7 steps to build an effective corporate compliance strategy
-
Upload
maarten-boonen -
Category
Technology
-
view
735 -
download
0
Transcript of 7 steps to build an effective corporate compliance strategy
![Page 1: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/1.jpg)
7 Steps to Build an Effective Corporate Compliance Strategy
![Page 2: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/2.jpg)
[email protected] or LinkedInCambridge Technology Partners
Me
Emmy, Elodie and Sinto
https://ch.linkedin.com/in/maartenboonen
![Page 4: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/4.jpg)
Our deep-dive todayLets go ……
AWARENESS
Understanding
Compliance
COMPLIANCE JUNGLE
What’s out there
WHERE DO WE GO
FROM HERE?And what’s
our objective?
BRILIANT DEMO
AvePoints Compliance Guardian
![Page 5: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/5.jpg)
AwarenessUnderstanding Compliance
![Page 6: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/6.jpg)
Compliance should not be a burden nor be an obstacle for daily business activities
![Page 7: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/7.jpg)
First some clarifications
![Page 8: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/8.jpg)
“Governance is the set of policies, roles, responsibilities, and processes that guides, directs, and controls how an organization’s business divisions and I.T. teams cooperate to achieve business goals.”
- Microsoft
Definition of Governance
![Page 9: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/9.jpg)
What about Compliance?
Critical Data
Personal Data
Sensitive Data
Intellectual Property
Regulatory
Contractual
Legal
Industry standards
Things we need or create
Things we we’re told to do by
Governance Magicset of policies, roles,
responsibilities, and processes
ToolsTo help us protect our
assets
+
Compliance means incorporating standards that conform to specific requirements
![Page 10: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/10.jpg)
AND ADAPTS AT BUSINESS SPEED
FROM THIS MOMENT ON COMPLIANCECOOL, SERIOUSIS
![Page 11: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/11.jpg)
64%Of data breaches are tied to human error or out-dated system.
€ 301MLast year’s financial loss for not having control on the situation in western Europe alone.
Why start taking compliance serious after you feel the pain?
11%Have some sort of Governance, Risk or Compliance process in place. But none have any idea where the gaps are?
56%Of organizations are hacked or information is stolen without them realizing it.
73%Of organizations are unaware of the type of information they’re producing and it’s value.
![Page 12: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/12.jpg)
Preventing is always better
Reputational Damage
Penalties and Fines Data
breaches
Most threats come from the inside
![Page 13: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/13.jpg)
LearnRespondand !
![Page 14: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/14.jpg)
Who’s responsible for the information produced?
![Page 15: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/15.jpg)
o The information produced is growing to fast.
o Rapid change or expansion of rules and regulations.
Compliance Audits
Challenges organizations face
SecurityNo visibility
Manual Processo Failed before or will fail
when an audit is held.o Problems with reporting.o Limited staff and
resources.
o Don’t know what other business processes are doing or what’s important to them.
o No alerting when information is expired or need to be reviewed.
o No idea of the type of information and it’s value.
o No security or encryption to protect data.
o Physical information visible to non-employees.
o Permission and security model is a mess or unclear.
o No warning or alert mechanism.
![Page 16: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/16.jpg)
Drivers, Motivators and Benefits
INCREASE SECURITY
NECESSITY FOR INDUSTRY CERTIFICATIONVISABILITY ON INFORMATION STREAMS
ABILITY TO BE PRO-ACTIVE
SUPPORT BUSINESS PROCESSES
![Page 17: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/17.jpg)
Collaboration with confidenceIt’s a balancing act and a trade-off at the same time
Transparency Collaboration Data Protection Data Management
![Page 18: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/18.jpg)
Compliance is not
boring, it’s cool
The risk is out there,
start taking it seriouslyDon’t over
do it and let it become a
paper process Start
today!
Key takeaways
![Page 19: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/19.jpg)
Compliance jungleWhat’s out there
![Page 20: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/20.jpg)
Health and
SafetyAccessib
ility
Security
Types of regulationsRegulations arise or change very rapid
Quality Control
Privacy Click me to show some examples
![Page 21: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/21.jpg)
Where does this come from?Goverments and organizations who define standards like, NIST, AIIM, ISO, FINMA and others
![Page 22: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/22.jpg)
Compliance follows Common themes
CIA Triad
Confidentiality
Integrity
Availability
![Page 23: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/23.jpg)
Information must be accessible and available to the people who
should have access to it and protected from the people who
should not!
![Page 24: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/24.jpg)
HIPAAHealth Insurance Probabilityand Accountability Act
A few Key criteriaoData encryptionoInformation can never be lostoOnly accessable to authorized people
Industry focusPharmaceuticals / Health Care / Insurance
SummaryRegulations protecting the privacy and security of certain health information
![Page 25: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/25.jpg)
PCI DSSPayment Card Industry Data Security Standard
A few Key criteriaoBuild and maintain a secure networkoEncrypt transmissionsoStrong access control measuresoTrack and monitor all access
Industry focusFinance / Retail or any industry which is involved in some sort of financial transaction
SummaryThe PCI Data Security Standard represents a common set of industry tools and measurements to help ensure the safe handling of sensitive information.
![Page 26: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/26.jpg)
SOXPublic Company Accounting Reform and Investor Protection Act
Industry focusEvery organisation which wants to be listed on the US stock exchange or do business with the US government
SummaryIn a nutshell it comes down to “Corporate Accountability and Responsibility”. You know what’s going on in the organization and have a complete control and overview at all times. This includes financials, products and services.
![Page 27: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/27.jpg)
FDA Part 11 specifies a number of requirements for software systems to enable trustworthy and reliable electronic records and signatures. Part 11 applies to records in electronic form that are created, modified, maintained, archived, retrieved, or transmitted. Its primary benefit is to assure quality and performance of the systems deployed to manage any cGxP process.
Electronic Records, Electronic Signatures, Scope and Application
21 CFR Part 11
Industry focusAll industries which have to have some sort of quality control and trace system in-place
Summary
![Page 28: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/28.jpg)
NEW TREND OR RISK FOR THE FUTUREDIGITAL
TRANSFORMATIONIN ORDER TO STAY AHEAD OF THE GAME CUSTOMER ENGAMENT
SERVICES
COMPLIANCE NEEDS TO BE COME A SERVICE PARTNER
/
ALIGN WITH THE BUSINESSMAKE IT MORE CUSTOMER-
FOCUSED
PROTECT COMPANIES ASSEST AND
![Page 29: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/29.jpg)
Similarities
between regulatio
ns
Adjust to business
needs and
speed
Know your regulations and know
your business processes
Key takeaways
![Page 30: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/30.jpg)
Let’s put Simple and Flexible back to work !
![Page 31: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/31.jpg)
Where do we go from here?And what’s our objective?
![Page 32: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/32.jpg)
How to keep a grip on the situationCompliance Life-cycle Prevent
Detect
Track
Respondand
Resolve
o Know what to prevento Know from what to prevent ito Know why to prevent it
o Security policieso Rights Management Policieso Separation of dutieso Four-eyes checks o Secure and encrypted access
o Classification by metadata
o Content IDo Image recognitiono QR or Barcodeso Scan for keywords or
phraseso Custom triggers and
rules
o Direct Lock or Quarantineo Alert and notificationso Real-time scanning
o Gain understanding and insights, compliance dashboards
o Automation of Reportso Monitoring and Notifyingo Use metrics that make sense
![Page 33: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/33.jpg)
Compliance recipeHigh-level focus where to start
Preparation
Identification of information and it’s value
Our Standards and Regulations
Match the Similarities
Turn it into a daily processPositioning
Automated tooling
1 2 3 4 5 6 7
![Page 34: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/34.jpg)
1. PositioningCompliance shouldn’t be treated as a project or as a bolt-on, but should be at the center of a business
COMPLIANCE
![Page 35: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/35.jpg)
2. PreparationThose who fail to prepare should prepare to fail
Define your compliance goals, set a visionoTighter SecurityoEfficient collaboration with partnersoTransparencyoIndustry Certification
Understand Criteria and BenchmarksoHow do I know if I’m compliant?oWhat does the information tell me?oHow can I use it to support business activities?
Gather your team of experts oFrom within and outside the company. (Legal, HR, IT, etc.)oKnow what they are doing and what’s important to them.
Commitment and AuthorityoIf the driver holds the keys, they drive and not the owner or passengersoManagement Commitment and Signoff
![Page 36: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/36.jpg)
3. Identification of information and it’s value
Identify the type of data your organization produces oWhat’s the value to the user and the company?oWhat product, process or service depends on it?
AccuracyoCheck if the information is still accurate and reliable.oAre we all working with the same version?oWhen was it last checked?
Automatic toolingoUse the right tools in conjunction with the existing infrastructure to enforce and control policies.oGuide people through a process to reduce mistakes.oClassification and auto tagging
![Page 37: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/37.jpg)
4. Our Standards and RegulationsThey are all different
IdentificationoSummarize all the regulations you need to be compliant with.oFigure out the similarities.oFind out your company’s strong points and weaknesses
Industry overlapoThe term industry is really broad. If you’re an airline and clients can book tickets directly. You also need to be compliant with certain financial regulations.
CountryoRegulations are derived from each other but might be stricter depending on your country your supplier or your client’s location.
Industry CertificationoDo you need to be certified in a specific field?oDo the industry certification differ per country?
![Page 38: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/38.jpg)
Regulation Type BCountry A
Regulation Type ACountry B
Regulation Type ACountry A
5. Match the similarities
o Prioritize, which one is most important
o Overlaps with which product or service
o Who’s responsible for whato What are quick winso Categorize them by
![Page 39: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/39.jpg)
6. Turn it into a daily processEveryone is responsible so get them involved
How compliant are youoAnalyze and fill in the gaps to improve?
MonitoroMonitor regulation changesoMonitor Business needsoAlign with company vision and strategy
ReportingoBuild useful reportsoBuild compliance dashboards for live changes (Power BI)oKnow what information you produce and who uses it.oWhere is it stored now?
ActivitiesoReport the right information to the right peopleoDelegate tasksoCompliance and protecting your organization’s assets is a team effort
![Page 40: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/40.jpg)
How do you know if your compliancy is going the right way?Constant monitoring and reporting is key
Not yet compliant
Compliant to criteria ABC
63%
37%
o Define the different reports you need for the regulations
o Define your criteria on what you need to report
o Create compliance dashboards (Power BI)o Know who’s responsible for the part of the
business process and delegate the task
![Page 41: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/41.jpg)
Identify the capabilities of the tools within your existing software portfolio what it can do and how it can help you on your compliance journeyAnalyse the gaps
User Repository
Workflow
Full fidelity Data Protection and Recovery
Audit trailing
Logging
Separation of Duties
Notification
Identity and Access Management
Authentication mechanism
Azure Intune Bring Your Own Device
Alerts
Azure Rights Management
SAP
Mobile and MobilityPowerShell
Social Media
eDiscovery and Vault mechanisms
Hardware Appliances
OneDriveSlype for Business
Data Loss Prevention
SharePoint
Office 365
Exchange
7. Automated tooling
![Page 42: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/42.jpg)
AvePoint, filling the gapsSharePoint, Office 365, Yammer, File shares and more Prevent
Detect
Track
Respondand
Resolve
o Governance Automationo Compliance Reportso Administrator
o Compliance Guardian
o Vaulto eDiscoveryo Compliance Reportso Administrator
o Compliance Guardiano eDiscoveryo Compliance Reports
![Page 43: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/43.jpg)
AvePoint Compliance Guardian Provides Automated Risk
Mitigation System to Scan, Classify, Protect, and Audit Collaborative Environments
![Page 44: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/44.jpg)
Sh w time!
![Page 45: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/45.jpg)
Key takeaway summary
Align with business
needs
Balance and
Trade-offs
Don’t wait
Know your organizations values and importance
Keep it
Simple
Compliance is
broader, look
further than the
tip of your nose
![Page 46: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/46.jpg)
Now it’s your turn to become compliant!If you need some help we’re just a few mouse clicks away….
Questions and Feedback are highly appreciated
Not a big talker? Just send us an
Thank you for your interest
![Page 47: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/47.jpg)
Resources and ReferencesAbbreviations
Compliance Guardian introduction video
Resource linksAIIM Association for Information and Image
ManagementNIST National Institute of Standards and
TechnologyCFR Code of Federal RegulationscGxP Current Good X Practice
(FDA compliance; X can mean: Clinical, Laboratory, Manufacturing, Pharmaceutical,)
FINMA The Swiss Financial Market Supervisory Authority
GRC Governance, Risk and Compliance
© 2015 Cambridge Technology Partners, Proprietary & Confidential
What is Microsoft Azure Rights Management
![Page 48: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/48.jpg)
![Page 49: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/49.jpg)
![Page 50: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/50.jpg)
![Page 51: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/51.jpg)
Use CTRL together with + or – to zoom
Com
plia
nce
Guar
dian
on-
prem
ise
![Page 52: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/52.jpg)
Use CTRL together with + or – to zoom
Com
plia
nce
Guar
dian
on-
prem
ise
![Page 53: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/53.jpg)
Use CTRL together with + or – to zoom
Com
plia
nce
Guar
dian
on
line
AveP
oint
clo
ud se
rvice
![Page 54: 7 steps to build an effective corporate compliance strategy](https://reader035.fdocuments.in/reader035/viewer/2022070510/58ab99f61a28abe3188b628b/html5/thumbnails/54.jpg)
Use CTRL together with + or – to zoom
Com
plia
nce
Guar
dian
on
line
AveP
oint
clo
ud se
rvice