opentext slideshare – mitigate compliance risks through secure information exchange

Secure Information Exchange to Mitigate Compliance Risk

OpenText. ©2016 All Rights Reserved. 2

Security and Compliance Challenges

Control• Automating the

document delivery process

• Centralizing document delivery and receipt

Protect• Safeguarding document

confidentiality• Protecting information

against tampering and alteration

Track• Limiting and monitoring

access to information• Audit trails of what was

sent, received, and viewed

Defend

• Providing secure storage, historical data, and managing document destruction


Expensive

Fines Loss of:• Stock Price• Brand

Image• Market

Share• Reputation• Customer

Confidence

Legal Battles

The Risks of Non-Compliance

are Real


Data Protection & Privacy Rules Regulated Records Retention eDiscovery Requirements Information Integrity & Authenticity Reporting Obligations

Governance is a Growing FocusMore than 100,000 rules and regulations and growing

HIPAA

Evidence Act

DoD 5015.2

ISO/IEC 27001

Sarbanes-Oxley Act

Federal Rules ofCivil Procedures

FDA 21 CFRPart 11

FOIA

Dodd Frank

FATCA

Conflict Minerals

Disclosure

Presidential Memorandum: Managing

Government Records Directive

FINRA Rule 2210

FDASIA

FSMA

Patriot Act

KYC/KYV

FERC 18 CFR Parts 35 & 284

SEC 17a-4

SÄHKE2

Basel IIIAccord

GoBD

BSI PD5000

MiFID II and MiFIR

MoReq2010

EU Data Protection Directive

EU Pharmacovigilance

Solvency II

E-Verwaltung

Personal Data Protection Code

APPI

VERS

Promotion of Access to

Information Act

POPIAML/Anti-Corruption

Law 12846/2013

IncomeTax Act

Information Technology

Act

National Security Legislation

Amendment Bill

Telecommunications (Data Retention) Act


Industries Most Affected by Regulations


How Compliant is your Organization?

Do you have control over who, how, and

where documents are being delivered?

Are you relying on paper-based document delivery

processes?

Are you confident that information is being received by

the right people?

Do you have a defensible audit trail of your communications?

Is your organization’s and your customers'

confidential information kept private?

Common Regulations


Sarbanes-Oxley

Sarbanes-Oxley is the US government’s response to corporate financial scandals Corporations must monitor, track, and manage the creation and reporting of all financial

information required for governmental reporting Corporations must establish and maintain an internal control structure and certify its effectiveness Corporations cannot delete records of transactions or related documents pertaining to the financial

performance of the company

Executives that knowingly sign falsified reports and anyone who destroys audit records can receive up to 10 years in prison and fines

Destruction, falsification, and/or alteration of documents in federal investigations and bankruptcy proceedings can lead to sentences of up to 20 years in prison and fines

IT managers must enforce document retention policies


Gramm-Leach-Bliley

Regulates the disclosure of “non-public information” by financial entities

Financial institutions must: Respect the privacy of customers and protect the security and confidentiality of

customers’ non-public personal information Protect against any anticipated threats to the security or integrity of customer records,

and protect against the unauthorized access to, or use of, such records or information Publish and disclose their policies regarding use of client personal information on a

regular basis

Financial organizations cannot: Disclose non-public information about their customers Use or share the information except to perform a service on behalf of the client, with their

permission


HIPAA

HIPAA requires healthcare entities, including hospitals, doctors, nurses, health plans, labs, pharmacies and billing and claims agents to protect the privacy of a patient’s protected health information (PHI), particularly when communicating electronically

HIPAA security rule determines how PHI must be stored and transmitted to: Ensure privacy, security, and accuracy Restrict access to PHI Verify transmission Report, track, and provide audit trail


Top 5 Information Governance IssuesProcess Control

Control who has access to information, and when and

where the documents were delivered

IntegrityUncontrolled business

documents are potential security

threats

TrackingProtect information,

provide history of what has transacted, and

which personnel have access to it

PrivacyWithout some form of

access control, there is no privacy or security

StoragePaper-based documents lack privacy, control, and

audit trails


Goals for Supporting Compliance

Security Audit TrailIntegration

History

Centralized Delivery

Tamper-Resistant

Management Storage RestrictAccessPolicy


Electronic Fax Solutions Support Compliance Goals

Fax is a highly secure, point-to-point communication between sender and receiver

Not susceptible to interception or tampering

Not vulnerable to malware, viruses, or hacking

Paperless faxing decreases risk

Security

Tamper-Resistant



Centralized Delivery

Electronic fax solutions provide centralized delivery for all fax traffic – one way in, one way out

Consolidation ensures visibility across the entire organization

Centralized management provides visibility of access controls and governance adherence Management



Audit Trail

History

Defensible audit trail of fax activities Sent, received, viewed, altered, forwarded,

approved

Centralized, electronic audit trail for quick access when needed

Proof of delivery and receipt of content can be legally established and proven



Integration

Storage

Integrate electronic fax solutions with back-end systems and applications for secure faxing

Securely import received faxes into integrated systems

Create a digital file cabinet for storage and retention requirements



Policy

RestrictAccess

Create a faxing environment that adheres to regulatory and compliance policies

Encrypted data storage and cloud-based encryption for data-at-rest and data-in-motion

Permissions and restrictions limit access to content


Electronic Fax Solutions from OpenText

RightFax and Fax2Mail provide enterprise-grade, electronic faxing to

integrate fax with back-end applications to decrease the risk of exchanging information

to increase security and compliance.

On-Premises Fax Server

Cloud-BasedFax Service


OpenText Fax Solutions Compliance and Certifications Help maintain compliance with:

HIPAA, Sarbanes-Oxley, Gramm-Leach-Bliley

Fax2Mail is security certified with: SOC 1, SOC 2, SOC 2 Type II, SOC 3 PCI-DSS Level 1 certified data center

RightFax is JITC Certified US Department of Defense certification

SOC 1 SOC 2

SOC 2, Type II SOC 3

www.opentext.com

www.opentext.com/campaigns/infoexchange Learn more

http://www.opentext.com/campaigns/infoexchange