Office 365 security concerns, EU General Data Protection Regulation (GDPR)
Die SlideShare-Präsentation wird heruntergeladen.
×
Hier ansehen
Empfohlen
Weitere Verwandte Inhalte
Diashows für Sie (20)
Andere mochten auch (20)
Ähnlich wie OpenText SlideShare – Mitigate Compliance Risks through secure information exchange (20)
Weitere von OpenText (20)
Aktuellste (20)
OpenText SlideShare – Mitigate Compliance Risks through secure information exchange
- 1. Secure Information Exchange to Mitigate Compliance Risk
- 2. OpenText. ©2016 All Rights Reserved. 2 Security and Compliance Challenges Control • Automating the document delivery process • Centralizing document delivery and receipt Protect • Safeguarding document confidentiality • Protecting information against tampering and alteration Track • Limiting and monitoring access to information • Audit trails of what was sent, received, and viewed Defend • Providing secure storage, historical data, and managing document destruction
- 3. OpenText. ©2016 All Rights Reserved. 3 Expensive Fines Loss of: • Stock Price • Brand Image • Market Share • Reputation • Customer Confidence Legal Battles The Risks of Non-Compliance are Real
- 4. OpenText. ©2016 All Rights Reserved. 4 Data Protection & Privacy Rules Regulated Records Retention eDiscovery Requirements Information Integrity & Authenticity Reporting Obligations Governance is a Growing Focus More than 100,000 rules and regulations and growing HIPAA Evidence Act DoD 5015.2 ISO/IEC 27001 Sarbanes-Oxley Act Federal Rules of Civil Procedures FDA 21 CFR Part 11 FOIA Dodd Frank FATCA Conflict Minerals Disclosure Presidential Memorandum: Managing Government Records Directive FINRA Rule 2210 FDASIA FSMA Patriot Act KYC/KYV FERC 18 CFR Parts 35 & 284 SEC 17a-4 SÄHKE2 Basel III Accord GoBD BSI PD5000 MiFID II and MiFIR MoReq 2010 EU Data Protection Directive EU Pharmacovigilance Solvency II E-Verwaltung Personal Data Protection Code APPI VERS Promotion of Access to Information Act POPI AML/Anti-Corruption Law 12846/2013 Income Tax Act Information Technology Act National Security Legislation Amendment Bill Telecommunications (Data Retention) Act
- 5. OpenText. ©2016 All Rights Reserved. 5 Industries Most Affected by Regulations
- 6. OpenText. ©2016 All Rights Reserved. 6 How Compliant is your Organization? Do you have control over who, how, and where documents are being delivered? Are you relying on paper- based document delivery processes? Are you confident that information is being received by the right people? Do you have a defensible audit trail of your communications? Is your organization’s and your customers' confidential information kept private?
- 7. Common Regulations
- 8. OpenText. ©2016 All Rights Reserved. 8 Sarbanes-Oxley Sarbanes-Oxley is the US government’s response to corporate financial scandals Corporations must monitor, track, and manage the creation and reporting of all financial information required for governmental reporting Corporations must establish and maintain an internal control structure and certify its effectiveness Corporations cannot delete records of transactions or related documents pertaining to the financial performance of the company Executives that knowingly sign falsified reports and anyone who destroys audit records can receive up to 10 years in prison and fines Destruction, falsification, and/or alteration of documents in federal investigations and bankruptcy proceedings can lead to sentences of up to 20 years in prison and fines IT managers must enforce document retention policies
- 9. OpenText. ©2016 All Rights Reserved. 9 Gramm-Leach-Bliley Regulates the disclosure of “non-public information” by financial entities Financial institutions must: Respect the privacy of customers and protect the security and confidentiality of customers’ non-public personal information Protect against any anticipated threats to the security or integrity of customer records, and protect against the unauthorized access to, or use of, such records or information Publish and disclose their policies regarding use of client personal information on a regular basis Financial organizations cannot: Disclose non-public information about their customers Use or share the information except to perform a service on behalf of the client, with their permission
- 10. OpenText. ©2016 All Rights Reserved. 10 HIPAA HIPAA requires healthcare entities, including hospitals, doctors, nurses, health plans, labs, pharmacies and billing and claims agents to protect the privacy of a patient’s protected health information (PHI), particularly when communicating electronically HIPAA security rule determines how PHI must be stored and transmitted to: Ensure privacy, security, and accuracy Restrict access to PHI Verify transmission Report, track, and provide audit trail
- 11. OpenText. ©2016 All Rights Reserved. 11 Top 5 Information Governance Issues Process Control Control who has access to information, and when and where the documents were delivered Integrity Uncontrolled business documents are potential security threats Tracking Protect information, provide history of what has transacted, and which personnel have access to it Privacy Without some form of access control, there is no privacy or security Storage Paper-based documents lack privacy, control, and audit trails
- 12. OpenText. ©2016 All Rights Reserved. 12 Goals for Supporting Compliance Security Audit TrailIntegration History Centralized Delivery Tamper- Resistant Management Storage Restrict Access Policy
- 13. OpenText. ©2016 All Rights Reserved. 13 Electronic Fax Solutions Support Compliance Goals Fax is a highly secure, point-to-point communication between sender and receiver Not susceptible to interception or tampering Not vulnerable to malware, viruses, or hacking Paperless faxing decreases risk Security Tamper- Resistant
- 14. OpenText. ©2016 All Rights Reserved. 14 Electronic Fax Solutions Support Compliance Goals Centralized Delivery Electronic fax solutions provide centralized delivery for all fax traffic – one way in, one way out Consolidation ensures visibility across the entire organization Centralized management provides visibility of access controls and governance adherence Management
- 15. OpenText. ©2016 All Rights Reserved. 15 Electronic Fax Solutions Support Compliance Goals Audit Trail History Defensible audit trail of fax activities Sent, received, viewed, altered, forwarded, approved Centralized, electronic audit trail for quick access when needed Proof of delivery and receipt of content can be legally established and proven
- 16. OpenText. ©2016 All Rights Reserved. 16 Electronic Fax Solutions Support Compliance Goals Integration Storage Integrate electronic fax solutions with back- end systems and applications for secure faxing Securely import received faxes into integrated systems Create a digital file cabinet for storage and retention requirements
- 17. OpenText. ©2016 All Rights Reserved. 17 Electronic Fax Solutions Support Compliance Goals Policy Restrict Access Create a faxing environment that adheres to regulatory and compliance policies Encrypted data storage and cloud-based encryption for data-at-rest and data-in- motion Permissions and restrictions limit access to content
- 18. OpenText. ©2016 All Rights Reserved. 18 Electronic Fax Solutions from OpenText RightFax and Fax2Mail provide enterprise-grade, electronic faxing to integrate fax with back-end applications to decrease the risk of exchanging information to increase security and compliance. On-Premises Fax Server Cloud-Based Fax Service
- 19. OpenText. ©2016 All Rights Reserved. 19 OpenText Fax Solutions Compliance and Certifications Help maintain compliance with: HIPAA, Sarbanes-Oxley, Gramm-Leach-Bliley Fax2Mail is security certified with: SOC 1, SOC 2, SOC 2 Type II, SOC 3 PCI-DSS Level 1 certified data center RightFax is JITC Certified US Department of Defense certification SOC 1 SOC 2 SOC 2, Type II SOC 3
- 20. www.opentext.com www.opentext.com/campaigns/infoexchange Learn more
