Turning your physical records into a digital format is a wise choice. Whether it’s for decluttering, enhancing accessibility, or simply safeguarding important data, scanning projects have become indispensable. However, sending off those critical documents for scanning raises a significant question: who exactly is handling and viewing your files? 

This article goes into the details of securing your records during such projects, uncovering the layers of safety employed by scanning vendors, and why it matters for your peace of mind.

Ensuring The Safety Of Your Records With A Scanning Vendor

Moving forward with a digital conversion project can be a bit overwhelming, especially when you’re working with a scanning partner or vendor. Handing over your records to them can be challenging because you don’t know what’s going to happen. You’re putting your trust in a company that you believe will keep your records safe and make the digital conversion smooth and correct. But what’s the best way to ensure that?

Person deep in thought

Even if you don’t have sensitive or confidential data, these are still your records, and you still care about them. Maybe they’re the only copy, or they include some historical records—whatever it is, you want to make sure that they’re safe. Especially when you have sensitive information such as medical files, criminal files, student records, and things of that sort, you’re particularly concerned about not only the physical records and their handling and safety but also the protection of the digital files and their Personally Identifiable Information (PII). 

This adds even more of a burden on you, making you wonder if you’re choosing the right partner. So, what we’re going to go over is how you can make the right choice.

The Importance Of Physical Security: Keeping Your Documents Protected

In the world of security, we typically break it up into two different parts: physical security and digital security. The first area we’re going to cover is physical security. 

Of course, there’s a transportation aspect involved in getting your records to your scanning vendor of choice. That’s a discussion in itself, but the key thing is that there are a couple of different ways to get those records to your scanning vendor. This could be through a vendor pickup, dropping them off yourself, or shipping them via a third party such as FedEx or UPS.

Warehouse workers loading boxes into a van

One of the key things is making the right choice to get them to your scanning vendor safely. If you’re shipping them, there are a couple of different ways to do so, such as shrink-wrapping pallets and adding tamper-proof or tamper-evident tape. Something we often use with many of our clients is a special type of case called Pelican cases to mitigate tampering and damage to records. This is more specifically for microfilm, microfiche, and aperture cards, but it’s something to consider.

Closed Pelican transportation case
Closed Pelican transportation case

Let’s assume you are working with us. Once the records get to our facilities, we’ll track the records by putting them into our MTS, or Material Tracking System, so we can monitor those records throughout the entirety of the project. You’ll know where they are and what’s happening with them within our facility. 

It’s kind of like an onion, with many layers of security. To gain entry, you’ll need both a pin code and a key fob identity badge. Even if you get into the front area where the lobby is, which has minimal public access, there’s another layer within our facility that only allows production personnel into the production area. Additionally, we can secure individual rooms with permissions-based access, allowing only certain personnel to enter various rooms depending on the projects or what materials are housed there. We have a multi-layer defense for physical security. 

Also, we have 24/7 camera surveillance both inside and outside, decibel sound monitoring for any potential break-ins, and local police and fire departments are minutes away from our facilities if there is an issue.

Security camera at twilight

There are plenty more details we can delve into, which we have covered in other articles and videos. But from a high-level view, you want to ensure the physical security of your chosen scanning vendor is up to par with what you believe is appropriate for your records.

Digital Safeguards: How Data Protection Ensures Confidentiality

The other half of security is the digital security side. Once the records are actually scanned and we have the digital images or electronic data, it’s essential to know how that data is protected.

Thief opening a digital vault

On the project side, we use permissions-based access based on the project, assigning personnel only to those who need to work on it. This process is initiated through our Secure Material Access Request (SMAR) process. The production manager selects who will be assigned to the project, and those individuals are approved by security personnel. This not only allows them to physically handle the material but also provides access on the digital side for indexing or IT folks setting up the hosting application in our digital platform, for example. 

Another aspect of digital security is how the data is stored internally. This includes cold storage and encryption while holding the data before delivery. For the delivery itself, options include a USB drive, an encrypted USB drive for sensitive data, or electronic transfer via FTP (File Transfer Protocol). For sensitive data, SFTP (Secure File Transfer Protocol) is used.

Person holding a USB hard drive

Access logs are crucial for tracking who has been working on various projects or accessing material. These logs can show who is modifying, adding, or changing data. And third-party penetration testing is conducted to continually probe and test for weaknesses or access points to data, ensuring that we can bolster our security and protect the data effectively. 

If you’re using our Digital ReeL hosted application, permissions-based access requires a username and login for a direct user account. We have multi-factor authentication, as well as IP address locking, which can restrict access to only approved IP addresses. These are just a few of the ways we ensure the security of your digital files.

Dedicated Project Teams: Choosing The Right Personnel

Choosing the right company usually means deciding on the people who work at the company. When you give your project to a scanning vendor, you’re really entrusting it to their personnel. This makes it crucial to check how your scanning partner hires its personnel, how they vet them, and especially, the steps involved if they’re working on sensitive projects.

Employee screening check concept

Some of the ways companies vet their personnel include background checks, specialized training, and project-specific clearances. For example, Live Scan background checks and CJIS testing and compliance for criminal justice information are often part of the vetting process. 

Lastly, for every one of our projects, we have a dedicated project manager who is responsible for executing the project and overseeing it during its execution. This means that if there are any issues with the project or questions that arise, you can always reach out to the individual project manager for answers, as they are accountable for that specific project.

What You Need To Know About Subcontractors

In many cases, if you’re working with a company on a digital conversion project, subcontractors will be involved. The benefits of subcontractors are that they can typically reduce costs for various parts of the project because they focus on the scalability of specific items such as key data entry, record identification, or adjusting images, cropping, and framing images. Just because they’re subcontractors does not mean there’s any less security or safety involved in the project; it just comes down to how your scanning partner handles their subcontractors.

Employee screening check concept

In our case, our subcontractors are long-term partners that we’ve been working with for many years, and we have business associate agreements with each. We also require that they complete a security questionnaire each year, and we are audited on how we work with our subcontractors during our yearly audits. 

Depending on the project specifics, there are various ways to interact with subcontractors. The key is that if you are concerned about subcontractors being used on your projects, you should talk with your partner, rather than dismissing the ability to use them, because that could increase your cost. Just because you hear the word “subs” doesn’t mean it’s not safe. 

Again, it comes down to how your scanning vendor provides the information, images, or data to the subcontractors in a safe and secure method. If you’re interested in that, there should be transparency so you understand that it is safe, and then you can make the choice if you really don’t want it or if you’re okay with it.

Picking The Right Scanning Vendor: Key Questions To Ask

As we stated before, scanning projects are all about the people working on them and how the records get scanned and processed. With the information above, here are some questions you can ask your potential scanning vendors to see if they’re right for you: 

  1. Do you have documented procedures and policies for projects?
  2. Do you have written agreements in place with your subcontractors?
  3. Do you have annual audits, either internally or through a third party?
  4. What type and amount of insurance do you have to cover unforeseen instances during a project?
  5. Can you provide examples of other projects like mine so I can understand how that project went and what I can expect?

In Closing

Understanding who has access to your documents is vital. By ensuring both physical and digital security measures, working with dedicated project teams, and being aware of potential subcontractors, you’re taking the necessary steps to safeguard your information. Remember to ask the right questions when selecting a scanning vendor, turning this process into an opportunity to strengthen your data management. Choose wisely, and transform your physical records into secure, easily accessible digital assets.

Next Steps

Reach out to us today! Click the “Get Your Quote” button below, fill out the form, and we’ll quickly reply to you to discuss your project.

Further Reading

Ensuring Data Security During the Digitization Process
Choosing a scanning partner is tough. Knowing they’re keeping your records secure is tougher. Learn about different security aspects of a digitization project and how to check if they’re being followed.

Understanding A SOC 2 Type II Audit For A Scanning Company
SOC 2 audits, which stand for System and Organization Controls, are not just procedural formalities; they are comprehensive evaluations that ensure organizations operate with the highest standards of security, integrity, and confidentiality.

Striking The Balance Between Efficiency & Security In Digitization Projects
Explore the advantages of efficiency and security in digitization projects, how they intersect, and strategies to balance them when you decide to digitize.