Written by Ana Canteli on 8 June 2018
Compliance with legal requirements is the adherence by the organization to the laws, standards or specifications of the sector in which it operates. It is measured by the amount of resources devoted to legal compliance, information security management (privacy policy, data protection) and demonstrating that the organization is committed to regulatory management compliance; in particular the applicable legal requirements.
Due to the large number of regulations at the sector, regional, national and international level, organizations are adopting document and records management systems that help them establish an information system that allows them to comply with security requirements and administer security policies. Requirements including the update of the legal notice on the cookies policy of the website - to adapt to RGPD regulatory compliance – through the application of regulations on personal data protection, to the development of codes of conduct, which contribute to the prevention of risks in the management of information security of the company. Document and records management systems make it possible for the organization to comply with the objective of monitoring compliance with safety standards and legal requirements, avoiding duplication of efforts by technical means and human resources.
Moreover, because in the business world there are few terms more overwhelming than "regulatory compliance," especially when it refers to personal data, intellectual property (copyright), governance of information, records management compliance, etc. In this sense, we must have a very clear idea, and that clashes with the marketing strategy of some companies. By itself, no software or information system can make the organization comply with records management compliance or any other legal requirement. That is why it is so important to understand the scope of the regulations in the configuration of business process in the company or information management. There is no one solution that covers all cases or all possibilities; the same applies to laws or management of regulatory compliance.
Each records management compliance is applied to different types of information systems (the data protection is not the same for data collected in a web form to benefit from an offer, that the medical history of a patient). Management regulatory compliance and document custody activities change depending on the retention schedule applicable to each case. The risk management in the company aims to ensure compliance with policies and standards on cybersecurity, data protection laws, security policies, physical security, software security access control, protecting data securely; that seeks to protect the company from the negative consequences arising from gaps in data, and breaches of security standards; through prevention programs. The concept of risk management is sometimes mistakenly understood as the exclusive responsibility of the IT department. The reality is that regulatory compliance for companies to comply with information security in the risk management, it is necessary the commitment of all members of the organization from top to bottom.
In the United States, one of the most important regulations is the Sarbanes Oxley Act, among others, such as the Gramm-Leach-Bliley Act. It emerged in 2002 as a response to the financial scandals of large multinationals, which put the credibility of the accounting and auditing information systems in check.
In Europe, the GDPR seeks the protection of personal data securely against the breakdown of security measures for citizens of the EU. The EU Data Protection Regulation affects any organization that processes personal data of individuals residing in the European Union, regardless of the location of the organization that manages this type of data.
The OpenKM information system can be used by organizations to define, develop and implement the regulatory management compliance in the company while facilitating the management of documents and electronic records to users. The OpenKM document management system guarantees the access of all authorized users to the documents and information they need to comply with their obligations while guaranteeing the respect of standards or legal requirements that must be applied. The OpenKM free software provides a versatile, customizable information system that provides the ideal environment for organizations from different sectors to use the system to manage the documents and information of the entity.
The management of security and compliance in OpenKM is applied in 3 different layers. The first filter is the access to the system. Nobody who does not have a login and password can access the software. Roles and profiles assignment according to the user's position and/or activities personalize the document management system for each user and adapt it to their specific needs. Moreover, security management at a granular level allows the administration of privileges (reading, editing, deletion, download, etc.) in a detailed way for each element.
Compliance regulations with the legal requirements in OpenKM can be carried out through automated business processes. These, defined by the organization will automatically present to the authorized user, a window in which they should carry out the procedure, fulfilling the specifications defined by the company.
Other features in OpenKM could be subject to automation. Like the use of keywords, the assignment of categories or the insertion of metadata groups. Also, users will have the possibility to subscribe to the document or registration. In this way, they will receive notifications from the document management system, each time there is a change to the node to which they are subscribed. Authorized users can add notes to documents and use other communication tools available. Through the Preview tab, you can add comments while respecting the version and authorship of the file. The Forum section allows users to share ideas or make queries related to the document, while the Wiki tab serves to highlight the sources or rules on legal matters or the security of the information that is followed for the preparation of the documentation. On the other hand, the Chat integrated into OpenKM makes it possible for the members of the information system to hold conversations in real time. Through the History tab, users can access the life cycle of documents, and even compare them; seeing the contributions of each author highlighted. The Activity Log tab allows a complete audit of the events that occurred in the file. In this sense, the Reports functionality can be highly beneficial; since it will show us filtered information based on any aspect that is of our interest. Data that will help us determine the deviations regarding security policy or compliance with regulations and therefore help the organization to propose corrective measures.
If the document has reached the final version, it can change to locked status. This means that the document cannot be edited - unless authorized by a privileged user. Also, the documentation can participate in workflows (workflow) functionality that allows the detailed application of all the protocols that the human resources of the company have to carry out.
The enterprise content management system -ECM- of OpenKM allows through the search engine to find any information related to documents and records. We can search a file using free text search. If we have more data, we can filter the search for documents by their location within the repository (Context). Alternatively, thanks to any word contained in the body of the document. By name, by the title - the alternative name given to the document -. Keywords assigned to the file. By language, if the organization creates or receives information in several languages. By user, we can search by date ranges; based on a specific route within the repository. If we have created different categories, this can be a useful resource for searching the document. We can refine results according to the type of file, the extension or even through added notes. In OpenKM, users can perform advanced searches based on metadata; high-value information - obtained through zonal OCR, if the document has been scanned or digitized -, stored in a database and automatically linked to the record thanks to the document management system. This information may be contained in a third application. In these cases, it is interesting to know that OpenKM offers SDK'S in Java, PHP, and .NET that facilitate the integration of the software, with third applications that are part of the suite of programs of the organization.