This document discusses the challenges of securely exchanging information while maintaining compliance with regulations. It outlines how failing to comply can result in fines, legal battles, and reputational damage. Over 100,000 rules and regulations across many industries are discussed, including healthcare, finance, and government. Common regulations like Sarbanes-Oxley, Gramm-Leach-Bliley, and HIPAA are summarized. The document proposes that electronic fax solutions from OpenText can help organizations achieve compliance goals like security, audit trails, centralized delivery and storage, and access restrictions. OpenText fax solutions are certified under standards like HIPAA, PCI, and DoD.
As the leader, we also have the largest target on our back
The market is moving
Competitors are moving
We need to invest and change the game to stay ahead
We need to be market driven >>>>
From Corporate Overview Deck
Brazil AML/Anti-Corruption Law n. 12,846/2013 - Customer identification and record-keeping rules (FATF 10-13)
FDASIA FDA Safety and Innovation Act - SEC. 706. RECORDS FOR INSPECTION
APPI – Japan’s Act on the Protection of Personal Information
BSI PD5000 - 'Electronic Documents and e-Commerce Transactions as Legally Admissible Evidence': the BSI Code of Practice, PD 5000:1999, enables organisations to demonstrate the authenticity of their electronic documents and e-commerce transactions, so they can be used as legally admissible evidence.
ISO/IEC 27001 – Information security management standard; The information security management system preserves the confidentiality, integrity and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed.
MiFID II and MiFIR - (Markets in Financial Instruments Directive) and MIFIR (Regulation)
FSMA (FDA Food Safety Modernization Act) - Records access: FDA will have access to records, including industry food safety plans and the records firms will be required to keep documenting implementation of their plans.
SÄHKE2 – is a Finnish standard for ERMS and Case Mgmt solutions; requirements concerns records management functionalities: life cycle management, metadata control, access rights, retention and disposal, transfer to NAS (National Archives).
GoBD – this is the replacement of GoBS and GDPdU since 1st of January 2015
HIPAA is the federal Health Insurance Portability and Accountability Act of 1996.
Dodd-Frank Act, which directs the Commission to issue rules requiring certain companies to disclose their use of conflict minerals if those minerals are “necessary to the functionality or production of a product” manufactured by those companies. Under the Act, those minerals include tantalum, tin, gold or tungsten.
DoD 5015.02-STD RMA Design Criteria Standard
E-Verwaltung or OkeVa replaced DOMEA - OkeVa stands for “Organisationskonzept Elektronische Verwaltungsarbeit”, in English „Organizational concept for electronic administration“ and is manly focused on the German government sector – as well as DOMEA was before. The common name is “E-Verwaltung”, in English “E-Administration”.
FINRA – Financial Industry Regulatory Authority Rule 2210 (replacing previous FINRA Rule 2211) outlines the regulatory recordkeeping requirements for institutional communications (such as emails) including evidence that supervisory procedures have been implemented and carried out.
EU Pharmacovigilance = Post launch surveillance of adverse effects
POPI refers to South Africa’s Protection of Personal Information Bill, which seeks to regulate the processing of personal information - collection, usage, storage, dissemination, modification or destruction (whether such processing is automated or not).
Canada Electronic Evidence Act - on authentication of electronic records as evidence in court
SEC 17a-4 - According to the rule, records of numerous types of transactions must be retained and indexed on indelible media with immediate accessibility for a period of six months, and with non-immediate access for a period of at least two years. Duplicate records must also be kept within the same time frame at an off-site location.
FDA 21 CFR Part 11 - Requires drug makers, medical device manufacturers, biotech companies, biologics developers, CROs, and other FDA-regulated industries, with some specific exceptions, to implement controls, including audits, system validations, audit trails, electronic signatures, and documentation for software and systems involved in processing electronic data
FERC 18 CFR Parts 35 & 284 - requires that all emails, voicemail, text messages and other communication between energy companies’ transmission and marketing functions must be retained for five years.
USA PATRIOT Act - Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism; the Act is a U.S. law passed in the wake of the Sept 11, 2001 terrorist attacks. Its goals are to strengthen domestic security and broaden the powers of law-enforcement agencies with regards to identifying and stopping terrorists.
Presidential Memorandum: Managing Government Records Directive - Enacted in 2012. Requires: All permanent records must be managed in electronic format by 2019; • Email must be managed in electronic format in a Records Management system by 2016; Increasing visibility of privacy and compliance requirements such as FOIA and Privacy Act.
KYC/KYV (Know Your Customer/Vendor) - KYC is the process used by a business to verify the identity of their clients. The objective of KYC guidelines is to prevent banks from being used, intentionally or unintentionally, by criminal elements for money laundering activities. KYV refers to 3rd party/vendor risk management.
Basel III - Basel is a set of international banking regulations put forth by the Basel Committee on Bank Supervision, which set out the min capital reqs of financial institutions w/ the goal of minimizing credit risk (code of conduct for banks).
EU Data Protection Directive - on the protection of individuals with regard to the processing of personal data and on the free movement of such data) is an EU directive adopted in 1995 which regulates the processing of personal data within the EU. It is an important component of EU privacy and human rights law.
India Information Technology Act - The primary law in India dealing with cybercrime & electronic commerce; also provides legal framework for electronic governance by giving recognition to electronic records & digital signatures, as well as recordkeeping obligations.
Secure MFT is a hosted messaging solution that supports extreme file sizes—and still get performance from those large files
It reduces risk with full encryption
It features patent-pending acceleration technology that transfers files up to 80x faster than FTP
And users benefit from centralized file transfer visibility and monitoring
Exciting… we are positioned to leverage our leadership to capitalize on all these trends, drivers
The presence
The scale
The focus
The investment
The proven value