Title: Compliance Solutions
1Compliance Solutions
- Fortis
- Enterprise Document Management
- Westbrook Technologies Inc
- (August 2007)
2Regulatory Compliance Landscape
- Corporate Governance
- Sarbanes Oxley
- Accounting practices
- Transparency and ethics
- SEC regulations
- IRS, Labor, State Certification Legislation
- Records retention
- Records availability and retrieval
- Public Information and records
- HIPAA, FERPA
- State public records legislation
- OSHA, EPA, FDA
- CFR21Part11, GMP, NDA, Clean Water, Clean Air
- Federal Reserve
- Check 21
3Business Challenges
- Ensure corporate policies and practices are being
followed. - Ensure corporate governance regulations are being
followed. - Document retention
- Document integrity
- Who can view documents and when
- Audit access/viewing of sensitive documents
- Who can modify, alter, discard documents
- Security over modification, versioning, deletion
- Block overrides, workarounds
- Records retention
- Retention schedules
- Destruction schedules
- Disaster recovery
- Impact on core business
- Minimize impact to ongoing business processes and
functions - Minimize cost and risk
4Compliance Common Ground
- What are the key issues how can document
management help? - Compliance in the bigger picture is a business
practices and business ethics issue ? EDM can be
a very major supporting system
Business processes Workflow and document security/retention policies
Roles and responsibilities Security and access rules
Records Management Document management archiving, retention, and control
Fraud prevention Integrity of document archive, version and modification control tracking, audit trail of accesses
Auditing Document capture, access, revision and destruction auditing
Legal oversight Document query for discovery and investigation
Security and disaster recovery Archiving and electronic backup
5Compliance Fortis Key Features
- Capture
- Capture, index all regulated documents
- Office
- Put all Office document (MS Word, email) under
revision control and retention - Versioning
- Track/control modification of documents
- Maintain version histories and record of who
modified - Security
- Manage access, revision, destruction rights
- Audit trail
- Index/retrieval
- Auditing, discovery, access
- Archiving
- Records management, disaster recovery
6Fortis integrated to Line of Business (LOB)
Systems
- Fortis Office captures office documents (created
and revised) systematically and manages their
retention. - Fortis integration with ERP, CRM and SCM systems
links financial documentation with financial and
business transactions. - Fortis Approveit provides auditable approval
cycles for invoices, receivables, payables,
expenses. - Fortis ERM systematically captures and archives
reports for financial and business systems.
7Fortis Compliance Benefits
- Ensure document control and retention.
- Facilitate document auditing and discovery.
- Enforce business processes
- Workflows
- Security models
- Retention policies
- Responsiveness to business changes
- Flexible security, capture, workflow models
- Ability to audit
- Archive security and disaster recovery capability
8Sarbanes Oxley Act - Penalties
- Failure to maintain financial or audit workpapers
(for 7 years) - Felony penalty Up to 10 yrs in prison
- Destruction or alteration of papers or records
- Felony penalty Up to 20 yrs in prison
- Securities fraud
- Criminal penalty Fine and/or up to 25 yrs in
prison - Violation of any SEC provisions
- Penalties increased to up to 25 million fine and
20 yrs in prison - State of limitations increases
- 2 yrs from date of discovery and 5 yrs from date
fraud committed - Lack of auditing vigilance
- Audit firm can have registration suspended or
revoked - Civil penalties
9Sarbanes-Oxley Act
Overview
How Document Mgmt is Applied
- Internal processes
- All audit-related documents, including working
papers, must be retained for 7 years. - Selective retention of emails
- All associated financial documents (paper
documents, electronic documents) - Document management a compliance tool
- Document control, security control
- Internal controls - documentation
- Internal controls - workflows
- Dashboard
- Visibility of controlled documentation
- Business process documentation
- Security and access auditing
- Impacts Publicly Traded Firms
- Corporate Governance
- CEOs and CFOs personally responsible for quality
of internal reporting.
10HIPAA
Overview
How Document Mgmt is Applied
- Pertains to providers and insurers
- Requires guaranteeing privacy of patient medical
and personal data - Accessibility of information must be strictly
limited to those with a need to know
- Capture all patient records
- Place patient records and charts within a
security model - Secure retention
- Control access by document type and by patient
- Document retrieval
- Record retention, archiving
- Remote and indexed retrieval
- Patient file portability with security model
maintained
11OSHA
Overview
How Document Mgmt is Applied
- Health testing data.
- Plant safety 21CFR11
- As built.
- Mgmt of change.
- Place health testing data within a records
management environment. - Secure retention.
- Control access by document type and by patient.
- Record retention, archiving.
- Remote and indexed retrieval.
- Capture plant-wide documentation.
- Manage versioning, revision, change approvals.
- Retrieval by plant systems and events.
12FDA
Overview
How Document Mgmt is Applied
- Good manufacturing practices.
- Manufacturing procedures.
- Lot documentation and auditing.
- Testing data
- Place lot documentation in a document management
environment. - Capture all lot records, testing.
- Manage by lot, by timestamp, by plant.
- Record retention, archiving.
- Archiving, retrieval, retention.
- Capture plant-wide documentation.
- Manage versioning, revision, change approvals.
- Retrieval by plant systems and events.
13NJ OPRA(Example of State Records Management Laws)
Overview
How Document Mgmt is Applied
- Capture, manage, retain public records
- Security model
- Control access to personal information
- Control to information types exempted from public
access - Document retrieval
- Web publish public document portal
- Powerful indexing and retrieval
- Archiving and disaster recovery
- Open access to public information
- Minimum access hours
- Response time
- Web access a preferred mechanism
- Ensure privacy of citizens personal data
14Compliance Fortis Customer Examples
- Saucony, Inc. Sarbanes-Oxley
- Establish and audit internal controls.
- Disclosure of material events within 48 hrs
- Merchant Services Inc. FTC Records retention
- Risk, Fraud Chargeback transaction mgmt
- FTC records retention compliance
- Risk and fraud investigation speed
- HTI Inc. OSHA Health records and documents
- Mobile industrial health risk testing records
- OSHA 30 year record retention compliance
- HIPAA / OSHA privacy rules
- Dassault Falcon Jet FAA safety and
records-keeping rules - Aircraft Services Engineering
- Engineering information management and retrieval
- FAA service and documentation requirements
15Fortis Customers cont.
- MT Business Technologies IRS, DOL
- IRS required records keeping
- DOL employee records retention
- Union Hospital HIPAA
- Security and privacy complaince for HIPAA
- Retrieval of 2.8 million medical records
- Sothebys UK Custom / export compliance
- Proof of ownership, import/export paper trail
- UK customs and excise compliance
- Banner Health Hospitals Credentialing
- Physician credentialing and updating
- Compliance with state licensing, DEA
- Agfa Medical Devices Non-conformance
- Comply with FDA recall regulations
16The Fortis Value Proposition
- The Fortis document management provides strong
business benefits - Improved work processes
- Better and faster access to crucial business
information - Better performance in functions such as customer
service and accounts payable - Eliminate paper storage costs and overhead
- Improve disaster readiness and recovery
- At the same time as those business benefits are
being realized Fortis achieves regulatory
compliance - Control over document retention, modification,
destruction - Powerful search to achieve discovery, auditing
- Enforce workers to follow designed business
processes - Security to ensure privacy
- And
- Safeguard intellectual property
- Guard against business espionage