180 likes | 362 Views
Compliance Solutions. Fortis Enterprise Document Management Westbrook Technologies Inc (August 2007). Regulatory & Compliance Landscape. Corporate Governance Sarbanes Oxley Accounting practices Transparency and ethics SEC regulations IRS, Labor, State Certification Legislation
E N D
Compliance Solutions Fortis Enterprise Document Management Westbrook Technologies Inc (August 2007)
Regulatory & Compliance Landscape • Corporate Governance • Sarbanes Oxley • Accounting practices • Transparency and ethics • SEC regulations • IRS, Labor, State Certification Legislation • Records retention • Records availability and retrieval • Public Information and records • HIPAA, FERPA • State public records legislation • OSHA, EPA, FDA • CFR21Part11, GMP, NDA, Clean Water, Clean Air • Federal Reserve • Check 21
Business Challenges • Ensure corporate policies and practices are being followed. • Ensure corporate governance regulations are being followed. • Document retention • Document integrity: • Who can view documents and when • Audit access/viewing of sensitive documents • Who can modify, alter, discard documents • Security over modification, versioning, deletion • Block overrides, workarounds • Records retention • Retention schedules • Destruction schedules • Disaster recovery • Impact on core business • Minimize impact to ongoing business processes and functions • Minimize cost and risk
Compliance: Common Ground • What are the key issues – how can document management help? • Compliance in the bigger picture is a business practices and business ethics issue EDM can be a very major supporting system
Compliance: Fortis Key Features • Capture: • Capture, index all regulated documents • Office: • Put all Office document (MS Word, email) under revision control and retention • Versioning: • Track/control modification of documents • Maintain version histories and record of who modified • Security: • Manage access, revision, destruction rights • Audit trail • Index/retrieval: • Auditing, discovery, access • Archiving: • Records management, disaster recovery
Fortis integrated to Line of Business (LOB) Systems • Fortis Office captures office documents (created and revised) systematically and manages their retention. • Fortis integration with ERP, CRM and SCM systems links financial documentation with financial and business transactions. • Fortis Approveit provides auditable approval cycles for invoices, receivables, payables, expenses. • Fortis ERM systematically captures and archives reports for financial and business systems.
Fortis: Compliance Benefits • Ensure document control and retention. • Facilitate document auditing and discovery. • Enforce business processes: • Workflows • Security models • Retention policies • Responsiveness to business changes: • Flexible security, capture, workflow models • Ability to audit • Archive security and disaster recovery capability
Sarbanes Oxley Act - Penalties • Failure to maintain financial or audit workpapers (for 7 years): • Felony penalty: Up to 10 yrs in prison • Destruction or alteration of papers or records: • Felony penalty: Up to 20 yrs in prison • Securities fraud: • Criminal penalty: Fine and/or up to 25 yrs in prison • Violation of any SEC provisions: • Penalties increased to up to $25 million fine and 20 yrs in prison • State of limitations increases: • 2 yrs from date of discovery and 5 yrs from date fraud committed • Lack of auditing vigilance: • Audit firm can have registration suspended or revoked • Civil penalties
Sarbanes-Oxley Act • Internal processes • All audit-related documents, including working papers, must be retained for 7 years. • Selective retention of emails • All associated financial documents (paper documents, electronic documents) • Document management – a compliance tool: • Document control, security control • Internal controls - documentation • Internal controls - workflows • Dashboard: • Visibility of controlled documentation • Business process documentation • Security and access auditing Overview How Document Mgmt is Applied • Impacts Publicly Traded Firms • Corporate Governance • CEOs and CFOs personally responsible for quality of internal reporting.
HIPAA • Pertains to providers and insurers • Requires guaranteeing privacy of patient medical and personal data • Accessibility of information must be strictly limited to those with a “need to know” Overview How Document Mgmt is Applied • Capture all patient records • Place patient records and charts within a security model • Secure retention • Control access by document type and by patient • Document retrieval • Record retention, archiving • Remote and indexed retrieval • Patient file portability with security model maintained
OSHA • Health testing data. • Plant safety 21CFR11 • As built. • Mgmt of change. Overview How Document Mgmt is Applied • Place health testing data within a records management environment. • Secure retention. • Control access by document type and by patient. • Record retention, archiving. • Remote and indexed retrieval. • Capture plant-wide documentation. • Manage versioning, revision, change approvals. • Retrieval by plant systems and events.
FDA • Good manufacturing practices. • Manufacturing procedures. • Lot documentation and auditing. • Testing data Overview How Document Mgmt is Applied • Place lot documentation in a document management environment. • Capture all lot records, testing. • Manage by lot, by timestamp, by plant. • Record retention, archiving. • Archiving, retrieval, retention. • Capture plant-wide documentation. • Manage versioning, revision, change approvals. • Retrieval by plant systems and events.
NJ OPRA(Example of State Records Management Laws) • Open access to public information • Minimum access hours • Response time • Web access a preferred mechanism • Ensure privacy of citizen’s personal data Overview How Document Mgmt is Applied • Capture, manage, retain public records • Security model • Control access to personal information • Control to information types exempted from public access • Document retrieval • Web publish public document portal • Powerful indexing and retrieval • Archiving and disaster recovery
Compliance: Fortis Customer Examples • Saucony, Inc.: Sarbanes-Oxley • Establish and audit internal controls. • Disclosure of “material events” within 48 hrs • Merchant Services Inc.: FTC Records retention • Risk, Fraud & Chargeback transaction mgmt • FTC records retention compliance • Risk and fraud investigation speed • HTI Inc.: OSHA Health records and documents • Mobile industrial health risk testing records • OSHA 30 year record retention compliance • HIPAA / OSHA privacy rules • Dassault Falcon Jet: FAA safety and records-keeping rules • Aircraft Services Engineering • Engineering information management and retrieval • FAA service and documentation requirements
Fortis Customers – cont. • MT Business Technologies: IRS, DOL • IRS required records keeping • DOL employee records retention • Union Hospital: HIPAA • Security and privacy complaince for HIPAA • Retrieval of 2.8 million medical records • Sotheby’s UK: Custom / export compliance • Proof of ownership, import/export paper trail • UK customs and excise compliance • Banner Health Hospitals: Credentialing • Physician credentialing and updating • Compliance with state licensing, DEA • Agfa Medical Devices: Non-conformance • Comply with FDA recall regulations
The Fortis Value Proposition • The Fortis document management provides strong business benefits: • Improved work processes • Better and faster access to crucial business information • Better performance in functions such as customer service and accounts payable • Eliminate paper storage costs and overhead • Improve disaster readiness and recovery • At the same time as those business benefits are being realized; Fortis achieves regulatory compliance: • Control over document retention, modification, destruction • Powerful search to achieve discovery, auditing • Enforce workers to follow designed business processes • Security to ensure privacy • And: • Safeguard intellectual property • Guard against business espionage