Q&A: Taming Document Storage
Tech advances are changing how physical documents are securely stored and recalled. We explore the latest trends and issues affecting document storage, including compliance, natural disasters, and data recovery.
In the early days of IT, document storage was simply a matter of packing up documents into file boxes and storing them in a “safe and secure” place, hoping that a particular document would never be needed. Today, with growing data volumes, extreme natural disasters, and compliance issues, IT’s job is considerably more complex. To learn more about the state of document storage and retrieval, we spoke with Jason Molfetas, senior vice president and chief information officer of Recall Corporation, a document management and data protection services provider.
Enterprise Strategies: Physical document storage seems like a relatively straightforward, unchanging process: documents are kept in a safe place and retrieved when/if needed. How have technological advancements changed the way physical documents are secured?
Jason Molfetas: From a storage standpoint, the most important breakthroughs for our industry address the overall safety of documents. For example, documents could be destroyed by fire or by the water used to extinguish it. Many employ VESDA (very early smoke detection apparatus), which can recognize smoke particles so minute that a freshly-lit cigarette would be detected.
Physical controls now include a raft of biometric controls such as fingerprint and vascular scanning. Finger0scan units use a high-level algorithm to match over 75 points of identification on any system authorized finger print in as little as two seconds. Vascular scans identify the veins under the top layer of skin of approved employees and can grant access in as little as a half-second.
Taking surveillance technology even further are new facial recognition systems in high-security data vault environments. These systems also employ advanced algorithms to measure distinctive points on an authorized individual’s image. The system is also enhanced normally to a tri, which can be defined as something you remember (like a PIN), something you carry (an access card or proximity tag) and something that cannot be copied (finger, vascular, retinal, or facial scans). With this in mind, secured areas using these types of technologies are virtually impenetrable.
Why do enterprises still maintain physical document storage? Why hasn't everything been scanned so it can be retrieved electronically?
Physical documents are a crucial element of today’s business structure. There are many industries, such as health care, government, legal, and banking that must maintain original documents for compliance. Of course, those documents could be scanned and stored electronically, and this works well for companies that anticipate high usage of these documents in the future. However, governmental regulations require original documents to be securely stored for years. Physical document storage plays an important and necessary role in overall data storage strategies.
What are some of the compliance-related trends and issues you see on the horizon?
We expect there to be more focus on internal compliance-related risks, particularly on employee/personnel-related wrongdoing or misuse of company information. With the increased usage of smartphones, tablets, and flash drives, transportable media devices will require more extensive encryption.
As compliance laws and regulations evolve, company policies will have to catch up. Written information security programs and plans will be administered and re-administered, along with more stringent social media policies.
With the vast volume of documents stored in the typical data center, I would think the task of finding specific files is quite complex. How has technology assisted the industry in cutting down retrieval time?
RFID (radio frequency identification) has been a game-changer for the document storage industry and its customers. With the press of a button, 300 cartons can be scanned in less than 30 seconds as opposed to 30 minutes without RFID. With the move to place RFID tags on each file inside the cartons, the response time will only get shorter. This is great news for organizations going through an auditing process because storage facilities can now find important documents quickly. Furthermore, the reduced response time allows companies to proactively conduct self-audits. It has given the industry the unprecedented opportunity to serve customers in ways not previously possible.
What are some common misconceptions about physical document storage?
One misconception I hear often is, “Isn’t information management just for large corporations?” The answer is, in fact, a definite “no.” Information management is just as crucial to smaller, emerging companies as it is to larger ones. In fact, small companies face many similar regulatory and compliance requirements as large ones but often lack the space and resources to do it efficiently and securely, making an information management provider an extremely important partner for companies of all sizes.
What mistakes do companies make when it comes to physical document storage?
Most organizations have a records information management program in place to recover files when a disaster or unexpected event occurs. However, the majority of them do not apply or enforce the policies created. Fires, tornadoes, floods, and hurricanes are enemies of physical documents. Even a frozen water pipe that suddenly bursts is a potential disaster from a document standpoint. Simply locking documents in a file cabinet isn’t enough. Paper and tapes are fragile and the elements that destroy them usually appear without warning. At a moment’s notice, documents that keep a company compliant can be gone. Then, when human error is added into the mix, companies have to consider the risk of a file being misplaced, lost, or even stolen. There’s too much at stake not to create, practice, and enforce an information management plan.
Along those lines, 2011 was a devastating year for natural disasters. What practices should business implement to prepare for the unexpected?
Businesses should regularly perform full risk assessments in all areas of the organization: physical security of critical documents, where the documents are contained, and facility safety. Additionally, it is critical to assess the risk of unauthorized personnel or rogue staff members accessing original documents. As I mentioned, make sure the records information management plan is in place and practiced annually.
Will there be a time when physical document storage is no longer necessary?
Businesses have been using the term “paperless office” since the early 1970s. However, paper has not been eliminated by any stretch of the imagination. Today’s governmental regulations require original documents to be securely stored for years. Thus, physical document storage plays an important and necessary role in information management for many years to come.
Take me through the data-recovery process for a company after a natural disaster. How quickly can an organization get back up on its feet?
The data-recovery process should start well before a disaster actually occurs. The first step is collecting and securely storing documents and computer backup tapes in an off-site location. Next, it is important to identify a number of organizational areas that must be identified before there is a problem: critical departments, procedures, resources, vendors, and alternate sources for supplies.
It is also critical to engage in annual disaster rehearsals that recreate emergency situations and allow all to simulate the necessary actions should disaster strike.
How quickly an organization can get back up on its feet depends on a number of factors. Generally speaking, the recovery plan may take a few hours. However, the time can be impacted by a number of factors such as the nature of the disaster and/or the impact on local roads.
What products or services does Recall offer for document storage?
Recall is a global business, with over 300 facilities across over 20 countries on five continents. Recall operates three primary lines of services: document management solutions (DMS), which includes physical document management and digital document management; secure destruction services (SDS) and data protection services (DPS).
Advanced technology, state-of-the-art security, deep-seated experience is how Recall sets the standard on information management. For example, our policies and procedures are standardized around the world to ensure that any client’s documents and information are stored safely and securely using the standard operating procedures in each Recall Information Center.
James E. Powell is the former editorial director of Enterprise Strategies (esj.com).