Compliance Solutions

1
Compliance Solutions

• Fortis
• Enterprise Document Management
• Westbrook Technologies Inc
• (August 2007)

2
Regulatory Compliance Landscape

• Corporate Governance
• Sarbanes Oxley
• Accounting practices
• Transparency and ethics
• SEC regulations
• IRS, Labor, State Certification Legislation
• Records retention
• Records availability and retrieval
• Public Information and records
• HIPAA, FERPA
• State public records legislation
• OSHA, EPA, FDA
• CFR21Part11, GMP, NDA, Clean Water, Clean Air
• Federal Reserve
• Check 21

3
Business Challenges

• Ensure corporate policies and practices are being
  followed.
• Ensure corporate governance regulations are being
  followed.
• Document retention
• Document integrity
• Who can view documents and when
• Audit access/viewing of sensitive documents
• Who can modify, alter, discard documents
• Security over modification, versioning, deletion
• Block overrides, workarounds
• Records retention
• Retention schedules
• Destruction schedules
• Disaster recovery
• Impact on core business
• Minimize impact to ongoing business processes and
  functions
• Minimize cost and risk

4
Compliance Common Ground

• What are the key issues how can document
  management help?
• Compliance in the bigger picture is a business
  practices and business ethics issue ? EDM can be
  a very major supporting system

Business processes Workflow and document security/retention policies
Roles and responsibilities Security and access rules
Records Management Document management archiving, retention, and control
Fraud prevention Integrity of document archive, version and modification control tracking, audit trail of accesses
Auditing Document capture, access, revision and destruction auditing
Legal oversight Document query for discovery and investigation
Security and disaster recovery Archiving and electronic backup
5
Compliance Fortis Key Features

• Capture
• Capture, index all regulated documents
• Office
• Put all Office document (MS Word, email) under
  revision control and retention
• Versioning
• Track/control modification of documents
• Maintain version histories and record of who
  modified
• Security
• Manage access, revision, destruction rights
• Audit trail
• Index/retrieval
• Auditing, discovery, access
• Archiving
• Records management, disaster recovery

6
Fortis integrated to Line of Business (LOB)
Systems

• Fortis Office captures office documents (created
  and revised) systematically and manages their
  retention.
• Fortis integration with ERP, CRM and SCM systems
  links financial documentation with financial and
  business transactions.
• Fortis Approveit provides auditable approval
  cycles for invoices, receivables, payables,
  expenses.
• Fortis ERM systematically captures and archives
  reports for financial and business systems.

7
Fortis Compliance Benefits

• Ensure document control and retention.
• Facilitate document auditing and discovery.
• Enforce business processes
• Workflows
• Security models
• Retention policies
• Responsiveness to business changes
• Flexible security, capture, workflow models
• Ability to audit
• Archive security and disaster recovery capability

8
Sarbanes Oxley Act - Penalties

• Failure to maintain financial or audit workpapers
  (for 7 years)
• Felony penalty Up to 10 yrs in prison
• Destruction or alteration of papers or records
• Felony penalty Up to 20 yrs in prison
• Securities fraud
• Criminal penalty Fine and/or up to 25 yrs in
  prison
• Violation of any SEC provisions
• Penalties increased to up to 25 million fine and
  20 yrs in prison
• State of limitations increases
• 2 yrs from date of discovery and 5 yrs from date
  fraud committed
• Lack of auditing vigilance
• Audit firm can have registration suspended or
  revoked
• Civil penalties

9
Sarbanes-Oxley Act
Overview
How Document Mgmt is Applied

• Internal processes
• All audit-related documents, including working
  papers, must be retained for 7 years.
• Selective retention of emails
• All associated financial documents (paper
  documents, electronic documents)
• Document management a compliance tool
• Document control, security control
• Internal controls - documentation
• Internal controls - workflows
• Dashboard
• Visibility of controlled documentation
• Business process documentation
• Security and access auditing

• Impacts Publicly Traded Firms
• Corporate Governance
• CEOs and CFOs personally responsible for quality
  of internal reporting.

10
HIPAA
Overview
How Document Mgmt is Applied

• Pertains to providers and insurers
• Requires guaranteeing privacy of patient medical
  and personal data
• Accessibility of information must be strictly
  limited to those with a need to know

• Capture all patient records
• Place patient records and charts within a
  security model
• Secure retention
• Control access by document type and by patient
• Document retrieval
• Record retention, archiving
• Remote and indexed retrieval
• Patient file portability with security model
  maintained

11
OSHA
Overview
How Document Mgmt is Applied

• Health testing data.
• Plant safety 21CFR11
• As built.
• Mgmt of change.

• Place health testing data within a records
  management environment.
• Secure retention.
• Control access by document type and by patient.
• Record retention, archiving.
• Remote and indexed retrieval.
• Capture plant-wide documentation.
• Manage versioning, revision, change approvals.
• Retrieval by plant systems and events.

12
FDA
Overview
How Document Mgmt is Applied

• Good manufacturing practices.
• Manufacturing procedures.
• Lot documentation and auditing.
• Testing data

• Place lot documentation in a document management
  environment.
• Capture all lot records, testing.
• Manage by lot, by timestamp, by plant.
• Record retention, archiving.
• Archiving, retrieval, retention.
• Capture plant-wide documentation.
• Manage versioning, revision, change approvals.
• Retrieval by plant systems and events.

13
NJ OPRA(Example of State Records Management Laws)
Overview
How Document Mgmt is Applied

• Capture, manage, retain public records
• Security model
• Control access to personal information
• Control to information types exempted from public
  access
• Document retrieval
• Web publish public document portal
• Powerful indexing and retrieval
• Archiving and disaster recovery

• Open access to public information
• Minimum access hours
• Response time
• Web access a preferred mechanism
• Ensure privacy of citizens personal data

14
Compliance Fortis Customer Examples

• Saucony, Inc. Sarbanes-Oxley
• Establish and audit internal controls.
• Disclosure of material events within 48 hrs
• Merchant Services Inc. FTC Records retention
• Risk, Fraud Chargeback transaction mgmt
• FTC records retention compliance
• Risk and fraud investigation speed
• HTI Inc. OSHA Health records and documents
• Mobile industrial health risk testing records
• OSHA 30 year record retention compliance
• HIPAA / OSHA privacy rules
• Dassault Falcon Jet FAA safety and
  records-keeping rules
• Aircraft Services Engineering
• Engineering information management and retrieval
• FAA service and documentation requirements

15
Fortis Customers cont.

• MT Business Technologies IRS, DOL
• IRS required records keeping
• DOL employee records retention
• Union Hospital HIPAA
• Security and privacy complaince for HIPAA
• Retrieval of 2.8 million medical records
• Sothebys UK Custom / export compliance
• Proof of ownership, import/export paper trail
• UK customs and excise compliance
• Banner Health Hospitals Credentialing
• Physician credentialing and updating
• Compliance with state licensing, DEA
• Agfa Medical Devices Non-conformance
• Comply with FDA recall regulations

16
The Fortis Value Proposition

• The Fortis document management provides strong
  business benefits
• Improved work processes
• Better and faster access to crucial business
  information
• Better performance in functions such as customer
  service and accounts payable
• Eliminate paper storage costs and overhead
• Improve disaster readiness and recovery
• At the same time as those business benefits are
  being realized Fortis achieves regulatory
  compliance
• Control over document retention, modification,
  destruction
• Powerful search to achieve discovery, auditing
• Enforce workers to follow designed business
  processes
• Security to ensure privacy
• And
• Safeguard intellectual property
• Guard against business espionage