DocuNECT Security and Compliance

Documentation
Article Library

Date: 12/01/2016
Applies to Version: v5.0

This articles discusses the DocuNECT security and compliance features. DocuNECT provides a powerful platform for managing documents, but with compliance and security concerns on the increase, DocuNECT has some powerful features that can put your mind at rest.

"End to End" Encryption

All communication between DocuNECT components uses Transport Layer Security v1.2. If deployed with a SSL certificate on the web, this insures that all communication "in transit" is encrypted.

User Management and Security

DocuNECT supports two security models. If installed "on premise", DocuNECT can be tied to your corporation's Active Directory and will comply with the Group Policy Objects (GPOs) you have put in place. DocuNECT also has its own security model, primary used with the Portford Cloud version.

Password Policies

Policies can be assigned to strengthen and cycle user passwords.

passwordpolicy.png

Failed Login Policy

This feature disables the users profiles if the number of failed login attempts are received within the defined period.

failedloginattempts.png

Role Security

In order to make sure the right users have access to the right documents, role can be setup with assigned permissions appropriate to the access they need:

rolesecurity.png

Within each role, document permissions can be applied by cabinet to each of the actions:

documentsecurity.png

User and Role History

To support compliance, changes to users and roles are recorded in the history:

userhistory.pngrolehistory.png

Document Chain of Custody

As documents travel through the DocuNECT lifecycle, the following events are audited in the document history:

  • Create Document
  • Edit Indexes
  • Document Checkout
  • Document Check-in
  • Undo Checkout
  • Delete Version
  • Email Document
  • Email Document Link
  • Escalate Document
  • Move Document
  • Verify Document
  • Request Action
  • Delete Document
  • Approve Task
  • Reject Task
  • Complete Notification
  • Confirm Signature
  • Index Document
  • Change Cabinet
  • Open Document
  • Download Document
  • Add Comment
  • Add Annotation
  • Indexes Accepted

The document history can be viewed in the document management module:

documenthistory.png

Managing Personally Identifiable Information

Many organizations today manage, use, store and/or distribute documents that contain Personally Identifiable Information (PII). This is done internally for employees or, depending on their area of business, for customers, patients, residents and students. This digital economy relies heavily on the storage, access and transfer of data so putting in place policies and technology to manage this is becoming critical.

Document management adds a layer of complexity as the data is not only stored in databases (metadata), but also in the content of the documents. If your business model requires the distribution of documents then technology needs to be put in place to redact the data in the documents as well as encrypt the data in the database.

Examples of PII

The following list provides examples of PII data:

  • Name and other names used;
  • Social Security number, full and truncated;
  • Driver’s license and other government identification numbers;
  • Citizenship, legal status, gender, race/ethnicity;
  • Birth date, place of birth;
  • Home and personal cell telephone numbers;
  • Personal email address, mailing and home address;
  • Religious preference;
  • Security clearance;
  • Mother’s middle and maiden names;
  • Spouse information, marital status, child information, emergency contact information;
  • Biometrics;
  • Financial information, medical information, disability information;
  • Law enforcement information, employment information, educational information; and
  • Military records

DocuNECT provides a number of security features and functionality to manage the storage, access and distribution of PII data.

Data Encryption and Masking

Data needs to be protected when it moves from server to user and also when it is stored. DocuNECT encrypts the data in transit and at rest. When you define metadata to store documents, you can encrypt and mask the data. For example, a credit card number can be displayed as * except for the last 4 digits.

The following screenshot shows the setup of an a Social Security Number index value, with encrypted storage and masking:

ssn.png

When masking is used, it prevents the full value from being displayed:

masking.png