Upload
jermaine-manson
View
215
Download
0
Tags:
Embed Size (px)
Citation preview
Building an Effective Building an Effective Compliance ArchitectureCompliance Architecture
Alan WeintraubSr. [email protected]
AgendaAgenda
Aspects of Compliance Management Building a Compliance Architecture Components of a Compliance Architecture Summary Questions
Compliance is a Global ResponsibilityCompliance is a Global Responsibility
Mandated Compliance drives Legislative Corporate Integrity Meeting Compliance Requirements Requires Corporate
commitment New Compliance Legislation has Redefined ROI – Risk of
Incarceration
HealthInformation
FinancialInformation
PrivacyInformation
Hummingbird Enterprise forHummingbird Enterprise forCompliance ManagementCompliance Management
Compliance Regulations Have Global ImpactCompliance Regulations Have Global Impact
Financial Compliance Sarbanes-Oxley Act of 2002 Ontario Bill 198 2002 Basel II USA PATRIOT Act of 2001 SEC 17a
Privacy Compliance Safe Harbour Gramm-Leach-Bliley PIPEDA
Health Compliance HIPAA 21 CFR Part 11
Financial ComplianceFinancial Compliance
Regulations focused on customer interactions and privacy protection Regulations designed to identify abnormal financial transactions Regulations pertaining to healthcare Regulations defining records retention Regulations for financial reporting Regulations aimed at minimizing risk
Privacy CompliancePrivacy Compliance
Trust is what’s getting in the way of you dealing with your clients in the on-line world Lack of confidence will cost on-line e-commerce $25 billion by 2006 (Jupiter
Research, May 2002) RBC Financial has done the research:
Privacy accounts for $700 million of brand value, and $1 billion in terms of shareholder value
Confidentiality is the cornerstone of the relationship between business and clients It's an opportunity for you because your competitors may be doing it badly
Regulatory ComplianceRegulatory ComplianceFDA 21 CFR Part 11FDA 21 CFR Part 11
Addresses three major areas; Document auditing and traceability Electronic Signatures Records Retentions
Industry Challenges with Part 11 When does the audit trail begin? Do you have to keep draft versions and their respective audit trails
after approval? FDA’s expectation for maintaining long-term access to e-records (e.g.
must industry use “salt mining or moth balling”) How do you detect invalid or altered records?
ECM helps you know what you knowECM helps you know what you know The main problem in privacy compliance lies in knowing what you know about an
individual:
Information exists in multiple repositories (databases) Information also exists in unstructured forms:
Word processing documents E-mail Spreadsheets
Personal information often comes into the organization in paper form:
Correspondence Medical reports
ECM helps you control access to personal ECM helps you control access to personal informationinformation
The biggest privacy risks to an organization are often the people within it:
Customer support representatives are often the targets of ‘social engineering’ by hackers who manipulate them into providing information to permit identity theft
Sometimes the risk is simply in overly-helpful people, who offer too much information
Risks arise from inappropriate use of personal information available on the network
“Need to know” – principles under privacy legislation means access is limited to those who have a valid purpose in accessing information
AgendaAgenda
Aspects of Compliance Management Building a Compliance Architecture Components of a Compliance Architecture Summary Questions
Working in a ControlledWorking in a ControlledEnvironmentEnvironment
Archive
Approve
Revise
Create
Promote
Version
Publish
Destroy
Workflow
Workflow
CollaborationReview/Approve
ContentRepository(Records
Management)
Reports
AgendaAgenda
Aspects of Compliance Management Privacy Compliance Building a Compliance Architecture Components of a Compliance Architecture Summary Questions
Building BlocksBuilding BlocksFor ComplianceFor Compliance
Document and Records Management
Reporting Collaboration Workflow
E-Mail Capture
Search
Report Authoring
Services
Document ManagementDocument Management
Organize document collections into secure, and manageable repositories
Provide easy searching and widespread access to documents over networks
Automate document collaboration and distribution Install across enterprise and departmental workgroups
easily & rapidly Support dynamic enterprise use with flexible security
Records ManagementRecords Management
Creates an organized, secure environment that manages the complete lifecycle of financial documents creation to destruction.
Facilitates compliance with record keeping requirements
Minimizes litigation risk and burden of discovery Organizes and retrieves active records Protects vital records
Reporting Reporting
Ability for end users to create financial reports in easy-to-use environment
Facilitates reporting on financial data according to enterprise requirements with a tool that allows customized queries.
Integrates many data sources into a single report Allows access to a wide range of databases
CollaborationCollaboration
Highly secure, Web-based, document-centric collaboration environment suitable for intra- and inter-enterprise deployments for virtually any industry.
Enhance cross-functional group interaction Increase knowledge capture and retention Provide operational efficiencies Improve organizational responsiveness
WorkflowWorkflow
Establish a formal process for final review of corporate documents
Route the Reports for approval E-mail notification of documents for review and
approval Final notification upon document approval and
submittal to the Regulatory Agencies
E-Mail CaptureE-Mail Capture
Full access to all enterprise content, business records, and e-mail from within Outlook
Capture e-mail and attachments via drag and drop
Save messages as soon as they are sent
Reconstruct attachment relationships when forwarding captured messages
SearchSearch
Access to information stored in RDBMS, file systems, Web sites and other custom information sources
Search many languages Access information stored in multiple formats Search across a wide range of platforms
AgendaAgenda
Aspects of Compliance Management Privacy Compliance Building a Compliance Architecture Components of a Compliance Architecture Summary Questions
Compliance Architecture ROI Compliance Architecture ROI
Understand the compliance regulations that govern your business
Turn compliance into a strategic advantage Define your compliance architecture Develop an implementation plan for success Monitor and measure results Establish continuous improvement process