Lab Manager | Run Your Lab Like a Business

How to Ensure Document Security

It is generally believed in the life science world that all regulatory and compliance issues go away when a document management system is implemented

by Other Author
Register for free to listen to this article
Listen with Speechify
0:00
5:00

It is generally believed in the life science world that all regulatory and compliance issues go away when a document management system is implemented, preferably the most expensive system with untold rewards. And why should this misconception not be believed? The regulatory bodies almost promote this idea. Most of these systems do not do all of the things required for the life science industry out of the box. Rather they require a significant amount of configuration during implementation to meet those needs. This implementation will either succeed or fail to make a company more impervious to compliance issues.

The truth is that a document management system, if implemented correctly, can significantly improve the regulatory landscape of a company and at the same time yield significant additional business benefits. There are several issues with either the document management system or the implementation that can put a company at regulatory risk. Those include misunderstood requirements, poor or delayed execution, or a system that cannot be validated.

Get training in Technical Safety Topics and earn CEUs.An IACET-accredited five-course stream in the Academy.
Technical Safety Topics Stream

A significant architectural flaw is that some legacy document management systems still store managed documents on the file system. Making the documents as susceptible to tampering, corruption, and malice as a network file share. This flaw can be traced back to a time when there was no other way to solve the problem. Today’s modern database systems make this problem surmountable but legacy systems whose code base is dated are unable to change. While it is true that this specific file system can be significantly secured from user access, those files could still be manipulated by an IT staffer either under coercion or self-directed contempt. The end result is that not only all of the company’s data is suspect, but their expensive document management system is suspect as well.

A robust document management system stores documents inside a database, where they are absolutely secured against download or change without an audit trail. In fact, they are no longer documents — just binary data. In some cases, this data is even encrypted. In the eyes of a regulator, imagine which system will emerge as a better choice.