Content management, or the effective flow of company information, has historically been the domain of the IT department. But secure content management (or the secure flow of company information with the ability to meet national legislative requirements), must be the domain of management, as it involves the strategic and legal use of company information.
Thus, in order to effectively to deal with secure content management, companies have to shift the responsibility for the flow and management of company information away from the IT department and towards management and decision makers. In summary, technology solutions that deal with secure content management can only be implemented on the back of management`s strategic decision making.
"Historically, the IT department has been handed responsibility for the use and storage of company information. But this can no longer be the case," says Rob Cells, Business Development Manager at SAP Enterprise Document Management Specialists, Engineering Informatics (EI).
"The Promotion of Access to Information Act now legally compels strategists and business decision makers to take ownership of the management of company information. But even if the act was not in effect, it would be nonsensical for the IT department to retain control of what is essentially the core of the business - its information."
The Promotion of Access to Information Act gives statutory rights to requesters of any record of a private body, if:
* That record is required for the exercise or protection of any of his or her legal rights;
* That requester complies with all the procedural requirements;
* Access is not refused in terms of any ground referred to in the Act.
This means that companies are now legally obliged to be able to provide authenticated and verified copies of a broad range of company information to relevant parties. If companies are not able to provide this verified information, the penalties can run into millions.
"It is critical that business policy is now structured around content management," says Cells. "At this stage it is largely safe to assume that high level companies have technology in place to provide technical security such as authorisations, encrypted data, disaster recovery and so forth."
"But what the legislation has done is to put a different angle on security. Companies now have to understand how well their business policies are geared towards securing information when it is required - whether internally or by other parties."
For example, if a customer sends a business-related email to the company, the data must go through a business process of verification, acquisition and usage. The email must go into a defined system in a particular format, so that if litigation occurs around the information the company is able to present the document in court and testify as to its integrity.
According to Cells, very few companies have policies in place that dictate the usage and storage of all company information.
"Incoming email, for example, must be filtered on the basis of essential business rules. Business relevant emails must be automatically captured and written to optical disks to ensure integrity," he says.
"This information must be linked to the correct business processes and procedures, so that if you need to find information you are sure that it is indexed correctly and it relates to records, as defined by national archives requirements; information has to be indexed in a particular manner, with particular terms and references."
Aside from the business implications of the mismanagement of unstructured company information, such as emails, the legal implications are now critical, thanks to the Promotion of Access to Information Act.
"A lot of companies do have policies in place regarding email," says Cells. "But these are technically driven policies that do not allow certain attachments, types of message content and so forth. They haven`t been driven by a business, or legal, need to effectively use and manage information."
The crux of secure content management is that it is the company directors that will be held responsible in court if the company cannot provide required information - and not the IT department. It is therefore essential that those responsible for the company as a whole are dictating the management and use of company information, and are making sure that their objectives are achieved by the IT department.
"Email has always been the responsibility of the IT department in terms of management and storage," says Cells. "But now that the legislation has come into effect it is imperative that solutions to email usage are driven by strategic considerations. The business has to take ownership of the use of company information."
"Secure content management is a wake up call for business to take ownership of unstructured data and to set down the rules and processes that IT has to follow," Cells concludes. "IT has been dictating the management of information for too long. Now that ECT legislation is firmly in place secure content management is a strategic imperative - it`s as simple as that."
Share
EI is a specialist company, focussed exclusively on the implementation of the SAP enterprise document and record management system (DMS) and related functionality.
EI is the premier SAP Africa Specialist Partner specifically certified to implement and maintain the SAP Lifecycle Data Management (LCDM) functionality in South Africa. This means EI is recognised by SAP as having a significant track record in successfully implementing SAP LCDM solutions at industrial customers.
EI has an enviable record of successful implementations of SAP DMS, having implemented more than 90% of all SAP DMS installations in South Africa during the past five years.
Editorial contacts