Building an Effective Compliance Architecture Alan Weintraub Sr. Director Hummingbird
Agenda Aspects of Compliance Management Building a Compliance Architecture Components of a Compliance Architecture Summary Questions
Compliance is a Global Responsibility Mandated Compliance drives Legislative Corporate Integrity Meeting Compliance Requirements Requires Corporate commitment New Compliance Legislation has Redefined ROI – Risk of Incarceration
Health Information Financial Information Privacy Information Hummingbird Enterprise for Compliance Management
Compliance Regulations Have Global Impact Financial Compliance Sarbanes-Oxley Act of 2002 Ontario Bill Basel II USA PATRIOT Act of 2001 SEC 17a Privacy Compliance Safe Harbour Gramm-Leach-Bliley PIPEDA Health Compliance HIPAA 21 CFR Part 11
Financial Compliance Regulations focused on customer interactions and privacy protection Regulations designed to identify abnormal financial transactions Regulations pertaining to healthcare Regulations defining records retention Regulations for financial reporting Regulations aimed at minimizing risk
Privacy Compliance Trust is what’s getting in the way of you dealing with your clients in the on-line world Lack of confidence will cost on-line e-commerce $25 billion by 2006 (Jupiter Research, May 2002) RBC Financial has done the research: Privacy accounts for $700 million of brand value, and $1 billion in terms of shareholder value Confidentiality is the cornerstone of the relationship between business and clients It's an opportunity for you because your competitors may be doing it badly
Regulatory Compliance FDA 21 CFR Part 11 Addresses three major areas; Document auditing and traceability Electronic Signatures Records Retentions Industry Challenges with Part 11 When does the audit trail begin? Do you have to keep draft versions and their respective audit trails after approval? FDA’s expectation for maintaining long-term access to e-records (e.g. must industry use “salt mining or moth balling”) How do you detect invalid or altered records?
ECM helps you know what you know The main problem in privacy compliance lies in knowing what you know about an individual: Information exists in multiple repositories (databases) Information also exists in unstructured forms: Word processing documents Spreadsheets Personal information often comes into the organization in paper form: Correspondence Medical reports
ECM helps you control access to personal information The biggest privacy risks to an organization are often the people within it: Customer support representatives are often the targets of ‘social engineering’ by hackers who manipulate them into providing information to permit identity theft Sometimes the risk is simply in overly-helpful people, who offer too much information Risks arise from inappropriate use of personal information available on the network “Need to know” – principles under privacy legislation means access is limited to those who have a valid purpose in accessing information
Agenda Aspects of Compliance Management Building a Compliance Architecture Components of a Compliance Architecture Summary Questions
Compliance Architecture
Compliance Lifecycle Management
Working in a Controlled Environment Archive Approve Revise Create Promote Version Publish Destroy Workflow Collaboration Review/Approve Content Repository (Records Management) Reports
Agenda Aspects of Compliance Management Privacy Compliance Building a Compliance Architecture Components of a Compliance Architecture Summary Questions
Building Blocks For Compliance Document and Records Management ReportingCollaborationWorkflow Capture Search Report Authoring Services
Document Management Organize document collections into secure, and manageable repositories Provide easy searching and widespread access to documents over networks Automate document collaboration and distribution Install across enterprise and departmental workgroups easily & rapidly Support dynamic enterprise use with flexible security
Records Management Creates an organized, secure environment that manages the complete lifecycle of financial documents creation to destruction. Facilitates compliance with record keeping requirements Minimizes litigation risk and burden of discovery Organizes and retrieves active records Protects vital records
Reporting Ability for end users to create financial reports in easy-to- use environment Facilitates reporting on financial data according to enterprise requirements with a tool that allows customized queries. Integrates many data sources into a single report Allows access to a wide range of databases
Collaboration Highly secure, Web-based, document-centric collaboration environment suitable for intra- and inter- enterprise deployments for virtually any industry. Enhance cross-functional group interaction Increase knowledge capture and retention Provide operational efficiencies Improve organizational responsiveness
Workflow Establish a formal process for final review of corporate documents Route the Reports for approval notification of documents for review and approval Final notification upon document approval and submittal to the Regulatory Agencies
Capture Full access to all enterprise content, business records, and e- mail from within Outlook Capture and attachments via drag and drop Save messages as soon as they are sent Reconstruct attachment relationships when forwarding captured messages
Search Access to information stored in RDBMS, file systems, Web sites and other custom information sources Search many languages Access information stored in multiple formats Search across a wide range of platforms
Agenda Aspects of Compliance Management Privacy Compliance Building a Compliance Architecture Components of a Compliance Architecture Summary Questions
Compliance Architecture ROI Understand the compliance regulations that govern your business Turn compliance into a strategic advantage Define your compliance architecture Develop an implementation plan for success Monitor and measure results Establish continuous improvement process
Recommendations Compliance requirements will drive IT investments over the next three years Building a compliance architecture cannot wait Build your compliance architecture one step at a time – starting with Records and Document Management as the foundation