PHS Data Solutions managing director Anthony Pearlgood writes how best-practice data, document and records management can help organisations against fraud and data theft, as well as achieve compliance with information security standards
The latest research from PricewaterhouseCoopers (PwC), on behalf of the UK Department for Business, Innovation and Skills, shows that information security breaches have reached their highest-ever levels, costing UK organisations billions of pounds every year. As threats continue to rise, most organisations have come to view information security as essential. As well as protecting the business and its employees, it can also be a mandatory requirement when tendering for new business.
For example, to meet the requirements laid out under the latest ISO 27001 information governance standard, businesses need to ensure compliance with information security throughout their organisations. This involves safeguarding all forms of information, from computer data to documentation and intellectual property. Meeting the far-reaching requirements of this and other security standards, while at the same time protecting the business against ever-evolving information security risks, will undoubtedly require organisation-wide input.
Here, a comprehensive, end-to-end approach to document and records management can go a long way to supporting the organisation, making it far easier for employees to maintain best practice, as well as minimising potentially damaging data leaks. In particular, moving from paper-dependent processes to electronic data management will substantially improve accuracy and information security, as well as enabling more control over access to data and more efficient records management. At the same time, for those with multiple sites or employing large numbers of remote workers, electronic document processing enables faster and easier authorised access to individual records.
The advantages of using automated tools such as a digital mailroom or automatic scanning and classification technology typically extend beyond security and will enable employees to work more productively. Equally, effective data digitisation can offer a cost-effective and efficient means of reducing reliance on document storage, which in turn helps to free-up costly office space. Clearly, going digital will not be the answer for every business. For many organisations, there will be a continued need to use and retain paper copies for certain parts of their operation. Although less efficient than digital alternatives, the adoption of best practice tools enabling effective storage and rapid retrieval of hard copies will go a long way to minimise inefficient paper records management and storage, ensuring the organisation operates in the most secure way possible.
For example, using a managed, off-site document and data storage facility can help avoid loss or damage due to fire, flood or theft. Meanwhile, combining lockable cabinets for document disposal alongside a secure shredding service that’s compliant with the BS EN 15713 security shredding standard ensures confidential data such as forms, invoices, letters and employee records do not fall into the wrong hands or become mislaid.
This best-practice approach also helps keep the business and its employees compliant with rules set out under The Data Protection Act, which requires businesses and organisations to keep data secure at all times, including when it is no longer required. In addition to the secure destruction of documents, this security obligation extends to the need to securely dispose of electronic data contained in redundant IT equipment, something that many organisations overlook.
Hard drives, servers and electronic media all contain vast amounts of data and it’s a common misconception that hitting delete on unwanted files will permanently remove them. In reality, data can be easily retrieved using software which is widely available and then used for fraudulent purposes. To prevent this, a secure data wiping and IT recycling service ensures that all confidential data is wiped from IT equipment and complies with the BS EN 15713 security shredding standard, before the hardware is recycled responsibly.
Whether it’s a malicious attack or an unintended error, no organisation will ever be completely immune to information security threats. However, putting in place the necessary processes to support best-practice document and records management will go a long way to prevent potentially costly and embarrassing data breaches.
Visit http://www.phsdatasolutions.co.uk
