Grace Information Management Blog

As modern workplaces edge closer and closer to the paperless society, there is the growing demand to ensure the security and ubiquity of all business documents, especially when adopting cloud based systems.

The introduction of online Enterprise Content Management (ECM) systems allow for timely document retrieval at the click of a button; anywhere, anytime. But how do you ensure accurate security measures that enable and empower employees to access information, while at the same time providing security and audit trails to appropriately track and control information?

Below are three best practice rules each for use at an individual and organisational level.

Data Security Rules For Individuals

Here are three (3) tips finance professionals should implement to ensure data security in the workplace:

Ensure work files are located on a network drive

This will provide you with a safeguard as the IT department will be able to back up this location, providing security upon loss of laptop, tablet or computers.

It can also be a good idea to regularly back up to another drive location such as a secondary drive if the files require the added insurance of another back up.

Only open safe emails and web browsers links

Despite even the best spam software, sometimes suspicious emails and web browser links can make their way in to your inbox, so ensure you always check links for authenticity before opening them, and if in doubt, check with your IT department.

Turn off location tracking

As a rule of thumb, only have tracking through search engines, tracking applications on devices or Bluetooth active when necessary.

Data Security Rules For Organisations

For larger organisations, best practice recommends installing software restricting access to directories and files based on entity, department and document level as outlined below.

The entity rule:

Ensure the software can ‘group’ employees to allow easy access to information

Organisations can use software to ensure the correct levels of access are allocated through the use of ‘groups’.

The use of grouping provides ease of process management ensuring each employee is not provided access to directories or files outside of their remit.

The process of managing access protocols to a group of employees is far easier than managing each individual, and is less prone to faults, ensuring continuity across the whole organisation.

Additionally, the correct use of this system guarantees user level employees are easily defined by specific requirements, which assists the process of ensuring access is managed throughout the time of employment, and most importantly, once employment has ceased.

This entity rule of tailoring group access creates data security peace of mind across the whole organisation.

The department rule:

Ensures that only the correct people from each department have visibility of information relevant to them

Applying the entity rule to each department will ensure relevant employees have access and visibility to department information.

A prime example of this rule is access within a human resources department that exists in nearly every organisation and generally has some of the largest requirements for internal security. Systems allowing for restriction of access to areas of your network ensure this is correctly managed. As with the group-based system, this simplifies the process of managing access to each department’s information.

For many systems, the added advantage of zero visibility of items outside of an individual’s access assists in reducing the curiosity around information they can’t access. The use of the department rule provides compliance to each internal department’s unique requirements, regulations and policies.

The document rule:

Safeguards individual document control and incorporates an audit process to maintain secure data protection

The ability to utilise software to control access to documents provides confidence, however knowing you have the ability to control the ways in which an individual can interact with individual documents provides certainty. This allows for improved compliance, process management and data quality within your corporation.

Individual document level access also provides an audit trail to identify the access and use of each document. Tracking user patterns at a document level provides visibility on individual user activity and provides insight into process. The accuracy and searchability of metadata against each document is critical to the ongoing success of this type document management system. The document rule allows the organisation to track, manage and improve current information and access; providing confidence in the metadata captured against each document.


When adopting an ECM system, careful planning and the precise identification of each department’s requirements is critical to success. Once you have identified your organisation’s requirements you will then be able to accurately access which ECM system will work best for you and your organisation.