opentext slideshare – mitigate compliance risks through secure information exchange
TRANSCRIPT
OpenText. ©2016 All Rights Reserved. 2
Security and Compliance Challenges
Control• Automating the
document delivery process
• Centralizing document delivery and receipt
Protect• Safeguarding document
confidentiality• Protecting information
against tampering and alteration
Track• Limiting and monitoring
access to information• Audit trails of what was
sent, received, and viewed
Defend
• Providing secure storage, historical data, and managing document destruction
OpenText. ©2016 All Rights Reserved. 3
Expensive
Fines Loss of:• Stock Price• Brand
Image• Market
Share• Reputation• Customer
Confidence
Legal Battles
The Risks of Non-Compliance
are Real
OpenText. ©2016 All Rights Reserved. 4
Data Protection & Privacy Rules Regulated Records Retention eDiscovery Requirements Information Integrity & Authenticity Reporting Obligations
Governance is a Growing FocusMore than 100,000 rules and regulations and growing
HIPAA
Evidence Act
DoD 5015.2
ISO/IEC 27001
Sarbanes-Oxley Act
Federal Rules ofCivil Procedures
FDA 21 CFRPart 11
FOIA
Dodd Frank
FATCA
Conflict Minerals
Disclosure
Presidential Memorandum: Managing
Government Records Directive
FINRA Rule 2210
FDASIA
FSMA
Patriot Act
KYC/KYV
FERC 18 CFR Parts 35 & 284
SEC 17a-4
SÄHKE2
Basel IIIAccord
GoBD
BSI PD5000
MiFID II and MiFIR
MoReq2010
EU Data Protection Directive
EU Pharmacovigilance
Solvency II
E-Verwaltung
Personal Data Protection Code
APPI
VERS
Promotion of Access to
Information Act
POPIAML/Anti-Corruption
Law 12846/2013
IncomeTax Act
Information Technology
Act
National Security Legislation
Amendment Bill
Telecommunications (Data Retention) Act
OpenText. ©2016 All Rights Reserved. 6
How Compliant is your Organization?
Do you have control over who, how, and
where documents are being delivered?
Are you relying on paper-based document delivery
processes?
Are you confident that information is being received by
the right people?
Do you have a defensible audit trail of your communications?
Is your organization’s and your customers'
confidential information kept private?
OpenText. ©2016 All Rights Reserved. 8
Sarbanes-Oxley
Sarbanes-Oxley is the US government’s response to corporate financial scandals Corporations must monitor, track, and manage the creation and reporting of all financial
information required for governmental reporting Corporations must establish and maintain an internal control structure and certify its effectiveness Corporations cannot delete records of transactions or related documents pertaining to the financial
performance of the company
Executives that knowingly sign falsified reports and anyone who destroys audit records can receive up to 10 years in prison and fines
Destruction, falsification, and/or alteration of documents in federal investigations and bankruptcy proceedings can lead to sentences of up to 20 years in prison and fines
IT managers must enforce document retention policies
OpenText. ©2016 All Rights Reserved. 9
Gramm-Leach-Bliley
Regulates the disclosure of “non-public information” by financial entities
Financial institutions must: Respect the privacy of customers and protect the security and confidentiality of
customers’ non-public personal information Protect against any anticipated threats to the security or integrity of customer records,
and protect against the unauthorized access to, or use of, such records or information Publish and disclose their policies regarding use of client personal information on a
regular basis
Financial organizations cannot: Disclose non-public information about their customers Use or share the information except to perform a service on behalf of the client, with their
permission
OpenText. ©2016 All Rights Reserved. 10
HIPAA
HIPAA requires healthcare entities, including hospitals, doctors, nurses, health plans, labs, pharmacies and billing and claims agents to protect the privacy of a patient’s protected health information (PHI), particularly when communicating electronically
HIPAA security rule determines how PHI must be stored and transmitted to: Ensure privacy, security, and accuracy Restrict access to PHI Verify transmission Report, track, and provide audit trail
OpenText. ©2016 All Rights Reserved. 11
Top 5 Information Governance IssuesProcess Control
Control who has access to information, and when and
where the documents were delivered
IntegrityUncontrolled business
documents are potential security
threats
TrackingProtect information,
provide history of what has transacted, and
which personnel have access to it
PrivacyWithout some form of
access control, there is no privacy or security
StoragePaper-based documents lack privacy, control, and
audit trails
OpenText. ©2016 All Rights Reserved. 12
Goals for Supporting Compliance
Security Audit TrailIntegration
History
Centralized Delivery
Tamper-Resistant
Management Storage RestrictAccessPolicy
OpenText. ©2016 All Rights Reserved. 13
Electronic Fax Solutions Support Compliance Goals
Fax is a highly secure, point-to-point communication between sender and receiver
Not susceptible to interception or tampering
Not vulnerable to malware, viruses, or hacking
Paperless faxing decreases risk
Security
Tamper-Resistant
OpenText. ©2016 All Rights Reserved. 14
Electronic Fax Solutions Support Compliance Goals
Centralized Delivery
Electronic fax solutions provide centralized delivery for all fax traffic – one way in, one way out
Consolidation ensures visibility across the entire organization
Centralized management provides visibility of access controls and governance adherence Management
OpenText. ©2016 All Rights Reserved. 15
Electronic Fax Solutions Support Compliance Goals
Audit Trail
History
Defensible audit trail of fax activities Sent, received, viewed, altered, forwarded,
approved
Centralized, electronic audit trail for quick access when needed
Proof of delivery and receipt of content can be legally established and proven
OpenText. ©2016 All Rights Reserved. 16
Electronic Fax Solutions Support Compliance Goals
Integration
Storage
Integrate electronic fax solutions with back-end systems and applications for secure faxing
Securely import received faxes into integrated systems
Create a digital file cabinet for storage and retention requirements
OpenText. ©2016 All Rights Reserved. 17
Electronic Fax Solutions Support Compliance Goals
Policy
RestrictAccess
Create a faxing environment that adheres to regulatory and compliance policies
Encrypted data storage and cloud-based encryption for data-at-rest and data-in-motion
Permissions and restrictions limit access to content
OpenText. ©2016 All Rights Reserved. 18
Electronic Fax Solutions from OpenText
RightFax and Fax2Mail provide enterprise-grade, electronic faxing to
integrate fax with back-end applications to decrease the risk of exchanging information
to increase security and compliance.
On-Premises Fax Server
Cloud-BasedFax Service
OpenText. ©2016 All Rights Reserved. 19
OpenText Fax Solutions Compliance and Certifications Help maintain compliance with:
HIPAA, Sarbanes-Oxley, Gramm-Leach-Bliley
Fax2Mail is security certified with: SOC 1, SOC 2, SOC 2 Type II, SOC 3 PCI-DSS Level 1 certified data center
RightFax is JITC Certified US Department of Defense certification
SOC 1 SOC 2
SOC 2, Type II SOC 3
www.opentext.com
www.opentext.com/campaigns/infoexchange Learn more