Document management is the process organizations use to create, control, secure, store, retrieve, share and destroy documents in all their forms. In the age of information proliferation, rapid technological change and security issues, organizations establishing document management systems must consider not only good business practices, but rules, regulations and standards promulgated by government and international bodies.
Rule Making Entities: Financial
Numerous federal entities issue regulations requiring organizations to comply with document management rules. The following is a summary of such entities, the types of organizations they impact, and the statute or regulation.
The Securities and Exchange Commission in SEC 17a-4 provides document management rules for brokers, analysts and others involved in securities exchange.
The Sarbanes-Oxley Law in Sections 404 and 409 impacts document management by all publicly traded companies as well as accounting firms, auditors and those involved with securities trading.
The Check Clearing for the 21st Century Act (Check 21) regulates check handling and applies to the banking industry. It is administered by the Federal Reserve.
The Gramm-Leach Bliley Act protects consumers’ financial information held by financial institutions and is administered by several federal agencies.
The National Association of Securities Dealers (NASD) Rule 3010 and New York Stock Exchange (NYSE) Rule 342 are administered by the Securities and Exchange Commission and regulate record-keeping requirements having to do with electronic communications for members of these two organizations.
Health Care Rules
The Health Insurance Portability and Accessibility Act (HIPAA) applies to such groups as doctors, hospitals, insurance companies and employers engaged in compiling or transmitting patient information. It is administered by the U.S. Department of Health and Human Services.
21 CFR 11 is the section of the Code of Federal Regulations administered by the U.S. Food and Drug Administration and addressing electronic records and electronic signatures. This section impacts healthcare and pharmaceutical companies.
The Department of Defense regulations (Dept. of Defense 5015.2, version 2) define requirements for records management software purchased by the Department of Defense. Other government entities also use this standard for their records management software.
Other Federal Rules
The Federal Rules of Civil Procedure govern how law firms handle information related to legal procedures.
The Internal Revenue Services Rev. Proc. 97-22 provides rules for the electronic storage and transfer of taxpayer information, and impacts the financial services industry.
The Need for Rules
Americans depend upon regulatory agencies to ensure protections are in place to keep personal information secure, protect financial transactions and exercise appropriate oversight over those with control over the nation’s food, drug, financial, and healthcare assets. The nation’s information infrastructure is vital for its defense and must also be protected.
Standardization of document management extends beyond the United States. Non-governmental entities such as the International Organization for Standardization and the Open Document Management API work to standardize and share processes for document management systems in order to ensure the security and availability of informational records when they are needed.