2. How FixNix add value?
•Process Automation: By automating
the compliance management
processes the organization will
dramatically reduce the time being
spent by staff members, line
managers, and senior managers on
risk and compliance related activities.
•Collaboration: Employees are able to
carry out team activities in a
productive manner with the
collaborative environment that FixNix
provides.
•Consistent Process: FixNix enforces a
consistent process across the enterprise,
eliminating any deviations and error
eliminating the cost and time associated with
repeated processes and multiple checks.
•Resource Utilization:With the entire
compliance process streamlined and
automated with the FixNix solution, the
organization can better utilize its resources.
•Comprehensive Visibility: Comprehensive
visibility provided by FixNix has lowered the
risk of non-compliance and executives can be
assured of higher customer and investor
confidence.
3. Enable Federated organizational
structure and leverage
technology for sustainability,
consistency, efficiency and
transparency across this
organizational architecture.
Managing documentation, risk,
controls and reporting of internal
controls having a number of
limitations
Challenges faced by industry in Compliance process
4. The system lacked role-based views, making it difficult for stakeholders such as executives to use the system.
•There was no easy way to share risks
and controls between processes in the
system. As a result, the compliance
teams ended up having to define a
number of redundant controls in their
existing system. This redundancy
made change management very
challenging.
•The system lacked document
management and change reporting
capabilities. Although current versions
were readily available, comparison of
controls and documents to prior
periods was completely manual and it
was difficult to implement strict
access control or deploy a streamlined
process for change management.
5. FixNix Asset Management can cater the needs of
•ISO Asset Management Workflows
•ITIL Asset Management
•Maintaining CMDB
•Asset Gap Analysis and Asset Protection Platform
8. Asset Registry / Inventory Phase
•This phase mainly involves the creation of assets.
•You are prompted to provide the following properties for any asset
creation.
Physical Properties(like IP, MAC, asset sub type etc.,)
Security Properties(like C/I/A values etc)
Assignment Properties(like asset custodian, owner, user,
current location etc)
Current level of protection
(You can alternately use the import feature for bulk addition of any
kind of asset.)
9. Type of Assets you can maintain with FixNix
Asset Registry
•Information Assets
•Computer / Servers
•Source Code Assets
•Service Assets
•Mobile Assets
•Document Assets
•Miscellaneous (Coffee Machine, Printers & any other
Consumable Assets)
•Vehicle Assets
17. Assessment / Evaluation Phase
The evaluator / CIO needs to understand the current level of
protection and is responsible for defining the controls in the
below classifications.
•Labelling
•Transport / Transmission
•Addressing
•Storage
•Disposal
21. Action Phase – Custodian Role
Custodian is responsible for implementing the controls that
are recommended by evaluator/CIO and needs to describe the
action statements taken by him and is responsible for
providing the evidence documents.
22. Action Phase – Owner Role
Owner is responsible for defining fair usage policies and he
needs to communicate it with all the asset users. He needs to
get acknowledgement from all the asset users that they have
understood and accepted the policies.
25. Review Phase
The evaluator needs to review to the actions taken by
custodian and owner. Reviewer is supposed to take a decision
on the actions and he needs to define a closure statement and
a next review date
28. •Definition of Whistle-
Blowing
One who reveals wrong-doing within an
organization to the public or to those in positions of
authority.
One who discloses information about misconduct in
their workplace that they feel violates the law or
endangers the welfare of others.
One who speaks out, typically to expose corruption
or dangers to the public or environment.
29. •Types of Whistle-Blowing
•Internal Whistle-Blowing
When an individual
advocates beliefs or
revelations within the
organization.
•External Whistle-
Blowing
When and individual
advocates beliefs or
revelations outside the
organization.
30. •Stages of Whistle-
Blowing
Mainly three stages of whistle blowing given below
1.Blow the whistle
2.View Status
3.Evaluator Login
31. •Blow the Whistle
Blow the Whistle
Here we should mention what type of whistle and
to whom you want send complaint whistle.
Requester Information
Details description of whistle complaint and what is
your idea to solve the problem.
Submission
Rules and regulation about whistle
32. •Blow the Whistle
Blow the Whistle
Here we should mention what type of whistle and
to whom you want send complaint whistle.
Requester Information
Details description of whistle complaint and what is
your idea to solve the problem.
Submission
Rules and regulation about whistle
33. •Requester Information
Blow the Whistle
Here we should mention what type of whistle and
to whom you want send complaint whistle.
Requester Information
Details description of whistle complaint and what is
your idea to solve the problem.
Submission
Rules and regulation about whistle
34. •Requester Information
Blow the Whistle
Here we should mention what type of whistle and
to whom you want send complaint whistle.
Requester Information
Details description of whistle complaint and what is
your idea to solve the problem.
Submission
Rules and regulation about whistle
35. •Submission
lHere only mentioned all rules and regulation of
whistle complaint.
l1.First each person should accept the rules and
regulations
l2.Then person can file a whistle
37. View status
A person who informs on a person or organization
regarded as engaging in an unlawful or immoral
activity. Person can check given below
Person can check status of whistle complaint
Person can add comment and send mail to
authority person.
Person can check the entered information
40. Evaluator Login
lEvaluator can do following things are
lEvaluator can view the whistle complaints
lEvaluator can give solution to particular problem
lEvaluator can chat to person
lEvaluator can update the status of whistle complaint
42. Analyzing the Resources:
The analysis phase consists of impact analysis, threat analysis and
impact scenarios for Resources. If impact is Critical, two values are
assigned:
Recovery Point Objective (RPO) – the acceptable latency of data
that will not be recovered
Recovery Time Objective (RTO) – the acceptable amount of time to
restore the function
The recovery time objective must ensure that the Maximum Tolerable
Period of Disruption (MTPoD) for each activity is not exceeded.
43.
44.
45.
46. Business Plan:
These phase identifies the most cost-effective disaster recovery solution
that meets two main requirements from the impact analysis stage.
Analysing the Operating Expenses(OPEX) and Capital
Expenditure(CAPEX) for the designing Business Plan.
47.
48.
49. Implementation:
These Stage defines whether the Business Plan is Implemented or
not. Any Queries/Actions need to take?
The implementation phase involves policy changes, material
acquisitions, staffing and testing.
50.
51. Acceptance and Testing:
The purpose of testing is to achieve organizational acceptance that
the solution satisfies the recovery requirements. Plans may fail to
meet expectations due to insufficient or inaccurate recovery
requirements, solution design flaws or solution implementation
errors.
Testing May include:
Table-Top Exercise
Functional Test
52.
53. Maintenance Phase:
Maintenance Cycle is divide to 3 parts:
Monthly
Annually
Bi-Annually
Issues found during the testing phase often must be reintroduced to
the analysis phase.
56. Main Features
Single repository for regulations and standards
Centralized repository for compliance related organizational data
Allow for gathering of data from non technology sources such as
people
Map compliance data to regulations and standards
Allow for generation of reports, export data for use with other systems
within an organization
59. Main Features
Provide management dashboards for compliance status with the ability
to drill down across departments, geographies etc.
Allow for creation of custom compliance frameworks or modify existing
ones
Provide reminders to people for addressing compliance related tasks in
an optimal manner
Manage exceptions and activities related to compliance
Provide an exhaustive audit trail for all compliance related actions
through the whole process
64. Fraud is a type of criminal activity, defined as:
•‘Abuse of position, or false representation, or prejudicing someone's
rights for personal gain'.
•Put simply, fraud is an act of deception intended for personal gain or
to cause a loss to another party.
The general criminal offence of fraud can include:
•Deception whereby someone knowingly makes false representation
or they fail to disclose information or they abuse a position.
•Fraudsters are always finding new ways to trick you out of
your money.
What is a Fraud?
65. What is Fraud Management System?
•Fraud Management System (FMS) that allows you to analyze data
from any source{Eg: Whistle Blower}, investigate hypotheses to
discover new patterns and root causes, identify fraudulent activity in
real time, and manage workflows that eliminate threats.
•Fraud Management Systems are used to automate the alerting and
prevention of fraudulent activities and to exclude the “human
factor”.
66. Fraud costs public and private enterprises hundreds of billions of
dollars each year.
„ Exponential increase of frequency and sophistication of fraud,
waste, and abuse.
„ Diverse, complex, and constantly changing fraud schemes and
strategies.
„ Huge volumes of data from multiple sources.
„ Operational and organizational silos
What Are the Challenges for
Companies?
67. •The typical organization loses 5% of its revenues to fraud.
•2011 estimated and projected global total fraud loss $3.5 trillion.
How big is the problem?
68. •Decrease fraud losses through real-time analysis.
•Improve operational efficiency by automated processes.
•Improve investigator efficiency with real-time analyses and metrics.
•Maximize detection efficiency by early identification and prediction
of future risk.
•Improve process efficiency through real-time monitoring.
•Investigate, analyze and prevent fraud in ultra-high volume
environments
Fraud Management Benefits
69. •If your company is at risk for significant financial loss as a result of
fraud, Fixnix Fraud Management is certainly worth a look at a very
low cost compared to other GRC competitors.
•First quantify the risk and then assess the cost of your current efforts
to contain and mitigate that risk.
• If you employ fraud investigators, you must have some measure of
their success and chances are you measure the number of potential
cases investigated, along with the number of real occurrences of
fraud.
•The goal should not necessarily be to increase the number of cases
of fraud detected, but to detect fraud more quickly and to minimize
the number of cases you chase that lead to no fraud (fewer cases of
false positives).
Recommendations
83. FixNix Policy Management
●With FixNix Policy Management, you gain a meaningful understanding of what
governs your business and can formulate policies appropriately to assist achieving
corporate objectives and demonstrating compliances
●Key Benefits
oReduction in the time and effort required to create and update policies.
oMapping with Standards and Controls
oCommunication of Policies are made easy
oReports Generation
oDashboards with drill down charts
oVersion Management of Policies are made in a consistent manner.
85. New Policy
Create your policies in a 5 easy steps
Step 1: General Information
Step 2: Scope, Purpose & Description
Step 3: Mapping Standards & Controls
Step 4: Assign the handlers
Step 5: Date & Other settings
97. Incidents can be any failure or interruption to
an IT service or a Configuration Item/Asset.
These can get created from
From Event Management
From Web Interface
User Phone Call
Email Technician Staff
103. Fixnix Contract Management is a web-based tool designed to automate the
entire contract process end-to-end.
It simplifies the way contracts are managed, tracked and reported.
An automated contract management process involves 3 “lifecycle” stages:
File contract, Approval & renewal.
Full-featured automated contract management should allow you to have
complete visibility and control over any given contract from its inception to
its renewal.
For each step in the contract management process, automated solutions
prevent clogs and speed up sales cycles.
Integrating FixNix Contract Management into your business process will
effectively enforce compliance & mitigate business risks, and acts as a
directory of information for all your clients and candidates.
108. objectives
•Government Watch List (what they are, laws, and
enforcement actions)
•HIPAA, how it affects facilities from a vendor
perspective, BAA’s, etc.
•Immunization testing, what is required, CDC and OSHA
regulations
•Training requirements, and OSHA rules and regulations
•Access Controls
109.
110. What to do - 10,000 Foot
Establish a Vendor Relationship Policy
Establish a formal process for annual vendor reviews
Assign and train vendor relationship managers
Establish a mechanism for tracking vendor
management activities
111. Which Vendors
All Vendors get costly
Which group of vendors give you the best bang for
your buck?
Access to Customer Information
Critical for Operations
Critical to Customer Service
Based on $ amount of the contract
Otherwise visible/high risk (website host, video equipment
in the CEO’s office)
112. The Vendor Manager role
Who
Centralized
Distributed (with centralized management)
Skillset and tools
Time Requirements
Accountability
113. Tools Overview
Vendor Management Policy
Annual review checklist
Critical Statistics
Vendor Contract and SLA
Vendor Management Records
Open and Resolved Issues List
Vendor financial and third party review reports
114. Vendor Management Policy
Describes the organizations beliefs, objectives, and
general procedures related to vendor
management/service provider oversight
Key things in ours
Required/recommended vendors
Assignment of responsibilities
Accountability
Basics of annual reviews
115. Tools –Vendor Contract and SLA
Outlines the services provided and expectations of each
entity
Outlines recourse for resolving issues
Where is the vendor contract stored
Contract termination date
Date or period of notice prior to renewal or termination
Insurance coverage of the carrier
Privacy and other regulatory expectations
116. Tools –Vendor Management Records
Records and reports of previous vendor management
activities for this vendor
Used to identify trends
Reminder of concerns from prior reviews, have these
been resolved?
117. What Does It Mean To Healthcare?
•Vendor Management = Risk Management
•Managing Risk to patients
–healthcare-associated infections account for an
estimated 1.7 million infections and 99,000 associated
deaths each year
–13,779 TB cases (a rate of 4.6 cases per 100,000 persons)
were reported in the United States in 2006.
–Patient Privacy and Patient Rights
•Security of the hospital and hospital property
•Managing Conflict of Interest
•Cost controls with proper device and medication
approval processes
118. Risk reduction
•Access Controls
–Cold Calling
–Appointment setting
–Medical mistakes due to interruptions
Without Interruption With Interruption
Procedural failure
rate
69.6% 84.6% (with three
interruptions)
Clincal error (at least
one)
25.3% 38.9% (with three
interruptions)
Estimated risk of
major error
2.3% 4.7% (with four
interruptions)
119. Challenges Facing A Facility
•Vendor Company
–Financials
•Bankruptcies
•Liens
•Judgments
–Legal Standing
•Involved with Anti-Kickback
Legislation
–Liability Insurance
–HUB’s
–Conflict of Interest
•Vendor Representatives
–Immunizations
•MMR
•TB
•Varicella
•Influenza
–Cold Calling
–Background Check
–Conflict of Interest
–Contact Information
–Proper Training
120. Choices
Develop your own system Use a service
Cost
– Human capital
– Design the system
– Programming
– Manage the information
– Development time
– Administer the program
– Higher cost to vendor community
Cost
–Normally at no or little cost to you
–Administer the program
–Lower cost to vendor community