To date only about 50 percent of companies work with an ECM or a DMS system. But more and more company managers are recognising their potential. Small and medium sized companies are also investing in appropriate solutions – and as a result are frequently heading off into uncharted territory, namely into the area of IT compliance.
IT compliance, the new undiscovered world?
But what does compliance mean? Compliance lies in the adherence to legal and contractual obligations. It ensures the security of the company. It minimises risks. IT compliance focuses in particular on those requirements relating to information technology.
With regard to data protection and the Digital Signature Act
Whosoever installs an ECM or DMS must tackle the issues concerned with IT compliance. For example, with data protection, the Digital Signature Act or commercial laws. These and approximately 180 legislative texts in Germany currently form the framework within which a company must conduct itself in a legally watertight manner – and this includes its IT service. Not least because it has to document the entire process history without omissions and in a way that it can be audited.
Three significant factors
Those regulations which must be followed exactly as part of an ECM implementation can vary from company to company. Generally, however – with the exception of a modern efficient software solution – three factors apply as essential to their success:
Firstly: IT compliance is the concern of contact persons in many departments. Their know-how is needed to set the “compliant” processes in motion. Technical departments, management and service providers must work closely together.
Secondly: for many companies IT compliance may begin with the implementation of an ECM or DMS. However, the subject does not come to an end with the successful completion of the project – on the contrary. IT compliance is an ongoing task. Among other things because legal requirements can change quickly or new requirements may arise. IT compliance must be clearly designated within the line organisation.
Thirdly: the supplier of the system should be capable of meeting complex requirements. He should be able to provide references with regard to similar specific demands so that an optimum quality of advice is available.
If an enterprise takes these factors into accounts, it will not only act more efficiently with an ECM or DMS – it will also act in a significantly more secure manner.