This document discusses gaps in data security and compliance that organizations face related to document management. It identifies key areas like printing, scanning, and mailrooms where sensitive information could be at risk or compliance could falter. The document provides examples of how automating processes and integrating document management software can strengthen security, improve transparency, and make compliance less burdensome by better controlling access and tracking the flow of information. Implementing these kinds of solutions across business processes like accounts payable, billing, and records management can significantly reduce risk exposure.
2. When it comes to controlling data loss,
And when it comes to enforcing information security
policies and managing compliance more effectively,
2
THERE ARE STILL SOME
SURPRISING GAPS…
THERE ARE SOME
SURPRISINGLY EASY WINS…
3. We help all kinds of organisations work better with
their information – across all kinds of paper and
digital workflows. Here we bring together some of
the things we’ve learned about information security
and compliance.
3
PART 1:
THE GAPS
Where are the weak
points that prevent you
enforcing information
security policies and
leave you open to risk?
PART 2:
EXAMPLES IN PRACTICE
Where can you combine information
management and automation
in your business processes to
strengthen compliance – and make
it less time-consuming?
4. 4
PART 1:
THE GAPS IN DOCUMENT SECURITY
25%of total declared information breaches
are paper-related.
Almost
PRINT
remains a serious weak link
for many organisations.
SCANNING
is another potential uncontrolled route out of
your organisation for confidential information.
5. 5
HOW CAN YOU
PROTECT THE
INFORMATION
SENT TO AND
STORED ON
YOUR PRINTERS?
Today’s sophisticated multi-functional devices
should be protected as well as any other
end-point device on your network.
PRINTER
HARD DRIVES
can be set up to
erase the information
they have been
printing or removed for
secure storage.
INFORMATION
TRANSFER
between printers and
people’s devices can
be encrypted to prevent
interception – this includes
print jobs, but also scanned
documents.
JOB LOGS
can be concealed so
people can’t see what
documents
have previously
been printed.
SCANNED
DOCUMENTS
can have passwords set
for PDFs to
restrict opening,
editing or printing.
6. 6
HOW DO YOU PREVENT SENSITIVE
INFORMATION BEING LEFT AT PRINTERS?
HOW WELL
CAN YOU
TRACK …
User authentication helps plug the gap.
Only the person who sent the job to print
can retrieve it, while at the device.
What sensitive
information is
being shared?
Who is sharing it?
When and how?
You can do this with…
A SWIPE CARD
A CONTACTLESS CARD
A NUMERIC CODE
FINGERPRINT RECOGNITION
7. 7
AT PRINTERS AND
SCANNERS
ACROSS MULTIPLE
DEPARTMENTS OR
DIFFERENT OFFICE
LOCATIONS
Track the document journey
Device Signature and Digital User Signatures on
PDFs can allow you to see who sent what, when
and from which printer or scanner.
Be alerted when sensitive
information is scanned
With Optical Character Recognition, scanners can
recognise if a document has restricted keywords
within it – if someone scans it, the process owner
can be informed.
Control who can print,
scan and send
You can prevent some people from using
your devices for certain tasks. For example,
so guest users cannot scan and send
information externally.
• How do you ensure you enforce
security settings consistently?
• Centralised management
of multi-functional printers
can prevent individuals and
departments changing
settings independently.
8. 8
BEYOND PAPER DOCUMENTS …
Document management software helps you track and control the
use of electronic documents.
• You can change access
and usage rights at a server
level – after you’ve shared
the document.
• You can define who can
open, edit, annotate and
print documents by setting
permissions at individual, group
or department level – or create
role-based approvals.
• You can track when and how
files are accessed through
audit logs. And track document
version history to show that data
or transactions have not been
changed, fabricated or forged.
• You can also easily show
who has previously edited,
approved and modified
documents for maximum
transparency in your processes.
9. 9
APPLYING THIS TO BUSINESS PROCESSES…
But on a positive note, many of these
issues are not hard to fix.
IF YOU CAN’T DO
SOME OF THESE THINGS,
YOU COULD BE EXPOSED.
• By combining document
management best practices with
the automation of business
information processes you can take
control and significantly reduce
your exposure to risk
• You can also reduce the
burden of compliance, so
your people can spend more
time on delivering value.
10. 10
PART 2:
EXAMPLES IN PRACTICE
PAYING SUPPLIERS
If an Accounts Payable process is still very manual and
paper-intensive, document controls can be undermined
and the compliance risks and workload quickly add up.
ERRORS
Manual reading and
transferring
of invoice data
causes mistakes.
POOR
TRANSPARENCY
Difficult to quickly retrieve
audit trails.
A partial or total lack of
archived retention data.
WASTED
TIME
More effort spent on
handling disputes,
and resolving queries.
11. 11
of companies lose
at least 5% of
their invoices1
.
of AP systems have no direct
connection with content
management1
.
25%
58%
1
Solutions for Finance Departments, Canon/RS Consulting, 2011
A well-designed automated solution
can make the process faster and
more efficient – and improve finance
information management
and compliance.
Multiple
Locations
Automated extraction of data from paper and digital invoices
Full synchronisation
with ERP system
Digitised invoices, indexed
and securely stored
Multiple
Formats
Multiple
Capture
Devices
12. 12
PAYING
SUPPLIERS
BILLING
CUSTOMERS
The benefits: The way you invoice your
customers can also cause
compliance headaches:• By automating this process an
organisation can reduce the
number of errors due to manual
data entry
• Because invoices and supporting
documentation can be tracked
more effectively, you get a
more transparent, searchable
audit trail
• Secure storage and access
controls for digital documents
mean full regulatory compliance.
• Assurance that all relevant data
has been archived for reporting
and retention purposes
• Control of access to
invoice information
• Poor integrity of data for
audit trails
• Consistency and adherence
to regulatory standards
of invoicing.
13. 13
INVOICE GENERATION
Process automation and digitised archiving
can plug security gaps and improve the
way you bill customers:
estimated time spent
by companies each month
manually composing
customer invoices with
word processing software1
.
30hrs
1
Canon/KAE, 2013
Ability to set secure access to customer
invoice information by appropriate staff
only, through access rights management
Establish reliable audit trails and tracking
of invoices – a clear view of who changed
what and why
Show you have consistently adhered to
internal accuracy policies and regulatory
requirements
Strengthen monitoring and reporting of
customer invoicing.
14. 14
INBOUND INFORMATION –
IN THE MAILROOM
Why the mailroom can be a critical area for risk and compliance.
THINK OF
INCOMING
INFORMATION
SUCH AS:
Customer forms, orders,
vouchers, employee letters,
certificates, supplier invoices.
NOW THINK OF
THE CHALLENGES:
Mail distribution, access and
traceability is uncontrolled.
Confidentiality is hard to
demonstrate.
It’s hard to comply with regulatory
or company policy on document
classification and retention.
15. 15
#
1Improved searchability
and sharability of business
documents is the number
one driver for scanning and
data capture investment1
.
1
AIIM Report, The Paper Free Office, 2012
A digital mailroom gives you
an automated solution to
these challenges.
It converts incoming documents
to a digital format and can
integrate them with your document
management system, routing them
directly to the relevant individuals,
folders, or departments.
16. 16
INBOUND INFORMATION –
IN THE MAILROOM
Receiving
sorting Distribution Receiver action
Mail Data
Auto-Extracted
Automatic
Mail Routing
1-Click
Notification
Validation
of Recipient
Recipient
Notification
Filtered
Prioritised
Fast and
Accurate
Classification
Status
Visibility
Easy
Sharing
Editing
17. The benefits:
• All incoming mail is securely stored
digitally, meeting regulatory and internal
information governance requirements
• Access to confidential mail is controlled
with bespoke access rights
• Mail traceability is closely controlled,
from the point of entry up to its use by
the business department end-user.
17
Archiving
Selective
e-Archiving
Digital Secure
Storage
Fast
Search
Retrieval
18. 18
But similar compliance risks and opportunities
exist across a wide variety of document-intensive
business processes.
THESE ARE JUST
A FEW EXAMPLES …
Customer onboarding, account
opening, forms processing
High volume admissions
and records management
Delivery notes and logistics
documentation
HR administration, policy
and contract management
CONSIDER THE FOLLOWING …
19. 19
We’re seeing how organisations of all sizes and
shapes can work more efficiently, productively
and securely with their documents.
From simple solutions around document
access, to more specialist business process
requirements and data loss prevention,
we can help you stay in control of
information risk and compliance.
TALK TO US...
20. If there are any areas of particular interest that
you would like to discuss further, or to set up a
meeting, please contact us.
Or ask one of our experts to get in touch about
how we can help you across your information
and document management processes
Telephone Number
Email
Partner
Logo
Accreditation
Logo