by 
The founder of Facebook is on the agenda of the main newspapers around the world. Just a few days ago, Mark Zuckerberg broke his silence on a scheme of illicit use of personal data of 50 million users by the company Cambridge Analytica. According to what was released by the press, the information was used by the company to influence important decisions, such as the referendum on the separation of the United Kingdom from the European Union and the US elections.
In Brazilian lands, we are following the unfolding of this story, and together with our interest in knowing the outcome of the Facebook and Cambridge Analytica case, we can already highlight some lessons, especially about threats to information security.
As we have already commented on other occasions on our blog information is today one of the most important assets of corporations. We talked about paperless organizations and the importance of having a paperless environment for reasons of productivity, security and, of course, cost reduction.
Digital Transformation contributes to the adoption of a paperless environment, however, it is important to mention that risk eradication does not happen simply because a company migrates to the paperless format. In reality, digital documents present many risks when they are not managed correctly. This is where we converge Document Management with Risk Management.
Document Management and Risk Management
To begin with, we live with risks in all spheres of our lives. In the corporate environment, managing risks has to do with analyzing the company’s risks to maximize opportunities and/or minimize negative impacts.
Document Management deals with controlling the flow – storage, organization, retrieval, distribution, disposal) – of electronic documents in a secure and efficient manner to ensure that they are accessible to authorized people (as and when needed).
Putting the two topics together, the question arises: how much does it cost to lose or leak a document? What is the risk involved in having sensitive information fall into the wrong hands? The answer to the questions you certainly already know, because just think about what your competitors could do if they knew beforehand about your new product, to name an example.
Therefore, when we talk about information management, we have to remember how important it is for the company to optimize and automate Document Management with EDM/ECM (Electronic Document Management) software. To understand better:
How does EDM/ECM contribute to information security?
For your company’s information to be secure, you need to pay attention to some points:
- An Eletronic Document Management solution allows version control: each team member authorized to view a document should be able to see the most up-to-date version, but also all revision versions. Imagine a company’s legal department: professionals in the area must be able to see the versions of the revisions to be able to understand what has been changed and if it makes sense.
- An EDM/ECM solution has access control and security: access permissions are assigned to each document, and access can be granted to a group or a user.
- A GED/ECM solution has a digital signature: electronic documents can be signed with certificates in the ICP-Brasil standard.
Concluding
As information is the most valuable asset of companies, data and documents generated by organizations must be very well managed internally. Therefore, Document Management (especially the way information is stored and accessible) is essential for any organization that cares about the security of its data. After all, we are sure that no business wants to experience the chaos of finding out that its most sensitive information has been leaked and having to put itself in Zuckerberg’s shoes to explain why. Isn’t it?
In addition to the module for Document Management (ECM), to the module for Document Management (ECM), in the Fusion Platform we have an accelerator (ready-made process adopted) focused on Information Security Risk Management. In it, it is possible to map and record each situation of risk to the organization’s information security, as well as define actions, probabilities, and impacts. It also allows frequent monitoring of risks, their actions and the results obtained. Try our solution now or request a demo to learn more!
