Building an Effective Building an Effective Compliance ArchitectureCompliance Architecture

Alan WeintraubSr. DirectorHummingbirdalan.weintraub@hummingbird.com

AgendaAgenda

Aspects of Compliance Management Building a Compliance Architecture Components of a Compliance Architecture Summary Questions

Compliance is a Global ResponsibilityCompliance is a Global Responsibility

Mandated Compliance drives Legislative Corporate Integrity Meeting Compliance Requirements Requires Corporate

commitment New Compliance Legislation has Redefined ROI – Risk of

Incarceration

HealthInformation

FinancialInformation

PrivacyInformation

Hummingbird Enterprise forHummingbird Enterprise forCompliance ManagementCompliance Management

Compliance Regulations Have Global ImpactCompliance Regulations Have Global Impact

Financial Compliance Sarbanes-Oxley Act of 2002 Ontario Bill 198 2002 Basel II USA PATRIOT Act of 2001 SEC 17a

Privacy Compliance Safe Harbour Gramm-Leach-Bliley PIPEDA

Health Compliance HIPAA 21 CFR Part 11

Financial ComplianceFinancial Compliance

Regulations focused on customer interactions and privacy protection Regulations designed to identify abnormal financial transactions Regulations pertaining to healthcare Regulations defining records retention Regulations for financial reporting Regulations aimed at minimizing risk

Privacy CompliancePrivacy Compliance

Trust is what’s getting in the way of you dealing with your clients in the on-line world Lack of confidence will cost on-line e-commerce $25 billion by 2006 (Jupiter

Research, May 2002) RBC Financial has done the research:

Privacy accounts for $700 million of brand value, and $1 billion in terms of shareholder value

Confidentiality is the cornerstone of the relationship between business and clients It's an opportunity for you because your competitors may be doing it badly

Regulatory ComplianceRegulatory ComplianceFDA 21 CFR Part 11FDA 21 CFR Part 11

Addresses three major areas; Document auditing and traceability Electronic Signatures Records Retentions

Industry Challenges with Part 11 When does the audit trail begin? Do you have to keep draft versions and their respective audit trails

after approval? FDA’s expectation for maintaining long-term access to e-records (e.g.

must industry use “salt mining or moth balling”) How do you detect invalid or altered records?

ECM helps you know what you knowECM helps you know what you know The main problem in privacy compliance lies in knowing what you know about an

individual:

Information exists in multiple repositories (databases) Information also exists in unstructured forms:

Word processing documents E-mail Spreadsheets

Personal information often comes into the organization in paper form:

Correspondence Medical reports

ECM helps you control access to personal ECM helps you control access to personal informationinformation

The biggest privacy risks to an organization are often the people within it:

Customer support representatives are often the targets of ‘social engineering’ by hackers who manipulate them into providing information to permit identity theft

Sometimes the risk is simply in overly-helpful people, who offer too much information

Risks arise from inappropriate use of personal information available on the network

“Need to know” – principles under privacy legislation means access is limited to those who have a valid purpose in accessing information

AgendaAgenda

Aspects of Compliance Management Building a Compliance Architecture Components of a Compliance Architecture Summary Questions

Compliance ArchitectureCompliance Architecture

Storage Management

Compliance Lifecycle ManagementCompliance Lifecycle Management

Storage Management

Working in a ControlledWorking in a ControlledEnvironmentEnvironment

Archive

Approve

Revise

Create

Promote

Version

Publish

Destroy

Workflow

Workflow

CollaborationReview/Approve

ContentRepository(Records

Management)

Reports

AgendaAgenda

Aspects of Compliance Management Privacy Compliance Building a Compliance Architecture Components of a Compliance Architecture Summary Questions

Building BlocksBuilding BlocksFor ComplianceFor Compliance

Document and Records Management

Reporting Collaboration Workflow

E-Mail Capture

Search

Report Authoring

Services

Document ManagementDocument Management

Organize document collections into secure, and manageable repositories

Provide easy searching and widespread access to documents over networks

Automate document collaboration and distribution Install across enterprise and departmental workgroups

easily & rapidly Support dynamic enterprise use with flexible security

Records ManagementRecords Management

Creates an organized, secure environment that manages the complete lifecycle of financial documents creation to destruction.

Facilitates compliance with record keeping requirements

Minimizes litigation risk and burden of discovery Organizes and retrieves active records Protects vital records

Reporting Reporting

Ability for end users to create financial reports in easy-to-use environment

Facilitates reporting on financial data according to enterprise requirements with a tool that allows customized queries.

Integrates many data sources into a single report Allows access to a wide range of databases

CollaborationCollaboration

Highly secure, Web-based, document-centric collaboration environment suitable for intra- and inter-enterprise deployments for virtually any industry.

Enhance cross-functional group interaction Increase knowledge capture and retention Provide operational efficiencies Improve organizational responsiveness

WorkflowWorkflow

Establish a formal process for final review of corporate documents

Route the Reports for approval E-mail notification of documents for review and

approval Final notification upon document approval and

submittal to the Regulatory Agencies

E-Mail CaptureE-Mail Capture

Full access to all enterprise content, business records, and e-mail from within Outlook

Capture e-mail and attachments via drag and drop

Save messages as soon as they are sent

Reconstruct attachment relationships when forwarding captured messages

SearchSearch

Access to information stored in RDBMS, file systems, Web sites and other custom information sources

Search many languages Access information stored in multiple formats Search across a wide range of platforms

AgendaAgenda

Aspects of Compliance Management Privacy Compliance Building a Compliance Architecture Components of a Compliance Architecture Summary Questions

Compliance Architecture ROI Compliance Architecture ROI

Understand the compliance regulations that govern your business

Turn compliance into a strategic advantage Define your compliance architecture Develop an implementation plan for success Monitor and measure results Establish continuous improvement process

Recommendations Recommendations

Compliance requirements will drive IT investments over the next three years

Building a compliance architecture cannot wait Build your compliance architecture one step at a time –

starting with Records and Document Management as the foundation