compliance solutions

Compliance SolutionsCompliance Solutions

Fortis Enterprise Document Management

Westbrook Technologies Inc(August 2007)

Regulatory & Compliance Landscape

Regulatory & Compliance Landscape

• Corporate Governance– Sarbanes Oxley– Accounting practices– Transparency and ethics– SEC regulations

• IRS, Labor, State Certification Legislation– Records retention– Records availability and retrieval

• Public Information and records– HIPAA, FERPA– State public records legislation

• OSHA, EPA, FDA– CFR21Part11, GMP, NDA, Clean Water, Clean Air

• Federal Reserve– Check 21

Business ChallengesBusiness Challenges

• Ensure corporate policies and practices are being followed.• Ensure corporate governance regulations are being

followed.– Document retention– Document integrity:

• Who can view documents and when– Audit access/viewing of sensitive documents

• Who can modify, alter, discard documents– Security over modification, versioning, deletion– Block overrides, workarounds

• Records retention– Retention schedules– Destruction schedules– Disaster recovery

• Impact on core business– Minimize impact to ongoing business processes and functions– Minimize cost and risk

Compliance: Common GroundCompliance: Common Ground• What are the key issues – how can document

management help?• Compliance in the bigger picture is a business practices

and business ethics issue EDM can be a very major supporting system

Business processes Workflow and document security/retention policies

Roles and responsibilities Security and access rules

Records Management Document management archiving, retention, and control

Fraud prevention Integrity of document archive, version and modification control & tracking, audit trail of accesses

Auditing Document capture, access, revision and destruction auditing

Legal oversight Document query for discovery and investigation

Security and disaster recovery Archiving and electronic backup

Compliance: Fortis Key FeaturesCompliance: Fortis Key Features

• Capture: – Capture, index all regulated documents

• Office: – Put all Office document (MS Word, email) under revision

control and retention• Versioning:

– Track/control modification of documents – Maintain version histories and record of who modified

• Security: – Manage access, revision, destruction rights– Audit trail

• Index/retrieval: – Auditing, discovery, access

• Archiving: – Records management, disaster recovery

Fortis integrated to Line of Business (LOB) Systems

Fortis integrated to Line of Business (LOB) Systems

• Fortis Office captures office documents (created and revised) systematically and manages their retention.

• Fortis integration with ERP, CRM and SCM systems links financial documentation with financial and business transactions.

• Fortis Approveit provides auditable approval cycles for invoices, receivables, payables, expenses.

• Fortis ERM systematically captures and archives reports for financial and business systems.

Fortis: Compliance BenefitsFortis: Compliance Benefits

• Ensure document control and retention.• Facilitate document auditing and discovery.• Enforce business processes:

– Workflows– Security models– Retention policies

• Responsiveness to business changes:– Flexible security, capture, workflow models

• Ability to audit• Archive security and disaster recovery capability

Sarbanes Oxley Act - PenaltiesSarbanes Oxley Act - Penalties

• Failure to maintain financial or audit workpapers (for 7 years):– Felony penalty: Up to 10 yrs in prison

• Destruction or alteration of papers or records:– Felony penalty: Up to 20 yrs in prison

• Securities fraud:– Criminal penalty: Fine and/or up to 25 yrs in prison

• Violation of any SEC provisions:– Penalties increased to up to $25 million fine and 20 yrs in prison

• State of limitations increases:– 2 yrs from date of discovery and 5 yrs from date fraud committed

• Lack of auditing vigilance:– Audit firm can have registration suspended or revoked– Civil penalties

Sarbanes-Oxley Act Sarbanes-Oxley Act

• Internal processes• All audit-related documents,

including working papers, must be retained for 7 years.

– Selective retention of emails– All associated financial documents

(paper documents, electronic documents)

• Document management – a compliance tool:

– Document control, security control– Internal controls - documentation– Internal controls - workflows– Dashboard:

• Visibility of controlled documentation

• Business process documentation• Security and access auditing

• Impacts Publicly Traded Firms

• Corporate Governance• CEOs and CFOs

personally responsible for quality of internal reporting.

Overview How Document Mgmt is Applied

HIPAAHIPAA

• Pertains to providers and insurers

• Requires guaranteeing privacy of patient medical and personal data

• Accessibility of information must be strictly limited to those with a “need to know”

• Capture all patient records• Place patient records and charts

within a security model– Secure retention– Control access by document type and

by patient

• Document retrieval– Record retention, archiving– Remote and indexed retrieval– Patient file portability with security

model maintained


OSHAOSHA

• Health testing data.• Plant safety

21CFR11– As built.– Mgmt of change.

• Place health testing data within a records management environment.

– Secure retention.– Control access by document type and

by patient.– Record retention, archiving.– Remote and indexed retrieval.

• Capture plant-wide documentation.– Manage versioning, revision, change

approvals.– Retrieval by plant systems and events.


FDAFDA

• Good manufacturing practices.

– Manufacturing procedures.– Lot documentation and

auditing.– Testing data

• Place lot documentation in a document management environment.

– Capture all lot records, testing.– Manage by lot, by timestamp, by

plant.– Record retention, archiving.– Archiving, retrieval, retention.

• Capture plant-wide documentation.– Manage versioning, revision, change

approvals.– Retrieval by plant systems and events.


NJ OPRA(Example of State Records Management Laws)

NJ OPRA(Example of State Records Management Laws)

• Open access to public information

– Minimum access hours– Response time

• Web access a preferred mechanism

• Ensure privacy of citizen’s personal data

• Capture, manage, retain public records

• Security model– Control access to personal information– Control to information types exempted

from public access

• Document retrieval– Web publish public document portal– Powerful indexing and retrieval

• Archiving and disaster recovery


Compliance: Fortis Customer ExamplesCompliance: Fortis Customer Examples

• Saucony, Inc.: Sarbanes-Oxley– Establish and audit internal controls.– Disclosure of “material events” within 48 hrs

• Merchant Services Inc.: FTC Records retention– Risk, Fraud & Chargeback transaction mgmt– FTC records retention compliance– Risk and fraud investigation speed

• HTI Inc.: OSHA Health records and documents– Mobile industrial health risk testing records– OSHA 30 year record retention compliance– HIPAA / OSHA privacy rules

• Dassault Falcon Jet: FAA safety and records-keeping rules– Aircraft Services Engineering– Engineering information management and retrieval– FAA service and documentation requirements

Fortis Customers – cont.Fortis Customers – cont.

• MT Business Technologies: IRS, DOL– IRS required records keeping– DOL employee records retention

• Union Hospital: HIPAA– Security and privacy complaince for HIPAA– Retrieval of 2.8 million medical records

• Sotheby’s UK: Custom / export compliance– Proof of ownership, import/export paper trail– UK customs and excise compliance

• Banner Health Hospitals: Credentialing– Physician credentialing and updating– Compliance with state licensing, DEA

• Agfa Medical Devices: Non-conformance– Comply with FDA recall regulations

The Fortis Value PropositionThe Fortis Value Proposition

• The Fortis document management provides strong business benefits:– Improved work processes– Better and faster access to crucial business information– Better performance in functions such as customer service and

accounts payable– Eliminate paper storage costs and overhead– Improve disaster readiness and recovery

• At the same time as those business benefits are being realized; Fortis achieves regulatory compliance:– Control over document retention, modification, destruction– Powerful search to achieve discovery, auditing– Enforce workers to follow designed business processes– Security to ensure privacy

• And: – Safeguard intellectual property– Guard against business espionage