What stands between you and a paper-light workplace?

Challenge #1: Creating order from clutter

The older and bigger the business, the higher the chance of organizational clutter. When was the last time you really examined the boxes that are locked away in the storage room? What is the legal requirement to retain these documents? It can seem daunting to have to sort through and digitize years’ worth of documents. However, without a thorough initial review, switching to a digital system will only lead to further confusion.

Best practice #1: Adopt a content management system (CMS)

Going paperless doesn’t mean just transferring information onto a digitized document. It means having control over your files from creation to deletion. A content management system (CMS) enables that. Organizations need a shared space to store and manage files, and users should be able to control access privileges, monitor changes, and have purpose-based classification to avoid clutter. Setting up an implementation team can speed up this process.

Challenge #2: Resistance from employees

Employees often struggle with major changes. There could be initial resistance from employees who realize the time and efforts involved in digitizing existing files. Some may not be keen on learning new tools to manage these digital resources. It takes time to convince everyone that going paper-light is a worthwhile effort.

Best practice #2: Embrace paperless initiatives

This calls for a mindset and culture change. In case of floods, fires, or other natural disasters, you could lose years’ worth of valuable information. Employees must understand the importance of going digital, and a top-down approach could better prepare them for the move. Management should provide adequate training on the CMS. Business leaders must set an example by embracing digital solutions and modeling mindful paper usage.

Data minimization is a core principle of privacy, and this principle inspired Operation Bhogi, a spring cleaning movement at Zoho Corp. in 2019. This operation sought to promote good practices and make them a part of our routine. Our mantra was, “Organize our space and remove the unwanted.” Removal of unwanted data is a straightforward concept, but we introduced this operation to bring our community together and raise their spirits while performing an otherwise dreary task. We recovered pounds of unwanted paper, large volumes of mail space, and even freed up space on our shared CMS by deleting unnecessary files.

Challenge #3: Keeping information secure online

Software issues often act as an impediment to going paperless. Customer information, passwords, bank details, asset information— your files contain confidential data hackers would love to get their hands on. Day by day, hackers come Even organizations with top security measures in place, like Meta, Google, and Yahoo, have faced massive cyberattacks resulting in data leaks and financial losses.

Best practice #3: Implement tight security measures

When everything moves to the cloud, you need to take extra measures to keep your files secure. Sensitive information needs to remain confidential and protected from harmful elements. A few precautions include:

• Firewall: Zoho uses firewalls to prevent unauthorized network access and undesirable traffic. We monitor firewall access with a strict, regular schedule. A network engineer reviews all changes made to the firewall every day. Additionally, these changes are reviewed every three months to update and revise the rules as needed.
• Antivirus: All workstations issued to Zoho employees run upto-date OS versions and are configured with anti-virus software. They comply with our standards for security, which require all workstations to be properly configured, patched, and are tracked and monitored by Zoho’s endpoint management solutions.
• Data encryption: Customer data and derived data (e.g., unique IDs, URLs, etc) are encrypted for protection and privacy. Data is encrypted when it is stored, when it is in transit over the internet, and when it is traveling between our DCs.
• Access control: Information within our content management system is protected with access control. A user can provide access to one user, a specific set of users, or enable organizationwide access, depending on the purpose of the content. Users can also determine level of access, i.e., how many kinds of actions other users can take. We have four levels of access across our product suite: view only, view and comment, edit, and organize and share. Document owners can also lock a document to prevent additional changes.
• Version control: What happens if you accidentally delete information and cannot get it back? Or your colleague makes an edit on your blog, but you don’t really like their interpretation? With version control, users can view documents’ version history, track what has changed, and switch to older versions. We use unlimited file versions that keep track of each revision without overwriting the current version. The CMS is integrated with our entire Zoho Office Suite, so a change made on any tool is updated automatically.

Risk assesment methodology

• Risk assessments: Previously in our compliance e-book, we talked about how risk can only be minimized, not eliminated. Establish a Security and Privacy Awareness (SPA) team to monitor global risks that affect your organization and local risks that affect individuals. The confidentiality, integrity, and availability (a.k.a. CIA triad) is a good approach to evaluate and address these risks.

Challenge #4: Compliance issues

If you are a global business with customers across different nations, you are required to comply with multiple regulations. At their core, these regulations are built to protect business and customer data by issuing fines for non-compliance. Regulations apply to paper and digital information, and they also vary across and within industries. For instance, HIPAA dictates a six-year retention period for paper records in the state of Arizona, but pediatric records are required to be stored for at least 10 years, often until the patient is a legal adult. Likewise, the GDPR has strict policies in place for the retention and disposal of paper documents containing EU users’ data. Not having awareness of compliance guidelines for what should be printed and retained can pose an obstacle when transitioning to a paperless office.

Best practice #4: Proactive measures

• Research: If your aim is to cut down on paper, your first step should be to identify where you still need paper. Find out which regulatory bodies or processes still require “wet ink” or printouts. Most legal processes and travel procedures are now carried out online. Laws also vary depending on location, and the only way to keep up is by checking with local authorities
• Audits: Conduct periodic audits in your workplace to maintain an up-to-date record of documents available to your organization, including what can stay, and what has to go. This has to be done at least once a year to avoid buildup and help you stick to retention requirements.

Challenge #5: Hardware availability issues

Hardware availability and reliability play a vital role in an organization’s paper-light journey. Hardware malfunction could lead to data loss. Endpoints may not be robust. There is also an additional cost involved when IT needs to upgrade older devices to keep up with new technology. The end users are afraid of losing access to data and so choose to have physical copies “just in case.”

Best practice #5: Invest in high availability

• Outsource services: Managing your own hardware like servers makes you responsible for regular data backup and maintenance. Switching to cloud solutions helps pass on the responsibility of server maintenance to the service provider. With cloud solutions, data is also backed up automatically.
• Evaluate IT budget: The costs involved in upgrading old devices, purchasing and renewing solutions, and maintaining devices can impact your budget. However, the benefits of these investments outweigh the costs and will save money in the long run.
• Solidify your foundation: You need a strong foundation to build upon if you choose to manage your own IT. A business continuity and disaster recovery (BCDR) framework and data backup policy act as a backbone to ensure you have a plan in place when things go wrong. Review the service provider’s BCDR framework and their data backup policy if you choose to outsource and go for cloud solutions. In our BCDR e-book, we review the BCDR plan followed by Zoho and ManageEngine “before, during, and in the wake of a disasters (e.g., natural disasters, man-made events, pandemic) so that we are resilient as a company, ensure maximum functionality during the emergency, and get our operations back to normalcy in the shortest possible time.”

Parting thoughts

“Going digital” has been a trend in recent times, with renowned magazines like Computerworld and InformationWeek opting for digital publications after decades of being in print. Newspapers now offer online editions. All these changes have enabled such businesses to keep up with user habits and proved to be crucial for their stability. “Adapt and evolve” is a principle that applies to all of us.

A paperless culture, in whatever achievable capacity, is sustainable in the long run. Its impact on your business will be observed in improved productivity, security, and your bottom line. Start with modest initiatives and scale up, regardless of the size of your business. Restructuring our workflows was, no doubt, a resource-heavy and time-consuming effort. But we cannot imagine going back to a paper-based system now that we have realized the benefits of automating business-critical processes with web-based solutions. Zoho Corp. has gone paper-light, and so can you.