Internal Document Control

Control of Internal Documents: controlling access and use

There are many systems (computer applications) that claim to provide control of internal documents, but before you can decide if they do, you need to know exactly what you consider to be documents, and what controls you actually want or need to apply to them to support your business processes.

If we look at international standards such as ISO 17799 (ISO 27001) Code of practice for information security management, we find that a control is something that you put in place in order to be able to describe what is required and measure if it is working (or not).

So internal document control needs something in the way of definition/specification in order to find out what it is that we are actually trying to achieve and how it is that we think we can achieve it.

Internal document control usually revolves around the need to make sure that only those who are approved can see and can edit documents.  Often the most important consideration for internal document control is to make certain that the internal document cannot become an external document (but also see the article on external document control).  All too often there is no internal document control system to prevent internal documents from being copied and given to outsiders.  Somehow or other it is expected that the ‘normal’ operating system controls are going to prevent users from being able to take copies of mission critical documents and pass them on to others.

Also, ‘normal’ controls are supposedly able to prevent people from being able to copy the temporary files that applications such as Microsoft Word or Outlook/Express seem to leave littered across the landscape for almost anyone to see.  Perhaps those are the really significant threats to internal document control – the fact that the normal applications all users make use of actually provides compromises to internal document control by making available uncontrolled copies of what would otherwise be controlled documents.

Therefore internal document control is not something that is actually that easy to establish.  It is far easier to encrypt a finished document than it is to ensure that a user cannot obtain a copy of a document that is subject to internal document control.

Of course there are specialist systems that can apply internal document control to documents that are being created, reviewed, edited and approved.  But the problem with these is that they remain outside the mainline tools that people use.  Whether purists and IT security gurus like it or not the most popular (or perhaps more likely provided as part of how the computer arrived) tools in the IT stable come from Microsoft, and are therefore the ones that users are familiar with and have used before.

What systems are available for internal document control?

There are a wide variety of systems available for the control of internal documents.

These vary from the document management systems that control access, versions, import and export and authorization to those aimed more towards the modern concept of document collaboration controlling input from multiple authors together with review and authorization.  All these systems really rely on access control mechanisms for their effectiveness because in most instances digital rights management (DRM) type controls are not appropriate.

However in some cases DRM controls may also be required where it is necessary to prevent people taking printouts or copies of documents and giving them to others (or having them stolen or misled).  As a result other measures are needed where DRM controls are to be applied to internal document control.

Download internal document control software

Download internal document control software that uses digital rights management (DRM) controls and US Government approved AES 256 bit encryption to control access and use of your internal documents.   Control what users can view your internal documents, what they can do with them (copy, print, etc.) and when they can no longer be viewed (expire).

Safeguard PDF security and Enterprise PDF Security controls access to and use of your PDF documents both internally within the enterprise and externally with partners and other business units.