Document Control: Control Document Access, Copying & Use

The key to all document management systems is the ability to impose document control on the documents that are being created or distributed.  If there is no document management, then there is no document control.  And if there is no document control, then there is nothing.  Ask any auditor.  Those boys and girls know all there is to know about document control systems.  They don’t just do it for a living, they mainline on it.

But you don’t have any document control without document security technology that includes document copy control and document protection.  If other people can copy your documents, then you have no document copy control and you have no document management.  And that gets us round to the question of document security.  That is what sits at the base of all document management systems.

Document copy control is perhaps the most difficult thing to achieve.  Everything in a computer is there to make copying easy.  So to achieve both document copy control and document protection you need to be able to hold documents in a form that is inaccessible to those who are not authorized.  And that means encrypting them.  As a practicality it is not possible to stop people from copying files, so to achieve document copy control you first need to encrypt the files.  That way, it no longer matters if someone copies the files or not, your document management system does not grant them the authority to use the document and so you have achieved document copy control despite the fact that the ‘document’ has been copied.  So encryption is used to control document access by preventing unauthorized users gaining access to protected documents, but what about the control of document use?

This is where Digital Rights Management comes in.  Digital Rights Management or DRM for short, enables you to control document use once a document has been opened by an authorized user.  This may be what actions can be taken on the file (e.g. editing, copying, etc.) or for how long it can be used (document expiry).  Document security is not something that is fixed.  For some users of documents you may wish to allow them different capabilities such as allowing or preventing printing, or allowing or preventing use outside certain locations.  That comes back to how you implement document control – controlling document use at either a document and/or user level.  To control document use a document protection system must allow you, as the document owner, to decide which controls are to be implemented, and at what level, in support of your document management objectives.

Another crucial part of a document copy control system is licensing control – the ability to license users so you can control what documents they can access and from what locations.  By using licensing control you can deliver document keys securely and transparently to authorized users and their devices so you don’t have to rely on outdated password protection systems that are cumbersome to manage and easy to bypass – see why you should not password protect PDF documents.  Licensing control systems also enable you to revoke document access even after documents have been distributed or revoke user access to individual or all documents.

And when you have implemented your document control system, as the auditors would tell you, you need some way of being able to check that it is actually working.  So your document control system must have some way of letting you know that your document security system is actually working.  This might be recording when document control is being used, or it might be to record when those who are unauthorized attempt to breach document security.  See tracking document use.