Cintas Document Management Issues Best Practices to Protect Mission Critical Information
-Visit Cintas at FOSE, booth 1421, to learn about effective strategies and solutions for a secure, compliant records management program-
CINCINNATI—July 19, 2011 – Due to a high volume of information, government regulations and heightened security issues, government agencies often find records management to be a challenging task. In conjunction with the Federal Office Systems Exposition (FOSE), Cintas Corporation today issued best practices to help government agencies implement a successful records program to securely manage, maintain and protect mission critical data.
“Government professionals often perceive records management as a daunting task because they deal with an enormous amount of highly classified information on a daily basis,” said Judith Benatar, Global Account Manager, Government Solutions, Cintas. “However, by implementing a compliant records management program, agencies can gain control of their information and ensure it remains secure, yet easily accessible.”
Best practices for protecting confidential information include:
- Research and understand all regulations. To ensure a compliant records management program, thoroughly research and understand all industry, state and federal regulations. There are various data privacy regulations that government agencies must comply with such as the Federal Information Security Management Act (FISMA) and National Archives Record Administration (NARA) policies. Furthermore, many states have specific requirements as well.
- Develop a policy statement. An effective policy statement outlines specific program guidelines including the purpose of the records management program, individual responsibilities, ownership, legal status, privacy and goals. This ensures all employees know exactly what is expected of them and how the records management program will apply in everyday business. The policy should specifically outline details regarding security access, retention expectations, outside vendor access and electronic media use.
- Set a retention schedule. Government agencies must only maintain information necessary for operations. Gathering unnecessary data and storing obsolete files places extra liability in the event of a data breach. Work with management and a legal consultant to identify a retention schedule based on legal requirements and internal policies.
- Limit accessibility to records. Only personnel who require job-related access should be authorized to view records. Limiting accessibility is critical as every government agency retains a lot of confidential information. By enforcing these rules, government agencies can greatly reduce the threat of data breaches from employees and other unauthorized sources.
- Securely shred all documents. Shred all documents no longer needed to protect confidential information. Partner with a North American NAID-certified shredding provider to ensure security and compliance. A provider will place secure shredding containers in accessible and identifiable locations to make it safe and convenient to dispose of documents. On a routine basis, the provider will collect the bins and securely shred all paper on-site. Once shredding is complete, a certificate of destruction will be provided for a legal audit trail. Ensure the provider recycles all shredded paper to help protect natural resources.
- Store records offsite. Government agencies that store a large volume of records with long retention periods should consider an offsite storage provider. This will free up valuable space and keep confidential information out of the wrong hands. It’s important to select a safe, secure and cost-effective provider. Look for a secure storage facility equipped with 24-hour security cameras, alarm systems and complete fire protection systems to protect records from catastrophes such as floods and fires.
- Digitally image critical files. Converting paper files and records to electronic documents can help an agency increase productivity, improve processes and ensure compliance with regulatory requirements. From disaster recovery planning to having immediate access to files, a digital imaging solution enables employees to find the documents they need, when they need it. Consider working with a professional provider that provides secure document imaging and scanning services to gain immediate, real-time access to all critical files.
- Train staff. Once the program has been established, educate and train all employees to take a proactive role and follow protocol. The key to a successful program is active participation from all employees. Each year, update staff regarding any new legal requirements and encourage them to securely shred any documents that are no longer needed. This will save space to ensure current documents are easily accessible.
“A secure records management program is fundamental to keep mission critical information confidential,” added Benatar. “It’s essential to partner with a document management provider that is knowledgeable and compliant with government regulations, has the ability to support large-scale projects and can provide a complete document management solution that meets the needs of the entire agency.”
Cintas is the first North American AAA NAID-certified and PCI DSS compliant document management provider. It has a General Services Administration (GSA) schedule award and provides cost-effective document shredding, storage and imaging programs. Cintas’ services are designed to provide businesses with data privacy and security, compliance with regulatory requirements and greater control and access to information.
For more information about Cintas’ document management services, please visit www.cintas.com/documentmanagement.
About Cintas Corporation:
Headquartered in Cincinnati, Cintas Corporation provides highly specialized services to businesses of all types primarily throughout North America. Cintas is the first AAA NAID Certified and PCI DSS Compliant provider. Cintas designs, manufactures and implements corporate identity uniform programs, and provides entrance mats, restroom supplies, promotional products, first aid, safety, fire protection products and services and document management services for approximately 800,000 businesses. Cintas is a publicly held company traded over the Nasdaq Global Select Market under the symbol CTAS, and is a component of the Standard & Poor’s 500 Index.