Your Corporate Documents Are Invaluable Assets; Keep Them Secure!
When it comes to outsourcing document management, security is paramount! Here are 9 things to look for in a document management service provider:
- They’ve been in the industry for the long-term.
When a service provider has been able to stand the test of time, it’s usually because they have invested in all the right tools, people and policies to provide the confidence necessary for their clients to gain their trust – resulting in a strong – and long – customer relationship.
- They are doing business with a wide variety of organizations, across all industries.
Having exposure to the many types of document management scenarios across multiple industries creates a level of experience that positions the service provider to be able to bring a high level of confidence to a variety of clients.
- They regularly handle documents of a sensitive nature – and maintain the confidentiality of all documents.
When document security is ‘the rule’ as opposed to ‘the exception’, an organization can be confident that their corporate assets are in the right hands.
- They ensure there is adequate security and controlled access to the technology that manages documents.
Protecting your corporate assets includes having strict access policies and strong digital security policies – to ensure that only the right people can gain access to those assets.
- The premises where documents and data are stored must have multiple layers of security.
The service provider must be as serious about document security as you are. The facility should be protected by a security monitoring system 24 hours a day, 7 days a week. Also, ensure there are security cameras placed strategically around the premises.
- They have a risk management program in place.
The program should include segregation of duties, delegation of authority, management of physical and logical access controls, as well as encryption and password protection.
- Employees should undergo security background screening prior to hiring.
Each employee of a potential service provider should undergo security screenings, including criminal and credit background checks. This establishes the service provider with a Reliability Status (RS) that grants the right to access Protected A, B and C documents and information from the Federal Government of Canada.
- The organization should be PIPEDA and a PHIPA compliant.
Your service provider should have designated privacy officers, written privacy policies and a staff privacy training program. PIPEDA stands for the personal information protection and electronic documents act. It’s a law that protects personal information when it’s in the hands of private sector organizations. The act provides guidelines for collecting, using and disclosing such information. For an organization to be privacy compliant, the personal information must be collected with consent, used and disclosed for the limited purpose for which it was collected, accessible for inspection and stored securely. The legislation includes a wide variety of personal information, including name, address, phone number, income, health or medical history, political opinions, and more. In other words, your personal information is protected.
- The organization should be compliant with the various standards in place for their industry.
The organization should follow The Microfilm and Electronic Images as Documentary Evidence, and Electronic Records as Documentary Evidence – as well as being compliant with ISO19977 Security Standards and COACH and CHIMA guidelines. They should also be audited by chartered accountants and have CSAE 3416 certification. This is yet another layer of protection that demonstrates you can be confident with the provider. It demonstrates that the provider maintains effective and efficient controls pertaining to financial, informational and security reporting.
When you decide to outsource your accounts payable automation, accounts receivable remittance automation, cloud-based document retrieval, or any of the many outsourced document management services available today, you need to be able to ensure you are working with a service provider that will maintain the privacy and security of your documents and data. The team at ACI has a longstanding reputation for taking the utmost of care in handling your documents and data. Please reach out to us and allow us to show you how we approach document management security – you’ll not only be impressed – but we are sure you’ll reach the same conclusion most of our clients have reached – that has caused the majority of them to stay with us for over 20 years!
Compliance and Security Link