QMS and ISMS systems support

Suppose you have implemented or want to implement a quality management system (QMS—Quality Management System) and/or an information security system (ISMS—Information Security Management System) and are wondering what the place and role of the DMS (Document Management System) system is in this area. We will try to explain it using our UniDocs DMS as an example.

Business information systems, the popular ERP, are based on structured databases managed by DBMS software such as Oracle, Microsoft SQL Server, DB2, etc. These software systems have access protection systems, permissions, and restrictions that guarantee a high technical level of data security (confidentiality, completeness, and availability). However, according to the requirements of the international standard ISO/IEC 27001, this is not all that is necessary for a valid information security management system.

Business information systems, the popular ERP, are based on structured databases managed by DBMS software such as Oracle, Microsoft SQL Server, DB2, etc. These software systems have access protection systems, permissions and restrictions that guarantee a high technical level of data security (confidentiality, completeness and availability). However, according to the requirements of the international standard ISO/IEC 27001, this is not all that is necessary for a valid information security management system.

Most often, almost as a rule, there is no connection between input and output documents and data in ERP, which violates the “complete” type of security.

We should not forget the fact that in the case of a check of any kind, the original document on the basis of which any change or obligation arose is always and only checked. That is why document preservation and ensuring compliance with data is one of the most important requirements.

That is why companies resort to different ways of storing documents in electronic form. Incoming documents are often scanned, and outgoing ones are stored electronically in the format in which they are formatted. Most often, these documents are stored on the so-called file servers, the connection between them and the data in the ERP does not exist, documents accumulate and are increasingly difficult to find, and their security in terms of “availability” is at a low level.

The UniDocs program system belongs to a group of systems that perfectly provides two types of information security essence according to ISO/IEC 27001, with the highest level of usability of organized electronic documents, namely:

  • It ensures the placement, monitoring and efficient use of business documents in a completely safe and traceable manner, while establishing a connection between documents and ERP records (by integration with the ERP system)
  • It provides a complete system for managing system documents in the field of quality management and information security in accordance with the standards of the ISO 9000 and ISO 27000 series.

UniDocs helps every organization that implements and maintains a quality system (QMS – Quality Management System) and an information security system (ISMS – Information Security Management System) solve the issue of efficient introduction, confirmation and maintenance of system documentation related to the mentioned systems, while at the same time easily fulfilling all security requirements related to the placement, organization, management, monitoring and use of documents in electronic form.

UniDocs’ functionalities for authentication, electronic signing, permission and restriction management, event history management, document revision management, and document publishing and distribution enable all technical requirements of electronic document security according to ISO 27000 to be met by the very implementation of the software.

Complete security is provided by UniDocs AppServer, which contains services for managing document files and provides complete logic for naming and storing document files. Document files are completely securely stored and protected from any malicious access or accidental mistakes by computer network users. Together with the UniDocs search subsystem, it makes documents available in seconds. Bearing in mind the built-in logic of storing and naming files, with UniDocs it is not necessary to set up expensive storage systems with their own logic for placing and naming, but it is enough to provide only the appropriate capacity of standard storage or disks on file servers in the network.

This approach can effectively automate the company’s operations, as well as the introduction and maintenance of QMS and ISMS and ensure the real unity of data and documents. At the same time, all the processes of managing system documents QMS and ISMS are significantly simplified and automated, especially the management of audits and the reliable, fast and simple distribution of documents within the organization.