As more information in higher education becomes digitally available, including student financials, faculty research data and contracts, information security has become a focal point of concern. Many institutions are undertaking major initiatives to develop a governance, risk, and compliance (GRC) framework, which enables them to build a multi-layered information technology infrastructure to:
- Prevent harmful cyber-attacks.
- Ward off e-discovery problems.
- Ensure compliance with state and federal regulations.
In pursuit of information security, especially as it relates to documents, there are three often overlooked principles that will strengthen your institution’s information fortress.
Principle 1: Build a centralized repository. When it comes to institutional data, there’s no industry more decentralized than higher ed. In general, faculty records, research data and students’ academic records are managed and retained by individual schools and departments, making it hard to evaluate how much information needs to be protected at the institutional level.
A number of successful institutions have used document management technology as a universal point of control for their information assets. This enables them to capture the information as it’s created, while at the same time providing document shortcuts to individual schools and departments for direct access and processing.
The centralized repository has become the gold standard for institutional information, as it provides a straightforward and secure way to automate records retention and disposition policies.
Principle 2: Plan ahead. Too many colleges and universities have assumed that scanning paper documents alone will somehow make their documents more secure. However, without planning how these documents will be indexed and categorized in the repository, scanning leads to a “digital filing cabinet” stuffed with information that is hard to retrieve.
Planning out the template fields and metadata ensures that all information imported into the repository will be searchable and accessible, so that your institution can be more responsive when facing unexpected audits or e-discovery requests.
Principle 3: Training. While many institutions have implemented multi-layered technology infrastructures to protect their digital information, they must budget for adequate staff training as part of this infrastructure building. Security awareness training and change management training are critical programs that can help constituents better understand risk and maintain compliance. In addition, a sound management policy fosters an environment where key business objectives are well understood among departments and where performance can be optimized through monitoring and control.
Is your organization’s information protected? Learn more about how to protect your institutional records, download this free ebook: The Ultimate Guide to Records Management.