Diese Präsentation wurde erfolgreich gemeldet.
Die SlideShare-Präsentation wird heruntergeladen. ×

OpenText SlideShare – Mitigate Compliance Risks through secure information exchange

Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Wird geladen in …3
×

Hier ansehen

1 von 20 Anzeige

OpenText SlideShare – Mitigate Compliance Risks through secure information exchange

Herunterladen, um offline zu lesen

Business organizations around the world exchange information on 24/7/365 basis. This needs to be secure to meet certain legal, regulatory and corporate compliance requirements. In addition to being complaint, certain industries need to meet audit requirements

This SlideShare discusses the challenges around compliance, what are some of the governance requirements and the options to overcome the compliance and governance risks through secure information exchange solutions. Visit OpenText http://www.opentext.com/campaigns/infoexchange to discover more

Business organizations around the world exchange information on 24/7/365 basis. This needs to be secure to meet certain legal, regulatory and corporate compliance requirements. In addition to being complaint, certain industries need to meet audit requirements

This SlideShare discusses the challenges around compliance, what are some of the governance requirements and the options to overcome the compliance and governance risks through secure information exchange solutions. Visit OpenText http://www.opentext.com/campaigns/infoexchange to discover more

Anzeige
Anzeige

Weitere Verwandte Inhalte

Diashows für Sie (20)

Andere mochten auch (20)

Anzeige

Ähnlich wie OpenText SlideShare – Mitigate Compliance Risks through secure information exchange (20)

Weitere von OpenText (20)

Anzeige

Aktuellste (20)

OpenText SlideShare – Mitigate Compliance Risks through secure information exchange

  1. 1. Secure Information Exchange to Mitigate Compliance Risk
  2. 2. OpenText. ©2016 All Rights Reserved. 2 Security and Compliance Challenges Control • Automating the document delivery process • Centralizing document delivery and receipt Protect • Safeguarding document confidentiality • Protecting information against tampering and alteration Track • Limiting and monitoring access to information • Audit trails of what was sent, received, and viewed Defend • Providing secure storage, historical data, and managing document destruction
  3. 3. OpenText. ©2016 All Rights Reserved. 3 Expensive Fines Loss of: • Stock Price • Brand Image • Market Share • Reputation • Customer Confidence Legal Battles The Risks of Non-Compliance are Real
  4. 4. OpenText. ©2016 All Rights Reserved. 4  Data Protection & Privacy Rules  Regulated Records Retention  eDiscovery Requirements  Information Integrity & Authenticity  Reporting Obligations Governance is a Growing Focus More than 100,000 rules and regulations and growing HIPAA Evidence Act DoD 5015.2 ISO/IEC 27001 Sarbanes-Oxley Act Federal Rules of Civil Procedures FDA 21 CFR Part 11 FOIA Dodd Frank FATCA Conflict Minerals Disclosure Presidential Memorandum: Managing Government Records Directive FINRA Rule 2210 FDASIA FSMA Patriot Act KYC/KYV FERC 18 CFR Parts 35 & 284 SEC 17a-4 SÄHKE2 Basel III Accord GoBD BSI PD5000 MiFID II and MiFIR MoReq 2010 EU Data Protection Directive EU Pharmacovigilance Solvency II E-Verwaltung Personal Data Protection Code APPI VERS Promotion of Access to Information Act POPI AML/Anti-Corruption Law 12846/2013 Income Tax Act Information Technology Act National Security Legislation Amendment Bill Telecommunications (Data Retention) Act
  5. 5. OpenText. ©2016 All Rights Reserved. 5 Industries Most Affected by Regulations
  6. 6. OpenText. ©2016 All Rights Reserved. 6 How Compliant is your Organization? Do you have control over who, how, and where documents are being delivered? Are you relying on paper- based document delivery processes? Are you confident that information is being received by the right people? Do you have a defensible audit trail of your communications? Is your organization’s and your customers' confidential information kept private?
  7. 7. Common Regulations
  8. 8. OpenText. ©2016 All Rights Reserved. 8 Sarbanes-Oxley  Sarbanes-Oxley is the US government’s response to corporate financial scandals  Corporations must monitor, track, and manage the creation and reporting of all financial information required for governmental reporting  Corporations must establish and maintain an internal control structure and certify its effectiveness  Corporations cannot delete records of transactions or related documents pertaining to the financial performance of the company  Executives that knowingly sign falsified reports and anyone who destroys audit records can receive up to 10 years in prison and fines  Destruction, falsification, and/or alteration of documents in federal investigations and bankruptcy proceedings can lead to sentences of up to 20 years in prison and fines  IT managers must enforce document retention policies
  9. 9. OpenText. ©2016 All Rights Reserved. 9 Gramm-Leach-Bliley  Regulates the disclosure of “non-public information” by financial entities  Financial institutions must:  Respect the privacy of customers and protect the security and confidentiality of customers’ non-public personal information  Protect against any anticipated threats to the security or integrity of customer records, and protect against the unauthorized access to, or use of, such records or information  Publish and disclose their policies regarding use of client personal information on a regular basis  Financial organizations cannot:  Disclose non-public information about their customers  Use or share the information except to perform a service on behalf of the client, with their permission
  10. 10. OpenText. ©2016 All Rights Reserved. 10 HIPAA  HIPAA requires healthcare entities, including hospitals, doctors, nurses, health plans, labs, pharmacies and billing and claims agents to protect the privacy of a patient’s protected health information (PHI), particularly when communicating electronically  HIPAA security rule determines how PHI must be stored and transmitted to:  Ensure privacy, security, and accuracy  Restrict access to PHI  Verify transmission  Report, track, and provide audit trail
  11. 11. OpenText. ©2016 All Rights Reserved. 11 Top 5 Information Governance Issues Process Control Control who has access to information, and when and where the documents were delivered Integrity Uncontrolled business documents are potential security threats Tracking Protect information, provide history of what has transacted, and which personnel have access to it Privacy Without some form of access control, there is no privacy or security Storage Paper-based documents lack privacy, control, and audit trails
  12. 12. OpenText. ©2016 All Rights Reserved. 12 Goals for Supporting Compliance Security Audit TrailIntegration History Centralized Delivery Tamper- Resistant Management Storage Restrict Access Policy
  13. 13. OpenText. ©2016 All Rights Reserved. 13 Electronic Fax Solutions Support Compliance Goals  Fax is a highly secure, point-to-point communication between sender and receiver  Not susceptible to interception or tampering  Not vulnerable to malware, viruses, or hacking  Paperless faxing decreases risk Security Tamper- Resistant
  14. 14. OpenText. ©2016 All Rights Reserved. 14 Electronic Fax Solutions Support Compliance Goals Centralized Delivery  Electronic fax solutions provide centralized delivery for all fax traffic – one way in, one way out  Consolidation ensures visibility across the entire organization  Centralized management provides visibility of access controls and governance adherence Management
  15. 15. OpenText. ©2016 All Rights Reserved. 15 Electronic Fax Solutions Support Compliance Goals Audit Trail History  Defensible audit trail of fax activities  Sent, received, viewed, altered, forwarded, approved  Centralized, electronic audit trail for quick access when needed  Proof of delivery and receipt of content can be legally established and proven
  16. 16. OpenText. ©2016 All Rights Reserved. 16 Electronic Fax Solutions Support Compliance Goals Integration Storage  Integrate electronic fax solutions with back- end systems and applications for secure faxing  Securely import received faxes into integrated systems  Create a digital file cabinet for storage and retention requirements
  17. 17. OpenText. ©2016 All Rights Reserved. 17 Electronic Fax Solutions Support Compliance Goals Policy Restrict Access  Create a faxing environment that adheres to regulatory and compliance policies  Encrypted data storage and cloud-based encryption for data-at-rest and data-in- motion  Permissions and restrictions limit access to content
  18. 18. OpenText. ©2016 All Rights Reserved. 18 Electronic Fax Solutions from OpenText RightFax and Fax2Mail provide enterprise-grade, electronic faxing to integrate fax with back-end applications to decrease the risk of exchanging information to increase security and compliance. On-Premises Fax Server Cloud-Based Fax Service
  19. 19. OpenText. ©2016 All Rights Reserved. 19 OpenText Fax Solutions Compliance and Certifications  Help maintain compliance with:  HIPAA, Sarbanes-Oxley, Gramm-Leach-Bliley  Fax2Mail is security certified with:  SOC 1, SOC 2, SOC 2 Type II, SOC 3  PCI-DSS Level 1 certified data center  RightFax is JITC Certified  US Department of Defense certification SOC 1 SOC 2 SOC 2, Type II SOC 3
  20. 20. www.opentext.com www.opentext.com/campaigns/infoexchange Learn more

Hinweis der Redaktion

  • As the leader, we also have the largest target on our back
    The market is moving
    Competitors are moving
    We need to invest and change the game to stay ahead
    We need to be market driven >>>>
  • From Corporate Overview Deck
    Brazil AML/Anti-Corruption Law n. 12,846/2013 - Customer identification and record-keeping rules (FATF 10-13)
    FDASIA FDA Safety and Innovation Act - SEC. 706. RECORDS FOR INSPECTION
    APPI – Japan’s Act on the Protection of Personal Information
    BSI PD5000 - 'Electronic Documents and e-Commerce Transactions as Legally Admissible Evidence': the BSI Code of Practice, PD 5000:1999, enables organisations to demonstrate the authenticity of their electronic documents and e-commerce transactions, so they can be used as legally admissible evidence.
    ISO/IEC 27001 – Information security management standard; The information security management system preserves the confidentiality, integrity and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed.
    MiFID II and MiFIR - (Markets in Financial Instruments Directive) and MIFIR (Regulation)
    FSMA (FDA Food Safety Modernization Act) - Records access: FDA will have access to records, including industry food safety plans and the records firms will be required to keep documenting implementation of their plans.
    SÄHKE2 – is a Finnish standard for ERMS and Case Mgmt solutions; requirements concerns records management functionalities: life cycle management, metadata control, access rights, retention and disposal, transfer to NAS (National Archives).
    GoBD – this is the replacement of GoBS and GDPdU since 1st of January 2015
    HIPAA is the federal Health Insurance Portability and Accountability Act of 1996.
    Dodd-Frank Act, which directs the Commission to issue rules requiring certain companies to disclose their use of conflict minerals if those minerals are “necessary to the functionality or production of a product” manufactured by those companies. Under the Act, those minerals include tantalum, tin, gold or tungsten.
    DoD 5015.02-STD RMA Design Criteria Standard
    E-Verwaltung or OkeVa replaced DOMEA - OkeVa stands for “Organisationskonzept Elektronische Verwaltungsarbeit”, in English „Organizational concept for electronic administration“ and is manly focused on the German government sector – as well as DOMEA was before. The common name is “E-Verwaltung”, in English “E-Administration”.
    FINRA – Financial Industry Regulatory Authority Rule 2210 (replacing previous FINRA Rule 2211) outlines the regulatory recordkeeping requirements for institutional communications (such as emails) including evidence that supervisory procedures have been implemented and carried out.
    EU Pharmacovigilance = Post launch surveillance of adverse effects
    POPI refers to South Africa’s Protection of Personal Information Bill, which seeks to regulate the processing of personal information - collection, usage, storage, dissemination, modification or destruction (whether such processing is automated or not).
    Canada Electronic Evidence Act - on authentication of electronic records as evidence in court
    SEC 17a-4 - According to the rule, records of numerous types of transactions must be retained and indexed on indelible media with immediate accessibility for a period of six months, and with non-immediate access for a period of at least two years. Duplicate records must also be kept within the same time frame at an off-site location.
    FDA 21 CFR Part 11 - Requires drug makers, medical device manufacturers, biotech companies, biologics developers, CROs, and other FDA-regulated industries, with some specific exceptions, to implement controls, including audits, system validations, audit trails, electronic signatures, and documentation for software and systems involved in processing electronic data
    FERC 18 CFR Parts 35 & 284 - requires that all emails, voicemail, text messages and other communication between energy companies’ transmission and marketing functions must be retained for five years.
    USA PATRIOT Act - Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism; the Act is a U.S. law passed in the wake of the Sept 11, 2001 terrorist attacks. Its goals are to strengthen domestic security and broaden the powers of law-enforcement agencies with regards to identifying and stopping terrorists. 
    Presidential Memorandum: Managing Government Records Directive - Enacted in 2012. Requires: All permanent records must be managed in electronic format by 2019; • Email must be managed in electronic format in a Records Management system by 2016; Increasing visibility of privacy and compliance requirements such as FOIA and Privacy Act.
    KYC/KYV (Know Your Customer/Vendor) - KYC is the process used by a business to verify the identity of their clients. The objective of KYC guidelines is to prevent banks from being used, intentionally or unintentionally, by criminal elements for money laundering activities. KYV refers to 3rd party/vendor risk management.
    Basel III - Basel is a set of international banking regulations put forth by the Basel Committee on Bank Supervision, which set out the min capital reqs of financial institutions w/ the goal of minimizing credit risk (code of conduct for banks).
    EU Data Protection Directive - on the protection of individuals with regard to the processing of personal data and on the free movement of such data) is an EU directive adopted in 1995 which regulates the processing of personal data within the EU. It is an important component of EU privacy and human rights law.
    India Information Technology Act - The primary law in India dealing with cybercrime & electronic commerce; also provides legal framework for electronic governance by giving recognition to electronic records & digital signatures, as well as recordkeeping obligations.



  • Secure MFT is a hosted messaging solution that supports extreme file sizes—and still get performance from those large files
    It reduces risk with full encryption
    It features patent-pending acceleration technology that transfers files up to 80x faster than FTP
    And users benefit from centralized file transfer visibility and monitoring
  • Exciting… we are positioned to leverage our leadership to capitalize on all these trends, drivers
    The presence
    The scale
    The focus
    The investment
    The proven value

×