• Save
Avoiding CRM Compliance Pitfalls
Upcoming SlideShare
Loading in...5
×
 

Avoiding CRM Compliance Pitfalls

on

  • 1,117 views

http://bit.ly/CRMCalculatorTCO - - - - - Download our FREE TCO Calculator Tool for CRM ...

http://bit.ly/CRMCalculatorTCO - - - - - Download our FREE TCO Calculator Tool for CRM

In a world that’s increasingly regulated, a well-designed and tightly-integrated customer
relationship management (CRM) solution is a valuable ally to an organization’s compliance
e!orts, alerting executives to potential con"icts long before they have a chance to
occur. Yet a badly thought-out program, one that doesn’t #t with a company’s work"ow or
structure, can produce the opposite result, ultimately damaging the corporation’s reputation
and bank account.
With such high stakes, it is imperative that organizations carefully consider their CRM
partner to ensure they select feature-rich so$ware that is easy for employees to use, for
managers to tap for analysis, and for executives to delve into for long-term strategizing. %e
CRM solution, whether hosted or on-site, should come from a well-#nanced provider with
a history of success, strong customer service, and innovation.
But of most—and increasing—importance to many organizations across a spectrum of
industries, it’s vital that your CRM solution supports relevant legal requirements. Healthcare
organizations, for example, must adhere to a strengthened and more punitive Health
Insurance Portability and Accountability Act (HIPAA). Top-level executives at all businesses
are concerned about the Sarbanes- Oxley Act (Sarb-Ox), and #nancial #rms must
adhere to the Gramm Leach Bliley Act or face serious penalties.
Whether they choose hosted or on-site CRM solutions, organizations must ensure their
CRM partner complies fully with all mandates and regulations which may include end-user
security, audit trails, and auditable processing outputs. To ensure your solution complies,
it makes sense to place this capability at the top of your “must-have” feature list. A$er all,
no matter how attractive another application may be, if it is not compliant, you cannot
purchase it.

Statistics

Views

Total Views
1,117
Views on SlideShare
1,116
Embed Views
1

Actions

Likes
1
Downloads
0
Comments
0

1 Embed 1

http://www.slashdocs.com 1

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Avoiding CRM Compliance Pitfalls Avoiding CRM Compliance Pitfalls Document Transcript

  • Avoiding CRM Compliance Pitfalls Alison DianaSponsored By
  • Avoiding CRM Compliance Pitfalls Contents Broad Spectrum ........................................................................................................................4 Ensuring Compliance: Security ..............................................................................................5 Ensuring Compliance: Audit Trail ..........................................................................................5 Ensuring Compliance: Social Media ......................................................................................5 Ensuring Compliance: Integration with All .........................................................................6 Achievable Goal ........................................................................................................................6 Worries Allayed .........................................................................................................................7 Conclusion .................................................................................................................................7 About the Author .....................................................................................................................8 About the Sponsor ...................................................................................................................8Copyright © 2012 CRM Outsiders and SugarCRM, Inc. All rights reserved. 2
  • Avoiding CRM Compliance Pitfalls This white paper is published by CRM Outsiders, an industry blog on all things CRM and was sponsored by SugarCRM®. In a world that’s increasingly regulated, a well-designed and tightly-integrated customer relationship management (CRM) solution is a valuable ally to an organization’s compli- ance efforts, alerting executives to potential conflicts long before they have a chance to occur. Yet a badly thought-out program, one that doesn’t fit with a company’s workflow or structure, can produce the opposite result, ultimately damaging the corporation’s reputa- tion and bank account. With such high stakes, it is imperative that organizations carefully consider their CRM partner to ensure they select feature-rich software that is easy for employees to use, for managers to tap for analysis, and for executives to delve into for long-term strategizing. The CRM solution, whether hosted or on-site, should come from a well-financed provider with a history of success, strong customer service, and innovation. But of most—and increasing—importance to many organizations across a spectrum of industries, it’s vital that your CRM solution supports relevant legal requirements. Health- care organizations, for example, must adhere to a strengthened and more punitive Health Insurance Portability and Accountability Act (HIPAA). Top-level executives at all busi- nesses are concerned about the Sarbanes- Oxley Act (Sarb-Ox), and financial firms must adhere to the Gramm Leach Bliley Act or face serious penalties. Whether they choose hosted or on-site CRM solutions, organizations must ensure their CRM partner complies fully with all mandates and regulations which may include end-user security, audit trails, and auditable processing outputs. To ensure your solution complies, it makes sense to place this capability at the top of your “must-have” feature list. After all, no matter how attractive another application may be, if it is not compliant, you cannot purchase it.3 Copyright © 2012 CRM Outsiders and SugarCRM, Inc. All rights reserved.
  • Avoiding CRM Compliance Pitfalls Broad Spectrum A hospital or doctor’s office must, obviously, be HIPAA-compliant. But so, too, must a nursing home and a company that provides home-aid care. If you touch upon any type of healthcare or patient-care, you must find out whether HIPAA applies. Consider the costs if you don’t: The University of California in Los Angeles (UCLA) Health System was ordered to pay $865,500 as part of a settlement with the U.S. Department of Health and Human Services (HHS) over complaints that employees snooped on the health records of two celebrities, a violation of HIPAA1. In February 2011, HHS issued a $4.3 million fine to Cignet Health care of Temple Hills, Maryland for violations of the HIPAA Privacy Rule2, and Blue Cross Blue Shield of Tennessee (BCBST) agreed to a $1.5 million settlement with the Office for Civil Rights (OCR) over potential HIPAA security violations and spent another $17 million in breach response costs3. After the banking industry’s meltdown, government has increased its scrutiny of the financial sector. Any company involved in finance is well advised to fully comply with the gamut of rules governing its industry, and ensure its CRM software fully integrates with all other applications to create an auditable track of meet- ings and communications between clients and sales representatives. Consider that in April 2011, the Securities & Exchange Committee imposed fines of $20,000 each against the former president of a broker-dealer and a former broker for their actions in transferring customer informa- tion to a new firm as the defunct company wound down. In addition, the SEC fined the firm’s former chief compliance officer $15,000 for compliance failures and security breaches. This underscores the SEC’s ability to pursue charges against individuals as well as companies4. Bank of America was fined $10 million in March 2004 when it did not turn over emails to the SEC in a timely manner, which is currently interpreted to be between 36-72 hours. In July 2005, a small brokerage in Pennsylvania was fined $325,000 for violations that included failing to retain the email communications of 83 employees, and in 2002 Deutsche Bank, Goldman Sachs, Morgan Stanley, Smith Barney, and US Bancorp Piper Jaffray were fined $1.65 million each for not archiving emails5. Rica Foods and two of its top executives became the first to be penalized for non-adherence to the Sarbanes- Oxley Act, according to Reuters6. The act gives government more authority to pursue fines and penalties against executives, and gives federal agents the authority to demand repayment for bonuses or salaries reaped as a result of fraudulent or mistaken statements to investors7. To defend themselves against allegations of non-compliance, organizations must implement technologies that demonstrate the reasoning behind every decision, that save every communication, and store each docu- ments’ drafts. Lost data can easily be misinterpreted, and there are penalties on the books for merely having missing email, no matter what it may have contained. Since CRM is so critical to a company, since it is the frontline communication tool between your sales personnel and your clients and prospects, it’s vital that this software is compliant with all the regulations that govern your industry and business. When selecting a CRM solution, include your chief compliance officer or legal executive in the review process. It’s time well-spent—especially if your company is ever audited. 1 http://www.scmagazine.com/ucla-health-system-fined-over-celebrity-patient-snooping/article/207214/ 2 http://threatpost.com/en_us/blogs/hipaa-bares-its-teeth-43m-fine-privacy-violation-022311 3 http://blogs.hcpro.com/hipaa/2012/03/experts-basic-hipaa-compliance-could-have-saved-bcbst-millions/ 4 http://www.proskauer.com/publications/client-alert/brokers-and-compliance-officer-of-broker-dealer-firm-personally-fined-by-sec-for-customer-privacy-violations/ 5 http://www.transcendent-llc.com/Solutions/ITStrategy/RegulatoryCompliance.aspx 6 http://www.accountingweb.com/item/97987 7 http://www.law.umaryland.edu/academics/journals/jbtl/issues/3_2/3_2_393_Thomsen.pdfCopyright © 2012 CRM Outsiders and SugarCRM, Inc. All rights reserved. 4
  • Avoiding CRM Compliance Pitfalls Ensuring Compliance: Security Unfortunately, ensuring compliance is not as simple as looking for a check-mark on a software box. Different regulations demand different features and capabilities, so first determine which regulations you must abide by and generate a master list of software-related requirements. Your chief compliance officer or attorney can help here by putting together a list of must-have capabilities or referring you to an industry-related website. If you’re using hosted CRM, then it’s imperative that you find a partner that is compliant with all relevant regulations, too. Make sure their promise of compliance to HIPAA, Gramm Leach, or the Patriot Act is in writing and run this by your legal professional. Ensure your service level agreement (SLA) has teeth, too, so that non-performance by your provider results in penalties. Generally, regulations demand data security. Whether it is patient records or financial information, regula- tions typically mandate that organizations must strictly monitor the collection, storing, and sharing of data. Since this data populates organizations’ CRM solutions, CRM software must be compliant with regulations’ security mandates. “Security is a critical component of CRM because sales and marketing teams are always adding and sharing new data about their prospects and customers that needs to remain within an organization’s walls,” said Clint Oram, chief technology officer and co-founder of SugarCRM8. In addition, organizations must ensure data is secured for years, depending often on industry or legal standards. Ensuring Compliance: Audit Trail In today’s collaborative environment, organizations encourage colleagues and partners to comment on early drafts of documents. Tracking drafts and determining which individual introduced a particular point, or error, can be challenging unless these features are part of the CRM solution. Some CRM developers address this issue by partnering with independent software vendors (ISVs) that specialize in applications that link documents. This allows them to leverage ISVs’ specialized knowledge, allowing the developer to more quickly deliver a CRM application with proven integration capabilities. Some CRM developers may opt to create their own integration tools in-house, a process that typically is time-consuming as it requires development and testing before it can become part of the CRM solution. No matter the software developer’s approach, your sales professionals become more productive when they no longer waste time determining the current version or merging documents. Instead, they can focus their talents on supporting existing customers and reaching out to prospective clients. Ensuring Compliance: Social Media Increasingly, CRM solutions are incorporating social media. After all, it’s vital that the sales professionals who use your CRM technology tap into Facebook, LinkedIn, and Twitter to chat with clients and prospective customers, track career changes, and stay current on new hires, products, and initiatives. It’s also imperative that you use your CRM to monitor and track those conversations in order to leverage them into sales. Today, people trade valuable information across social networks and it is imperative that you capture this data in your CRM solutions. “As social computing develops, enterprise will be forced to go beyond optimizing the two-way relationship between enterprise and client. Enterprises will also have to optimize the interactions between customers 8 http://www.sugarcrm.com/crm/press-releases/2011/pr-detect-id-in-cloud5 Copyright © 2012 CRM Outsiders and SugarCRM, Inc. All rights reserved.
  • Avoiding CRM Compliance Pitfalls enabled through the use of social media,” according to a CMSWire article about a new Forrester report9. “2012 will see the emergence of a lot more social CRM uses as organizations turn to social computing prod- ucts to engage and collaborate with customers in new ways.” While legacy systems try to patch on social media capabilities, newer CRM developers incorporated social into CRM from Day One. These developers are well-positioned to take advantage of this vibrant new oppor- tunity. Rather than attempting to tack-on entirely new software environments to a pre-existing solution, these developers embraced social networks in their entirety, and leveraged these applications’ capabilities when designing their CRM software. Likewise, some developers opted to use open software, giving their customers an easier path to integration with other vendors’ products. Proprietary systems are locked-down and require custom—and expensive— coding in order to tie into other applications. On the other hand, open software is, as its name suggests, free and open to anyone. Increasingly, developers are using open source software as the core of their applications to enable easier integration and compatibility. Ensuring Compliance: Integration with All Employees may spend many hours communicating via social media, but they continue to rely on office standbys such as word processing, spreadsheet, and presentation applications. Databases remain home to corporate information assets. As such, it’s important that CRM software integrate with these tools, for improved productivity and collaboration, to ensure regulatory compliance, and to provide an audit trail. Organizations have the choice of open source-based or proprietary CRM software. CIOs who have, in the past, found themselves locked into expensive upgrade paths, exclusive partnerships, and lengthy upgrades through the purchase of proprietary software typically exclude that option immediately. Open source-based software gives IT professionals the choice to switch vendors, if they desire, to another open source-based software, and there are more third-party add-ons available. It is typically less costly to support and train IT staff on these solutions as well. “We wanted to customize to our heart’s content. One of the lessons we’ve learned is that going forward, the costs associated with maintaining a proprietary system that’s been heavily customized are too expen- sive,” said Jeremy McGee, Director of Information Technology, at Affinity4, an affinity-based marketing company whose mission is to help support non-profits’ goals by assisting in their fundraising and develop- ment programs10. Achievable Goal At first glance, achieving CRM compliance appears an intricate issue, one filled with complexities and hidden thorns. Yet by first removing proprietary systems, you can immediately winnow-down the list of potential software providers without any further scrutiny. Then exclude those developers that are only just learning social media, those vendors that are tacking-on social networking capabilities to existing software in an attempt to create social CRM. Having further reduced your list, seek a CRM partner with a history of successful partnerships with clients, solution providers, and leading software vendors, a software that integrates with the world’s top applications in order to provide ease-of-use, reduce training, enhance employees’ experience, and comply with various regulatory mandates. In addition, it’s wise to find a CRM partner that offers a solution available on both the cloud and on-site, no matter your current needs. 9 http://www.cmswire.com/cms/customer-experience/forrester-customer-experience-management-and-13-emerging-crm-trends-014749.php?pageNum=3 10 http://www.sugarcrm.com/crm/customers/affinity4.htmlCopyright © 2012 CRM Outsiders and SugarCRM, Inc. All rights reserved. 6
  • Avoiding CRM Compliance Pitfalls You also want a CRM partner that’s responsive to client needs, a company able to quickly adapt to changes in the market or government. After all, regulations are subject to change and it’s imperative that your CRM developer is willing and able to adapt its product to meet those ever-shifting requirements. Price, of course, is a consideration. Worries Allayed Executives worried that CRM systems which comply with their industry’s regulations will break their IT budgets can put aside their concerns. Open systems-based CRM solutions designed with social media in mind incorporate regulatory issues and are easily customized to address additional, individual needs. SugarCRM designed its solution to integrate with leading office and communication applications, allowing organizations to monitor, track, and save data for analysis, corporate intelligence, and—in the worst case scenario—regulatory audits. Conclusion Although there are many laws and many variations in those laws from country to country, running afoul of them is relatively easy if you task a member of your CRM team with understanding those rules and advising of possible violations. That human oversight is critical, but so is the choice of technology that provides an audit trail and which allows you to integrate CRM with the critical systems that collect, store and manage customer data. Without the proper technological underpinnings, it’s easy to lose sight of potential violations of privacy laws, so choosing your CRM tools wisely can save you from costly – and avoidable – errors.7 Copyright © 2012 CRM Outsiders and SugarCRM, Inc. All rights reserved.
  • Avoiding CRM Compliance Pitfalls About the Author Alison Diana has been writing about technology, the indirect channel, and business for 23 years. She spent 10 years at CRN, before becoming a freelance writer whose work has appeared in publications such as InformationWeek, eWEEK, CRN, VARBusiness, Florida Today, Channel Insider, ChannelPro, and Health- care Software Review. Alison’s clients also include Dell, HP, CDW, Ingram Micro, Juniper Networks, Wasp Barcode, GAP, and N-able. About the Sponsor SugarCRM is the world’s leading provider of open source customer relationship management (CRM) soft- ware. Over 7,000 customers and close to a million users rely on SugarCRM to execute marketing programs, grow sales, retain customers and create custom business applications. Leading publications such as CRM Magazine, InfoWorld and eWeek praise SugarCRM for its ease-of-use, flexibility and open design. SugarCRM is available in 4 different subscriptions and can be installed on-premise or can run in the cloud. For cloud deployments, customer can choose to run on Sugar On-Demand, a traditional SaaS deployment, or run on one of the leading cloud computing platforms, including Amazon EC2, IBM SmartCloud Enter- prise, Microsoft Azure, or Rackspace Cloud. Sugar customers can also leverage the cloud infrastructure of one of the 350 partners around the world who resell SugarCRM. This breath of options offers customers an unparalleled choice and control over their data and deployment. For more information visit www.sugarcrm.comCopyright © 2012 CRM Outsiders and SugarCRM, Inc. All rights reserved. 8