Embed Size (px)
Citation preview
RISK AND COMPLIANCE IS A BUSINESS WEAKNESS
PLUGGING THE GAPS IN DATA LOSS
STRENGTH
THERE ARE STILL SOME SURPRISING GAPS …
When it comes to controlling data loss,
THERE ARE SOME SURPRISINGLY EASY WINS …
And when it comes to enforcing information security policies and managing compliance more effectively,
We help all kinds of organisations work better with their information – across all kinds of paper and digital workflows. Here we bring together some of the things we’ve learned about information security and compliance.
PART 1: THE GAPS
Where are the weak points that prevent you enforcing information security policies and leave you open to risk?
PART 2: EXAMPLES IN PRACTICE
Where can you combine information management and automation in your business processes to strengthen compliance – and make it less time-consuming?
THE GAPS IN DOCUMENT SECURITY
PART 1:
25% of total declared information breaches are paper-related.
PRINT remains a serious weak link for many organisations.
SCANNING is another potential uncontrolled route out of your organisation for confidential information.
Almost
HOW CAN YOU PROTECT THE INFORMATION SENT TO AND STORED ON YOUR PRINTERS?
Today’s sophisticated multi-functional devices should be protected as well as any other end-point device on your network.
PRINTER HARD DRIVES can be set up to erase the information they have been printing or removed for secure storage.
JOB LOGS can be concealed so people can’t see what documents have previously been printed.
SCANNED DOCUMENTS can have passwords set for PDFs to restrict opening, editing or printing.
INFORMATION TRANSFER between printers and people’s devices can be encrypted to prevent interception – this includes print jobs, but also scanned documents.
HOW DO YOU PREVENT SENSITIVE INFORMATION BEING LEFT AT PRINTERS? User authentication helps plug the gap.Only the person who sent the job to print can retrieve it, while at the device.
You can do this with …
A SWIPE CARD A CONTACTLESS CARD
A NUMERIC CODE FINGERPRINT RECOGNITION
HOW WELL CAN YOU TRACK… What sensitive information is being shared?
Who is sharing it?
When and how?
AT PRINTERS AND SCANNERS TRACK THE DOCUMENT JOURNEY
Device Signature and Digital User Signatures on PDFs can allow you to see who sent what, when and from which printer or scanner.
BE ALERTED WHEN SENSITIVE INFORMATION IS SCANNED
With Optical Character Recognition, scanners can recognise if a document has restricted keywords within it – if someone scans it, the process owner can be informed.
CONTROL WHO CAN PRINT, SCAN AND SEND
You can prevent some people from using your devices for certain tasks. For example, so guest users cannot scan and send information externally.
ACROSS MULTIPLE DEPARTMENTS OR DIFFERENT OFFICE LOCATIONS• How do you ensure you enforce security settings
consistently?
• Centralised management of multi-functional printers can prevent individuals and departments changing settings independently.
BEYOND PAPER DOCUMENTS …Document management software helps you track and control the use of electronic documents.
• You can change access and usage rights at a server level – after you’ve shared the document.
• You can define who can open, edit, annotate and print documents by setting permissions at individual, group or department level – or create role-based approvals.
BEYOND PAPER DOCUMENTS …• You can track when and how files are accessed
through audit logs. And track document version history to show that data or transactions have not been changed, fabricated or forged.
• You can also easily show who has previously edited, approved and modified documents for maximum transparency in your processes.
IF YOU CAN’T DO SOME OF THESE THINGS, YOU COULD BE EXPOSED. But on a positive note, many of these issues are not hard to fix.
APPLYING THIS TO BUSINESS PROCESSES …• By combining document management best practices
with the automation of business information processes you can take control and significantly reduce your exposure to risk.
• You can also reduce the burden of compliance, so your people can spend more time on delivering value.
EXAMPLES IN PRACTICE
PART 2:
PAYING SUPPLIERSIf an Accounts Payable process is still very manual and paper-intensive, document controls can be undermined and the compliance risks and workload quickly adds up.
ERRORS Manual reading and transferring of invoice data causes mistakes.
POOR TRANSPARENCY Difficult to quickly retrieve audit trails.A partial or total lack of archived retention data.
WASTED TIME More effort spent on handling disputes, and resolving queries.
25% 58% of companies lose at least 5% of their invoices1.
of AP systems have no direct connection with content management1.
1 Solutions for Finance Departments, Canon/RS Consulting, 2011
PAYING SUPPLIERSA well-designed automated solution can make the process faster and more efficient – and improve finance information management and compliance.
Multiple Locations
Automated extraction of data from paper and digital invoices
Full synchronisation with ERP system
Digitised invoices, indexed and securely stored
Multiple Formats
Multiple Capture Devices
PAYING SUPPLIERSThe benefits:
• By automating this process an organisation can reduce the number of errors due to manual data entry
• Because invoices and supporting documentation can be tracked more effectively, you get a more transparent, searchable audit trail
• Secure storage and access controls for digital documents means full regulatory compliance.
BILLING CUSTOMERSThe way you invoice your customers can also cause compliance headaches:
• Assurance that all relevant data has been archived for reporting and retention purposes
• Control of access to invoice information
• Poor integrity of data for audit trails
• Consistency and adherence to regulatory standards of invoicing.
30hrsestimated time spent by companies each month manually composing customer invoices with word processing software1. 1 Canon/KAE Market Research, 2014
INVOICE GENERATIONProcess automation and digitised archiving can plug security gaps and improve the way you bill customers:
Ability to set secure access to customer invoice information by appropriate staff only, through access rights management
Establish reliable audit trails and tracking of invoices – a clear view of who changed what and why
Show you have consistently adhered to internal accuracy policies and regulatory requirements
Strengthen monitoring and reporting of customer invoicing.
INBOUND INFORMATION – IN THE MAILROOM Why the mailroom can be a critical area for risk and compliance.
THINK OF INCOMING INFORMATION SUCH AS:Customer forms, orders, vouchers, employee letters, certificates, supplier invoices.
NOW THINK OF THE CHALLENGES: Mail distribution, access and traceability is uncontrolled.
Confidentiality is hard to demonstrate.
It’s hard to comply with regulatory or company policy on document classification and retention.
Improved searchability and sharability of business documents is the number one driver for scanning and data capture investment1.
1 AIIM Report, The Paper Free Office, 2012
#1
INBOUND INFORMATION – IN THE MAILROOM A digital mailroom gives you an automated solution to these challenges.
It converts incoming documents to a digital format and can integrate them with your document management system, routing them directly to the relevant individuals, folders, or departments.
INBOUND INFORMATION – IN THE MAILROOM Receiving & sorting Distribution
Receiver action Archiving
Mail Data Auto-Extracted
Automatic Mail Routing
1-Click Notification
Selective e-Archiving
Validation of Recipient
Recipient Notification
Filtered & Prioritised
Digital Secure Storage
Fast and Accurate Classification
Status Visibility
Easy Sharing & Editing
Fast Search & Retrieval
INBOUND INFORMATION – IN THE MAILROOM The benefits:• All incoming mail is securely stored digitally, meeting regulatory
and internal information governance requirements
• Access to confidential mail is controlled with bespoke access rights
• Mail traceability is closely controlled, from the point of entry up to its use by the business department end-user.
THESE ARE JUST A FEW EXAMPLES …
CONSIDER THE FOLLOWING …
But similar compliance risks and opportunities exist across a wide variety of document-intensive business processes.
Customer onboarding, account opening, forms processing
High volume admissions and records management
Delivery notes and logistics documentation
HR administration, policy and contract management
TALK TO US ...We help organisations of all sizes and shapes work more efficiently, productively and securely with their documents.
From simple solutions around document access, to more specialist business process requirements and data loss prevention, we can help you stay in control of information risk and compliance.
BE EXCEPTIONAL and visit canon.co.uk
© Canon Europa N.V. 2014
If there are any areas of particular interest that you would like to discuss further, or to set up a meeting, call Scott Ofield on 01235 433470 or email [email protected]
