Document Management Policies
Do You Want Each Staff Member Decide How to Manage Documents?
If top management does not formulate comprehensive policies on how to manage documents, each staff member handling documents might decide what to do. This could only lead to chaos in an organization with several staff members.
For example, even business sensitive documents might be accessible to everybody. Documents could be mis-classified and stored in an inconsistent manner, making it almost impossible to retrieve an urgently needed document.
If you want to avoid this kind of chaos, you have to spend time on document management issues, outlined in the next section, before your organization becomes sizable enough to hire several staff.
Document Management Issues
Clear policies are needed on key issues mentioned below:
- Access to Documents: Sensitive documents, like marketing strategies and plans, product formulae, and such should not be accessible to anybody except concerned senior management personnel. All the important documents in use should be reviewed and access rights should be clearly specified. Incidental to this would be storage practices to be adopted. Sensitive documents require extra secure storage.
- Document Permissions: Policies must make it clear as to who can do what with the documents that they can access. In a computerized system, it would be possible to implement READ and WRITE permissions. Some would have READ permission but no WRITE permission. WRITE permissions are typically granted only to concerned department personnel.
- Document Retention: Many documents generated by a business are likely to have only temporary value. Retaining such documents for any length of time would be waste of effort, space and money. On the other hand, care has to be taken that important documents that might be needed later are not thrown away. There are also legal requirements that stipulate for maintaining certain kinds of documents for certain periods. Policies must state clearly how long each category of documents should be retained.
- Destruction of Documents: All business documents must be destroyed in a systematic manner. Even temporary documents could reveal much about the business to unauthorized persons. Sound practices, like shredding, must be in place to avoid business documents falling into the hands of outsiders. Policies must also provide for periodic review of retained documents to identify which can safely be destroyed.
Policies are concerned with broad issues like those mentioned above. Procedures are detailed guidelines on how to handle documents. Procedures would specify in detail what is to be done with each document by each person, and how the document should be routed. Procedures must be aligned with the overall document management policies.
Computerization Makes It Easier to Implement Policies
In addition to the READ and WRITE permissions mentioned earlier, computers make it easier to control access rights and protect sensitive documents. Access can be controlled through passwords. Trails can be maintained about what each person did with each document. Firewalls could provide extra protection to sensitive documents.
In a computerized environment, print rights should be carefully controlled. If everybody can print out a document, it might be possible to take prints and carry them outside in an unauthorized manner. Because the original document is still safe, management might not become aware of the leak. To prevent this, printouts should be possible only through network printers after due permissions. Trails should be available on who printed out what.
Conclusion
Leakage of sensitive business information, chaotic handling and storage of documents, breach of confidentiality requirements and loss of important documents are all possible if adequate document management policies have not been formulated and implemented. Policies should specify document access rights, read and write permissions, retention periods and destruction practices. Implementing these policies are much easier with the use of computers.