Blog

Blog

Blog

contactcall03300 376 323

Our Blog

How to Create a Comprehensive Document Management System for your Business With On Site Shredding

What is document management?

Document management is the term for the processes used for handling documents with the aim of the information being created, shared, organised and stored in a safe and efficient way. For many businesses, the system is focused mostly on the organisation and storage of documents. Then there is the safe disposal element for documents that are no longer required or do not need to be stored. All of these elements are factored into a document management system to ensure staff always know what to do with any piece of business-related paperwork.

Creating document management rules

The first step in the process is to assess all the documents that come in and go out of the business and start creating rules on how they will be handled. Once you have the rules, you have the basis of the system and then it is a case of educating staff, so they can carry it out. Finally, you should monitor it to ensure it is effective. Some examples of questions to ask when creating the rules of the system can include: · Should new documents be date and time stamped? · How do they get from the post department to the person who needs to action them? · Where are they stored while still current and in use? · Where are they stored when they need to be retained but not frequently accessed? · What happens to documents that don’t need to be stored? · How is safe document destruction achieved? Every business will have a different approach and different requirements from their system. For example, there might not be a post department, just whoever gets the post each morning when the delivery arrives. So the question is then where should the post be placed once opened and how does the person receive it? It might be that the person opening the post is also responsible for forwarding it to the appropriate person – this is a document management rule. For documents stored on the premises, another rule would be where things are kept and also how often they are filed. Is each person responsible for their own filing or does one person in the company handle all of it? What time scales are required – does the filing happen when a process is finished or on a regular schedule? For businesses that scan all mail and use the electronic version, filing could be done daily or weekly while for those who use the physical paper, it may be months when the process is finished.

Document storage and secure shredding

The safe and secure storage of documents within the business is one of the areas that you really want to spend some time considering. There are plenty of horror stories out there of companies who have received a large fine when they misplaced documents and a valuable credit card number or personal information has come into the wrong hands. The most common reason for this is that there isn’t a clear document management system in place and documents are mislaid, thrown out with the rubbish or left on someone’s desk to be stolen.

Document storage

Most businesses will have some kind of on-site storage for documents. These are the documents that are needed on a regular basis or may be required within a certain period – say 12 months. After this, they may no longer be needed or might be stored off-site for a specific period of time. For example, some documents have to be kept for 7 years for tax purposes. Solid filing practices are key to finding those documents when they are needed. How this is done depends on the nature of the business. An example could be to keep them in alphabetical order by the customer’s surname or they could be arranged in date received by the department. How you do it is less important than having a clearly outlined system that everyone follows.

Safe disposal

Document disposal is also a key element of your document management system. If the document reaches the end of its lifespan or doesn’t need to be stored, then shredding is compulsory. Some businesses have small shredders that staff use as needed but these can be inefficient and prone to malfunction. A better option is to use on site shredding – this is where a company comes to the business and handles safe shredding of all confidential documents. This ensures that no documents leave the premises, which could fall into the wrong hands.

Calendar of shredding

You may also want to create a calendar or schedule of shredding. For example, once a year at a specific time, you could ensure that all documents that are no longer required are removed from storage and the shredding company destroys them. For greater quantities, you may need to make this more regular to better manage the impact on time and resource.

Document retrieval

Once you have been in business for a few months, you are likely to start accumulating documents that you need to keep. Retaining them is one thing but you also need to be able to find them quickly when needed. This is the document retrieval section of the management system. There are lots of ways to approach this depending on how many documents you have and where they are stored. One simple way is to have a file location list – label each draw with a number or letter and have a document that states what is in that drawer. So drawer 1 may be customers A-E or drawer A may be all accounting paperwork. You may also want to consider off-site storage. As the business grows, the number of documents grows with it and may exceed what you have the capacity to store in the premises. Off-site storage is often used to store non-urgent documents in a safe way. By working with a company that specialises in this kind of system you will also be able to quickly and easily access the documents if you find that you need to.

Ensuring documents are safe

Document security is a huge part of the business’ requirements under data protection. You need to take all possible steps to make the documents as secure as possible and to cut down on the possible loss of data. The business premises themselves are often the first line of defence in this situation. Any business will have some kind of physical security in place to protect the business, even home-based businesses. By ensuring that it is difficult to get into the business, you have taken the first step to secure your data. If you have a lot of sensitive data as well as cash kept in the building, you may want to enhance the security. CCTV cameras are a popular option as well as physical security such as bars at easily accessed windows. Large businesses may even have security personnel checking the property regularly.

Filing Cabinets SecurityFiling cabinets

All documents stored in the property should also be in locked filing cabinets. Keys for the cabinets should be removed from the property or kept in another locked facility such as a safe. Cabinets should be locked during the day when not in use and one person should be responsible for the safekeeping of the keys. Personal document security should be instituted at the individual level. Every member of staff should have a lockable drawer and all sensitive data should either be stored there or in the main filing cabinets at the end of the day. Documents containing any information such as names, card numbers or other personal information should never be left on a desk where someone could steal them.

Combining online and offline documents

For many businesses, documents are both online and offline – digital and paper-based. This can mean that a document management system needs to consider both types of document and how these will be handled. A streamlined system that copes with both might look like this:

1. Assess all information held in the business including physical documents held in filing cabinets, any off-site storage used, and digital documents stored on the hard drive as well as shared storage such as Google Drive. It should also include things like emails and image files.

2. Categorise the data – this is where you decide how the information should be classed. This depends on your business but might include something like – current, within 12 months, older than 12 months. Or it might be something like outstanding case, case closed within 12 months, case closed over 12 months ago.

3. Decide on a disposal timeline – based on the categories you have chosen, work on what needs to be shredded when and create a timeline to ensure this is done.

4. Does it contain sensitive information? This is where you look at the security level needed for the different documents and information to see just how secure it needs to be. The locked filing cabinets mentioned above are an example of this while password protected files might be a digital version.

5. Who will access the information? Does everyone need keys for the filing cabinet or passwords for the secure storage? Remember that the more people that access something, the greater the chance something goes wrong. Instead, think about compartmentalising as much as possible.

6. Ensure destruction is organised – if you are using on-site shredding then make sure you have the process in place and know when the company will be arriving to do the shredding. That way all documents required for shredding will be in one place to speed up the process and ensure nothing is misplaced.

7. Lay out the policy and train staff – your staff cannot implement your system successfully without full knowledge of the process, who does what and when. Training them and putting checks in place to ensure systems are followed is an important final step.

What if something goes wrong?

While no business wants to be there, it is also important to understand what you need to do if something does go wrong and there’s a data protection breach. Under the GDPR, all organisations have to report within 72 hours that there has been a breach or a potential one where feasible. If there is a risk that people’s personal information has been lost or stolen, they must also inform the individuals. The company needs to have a notifying process in place, so they know who is responsible for notifying the ICO and also the individuals if a breach occurs. There should also be clear information on what details they will require and what needs to be done. Some of the information that will be required will include:

  • Description of the nature of the breach
  • The details of the data protection officer or point of contact at the company
  • The likely consequences of the breach
  • What measures were put in place to mitigate adverse effects and to handle the matter Reporting can be done via the ICO website

Also be aware of any other notification obligations such as operators of essential services or a digital service provider. There are also reporting obligations in the NIS Directive. Failure to notify can result in a maximum fine of up to 4% or €20m of global turnover so it is important to take these matters seriously.

Solid document management systems

With the emphasis on customer service, marketing and growing the business, it is easy for document management to slip down the priorities list. But as the consequences of a data breach show, there can be huge financial penalties if things go wrong and the correct steps aren’t taken. Added to that are the breach of trust with customers and the loss of reputation which can go on for years. That’s why it is important to have a solid document management system in place for your business, regardless of its size. By having these processes in place from an early stage and educating staff as they join the company, you will ensure that the document flow through your business is handled efficiently whilst minimising the risk of a data breach.

For more information about our on site shredding services, get in touch with us today. To get the complete document management solution, see our full range of services, Records Management, Digital, Technology and Relocation.

Print

x