From: "Edwin"
I've watched this thread with considerable interest.
Some responses:
SECURITY
The best way to secure documents over the Intranet is with network facilities: either using your web server's security features, or restricting write access to the directories in which the documents are filed. We try not to use Word documents: HTML and PDF formats are much smaller and create consequently less network traffic. The rule is: if it's only going to be accessed on-line, use HTML; if it's also going to be printed, use PDF.
EDITING
With HTML software so easy to use, it's easiest to convert the files into HTML, and when satisfied, delete the Word files: that way, you only have one version of the file (therefore no version conflicts), and any links you create in the HTML file aren't lost on re-exporting from Word. Don't, for heaven's sake, use Word to edit the HTML files: it's a dog of an HTML editor and produces the worst HTML imaginable. PDF is not an editable format, so any editing must be done in Word, and then the final document exported into Acrobat and bookmarks added, if required.
APPROVALS
The simplest method of ensuring appropriate approval is to discipline the posting process by restricting write access to the directories to those responsible for the document. Then, when the document is altered, if the revised document is online, it can only be because it has been posted (i.e., authorised) by the responsible person). Control is by the logic of the process, not elaborate digital signatures or similar.
Best Regards
Edwin Humphries
------------------------
From: ISO Standards Discussion
Date: Wed, 12 Jul 2000 14:39:50 -0500
Subject: Re: Web Based QMS /../Humphries/Pfrang
I like Edwin's suggestions, as well as a few others that have been posted, because they address the important issues related to Intranet use without going overboard. Some people have the mistaken idea that Intranet use demands all sorts of extreme procedures for document security, editing and approval. In fact, unless the firm has (or is likely to have) a widespread problem with employees deliberately falsifying documents, the firm should do just fine with a minimal document control system (electronic- or paper-based) that merely prevents accidental tampering.
In other words, the level of document security, editing and approval depend more on the character of the firm and whether it has (or is likely to have) forgery problems than on whether the firm chooses paper or an Intranet as its document storage medium. If the firm has no forgery problems with paper documents, then switching to electronic media should require no significant new procedures for document security, editing and approval.
-- Doug
I've watched this thread with considerable interest.
Some responses:
SECURITY
The best way to secure documents over the Intranet is with network facilities: either using your web server's security features, or restricting write access to the directories in which the documents are filed. We try not to use Word documents: HTML and PDF formats are much smaller and create consequently less network traffic. The rule is: if it's only going to be accessed on-line, use HTML; if it's also going to be printed, use PDF.
EDITING
With HTML software so easy to use, it's easiest to convert the files into HTML, and when satisfied, delete the Word files: that way, you only have one version of the file (therefore no version conflicts), and any links you create in the HTML file aren't lost on re-exporting from Word. Don't, for heaven's sake, use Word to edit the HTML files: it's a dog of an HTML editor and produces the worst HTML imaginable. PDF is not an editable format, so any editing must be done in Word, and then the final document exported into Acrobat and bookmarks added, if required.
APPROVALS
The simplest method of ensuring appropriate approval is to discipline the posting process by restricting write access to the directories to those responsible for the document. Then, when the document is altered, if the revised document is online, it can only be because it has been posted (i.e., authorised) by the responsible person). Control is by the logic of the process, not elaborate digital signatures or similar.
Best Regards
Edwin Humphries
------------------------
From: ISO Standards Discussion
Date: Wed, 12 Jul 2000 14:39:50 -0500
Subject: Re: Web Based QMS /../Humphries/Pfrang
I like Edwin's suggestions, as well as a few others that have been posted, because they address the important issues related to Intranet use without going overboard. Some people have the mistaken idea that Intranet use demands all sorts of extreme procedures for document security, editing and approval. In fact, unless the firm has (or is likely to have) a widespread problem with employees deliberately falsifying documents, the firm should do just fine with a minimal document control system (electronic- or paper-based) that merely prevents accidental tampering.
In other words, the level of document security, editing and approval depend more on the character of the firm and whether it has (or is likely to have) forgery problems than on whether the firm chooses paper or an Intranet as its document storage medium. If the firm has no forgery problems with paper documents, then switching to electronic media should require no significant new procedures for document security, editing and approval.
-- Doug
