant Document Management Policy

Every businesses can have large quantities of data to manage and this means that an effective document-management policy is an absolute must (especially in a post-GDPR world, where there can be serious penalties applied to companies responsible for data breaches).  Here are four questions you need to ask.

1. Do we still need to keep paper copies of documents?

Even though the world has mostly gone digital, there are still some instances where original, paper documents are required. In this instance, you might opt for document scanning to take digital copies as a backup, but you should still hold on to paper versions until you’re completely sure it’s safe to dispose of them.

2. Which roles require access to which documents?

There are two factors to consider here. The first is that any documents that contain personal data will come under strict compliance regulations and therefore it’s vital to consider access requirements in terms of legitimacy.

Access privileges for documents without personal data can be granted or revoked as the business requires, however in order to do this in a sensible and coherent manner, it’s strongly recommended to have a means of categorizing the sensitivity of documents so as to be clear about which can be left open to general access and for which some level of access restrictions is appropriate.

3. How many copies of each document are required?

For paper documents, as a minimum, you’ll need one original copy and one duplicate. For digital documents, you can - in principle - have as many copies as you like (or you can give multiple people access to the same copy of a document) but just because you can, it doesn’t mean that you should, as this can lead to confusion.

In either case, you’ll need an assigned document custodian who will have the responsibility of keeping track of each document both in the sense of ensuring that it’s kept up to date – and approving/rejecting any changes that are made - as well as keeping tabs on where it is at any given point in time. 

4. What level of physical and digital security is required for each document?

When thinking of physical security, remember to account for natural hazards as well as malicious acts.

For example, unprotected paper will burn in a fire and even if it survives, it may fall victim to water damage as a result of trying to extinguish the fire which often causes more damage than the fire itself.

On the other hand, making digital documents available online is inherently more risky, even if “online” means on a well-protected company network, so it may be appropriate to keep the most sensitive digital documents offline.