Aquawheel.com Aquawheel.com Aquawheel.com
Index Page >> About Us >> Place Your Link >> Privacy >> Terms of Service >> Submit Article
Search:   
Add Url
 
 

Drink & Food
 

People & Society
 

Events & News
 

Shopping Online
 

Home & Garden
 

Entertainment
 

Realty & Property
 

Science & Research
 

Art & Culture
 

Self Enhancement
 

Hygiene & Health
 

Tour & Travel
 

Jobs & Employment
 

Investment & Finance
 

Politics & Government
 

Online & Board Games
 

Lifestyle & Fashion
 

Education & Reference
 

Medical Care
 

Software & Networking
 

Vehicles & Automotive
 

Companies & Business
 

Sports & Adventure
 

Children & Teens
 

Index Page › Software & Networking › Data Backup Systems
 

Document and Data Management Considerations for Private Companies
 

Increasingly, the need for a written, highly structured document and data management policy is becoming vital to any private company. While the recently enacted Sarbanes-Oxley (SOX) rules promulgated by the Securities and Exchange Commission require such a written policy for public companies, there are ample reasons for private companies to also adopt a written document and data management policy.

Various statutes now require most companies, whether public, non-profit or private, to securely maintain written records in regard to certain aspects of their personnel information and business operations. Under the Health Insurance Portability and Accountability Act (HIPAA), for example, companies may be sued if a security breach or other mishap results in the unauthorized disclosure of medical records. The controversial Patriot Act requires disclosure to the federal government of certain customer data and can subject the disclosing company to a lawsuit if the customer was not sufficiently advised of the possibility of such disclosure. A proposed amendment to the federal Rules of Civil Procedure would require lawyers representing parties in litigation to discuss document management systems of their clients prior to any legal proceedings. Another proposed amendment to the federal Rules of Civil Procedure would provide a safe harbor for companies that lose information but have otherwise acted in good faith, precluding any sanctions for such information loss. Certain state laws, such as the California Online Privacy Protection Act of 2003, require website disclosure of privacy policies in regard to personally identifiable information (such as name, address, credit card number, social security number, email address, etc.), which should include a statement about the security procedures in place to protect such information.

Prudence also dictates that written records be maintained in the event of employee claims or litigation involving the company. Companies should also be vigilant in documenting incidents involving any inappropriate or improper behavior by an employee. Emails and instant messages are now often crucial in determining court cases. Employee emails are generally considered to be the property of the employer, and the companys HR policy and employee manual must clearly state so. Accordingly, employers should ensure that copies of all employee emails and instant messages are retained in the event of any employee-related litigation. For the same reason, in addition to maintaining copies of executed contracts and written correspondence, companies should retain copies of all emails and electronic document interchange (EDI) transactions with vendors and customers in the event of any litigation with such third parties. Companies should develop disaster recovery plans and test the recovery of all important data and information. Electronic imaging of physical documents should become standard.

In order to ensure that such procedures are in place and followed, company management must create an infrastructure that will be responsible for the implementation and monitoring of such procedures. This must come from the top down in the organization. The Board of Directors or a committee of the Board should review internal controls and written processes designed to ensure the retention and security of all company records and information and avoid misuse or unauthorized disclosure of such records and information. The Board or such committee should consult closely with members of the companys information technology (IT) or finance department and others responsible for company files and records in order to ensure compliance with a clearly defined operations policy for the storage, maintenance, protection and destruction of company records and information. There are numerous sources of guidance for company management and IT or finance departments in this regard. These include the Committee of Sponsoring Organizations (COSO), an independent auditing industry group that has received implicit endorsement from the Securities and Exchange Commission. In addition, the Sedona Principles is a set of best practices for e-discovery and the Control Objectives for Information and Related Technology (COBIT) detailing the IT or finance departments role in information and security controls is recommended reading for private companies, even though it is directed at public companies in the post-SOX era.

Company management must also ensure that the IT or finance department has the necessary resources to properly maintain and safeguard electronic records. Extensive storage capabilities and related software are required for document management, data backup, and email and instant message archiving, as such records must be maintained for an extended period of time. Under SOX, for example, records are required to be stored for seven years and must be non-erasable and non-rewritable. Hundreds of outsource storage companies have emerged to assist companies with their e-document management and data storage needs. It is vital that such software and services include fast and reliable document and data search capabilities as well.

Paper records should be organized logically to facilitate their retrieval at a later date. Ideally, the contents of the files should be logged electronically using database software specifically designed for this purpose (the XML standard has gone a long way in standardizing how to identify data). Companies should also ensure that off-site records can be remotely searched.

Access to company records should be closely controlled and restricted to a limited number of individuals. Just as electronic records have audit trails of who has access and when the data was accessed, paper records should not be open and available for anyone to simply walk in and review them, or alter them.

Finally, a document destruction policy should be included as part of the written document and data management policy. Time periods for purges of electronic data and paper records should be established and followed explicitly. As a general rule, it is not recommended that data or records be destroyed until at least seven years has elapsed since the initial archive or storage of such data or records. However, the appropriate time limit depends on many factors, including the nature of the data or records, relevant statutes of limitation and governmental requirements. Company management should therefore consult with legal counsel and a document management professional before establishing a document destruction policy.
Author: Michael Siersema and Kent Clayton
 
Author Bio:
Michael Siersema and Kent Clayton is a noted author. Michael likes to create articles about this area.
This article can be searched using: online data backup service, online data backup, data backup online, online it data backup
 
 
 

Related Articles
 
Securing a Marketing Rich Domain
 
Computer Hard Drive Recovery Ideas
 
Write Your eBook Fast: First Steps to Finishing Line
 
Internet Marketing With A Laid Out Strategy
 
Using Time Management Software To Achieve Balance And Reduce Stress
 
Failure to Do This Simple Task Can Kill Your Online Business
 
It's Cool to Play Games
 
Don't Think Ads as Ads
 
Retired and Getting Rich Online
 
Promotion Techniques Don't Have To Be A Hassle
 
 
 
 

Hard Disk Failure and Data Recovery

Hard disk is a non-volatile data storage device that stores electronic data on a magnetic surface la ... - Bharat Bista
 

Cisco CCNP Certification / BCMSN Exam Tutorial: The HSRP MAC Address

To pass the BCMSN exam and earn your CCNP certification, you've got to know how the HSRP MAC address ... - Chris Bryant
 

What Are International ISP & Global ISP?

The world has become a lot smaller of a place these days. For businesses, the marketplace has extend ... - Bob Hett
 
 

What Are Podcasts And How Can They Help Your Business?

So what exactly is a Podcast? The word Podcast gets thrown around a lot these days but what does pod ... - Jen Kothe
 

Create Your Own Power Pad

What is a Power Pad? It is a tool you can use to increase your sales and marketing efforts - a type ... - Bette Daoust, Ph.D.
 

The History of World of Warcraft

A look at one of the most popular online video games. From it creation to where it is at now. - Mark MacKay
 

Cheap mobile phone deals are available to all

Very often you come across advertisements claiming to offer cheap or cheapest mobile phone. You may ... - Jennifer
 

Building Links to Increase Traffic and Page Rank

You have your website, but need to attract both living breathing customers and search engine bots to ... - Pat Ransom
 
 
Index Page >> Privacy >> Terms of Service
© 2008 www.aquawheel.com All Rights Reserved.