I recently received a very simple and good question from a customer, “What’s the difference between the Paperless Office and Digital Transaction Management? Aren’t they both about using digital for paper-based document or processes?” In fact, there’s a distinct and important set of differences, though it could be somewhat subtle.
Let’s start with some definitions. Wikipedia defines Digital Transaction Management as follows:
Digital Transaction Management (DTM) is a category of cloud services designed to digitally manage document-based transactions […that] goes beyond content and document management to include e-signatures, authentication and nonrepudiation; document transfer and certification; secure archiving that goes beyond records management; and a variety of meta-processes around managing electronic transactions and the documents associated with them.
It’s worth noting, this appears very similar to the Wikipedia-provided definition of a Paperless Office:
A paperless office is a work environment in which the use of paper is eliminated or greatly reduced. This is done by converting documents and other papers into digital form.
Aside from the obvious observation that DTM has a longer definition, it may still appear that both are describing the same concept: using digital media in place of paper, right?
In fact, Digital Transaction Management does encompass going digital with all documents, but the focus is on elements of the process that go far beyond just digitizing paper. Before taking apart the distinctions to fully grasp the differences, let’s see what else they have in common.
DTM platforms are cloud or SaaS-based (Software as a service) solutions. This could encompass everything from email (G Suite, Office 365) to document management and collaboration tools (box, GDrive, OneDrive). To this end, both DTM and the Paperless Office using modern SaaS services can fit under the same definition.
The key distinction appears in the latter half definition of DTM. Namely, the inclusion of eSignatures, Authentication, Nonrepudiation, as well as Document Transfer, Certification, and Secure Archiving differentiates DTM.
ESignature, distinct from a digital signature, is a means of using a mark and supporting data to depict a physical signature.
Authentication, in the context of DTM, is a method, process or technology used to validate that a person should have access to the provided document or process. Nonrepudiation is a legal term signifying that an individual can not deny their eSignature or sent message / document. Both Authentication and Nonrepudiation are key elements that work hand-in-hand to ensure the security of the whole transaction. However, in and of themselves, they would simply be referring to authentication services that many platforms provide for allowing access to particular individuals with the right credentials.
Document Transfer refers to the ability to know how documents are not only accessed by various participants in a process, but also that they can easily and legally change hands. This is especially important in scenarios where a document can act as chattel and have inherent value. A great example of this is a loan document that can be sold by a lending institution to a loan servicing company. In such scenarios, who owns the electronic “original” copy of documents, what was the chain of custody as it was transferred from one owner to another, the audit trail associated with such transfers, becomes quite important for a DTM system.
The Certification requirement is interesting as it refers to a few factors that tie back into Security. Certification is a reference to compliance with particular standards, such as ISO27001, that ensure customer data visibility is limited to and owned by the customer, as well that the data and documents are encrypted and securely stored where such data or documents storage, even if compromised, would not reveal their content.
Lastly, Secure Archiving is a means of storage and retrieval of electronic documents that allows for ease of finding and tracking the intended document using meta data (who signed what, what was in the documents, who provided which data, etc.) as well as all associated historical and certification data intact.
An example may help clarify the distinction between DTM and other paperless process or systems.
Let’s take a sales contract where you use Salesforce.com to store your customer data, including what they purchased, then utilize Conga for document generation to create your sales contract in a Microsoft Word format and send via an email to your customer’s known corporate email address which uses email encryption. Your customer then types in their purchase order number in Word. For the sake of keeping it paperless, and since you have a savvy customer who loves being paperless, the customer grabs in image of their wet signature (previously photographed) and places it on the signature location as an embedded image in Word, saves the document locally, then emails the contract back to you on your corporate email address. You then email the fully executed document to your fulfillment team who places the document in box for future reference.
Arguably, this process meets a paperless office initiative. There are no papers printed, and everything appears to be electronic or digital.
But does this process meet the DTM definition?
No. Here’s why. We’ve certainly tracked all of our data electronically on various platforms. In fact, we can argue that we’ve properly conducted Document Transfer to the customer using a secure and encrypted means of tracking their data, creating the contract and delivering emails and attachments to our customer. The use of Box could also meet the Secure Archiving of the document. Unfortunately, though, the transfers don’t track whether the document was, in fact, RECEIVED by the customer, only that it was sent TO the customer.
The customer likely had to use their corporate authentication to access their email. So, we may meet the Authenticated access to the document requirement…may be! Unfortunately, the authentication audit trail is not accessible nor known by a single system for the full lifetime of the transaction, So, you have no way of being able to validate that your users properly authenticated before sending the documents nor that only your customer properly gained access to the document.
Lastly, the signature may be an electronic mark used by the customer, but there’s, once again, no method of ensuring the specific intended customer adopted that mark as their signature. Nor does the document inherently track whether the intended customer placed that signature on the document. This means that the customer could challenge whether it was them who signed the document. Hence the process fails the nonrepudiation requirement as well. Additionally, since the meta data for the whole transaction is not inherently tracked in the document or a central system, the Secure Archiving requirements is not fully met either.
As you’ve now seen, there’s a distinct set of differences between going paperless on your processes and implementing a Digital Transaction Management solution in your Digital Transformation journey.
In our future posts, we’ll focus on how to develop a DTM strategy, what value DTM delivers and how to measure it, as well as how to implement your DTM strategy. Look for new posts on the first Tuesday of each month.