Keeping corporate records safe requires a proactive attitude and dedication to the security and safety of your employees, clients, and vendors. Once started, a system of corporate record safekeeping is easy to maintain and often accompanies an increased sense of organization and structure which might well increase your overall productivity. The Sarbanes-Oxley act of 2002 lays out very clearly what records must be maintained and for what time period. The reader is encouraged to read more on exactly what records must be maintained. More information may be found at Wikipedia.
- Determine if the corporate records must be kept. Are they necessary for your daily business operations? Are they required under Sarbanes-Oxley? If the answer to either of these questions is "No," then proceed directly to secure document destruction (Step Five). If "yes," please continue.
- The activities required to keep corporate records safe fall into two primary categories: print media (Step Three) and electronic storage (Step Four). Each offers its own challenges toward security. Anyone's eyes can see the information on a piece of paper, but the portability of electronic files can create a security nightmare as anything can be dropped onto a flash drive and taken off the premises.
- For print media, you can keep corporate records safe by first determining how dangerous the information could be. Does it contain names? Telephone numbers? Social Security Numbers? Bank Accounts? Is it mission critical? Would it harm your company if handed to competitors or the media? If the answer is "yes," then you must utilize the "double lock" approach which mandates that this information must be behind two sets of locks. Placement inside a locking file cabinet in an office which stays locked when staff is not present constitutes a double lock. Placing them in a non-locking or public-access file cabinet in private office does NOT constitute a safe storage program.
Keeping corporate records safe when the data is not dangerous or critical is simple. Just follow your standard system of storage and filing, being aware that if conditions change you may need to secure information should it become valuable.
- Keeping electronic corporate records safe is much more challenging, but easier to maintain once your system is in place. Making use of encrypted container files such as those created using programs like TrueCrypt creates a very secure, impossible to open place for you to keep any sensitive information. Do NOT share the passwords, instead give each employee his or her own secure container and make them responsible for using it. Additionally, employers may keep corporate records safe by utilizing secure, remote location file co-location, such as the services offered by dropbox, which will mirror any and all files placed in a specific directory. Encrypted files may go there too. Remote co-location ensures that you may keep corporate records safe even in the event of a disaster or equipment failure.
Additionally, the reader should consider instituting a policy on the use of personal flash drives, mp3 players, laptops, and picture phones. Solutions exist both in software and hardware to keep corporate records safe inside company computer networks. Contact a local IT professional for more information.
Lastly, consider scanning and encrypting paper files, as a single hard drive can hold hundreds of thousands of documents securely while maintaining Sarbanes-Oxley compliance.
- Secure document destruction is, in itself, a multimillion dollar industry in the United States. If your organization needs to destroy more than about 1 banker's box worth of papers per month, you should consider contacting secure document destruction companies and contracting them for their services. Prices range from $5-20 per box. If keeping your corporate records safe requires you to destroy less paper, you should consider a cross-cut shredder and a policy on enforcing its use.
Keeping corporate records safe is as much an attitude as a practice, and like data backup, it is something you should focus on before you need it. Preventing a security breech is significantly less costly than cleaning one up.