The much-talked-about Bring Your Own Device (BYOD) trend has positive potential for better communication and collaboration throughout the manufacturing process. However, the use of mobile devices for content and process management has raised questions about information security in demanding and heavily regulated manufacturing environments where protecting confidential data is of the utmost importance.
As more and more employees are looking to use tablets and smartphones for work activities, manufacturers must evaluate BYOD strategies that have the potential to significantly enhance productivity and compliance activities, while still ensuring that sensitive information is adequately protected.
Mobile Devices Deliver Significant Efficiency and Productivity Benefits
In my experience within the document management and quality management space, I've seen several real-world use cases where the use of mobile devices has resulted in dramatic operational benefits for manufacturers.
For example, the ability to create change requests and track deviations on-site immediately using a mobile device results in a faster and more efficient process for providing quality-related feedback and insight, which in turn has a direct and measureable impact on quality and efficiency. In this example, the ability to capture and document the event or incident with a photo and location-based tracking mechanisms via a mobile device not only improves the accuracy of the tracked event, but does so in a faster and more timely fashion. In instances where others in the organization must review and sign off on a change request or deviation, mobile devices can also be utilized to make this process more efficient. Staff members can review and approve a new standard operating procedure (SOP) directly from their smartphone or tablet while they're out of the office.
Information Security and the Mobile Workforce: Areas to Consider
While the benefits that can be achieved by allowing employees to leverage their mobile devices are clear, manufacturers must weigh the potential efficiency and productivity gains against the risks associated with security in three distinct areas:
Cloud Infrastructure Security
If a manufacturer is considering allowing its employees to use their mobile devices for accessing business documents and participating in related workflows, they must be willing to publish content in the cloud. Ensuring that only authorized personnel can access certain content is essential — regardless of whether information is accessed via an on-premise document repository or via the cloud from a mobile device. However, if you provide users with access to a cloud repository via their smart phone or tablet, then you should not only establish and enforce strict password policies, but also consider requiring multi-factor authentication such as SMS tokens, or some other additional layer of security. Encrypting data residing in the cloud, both in transit and at rest, is another method for ensuring a high level of cloud infrastructure security.
With encryption and password mechanisms in place, you can prevent unauthorized access to content. However, the most common and significant information security threat often comes from inside an organization. For example, are your employees able to copy and/or save content outside of your repository? Are you able to ensure that confidential documents are not shared via unsecured email or via employees' personal Dropbox accounts? Furthermore, are you able to guarantee that employees are always working from the most current and accurate version of the document? The key to addressing these concerns is to maintain your organization's content in the same system while also leveraging strict content control capabilities such as controlled printing and copy features.
Audit Trails and Regulatory Compliance
While most of us agree that mobile devices can enhance collaboration and streamline document-intensive manufacturing processes, the real challenge is to be able to do so securely, while also adhering to regulatory standards and compliance mandates. For example, the person within a manufacturing organization who must approve the new version of an SOP may be able to access the document and sign off on it, but there must be documented evidence that they have done so. Similarly, even though employees can probably read a new training manual from their iPad, their managers must be able to prove that they have done so. Collecting evidence that specific processes have been followed is often one of the most challenging aspects of a manufacturer's quality system. Maintaining all content in a single system that has the ability to produce a complete audit trail that details when all pertinent employees and read and/or approved specific documents throughout the entire process, along with electronic signature support, is the key to mitigate this risk.
By carefully evaluating and addressing potential security risks, manufacturers can reap significant benefits from allowing their employees to use smart phone and tablets. Manufacturers can keep their personnel connected, informed and on task, while also ensuring confidential information is protected and secured.
Mika Javanainen is in charge of managing and developing M-Files product portfolio, roadmaps and pricing globally. As a Director of the M-Files Product Management Unit, he leads and supervises M-Files Product Managers and works closely together with M-Files Product Development and Marketing teams to design and develop new products and features leveraging his long experience with enterprise content management (ECM) and M-Files technology. Mika has an executive MBA Diploma in International Business and Marketing.