Five Steps to Establish a Document Management Program

Digital Clutter Hurting Your Productivity? Rein in Documents Once and for All

With a clear plan and upfront work, long-term management of your documents can be less daunting than you think. Here’s a five-step primer.

Document management, archiving, cybersecurity, software, compliance, digital storage

Taking a Marie Kondo approach to your digital clutter might seem appealing at first. Brings joy? Save. Does not? Trash.

But let’s face it: Some documents that you suspect the business will need in perpetuity might not spark joy — say, financial disclosure statements or volumes of research you completed for a client. 

What’s the best approach to document management if the aim is to regain control of your data assets — tossing what you won’t need again, organizing what you use regularly and stowing what you must retain for legal and compliance requirements?

Follow these five steps to establish a document management program that reduces the load on your systems, eases compliance and helps employees efficiently keep and use only what they need.

Step 1: Establish an Official Document Management Policy

The first thing to do is develop information classification and records management policies for documents and other content, says Thomas Phelps, vice president of corporate strategy and chief information officer at Laserfiche, a developer of enterprise content management software and process automation software. 

Always think about documents in terms of a life cycle: 

  • Create or capture
  • Manage
  • Search and retrieve 
  • Collaborate
  • Archive or dispose

Build a document management life cycle that’s relevant to your business. Classify content based on regulatory compliance requirements, business value, and sensitivity to unauthorized use, disclosure or modification. Common classifications include public use, internal use only, confidential (restricted to specific departments) and highly restricted (access limited to named individuals). 

Organizations should identify appropriate controls to label, manage, dispose of and transfer information, Phelps adds. The IT staff will use these controls to set rules in your content management system to help automate content management and protect the business from data leaks. 

Step 2: Perform a Risk Assessment and Establish a Security Plan

Every business needs a process to assess risks associated with the loss of confidentiality, availability and integrity of any information that is a critical asset. Privacy is also a key consideration, based on the type of data you’re collecting from your customers and employees. 

A risk assessment needs to be a formal process, not an ad hoc activity that is someone’s side job, Phelps explains.

Based on the risk assessment and your organization’s risk tolerance, establish security controls for how each type of document is created, managed, shared, stored and destroyed. This should take into account the value and sensitivity of information to the business.

Step 3: Define Your Process

While it might seem like a heavy lift to granularly define so many elements related to document management, it’s the details that make ridding a business of digital clutter possible, Phelps says.

There are a few processes that are also important when organizing documents.

  • Include version control settings to keep track of changes to documents and determine who made them. In lieu of automatic settings, set naming conventions. 
  • Tag files for indexing, and identify the right metadata (the data about data). You can use metadata for indexing and workflow routing. For instance, think about the billing department. Often, a purchase order might need to be routed from one person in a particular department to another person outside that department. The PO number can be one of the metadata elements that a document management system uses to handle that routing automatically. It also can be used so that disparate systems can search for and access the document. 
  • Plan for the security of data at rest, in motion and at each end point. That requires encryption so that documents aren’t easily hacked while in use. This is more critical now, since workers often tap into records and collaborate on files from multiple remote locations.
  • Plan for document destruction on set timetables for items you don’t need to keep for regulatory compliance or legal reasons. Why? Because if your business should ever become embroiled in a lawsuit, it can be compelled to provide any and all documents — from one individual’s email to every personnel file or billing record.

Step 4: Tier Your Storage

Once you have classified your documents and evaluated them based on their business value and security needs, your IT team can then establish a central repository and implement a tiered storage strategy. Tiered storage uses levels and various storage technologies based on use, security and performance factors:

Tier 0: Used often and demanding high performance

Tier 1: Mission-critical data

Tier 2: Less critical files though regularly used

Tier 3: Infrequently used but support ongoing work

Tier 4: Archived for compliance or legal needs

Evaluate various storage mediums for their tiers to drive down costs associated with document storage, identifying the capacity and transfer speeds your business needs. The most expensive mediums would be at Tier 0, since files are always available. Cost and access speed are lower as you move up the tiers.

You can also automate the management of files across tiers and ease data access by your users.

Step 5: Train Your Users

A key piece of any document management strategy involves training users. As part of your planning, figure out how the business will relay its document life cycle to users, how it will keep them informed about the information classification and records management policies, and what role they will play in ensuring the company manages its documents according to the retention schedule.

Also, depending on the systems and software deployed for document use, collaboration and storage, your business will need to train employees in the technology’s use, too.