Listen to Audio
After the recent fallout of major corporates like Banco Espírito Santo & Dick Smith, strict compliance legislation has been introduced to ensure that the business managers are more accountable for their action.
The latest quality standards focus on greater account and control in the key business processes. Most noticeably data management and document flow.
There are two aspects to enforce compliance:
- The corporate duty for enforcing standards
- Legal protection in case of any dispute or litigation
Non-Compliance is Not an Option
Non-compliance is not an option and companies get penalized and other executives can be held responsible if the information is not in order. Hence it becomes necessary that businesses examine all the regulations, not only the ones that are affecting the specific area of operation, but also the generic legislation that affect business activities.
Distributing documents in either hard copy or electronic form for approval raises security issues.
What information can be accessed and who is authorized to access those documents? This is important to ensure compliance within the organization such as the Sarbanes Oxley Act implied to US companies and their other foreign subsidiaries; and in the UK they have Data Protection act and Freedom of information act.
Document processing softwares such as Tokiaro’s TokOpen system addresses these challenges and then automatically enforces compliance. Every action relating towards individual document access is audited and access is then limited to several specified personnel only, not only that even the actions they can take on those documents are controlled.
Software also restricts access to information within a document, to different specific users and or a group of users within an organization. This ability to allow different users accessing the different information means that the needs of data protection act and freedom of information act are both met automatically, without the need to make different copies of documents.
The following are some of the most recent regulations, and the effects they can have on corporate document management strategies:
Sarbanes Oxley Act 2002
This is a key driver of compliant corporate document management systems. Non-compliance is now a Federal offence in the US, with a penalty of up to 20 years in prison. Even the subsidiaries in the UK are also required to comply with this legislation.
The CEO and CFO must certify under section 302, that the company’s financial condition and results are reported accurately. In addition, they must certify that internal controls have been established and evaluated to ensure accurate recording and reporting of performance.
Data Protection Act 1998
Regardless of what document management system is in place, personal information for business use must be handled with the Data Protection Act 1998. It can also facilitate the execution of valid requests for such data.
The Act enshrines these principles:
- Personal data shall be processed fairly and in accordance to law.
- It must be obtained only for lawful purposes, and shall not be further processed in any manner incompatible with those purposes.
- It shall be adequate, relevant and not excessive in relation to the purposes for which it is being processed.
- It shall be accurate and, where necessary, kept up to date.
- It shall not be kept for longer than is necessary.
- It shall be processed in accordance with the rights of data subjects under the Act.
- Appropriate technical and organizational measures shall be taken to prevent unauthorized or unlawful processing of personal data, and to prevent accidental loss, destruction or damage to personal data.
- Personal data shall not be transferred to a country or territory outside the EU unless an adequate level of protection for the rights and freedoms of data subjects is ensured.
Freedom of Information Act
This gives people a general access to information held on behalf of or directly by the public authorities. It is intended to promote a culture of openness and is accountable to public sector bodies, and also intended to increase understanding of how public make decisions and how do they actually work, and how they spend public money.
Document management process flow should be a key objective for all organizations, public and private, in the drive to achieve business efficiency, and ensure that information is easily retrievable and properly documented. As a result of this, public authorities will then be able to comply more easily with legislation that affects them, such as the Freedom of Information Act.