Five Reasons to Go Paperless: Part 2

Paper airplane flying out of window.

In case you missed part one, you can read it here. I will jump right back in with more reasons to go paperless. 

Compliance

Sarbanes-Oxley (SOX), HIPAA, DOD 5015, FDA CFR 21, Gramm-Leach-Bliley Act, Patriot Act, Freedom of Information Act, ISO 9001, and the list goes on and on and on...  There are more government regulations and industry standards than you can shake a stick at.  Some of these are voluntary certifications or standards, but most of them are NOT optional.  If an organization is mandated by law to follow certain rules and regulations, it becomes the responsibility of that entity to act in accordance with the laws set forth that regulate them.  For example - health care related organizations are required to adhere to HIPAA regulations that, among other things, set forth standards for keeping patients' health information private.

SOX affects the financial side of corporations as well as IT departments and defines rules on how financial and other business records are managed, which records need to be stored, and for how long these records need to be kept.  Non-compliance can result in significant fines, imprisonment, or both. 

Managing processes in a paper document environment is time consuming and difficult at best.  Keeping audit trails becomes a manual process and can easily be compromised.  In an EDMS environment, many of these processes are automated.  For example, a system can be set up to automatically create an entry in an audit log every time a document is searched, opened, modified, and/or deleted.  This happens without any user intervention.  This occurs on top of the security model implemented or whether it is user, group, or role based.  Individuals that shouldn't have access to information pertaining to certain document types are easily locked out by applying the proper privileges to their user account.  It's not hard to see that managing processes and business rules become easier and more thorough in an electronic environment, thereby achieving much higher compliance targets.

Risk mitigation

Along with noncompliance, mitigating risks and liability can keep a company owner up at night.  Other than keeping a business solvent by continuing to bring in revenue and make profits - protecting the assets of a business or corporation ranks high on their list of priorities.  Some of the most valuable assets a company has are the very documents that are used to run the day to day operations of the business. 

What happens if a fire, flood, tornado, or other disaster strikes and destroys these documents?  How will you know what your receivables are or who owes what?  If your paper gets destroyed, chances are there are no backup copies.  However, that is one of the beauties of having your documents digitally stored - backups can be scheduled to offsite locations with relative ease.  In fact, there are plenty of good backup software packages that can perform these functions on a timed schedule and in an automated fashion.  Being able to recover your documents; accounting documents, tax information, HR records, trade secrets, intellectual property, etc could mean the difference between recovering from a disaster or going out of business.

One other area involving risks revolves around the information you do have on hand.  Most records are not meant to be kept forever and have a legal lifespan.  Example: even though you are only required to keep certain A/P documents for 5 years, if you have invoices from 1964 and are involved in a lawsuit, these documents might be able to be used in a courtroom.  Note that this is just an outrageous example that may or may not be factually true.  The message is what's important:  If you have the records in your possession, then you may be held liable for the information contained in those records.  If you were legally able to destroy certain documents that met their lifespan, then you obviously can't be held liable for information that you don't have. 

Records retention is another key feature of modern EDMS systems.  Retention policies can be applied to documents as soon as they are stored in the system.  When that policy expires, these documents get flagged for destruction or deletion.  Along with creating retention policies, retention holds can be placed on documents.  For example, a court may subpoena certain records involved in a court case.  The records in question can be placed on "legal hold", therefore even if the retention policy would trigger to have them expire - they would not expire and remain indefinitely on hold unless the retention hold is removed. 

Please note my disclaimer:  I am not a lawyer and am not trying to give specific legal advice on what documents must be kept or for how long.  You must consult your legal counsel for the rules and regulations that apply to your company or specific industry.

With all that said, what would be a few reasons why you wouldn't want to implement an EDMS solution?  I don't care who you are or what you are selling, there is NO product, service, or solution that is right for EVERYONE.  The first thing that comes to mind is that you have not budgeted for this type of investment.  ROI is important and must be factored in. If you must spend $100K to setup a solution that will save you $50K per year, thereby realizing your ROI in two years, but you don't have $100k to spend or have two years that you can tie up that much money - then maybe it is not the right time to implement an EDMS solution. 

Another important factor in a successful implementation is having owner or "C-level" (CEO, CFO, etc) buy-in.  If there is no support from the top, then the chances of a successful implementation are pretty low.  If you have other business critical issues that are your highest priorities at the moment, then it probably isn't a good time to make such a drastic change to the way your company does business.  Even if now is not the right time to make the change to an electronic document platform for your company, just keep in mind that one day - that could change!

This post turned out much longer than I thought.  If you made it this far, I thank you for sticking with me and I hope you found this information informative.  Please leave any questions or comments you have, and I would be interested if YOU were involved in the purchase of an EDMS system and what were your reasons for implementing such a solution - especially if your reason for purchasing was NOT on my list above.