HR Document Security: How to Secure Personnel Files
HR Directors are under enough pressure to help ensure that employees are happy and productive. The last thing they need to worry about is secure access to employee files. Here’s how this aspect of their job can be made a whole lot easier.
Cloud Document Management
Cloud document management software is the first step for enabling truly secure, electronic document storage.
Once employee files are scanned and indexed, access
rights and retention scheduling are applied to each document to ensure that only the appropriate personnel can view them. Cloud document management can also keep I-9s separate from the standard employee file, and so that sensitive information from all files (medical, salaries, etc.) is not accessible from unauthorized internal personnel. An additional benefit is that external auditors can be given access to your system so they can conduct a “self-service” audit, which typically takes a fraction of the time.
SOC II, Type 2
To ensure that your cloud is secure, you’ll want to work with a cloud document management partner that has achieved SOC 2 certification. SOC 2 certifies that your software handles all of your employee files with controls that are fully documented and tested to minimize the risk
of data being lost or compromised, and that the software adheres to both your
corporate policies an external regulations, like HIPAA. This certification was established by the AICPA and centers around the creation of the Service Organization Control (SOC) Report that is prepared by an independent CPA.
Did you know that over 100 business owners, managers and supervisors were arrested on criminal charges related to employing
illegal workers last year? One way to ensure that you’re not one of them is to only hire those legally eligible to work and to capture this information on the I-9 employment eligibility verification form for every employee.
Consider the following as reported by the Immigration & Customs Enforcement (ICE) agency:
- Over 2,200 employers were audited last year
- Employers were fined over $50 million last year (up from $1 million in 2009)
- 223% more employers were debarred from Federal Contracts last year
Audit Trails & External Audits
One way to ensure compliance with ICE, state and federal retention requirements and corporate policies is to conduct an
internal audit of your documents and processes. These audits will
highlight areas of improvement and any information gaps that may exist
so that you are prepared for an external audit. Document management audit logging is a tool that can help streamline the internal audit process.
The Next Step
Once you’ve gotten HR document access, security, I-9 management, and audit trails under control, then we can explore automated retention scheduling, mobile access and security, and workflow automation.